Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Sounds (commercials and music) Play


  • This topic is locked This topic is locked
30 replies to this topic

#1 hurricane mouth

hurricane mouth

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 22 June 2012 - 04:06 PM

My laptop started playing random sounds like commercials and music at weird times just two days ago. It also makes the sound of a mouse clicking in the background and will sometimes have the small window with the two option, "Restore last session" and "Go to homepage". This is quicky gone in less than a second. Finally, I noticed that if I'm browsing the web, even though the page is up it'll go into the background as though there is another window in front (but there isn't).

I use AVG free and a scan found nothing. I downloaded Malwarbytes and it found some things AVG missed but it didn't solve the problem. After some more searching I did a scan with ESETscan and this is what it came up with: Operating memory a variant of Win32/Miep.A trojan.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Reed at 16:47:27 on 2012-06-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.107 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://192.168.2.1:5120/?/upnp/IGD1.xml
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [<NO NAME>]
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [x3watch] c:\program files\x3watch\x3watch.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/33.06/uploader2.cab
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://www.dfa.on.ca/install/IsCAB/iftwclix.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104166438126
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137112828451
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/controls/msnchat45.cab
DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} - hxxp://h30155.www3.hp.com/helpandsupport/SysQuery.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A4EE67E9-0A61-47C5-B5AB-6CE058EFAE31} : DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-13 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-13 29712]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-13 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-29 308136]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 16:49:13.88 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 23 June 2012 - 07:23 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hurricane mouth

hurricane mouth
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 23 June 2012 - 08:28 AM

Here's the security check report:
Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Free 9.0
ESET Online Scanner v3
Sophos Virus Removal Tool
`````````Anti-malware/Other Utilities Check:`````````
Out of date Spybot installed!
Spybot - Search & Destroy 1.4
Windows Defender Signatures
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 20
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 23 June 2012 - 08:43 AM

Greetings


Thanks for that and now to send me the combofix report when it is ready



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hurricane mouth

hurricane mouth
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 23 June 2012 - 09:39 AM

Combofix log:
ComboFix 12-06-23.05 - Reed 23/06/2012 15:02:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.431 [GMT 1:00]
Running from: c:\documents and settings\Reed\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\twain.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 13:38 . 2012-06-23 13:38 -------- d-----w- c:\windows\LastGood
2012-06-22 11:44 . 2012-06-22 11:44 -------- d-----w- c:\program files\ESET
2012-06-22 08:48 . 2012-06-22 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-06-22 08:47 . 2012-06-22 08:47 73728 ----a-r- c:\documents and settings\Reed\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-22 08:47 . 2012-06-22 08:47 73728 ----a-r- c:\documents and settings\Reed\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-22 08:47 . 2012-06-22 08:47 73728 ----a-r- c:\documents and settings\Reed\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-22 08:46 . 2012-06-22 08:46 -------- d-----w- c:\program files\Sophos
2012-06-21 16:34 . 2012-06-21 16:34 -------- d-----w- c:\documents and settings\Reed\Application Data\Malwarebytes
2012-06-21 16:34 . 2012-06-21 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-21 16:34 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 16:34 . 2012-06-21 16:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-18 20:07 . 2012-06-18 20:07 -------- d-----w- c:\program files\7-Zip
2012-06-18 17:28 . 2012-06-18 17:28 -------- d-----w- c:\program files\iPod
2012-06-18 17:27 . 2012-06-18 17:30 -------- d-----w- c:\program files\iTunes
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-06-18 17:05 . 2012-06-18 17:05 1409 ----a-w- c:\windows\QTFont.for
2012-06-03 22:34 . 2012-06-03 22:34 -------- d-----w- C:\$AVG
2012-06-03 22:12 . 2012-06-03 22:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-06-03 22:11 . 2012-06-03 22:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-06-03 05:04 . 2012-06-10 15:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-03 05:04 . 2012-06-10 15:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-03 03:06 . 2012-06-03 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-03 02:58 . 2012-06-03 02:58 -------- d-----w- c:\program files\Apple Software Update
2012-06-03 02:49 . 2012-06-03 02:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-06-03 02:48 . 2012-02-15 17:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-06-03 02:48 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-06-03 02:46 . 2012-06-03 02:46 -------- d-----w- c:\program files\Bonjour
2012-06-03 02:30 . 2012-06-03 02:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-12 67128]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"LXCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2005-08-15 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-05-02 2077536]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-12 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-4-19 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-29 08:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/05/2010 5:43 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/05/2010 5:43 AM 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29/07/2010 9:03 AM 308136]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://192.168.2.1:5120/?/upnp/IGD1.xml
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RecordNow! - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
HKLM-Run-NWEReboot - (no file)
HKLM-Run-x3watch - c:\program files\X3watch\x3watch.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 15:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?4?3?9??????? ???B?????????????H<C? ??????
LXCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-06-23 15:31:41
ComboFix-quarantined-files.txt 2012-06-23 14:31
.
Pre-Run: 29,125,906,432 bytes free
Post-Run: 30,176,280,576 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0D3D5B4A358729F6255FF4D1646A46F5

I really don't know if the problem is fixed yet. I haven't had any of the sounds but they tended to come and go.

#6 hurricane mouth

hurricane mouth
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 23 June 2012 - 10:40 AM

I haven't heard any sounds now since I did all that. The computer seems to be running okay... it's slow to start with. Turn off computer seems to take a couple minutes for the final shut down screen to appear.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 23 June 2012 - 11:27 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 hurricane mouth

hurricane mouth
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 23 June 2012 - 05:17 PM

TDS Skiller report:
23:14:20.0608 0648 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
23:14:20.0799 0648 ============================================================
23:14:20.0799 0648 Current date / time: 2012/06/23 23:14:20.0799
23:14:20.0799 0648 SystemInfo:
23:14:20.0799 0648
23:14:20.0799 0648 OS Version: 5.1.2600 ServicePack: 3.0
23:14:20.0799 0648 Product type: Workstation
23:14:20.0799 0648 ComputerName: HPLAPTOP
23:14:20.0799 0648 UserName: Reed
23:14:20.0799 0648 Windows directory: C:\WINDOWS
23:14:20.0799 0648 System windows directory: C:\WINDOWS
23:14:20.0799 0648 Processor architecture: Intel x86
23:14:20.0799 0648 Number of processors: 1
23:14:20.0799 0648 Page size: 0x1000
23:14:20.0799 0648 Boot type: Normal boot
23:14:20.0799 0648 ============================================================
23:14:26.0717 0648 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:14:26.0717 0648 ============================================================
23:14:26.0717 0648 \Device\Harddisk0\DR0:
23:14:26.0717 0648 MBR partitions:
23:14:26.0717 0648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
23:14:26.0717 0648 ============================================================
23:14:26.0757 0648 C: <-> \Device\Harddisk0\DR0\Partition0
23:14:26.0757 0648 ============================================================
23:14:26.0757 0648 Initialize success
23:14:26.0757 0648 ============================================================
23:14:30.0422 0552 ============================================================
23:14:30.0422 0552 Scan started
23:14:30.0422 0552 Mode: Manual;
23:14:30.0422 0552 ============================================================
23:14:31.0144 0552 Abiosdsk - ok
23:14:31.0164 0552 abp480n5 - ok
23:14:31.0294 0552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:14:31.0334 0552 ACPI - ok
23:14:31.0374 0552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:14:31.0374 0552 ACPIEC - ok
23:14:31.0394 0552 adpu160m - ok
23:14:31.0474 0552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:14:31.0514 0552 aec - ok
23:14:31.0604 0552 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:14:31.0644 0552 AFD - ok
23:14:31.0714 0552 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
23:14:31.0724 0552 AFS2K - ok
23:14:31.0784 0552 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:14:31.0784 0552 agp440 - ok
23:14:31.0804 0552 Aha154x - ok
23:14:31.0824 0552 aic78u2 - ok
23:14:31.0834 0552 aic78xx - ok
23:14:31.0895 0552 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:14:31.0905 0552 Alerter - ok
23:14:31.0955 0552 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:14:31.0975 0552 ALG - ok
23:14:31.0995 0552 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:14:31.0995 0552 AliIde - ok
23:14:32.0005 0552 amsint - ok
23:14:32.0185 0552 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:14:32.0205 0552 Apple Mobile Device - ok
23:14:32.0225 0552 AppMgmt - ok
23:14:32.0295 0552 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:14:32.0315 0552 Arp1394 - ok
23:14:32.0345 0552 asc - ok
23:14:32.0365 0552 asc3350p - ok
23:14:32.0375 0552 asc3550 - ok
23:14:32.0566 0552 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:14:32.0606 0552 aspnet_state - ok
23:14:32.0646 0552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:14:32.0656 0552 AsyncMac - ok
23:14:32.0746 0552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:14:32.0746 0552 atapi - ok
23:14:32.0766 0552 Atdisk - ok
23:14:32.0826 0552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:14:32.0836 0552 Atmarpc - ok
23:14:32.0906 0552 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:14:32.0916 0552 AudioSrv - ok
23:14:32.0976 0552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:14:32.0976 0552 audstub - ok
23:14:33.0206 0552 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
23:14:33.0297 0552 avg9wd - ok
23:14:33.0417 0552 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
23:14:33.0487 0552 AvgLdx86 - ok
23:14:33.0527 0552 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
23:14:33.0527 0552 AvgMfx86 - ok
23:14:33.0637 0552 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
23:14:33.0707 0552 AvgTdiX - ok
23:14:34.0198 0552 BCM43XX (c89327377d4b62dc792e8930ea55f571) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:14:34.0608 0552 BCM43XX - ok
23:14:35.0069 0552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:14:35.0069 0552 Beep - ok
23:14:35.0269 0552 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:14:35.0470 0552 BITS - ok
23:14:35.0720 0552 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:14:35.0850 0552 Bonjour Service - ok
23:14:35.0950 0552 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:14:35.0980 0552 Browser - ok
23:14:36.0111 0552 CAMCAUD (2f78085eb29a20b7d030374e8a388e7f) C:\WINDOWS\system32\drivers\camcaud.sys
23:14:36.0201 0552 CAMCAUD - ok
23:14:36.0311 0552 CAMCHALA (407cd35839a1fffd7e28e0467f1cf4b8) C:\WINDOWS\system32\drivers\camchal.sys
23:14:36.0391 0552 CAMCHALA - ok
23:14:36.0541 0552 catchme - ok
23:14:36.0591 0552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:14:36.0591 0552 cbidf2k - ok
23:14:36.0611 0552 cd20xrnt - ok
23:14:36.0661 0552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:14:36.0671 0552 Cdaudio - ok
23:14:36.0772 0552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:14:36.0772 0552 Cdfs - ok
23:14:36.0842 0552 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
23:14:36.0842 0552 cdrbsdrv - ok
23:14:36.0882 0552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:14:36.0902 0552 Cdrom - ok
23:14:36.0912 0552 Changer - ok
23:14:36.0962 0552 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:14:36.0962 0552 CiSvc - ok
23:14:37.0032 0552 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:14:37.0042 0552 ClipSrv - ok
23:14:37.0262 0552 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:14:37.0372 0552 clr_optimization_v2.0.50727_32 - ok
23:14:37.0463 0552 CLTNetCnService - ok
23:14:37.0513 0552 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:14:37.0523 0552 CmBatt - ok
23:14:37.0533 0552 CmdIde - ok
23:14:37.0563 0552 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:14:37.0563 0552 Compbatt - ok
23:14:37.0583 0552 COMSysApp - ok
23:14:37.0613 0552 Cpqarray - ok
23:14:37.0663 0552 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:14:37.0683 0552 CryptSvc - ok
23:14:37.0693 0552 dac2w2k - ok
23:14:37.0713 0552 dac960nt - ok
23:14:37.0903 0552 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:14:38.0023 0552 DcomLaunch - ok
23:14:38.0124 0552 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:14:38.0164 0552 Dhcp - ok
23:14:38.0204 0552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:14:38.0204 0552 Disk - ok
23:14:38.0214 0552 dmadmin - ok
23:14:38.0865 0552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:14:39.0135 0552 dmboot - ok
23:14:39.0385 0552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:14:39.0445 0552 dmio - ok
23:14:39.0646 0552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:14:39.0646 0552 dmload - ok
23:14:39.0696 0552 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:14:39.0716 0552 dmserver - ok
23:14:40.0116 0552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:14:40.0176 0552 DMusic - ok
23:14:40.0227 0552 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:14:40.0237 0552 Dnscache - ok
23:14:40.0407 0552 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:14:40.0447 0552 Dot3svc - ok
23:14:40.0457 0552 dpti2o - ok
23:14:40.0547 0552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:14:40.0617 0552 drmkaud - ok
23:14:40.0737 0552 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
23:14:40.0747 0552 eabfiltr - ok
23:14:40.0988 0552 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
23:14:41.0038 0552 eabusb - ok
23:14:41.0649 0552 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:14:41.0709 0552 EapHost - ok
23:14:45.0344 0552 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:14:45.0724 0552 eeCtrl - ok
23:14:45.0895 0552 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:14:45.0945 0552 ERSvc - ok
23:14:46.0135 0552 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:14:46.0165 0552 Eventlog - ok
23:14:46.0315 0552 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:14:46.0395 0552 EventSystem - ok
23:14:46.0476 0552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:14:46.0536 0552 Fastfat - ok
23:14:46.0646 0552 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:14:46.0686 0552 FastUserSwitchingCompatibility - ok
23:14:46.0746 0552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:14:46.0756 0552 Fdc - ok
23:14:46.0796 0552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:14:46.0816 0552 Fips - ok
23:14:46.0856 0552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:14:46.0866 0552 Flpydisk - ok
23:14:46.0946 0552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:14:46.0976 0552 FltMgr - ok
23:14:47.0147 0552 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:14:47.0167 0552 FontCache3.0.0.0 - ok
23:14:47.0217 0552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:14:47.0217 0552 Fs_Rec - ok
23:14:47.0287 0552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:14:47.0327 0552 Ftdisk - ok
23:14:47.0407 0552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:14:47.0417 0552 GEARAspiWDM - ok
23:14:47.0447 0552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:14:47.0457 0552 Gpc - ok
23:14:47.0617 0552 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:14:47.0657 0552 gusvc - ok
23:14:47.0737 0552 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:14:47.0747 0552 helpsvc - ok
23:14:47.0817 0552 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
23:14:47.0827 0552 HidServ - ok
23:14:47.0878 0552 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:14:47.0878 0552 HidUsb - ok
23:14:47.0968 0552 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:14:47.0988 0552 hkmsvc - ok
23:14:47.0998 0552 hpn - ok
23:14:48.0118 0552 hpqwmi (e7e0cf2e13994dab2ce10dfef25bf610) C:\Program Files\HPQ\SHARED\HPQWMI.exe
23:14:48.0148 0552 hpqwmi - ok
23:14:48.0248 0552 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
23:14:48.0318 0552 HSFHWICH - ok
23:14:48.0729 0552 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:14:49.0119 0552 HSF_DP - ok
23:14:49.0260 0552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:14:49.0360 0552 HTTP - ok
23:14:49.0400 0552 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:14:49.0410 0552 HTTPFilter - ok
23:14:49.0420 0552 i2omgmt - ok
23:14:49.0430 0552 i2omp - ok
23:14:49.0480 0552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:14:49.0490 0552 i8042prt - ok
23:14:50.0011 0552 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:14:50.0461 0552 ialm - ok
23:14:50.0622 0552 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:14:50.0642 0552 IDriverT - ok
23:14:51.0222 0552 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:14:51.0503 0552 idsvc - ok
23:14:51.0823 0552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:14:51.0833 0552 Imapi - ok
23:14:51.0943 0552 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:14:51.0993 0552 ImapiService - ok
23:14:52.0004 0552 ini910u - ok
23:14:52.0044 0552 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:14:52.0044 0552 IntelIde - ok
23:14:52.0094 0552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:14:52.0104 0552 intelppm - ok
23:14:52.0154 0552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:14:52.0164 0552 Ip6Fw - ok
23:14:52.0214 0552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:14:52.0224 0552 IpFilterDriver - ok
23:14:52.0254 0552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:14:52.0264 0552 IpInIp - ok
23:14:52.0344 0552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:14:52.0384 0552 IpNat - ok
23:14:52.0765 0552 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
23:14:53.0005 0552 iPod Service - ok
23:14:53.0055 0552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:14:53.0075 0552 IPSec - ok
23:14:53.0105 0552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:14:53.0115 0552 IRENUM - ok
23:14:53.0165 0552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:14:53.0165 0552 isapnp - ok
23:14:53.0345 0552 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
23:14:53.0385 0552 JavaQuickStarterService - ok
23:14:53.0436 0552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:14:53.0446 0552 Kbdclass - ok
23:14:53.0476 0552 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:14:53.0476 0552 kbdhid - ok
23:14:53.0566 0552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:14:53.0616 0552 kmixer - ok
23:14:53.0706 0552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:14:53.0716 0552 KSecDD - ok
23:14:53.0756 0552 L8042Kbd (ec073180926db7e551fce24d7d8a899c) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
23:14:53.0756 0552 L8042Kbd - ok
23:14:53.0826 0552 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:14:53.0856 0552 lanmanserver - ok
23:14:53.0956 0552 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:14:54.0006 0552 lanmanworkstation - ok
23:14:54.0016 0552 lbrtfdc - ok
23:14:54.0127 0552 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
23:14:54.0157 0552 LBTServ - ok
23:14:54.0217 0552 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
23:14:54.0227 0552 LHidFilt - ok
23:14:54.0267 0552 LHidKe (6a255dcbb15d429a545d0f8fc1427970) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
23:14:54.0277 0552 LHidKe - ok
23:14:54.0307 0552 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:14:54.0317 0552 LmHosts - ok
23:14:54.0377 0552 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
23:14:54.0387 0552 LMouFilt - ok
23:14:54.0477 0552 LMouKE (e468833fcb45eced741ba18c5e6116e8) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
23:14:54.0507 0552 LMouKE - ok
23:14:54.0517 0552 lxcj_device - ok
23:14:54.0537 0552 lxcr_device - ok
23:14:54.0557 0552 Machnm32 - ok
23:14:54.0577 0552 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:14:54.0577 0552 mdmxsdk - ok
23:14:54.0627 0552 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:14:54.0637 0552 Messenger - ok
23:14:54.0687 0552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:14:54.0687 0552 mnmdd - ok
23:14:54.0737 0552 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:14:54.0757 0552 mnmsrvc - ok
23:14:54.0798 0552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:14:54.0808 0552 Modem - ok
23:14:54.0848 0552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:14:54.0848 0552 Mouclass - ok
23:14:54.0888 0552 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:14:54.0898 0552 mouhid - ok
23:14:54.0948 0552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:14:54.0948 0552 MountMgr - ok
23:14:54.0958 0552 mraid35x - ok
23:14:55.0038 0552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:14:55.0068 0552 MRxDAV - ok
23:14:55.0268 0552 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:14:55.0268 0552 MRxSmb - ok
23:14:55.0318 0552 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:14:55.0338 0552 MSDTC - ok
23:14:55.0368 0552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:14:55.0368 0552 Msfs - ok
23:14:55.0378 0552 MSIServer - ok
23:14:55.0398 0552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:14:55.0408 0552 MSKSSRV - ok
23:14:55.0448 0552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:14:55.0448 0552 MSPCLOCK - ok
23:14:55.0478 0552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:14:55.0478 0552 MSPQM - ok
23:14:55.0529 0552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:14:55.0539 0552 mssmbios - ok
23:14:55.0619 0552 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:14:55.0629 0552 Mup - ok
23:14:55.0769 0552 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:14:55.0859 0552 napagent - ok
23:14:56.0310 0552 NBService (f46070ddada5c396b1f2ebf1c46dbb08) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
23:14:56.0570 0552 NBService - ok
23:14:56.0750 0552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:14:56.0780 0552 NDIS - ok
23:14:56.0830 0552 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:14:56.0840 0552 NdisTapi - ok
23:14:56.0870 0552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:14:56.0881 0552 Ndisuio - ok
23:14:56.0921 0552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:14:56.0951 0552 NdisWan - ok
23:14:57.0021 0552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:14:57.0031 0552 NDProxy - ok
23:14:57.0071 0552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:14:57.0071 0552 NetBIOS - ok
23:14:57.0151 0552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:14:57.0201 0552 NetBT - ok
23:14:57.0291 0552 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:14:57.0321 0552 NetDDE - ok
23:14:57.0351 0552 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:14:57.0351 0552 NetDDEdsdm - ok
23:14:57.0411 0552 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:14:57.0411 0552 Netlogon - ok
23:14:57.0511 0552 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:14:57.0582 0552 Netman - ok
23:14:57.0772 0552 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:14:57.0812 0552 NetTcpPortSharing - ok
23:14:57.0862 0552 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:14:57.0882 0552 NIC1394 - ok
23:14:58.0012 0552 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:14:58.0092 0552 Nla - ok
23:14:58.0303 0552 NMIndexingService (433049770b810d7c83c5c94cdb3e09d2) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
23:14:58.0473 0552 NMIndexingService - ok
23:14:58.0533 0552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:14:58.0533 0552 Npfs - ok
23:14:58.0773 0552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:14:58.0913 0552 Ntfs - ok
23:14:59.0034 0552 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:14:59.0034 0552 NtLmSsp - ok
23:14:59.0224 0552 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:14:59.0344 0552 NtmsSvc - ok
23:14:59.0424 0552 NuidFltr (20623a75f3c6c1076ebba64dd8c4bc02) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
23:14:59.0424 0552 NuidFltr - ok
23:14:59.0494 0552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:14:59.0494 0552 Null - ok
23:14:59.0524 0552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:14:59.0534 0552 NwlnkFlt - ok
23:14:59.0574 0552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:14:59.0584 0552 NwlnkFwd - ok
23:14:59.0624 0552 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:14:59.0624 0552 ohci1394 - ok
23:14:59.0735 0552 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:14:59.0765 0552 ose - ok
23:14:59.0785 0552 PalmUSBD - ok
23:14:59.0855 0552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:14:59.0875 0552 Parport - ok
23:14:59.0895 0552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:14:59.0895 0552 PartMgr - ok
23:14:59.0915 0552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:14:59.0925 0552 ParVdm - ok
23:14:59.0965 0552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:14:59.0965 0552 PCI - ok
23:14:59.0985 0552 PCIDump - ok
23:14:59.0995 0552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:14:59.0995 0552 PCIIde - ok
23:15:00.0075 0552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:15:00.0095 0552 Pcmcia - ok
23:15:00.0105 0552 PDCOMP - ok
23:15:00.0115 0552 PDFRAME - ok
23:15:00.0135 0552 PDRELI - ok
23:15:00.0145 0552 PDRFRAME - ok
23:15:00.0155 0552 perc2 - ok
23:15:00.0175 0552 perc2hib - ok
23:15:00.0265 0552 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:15:00.0265 0552 PlugPlay - ok
23:15:00.0305 0552 Point32 (d0be72557de73acabbab536496d23115) C:\WINDOWS\system32\DRIVERS\point32.sys
23:15:00.0305 0552 Point32 - ok
23:15:00.0325 0552 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:15:00.0325 0552 PolicyAgent - ok
23:15:00.0406 0552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:15:00.0426 0552 PptpMiniport - ok
23:15:00.0436 0552 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:15:00.0436 0552 ProtectedStorage - ok
23:15:00.0476 0552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:15:00.0506 0552 PSched - ok
23:15:00.0526 0552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:15:00.0536 0552 Ptilink - ok
23:15:00.0586 0552 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
23:15:00.0586 0552 PxHelp20 - ok
23:15:00.0606 0552 ql1080 - ok
23:15:00.0616 0552 Ql10wnt - ok
23:15:00.0626 0552 ql12160 - ok
23:15:00.0646 0552 ql1240 - ok
23:15:00.0656 0552 ql1280 - ok
23:15:00.0676 0552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:15:00.0676 0552 RasAcd - ok
23:15:00.0746 0552 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:15:00.0766 0552 RasAuto - ok
23:15:00.0796 0552 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:15:00.0806 0552 Rasirda - ok
23:15:00.0856 0552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:15:00.0876 0552 Rasl2tp - ok
23:15:00.0996 0552 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:15:01.0047 0552 RasMan - ok
23:15:01.0077 0552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:15:01.0087 0552 RasPppoe - ok
23:15:01.0117 0552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:15:01.0117 0552 Raspti - ok
23:15:01.0237 0552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:15:01.0267 0552 Rdbss - ok
23:15:01.0317 0552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:15:01.0317 0552 RDPCDD - ok
23:15:01.0447 0552 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:15:01.0497 0552 RDPWD - ok
23:15:01.0577 0552 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:15:01.0627 0552 RDSessMgr - ok
23:15:01.0677 0552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:15:01.0697 0552 redbook - ok
23:15:01.0758 0552 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:15:01.0778 0552 RemoteAccess - ok
23:15:01.0828 0552 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:15:01.0858 0552 RpcLocator - ok
23:15:02.0278 0552 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
23:15:02.0278 0552 RpcSs - ok
23:15:02.0388 0552 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:15:02.0428 0552 RSVP - ok
23:15:02.0519 0552 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
23:15:02.0539 0552 RTL8023 - ok
23:15:02.0629 0552 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
23:15:02.0699 0552 RTL8023xp - ok
23:15:02.0749 0552 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:15:02.0749 0552 SamSs - ok
23:15:02.0829 0552 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:15:02.0869 0552 SCardSvr - ok
23:15:02.0969 0552 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:15:03.0029 0552 Schedule - ok
23:15:03.0089 0552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:15:03.0109 0552 Secdrv - ok
23:15:03.0220 0552 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:15:03.0380 0552 seclogon - ok
23:15:03.0450 0552 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:15:03.0460 0552 SENS - ok
23:15:03.0540 0552 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:15:03.0550 0552 serenum - ok
23:15:03.0600 0552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:15:03.0600 0552 Serial - ok
23:15:03.0660 0552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:15:03.0670 0552 Sfloppy - ok
23:15:03.0831 0552 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:15:03.0921 0552 SharedAccess - ok
23:15:04.0011 0552 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:15:04.0011 0552 ShellHWDetection - ok
23:15:04.0021 0552 Simbad - ok
23:15:04.0081 0552 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
23:15:04.0091 0552 SMCIRDA - ok
23:15:04.0111 0552 Sparrow - ok
23:15:04.0151 0552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:15:04.0151 0552 splitter - ok
23:15:04.0191 0552 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:15:04.0211 0552 Spooler - ok
23:15:04.0251 0552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:15:04.0261 0552 sr - ok
23:15:04.0371 0552 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:15:04.0451 0552 srservice - ok
23:15:04.0622 0552 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:15:04.0722 0552 Srv - ok
23:15:04.0802 0552 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:15:04.0832 0552 SSDPSRV - ok
23:15:05.0002 0552 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:15:05.0102 0552 stisvc - ok
23:15:05.0172 0552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:15:05.0172 0552 swenum - ok
23:15:05.0223 0552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:15:05.0243 0552 swmidi - ok
23:15:05.0263 0552 SwPrv - ok
23:15:05.0283 0552 symc810 - ok
23:15:05.0303 0552 symc8xx - ok
23:15:05.0323 0552 sym_hi - ok
23:15:05.0343 0552 sym_u3 - ok
23:15:05.0503 0552 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:15:05.0573 0552 SynTP - ok
23:15:05.0633 0552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:15:05.0643 0552 sysaudio - ok
23:15:05.0713 0552 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:15:05.0743 0552 SysmonLog - ok
23:15:05.0863 0552 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:15:05.0934 0552 TapiSrv - ok
23:15:06.0124 0552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:15:06.0224 0552 Tcpip - ok
23:15:06.0274 0552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:15:06.0274 0552 TDPIPE - ok
23:15:06.0314 0552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:15:06.0314 0552 TDTCP - ok
23:15:06.0364 0552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:15:06.0384 0552 TermDD - ok
23:15:06.0514 0552 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:15:06.0604 0552 TermService - ok
23:15:06.0685 0552 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:15:06.0685 0552 Themes - ok
23:15:06.0715 0552 TosIde - ok
23:15:06.0825 0552 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:15:06.0845 0552 TrkWks - ok
23:15:06.0905 0552 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
23:15:06.0915 0552 TVICHW32 - ok
23:15:06.0965 0552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:15:06.0985 0552 Udfs - ok
23:15:07.0005 0552 ultra - ok
23:15:07.0195 0552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:15:07.0306 0552 Update - ok
23:15:07.0436 0552 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:15:07.0486 0552 upnphost - ok
23:15:07.0516 0552 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:15:07.0526 0552 UPS - ok
23:15:07.0586 0552 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:15:07.0596 0552 USBAAPL - ok
23:15:07.0636 0552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:15:07.0646 0552 usbccgp - ok
23:15:07.0706 0552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:15:07.0716 0552 usbehci - ok
23:15:07.0746 0552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:15:07.0766 0552 usbhub - ok
23:15:07.0796 0552 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:15:07.0806 0552 usbohci - ok
23:15:07.0846 0552 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:15:07.0856 0552 usbscan - ok
23:15:07.0926 0552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:15:07.0936 0552 USBSTOR - ok
23:15:07.0956 0552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:15:07.0966 0552 usbuhci - ok
23:15:07.0996 0552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:15:07.0996 0552 VgaSave - ok
23:15:08.0037 0552 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:15:08.0037 0552 ViaIde - ok
23:15:08.0067 0552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:15:08.0077 0552 VolSnap - ok
23:15:08.0217 0552 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:15:08.0307 0552 VSS - ok
23:15:08.0948 0552 w22n51 (b6cb2cce557ce57c72c3d31e701e6e39) C:\WINDOWS\system32\DRIVERS\w22n51.sys
23:15:09.0479 0552 w22n51 - ok
23:15:09.0949 0552 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:15:09.0999 0552 W32Time - ok
23:15:10.0110 0552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:15:10.0120 0552 Wanarp - ok
23:15:10.0330 0552 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:15:10.0470 0552 Wdf01000 - ok
23:15:10.0490 0552 WDICA - ok
23:15:10.0560 0552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:15:10.0590 0552 wdmaud - ok
23:15:10.0670 0552 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:15:10.0690 0552 WebClient - ok
23:15:10.0981 0552 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:15:11.0191 0552 winachsf - ok
23:15:11.0361 0552 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:15:11.0411 0552 winmgmt - ok
23:15:11.0502 0552 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:15:11.0522 0552 WmdmPmSN - ok
23:15:11.0552 0552 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:15:11.0562 0552 WmiAcpi - ok
23:15:11.0642 0552 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:15:11.0682 0552 WmiApSrv - ok
23:15:12.0102 0552 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:15:12.0353 0552 WMPNetworkSvc - ok
23:15:12.0433 0552 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:15:12.0443 0552 WpdUsb - ok
23:15:12.0513 0552 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:15:12.0513 0552 WS2IFSL - ok
23:15:12.0593 0552 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:15:12.0613 0552 wscsvc - ok
23:15:12.0653 0552 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:15:12.0663 0552 wuauserv - ok
23:15:12.0713 0552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:15:12.0723 0552 WudfPf - ok
23:15:12.0783 0552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:15:12.0813 0552 WudfRd - ok
23:15:12.0863 0552 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:15:12.0884 0552 WudfSvc - ok
23:15:13.0104 0552 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:15:13.0244 0552 WZCSVC - ok
23:15:13.0334 0552 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:15:13.0374 0552 xmlprov - ok
23:15:13.0474 0552 {6080A529-897E-4629-A488-ABA0C29B635E} (887d6363d9d8de694e4b66f0186952d4) C:\WINDOWS\system32\drivers\ialmsbw.sys
23:15:13.0504 0552 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
23:15:13.0575 0552 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (9acbcba2a6d11fb9ada56996b9586752) C:\WINDOWS\system32\drivers\ialmkchw.sys
23:15:13.0605 0552 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
23:15:13.0665 0552 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} (dfedb24618117e72d5b5c8f95d877b0b) C:\WINDOWS\system32\drivers\wA301a.sys
23:15:13.0675 0552 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} - ok
23:15:13.0705 0552 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
23:15:14.0255 0552 \Device\Harddisk0\DR0 - ok
23:15:14.0276 0552 Boot (0x1200) (78a3ad4eba82ab4bf3b9e368b7707e40) \Device\Harddisk0\DR0\Partition0
23:15:14.0286 0552 \Device\Harddisk0\DR0\Partition0 - ok
23:15:14.0286 0552 ============================================================
23:15:14.0286 0552 Scan finished
23:15:14.0286 0552 ============================================================
23:15:14.0316 3668 Detected object count: 0
23:15:14.0316 3668 Actual detected object count: 0
23:15:46.0422 1288 ============================================================
23:15:46.0422 1288 Scan started
23:15:46.0422 1288 Mode: Manual;
23:15:46.0422 1288 ============================================================
23:15:46.0912 1288 Abiosdsk - ok
23:15:46.0932 1288 abp480n5 - ok
23:15:47.0043 1288 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:15:47.0053 1288 ACPI - ok
23:15:47.0103 1288 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:15:47.0103 1288 ACPIEC - ok
23:15:47.0123 1288 adpu160m - ok
23:15:47.0203 1288 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:15:47.0203 1288 aec - ok
23:15:47.0293 1288 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:15:47.0293 1288 AFD - ok
23:15:47.0373 1288 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
23:15:47.0373 1288 AFS2K - ok
23:15:47.0423 1288 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:15:47.0423 1288 agp440 - ok
23:15:47.0453 1288 Aha154x - ok
23:15:47.0473 1288 aic78u2 - ok
23:15:47.0483 1288 aic78xx - ok
23:15:47.0553 1288 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:15:47.0553 1288 Alerter - ok
23:15:47.0603 1288 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:15:47.0603 1288 ALG - ok
23:15:47.0623 1288 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:15:47.0623 1288 AliIde - ok
23:15:47.0633 1288 amsint - ok
23:15:47.0784 1288 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:15:47.0784 1288 Apple Mobile Device - ok
23:15:47.0804 1288 AppMgmt - ok
23:15:47.0854 1288 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:15:47.0854 1288 Arp1394 - ok
23:15:47.0874 1288 asc - ok
23:15:47.0884 1288 asc3350p - ok
23:15:47.0904 1288 asc3550 - ok
23:15:48.0094 1288 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:15:48.0094 1288 aspnet_state - ok
23:15:48.0134 1288 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:15:48.0134 1288 AsyncMac - ok
23:15:48.0234 1288 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:15:48.0234 1288 atapi - ok
23:15:48.0254 1288 Atdisk - ok
23:15:48.0314 1288 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:15:48.0314 1288 Atmarpc - ok
23:15:48.0365 1288 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:15:48.0365 1288 AudioSrv - ok
23:15:48.0435 1288 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:15:48.0435 1288 audstub - ok
23:15:48.0645 1288 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
23:15:48.0655 1288 avg9wd - ok
23:15:48.0785 1288 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
23:15:48.0785 1288 AvgLdx86 - ok
23:15:48.0825 1288 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
23:15:48.0825 1288 AvgMfx86 - ok
23:15:48.0925 1288 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
23:15:48.0935 1288 AvgTdiX - ok
23:15:49.0406 1288 BCM43XX (c89327377d4b62dc792e8930ea55f571) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:15:49.0426 1288 BCM43XX - ok
23:15:49.0937 1288 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:15:49.0937 1288 Beep - ok
23:15:50.0157 1288 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:15:50.0167 1288 BITS - ok
23:15:50.0417 1288 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:15:50.0417 1288 Bonjour Service - ok
23:15:50.0488 1288 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:15:50.0498 1288 Browser - ok
23:15:50.0648 1288 CAMCAUD (2f78085eb29a20b7d030374e8a388e7f) C:\WINDOWS\system32\drivers\camcaud.sys
23:15:50.0658 1288 CAMCAUD - ok
23:15:50.0758 1288 CAMCHALA (407cd35839a1fffd7e28e0467f1cf4b8) C:\WINDOWS\system32\drivers\camchal.sys
23:15:50.0758 1288 CAMCHALA - ok
23:15:50.0898 1288 catchme - ok
23:15:50.0938 1288 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:15:50.0938 1288 cbidf2k - ok
23:15:50.0958 1288 cd20xrnt - ok
23:15:50.0978 1288 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:15:50.0978 1288 Cdaudio - ok
23:15:51.0058 1288 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:15:51.0058 1288 Cdfs - ok
23:15:51.0119 1288 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
23:15:51.0119 1288 cdrbsdrv - ok
23:15:51.0159 1288 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:15:51.0159 1288 Cdrom - ok
23:15:51.0179 1288 Changer - ok
23:15:51.0209 1288 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:15:51.0209 1288 CiSvc - ok
23:15:51.0249 1288 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:15:51.0259 1288 ClipSrv - ok
23:15:51.0449 1288 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:15:51.0449 1288 clr_optimization_v2.0.50727_32 - ok
23:15:51.0559 1288 CLTNetCnService - ok
23:15:51.0609 1288 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:15:51.0609 1288 CmBatt - ok
23:15:51.0629 1288 CmdIde - ok
23:15:51.0649 1288 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:15:51.0649 1288 Compbatt - ok
23:15:51.0669 1288 COMSysApp - ok
23:15:51.0699 1288 Cpqarray - ok
23:15:51.0769 1288 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:15:51.0769 1288 CryptSvc - ok
23:15:51.0789 1288 dac2w2k - ok
23:15:51.0809 1288 dac960nt - ok
23:15:51.0990 1288 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:15:52.0010 1288 DcomLaunch - ok
23:15:52.0060 1288 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:15:52.0060 1288 Dhcp - ok
23:15:52.0100 1288 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:15:52.0100 1288 Disk - ok
23:15:52.0120 1288 dmadmin - ok
23:15:52.0430 1288 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:15:52.0440 1288 dmboot - ok
23:15:52.0511 1288 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:15:52.0521 1288 dmio - ok
23:15:52.0561 1288 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:15:52.0561 1288 dmload - ok
23:15:52.0601 1288 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:15:52.0601 1288 dmserver - ok
23:15:52.0661 1288 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:15:52.0661 1288 DMusic - ok
23:15:52.0721 1288 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:15:52.0721 1288 Dnscache - ok
23:15:52.0801 1288 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:15:52.0811 1288 Dot3svc - ok
23:15:52.0821 1288 dpti2o - ok
23:15:52.0861 1288 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:15:52.0861 1288 drmkaud - ok
23:15:52.0921 1288 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
23:15:52.0921 1288 eabfiltr - ok
23:15:52.0971 1288 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
23:15:52.0971 1288 eabusb - ok
23:15:53.0011 1288 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:15:53.0011 1288 EapHost - ok
23:15:53.0302 1288 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:15:53.0312 1288 eeCtrl - ok
23:15:53.0362 1288 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:15:53.0362 1288 ERSvc - ok
23:15:53.0452 1288 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:15:53.0452 1288 Eventlog - ok
23:15:53.0602 1288 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:15:53.0602 1288 EventSystem - ok
23:15:53.0682 1288 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:15:53.0682 1288 Fastfat - ok
23:15:53.0772 1288 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:15:53.0782 1288 FastUserSwitchingCompatibility - ok
23:15:53.0852 1288 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:15:53.0852 1288 Fdc - ok
23:15:53.0872 1288 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:15:53.0882 1288 Fips - ok
23:15:53.0913 1288 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:15:53.0913 1288 Flpydisk - ok
23:15:54.0023 1288 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:15:54.0023 1288 FltMgr - ok
23:15:54.0223 1288 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:15:54.0223 1288 FontCache3.0.0.0 - ok
23:15:54.0283 1288 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:15:54.0283 1288 Fs_Rec - ok
23:15:54.0343 1288 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:15:54.0343 1288 Ftdisk - ok
23:15:54.0403 1288 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:15:54.0403 1288 GEARAspiWDM - ok
23:15:54.0443 1288 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:15:54.0443 1288 Gpc - ok
23:15:54.0644 1288 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:15:54.0654 1288 gusvc - ok
23:15:54.0724 1288 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:15:54.0724 1288 helpsvc - ok
23:15:54.0804 1288 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
23:15:54.0804 1288 HidServ - ok
23:15:54.0864 1288 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:15:54.0864 1288 HidUsb - ok
23:15:54.0934 1288 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:15:54.0934 1288 hkmsvc - ok
23:15:54.0954 1288 hpn - ok
23:15:55.0064 1288 hpqwmi (e7e0cf2e13994dab2ce10dfef25bf610) C:\Program Files\HPQ\SHARED\HPQWMI.exe
23:15:55.0074 1288 hpqwmi - ok
23:15:55.0184 1288 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
23:15:55.0194 1288 HSFHWICH - ok
23:15:55.0585 1288 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:15:55.0595 1288 HSF_DP - ok
23:15:55.0755 1288 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:15:55.0775 1288 HTTP - ok
23:15:55.0805 1288 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:15:55.0805 1288 HTTPFilter - ok
23:15:55.0825 1288 i2omgmt - ok
23:15:55.0845 1288 i2omp - ok
23:15:55.0895 1288 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:15:55.0895 1288 i8042prt - ok
23:15:56.0406 1288 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:15:56.0416 1288 ialm - ok
23:15:56.0606 1288 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:15:56.0606 1288 IDriverT - ok
23:15:57.0187 1288 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:15:57.0197 1288 idsvc - ok
23:15:57.0508 1288 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:15:57.0518 1288 Imapi - ok
23:15:57.0618 1288 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:15:57.0618 1288 ImapiService - ok
23:15:57.0648 1288 ini910u - ok
23:15:57.0668 1288 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:15:57.0678 1288 IntelIde - ok
23:15:57.0738 1288 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:15:57.0738 1288 intelppm - ok
23:15:57.0798 1288 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:15:57.0798 1288 Ip6Fw - ok
23:15:57.0858 1288 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:15:57.0858 1288 IpFilterDriver - ok
23:15:57.0898 1288 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:15:57.0908 1288 IpInIp - ok
23:15:57.0988 1288 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:15:57.0988 1288 IpNat - ok
23:15:58.0359 1288 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
23:15:58.0369 1288 iPod Service - ok
23:15:58.0419 1288 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:15:58.0419 1288 IPSec - ok
23:15:58.0469 1288 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:15:58.0469 1288 IRENUM - ok
23:15:58.0519 1288 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:15:58.0519 1288 isapnp - ok
23:15:58.0719 1288 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
23:15:58.0719 1288 JavaQuickStarterService - ok
23:15:58.0790 1288 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:15:58.0790 1288 Kbdclass - ok
23:15:58.0820 1288 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:15:58.0820 1288 kbdhid - ok
23:15:58.0910 1288 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:15:58.0910 1288 kmixer - ok
23:15:59.0010 1288 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:15:59.0010 1288 KSecDD - ok
23:15:59.0050 1288 L8042Kbd (ec073180926db7e551fce24d7d8a899c) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
23:15:59.0050 1288 L8042Kbd - ok
23:15:59.0120 1288 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:15:59.0120 1288 lanmanserver - ok
23:15:59.0230 1288 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:15:59.0230 1288 lanmanworkstation - ok
23:15:59.0250 1288 lbrtfdc - ok
23:15:59.0340 1288 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
23:15:59.0350 1288 LBTServ - ok
23:15:59.0410 1288 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
23:15:59.0410 1288 LHidFilt - ok
23:15:59.0440 1288 LHidKe (6a255dcbb15d429a545d0f8fc1427970) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
23:15:59.0440 1288 LHidKe - ok
23:15:59.0521 1288 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:15:59.0521 1288 LmHosts - ok
23:15:59.0571 1288 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
23:15:59.0571 1288 LMouFilt - ok
23:15:59.0631 1288 LMouKE (e468833fcb45eced741ba18c5e6116e8) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
23:15:59.0631 1288 LMouKE - ok
23:15:59.0661 1288 lxcj_device - ok
23:15:59.0681 1288 lxcr_device - ok
23:15:59.0691 1288 Machnm32 - ok
23:15:59.0741 1288 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:15:59.0741 1288 mdmxsdk - ok
23:15:59.0781 1288 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:15:59.0781 1288 Messenger - ok
23:15:59.0831 1288 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:15:59.0831 1288 mnmdd - ok
23:15:59.0881 1288 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:15:59.0881 1288 mnmsrvc - ok
23:15:59.0951 1288 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:15:59.0951 1288 Modem - ok
23:15:59.0981 1288 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:15:59.0981 1288 Mouclass - ok
23:16:00.0011 1288 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:16:00.0011 1288 mouhid - ok
23:16:00.0091 1288 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:16:00.0091 1288 MountMgr - ok
23:16:00.0111 1288 mraid35x - ok
23:16:00.0202 1288 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:16:00.0212 1288 MRxDAV - ok
23:16:00.0402 1288 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:16:00.0412 1288 MRxSmb - ok
23:16:00.0452 1288 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:16:00.0462 1288 MSDTC - ok
23:16:00.0492 1288 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:16:00.0492 1288 Msfs - ok
23:16:00.0522 1288 MSIServer - ok
23:16:00.0542 1288 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:16:00.0542 1288 MSKSSRV - ok
23:16:00.0562 1288 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:16:00.0562 1288 MSPCLOCK - ok
23:16:00.0602 1288 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:16:00.0602 1288 MSPQM - ok
23:16:00.0662 1288 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:16:00.0672 1288 mssmbios - ok
23:16:00.0742 1288 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:16:00.0752 1288 Mup - ok
23:16:00.0893 1288 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:16:00.0903 1288 napagent - ok
23:16:01.0343 1288 NBService (f46070ddada5c396b1f2ebf1c46dbb08) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
23:16:01.0353 1288 NBService - ok
23:16:01.0533 1288 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:16:01.0533 1288 NDIS - ok
23:16:01.0594 1288 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:16:01.0594 1288 NdisTapi - ok
23:16:01.0624 1288 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:16:01.0624 1288 Ndisuio - ok
23:16:01.0674 1288 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:16:01.0674 1288 NdisWan - ok
23:16:01.0744 1288 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:16:01.0744 1288 NDProxy - ok
23:16:01.0764 1288 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:16:01.0764 1288 NetBIOS - ok
23:16:01.0834 1288 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:16:01.0834 1288 NetBT - ok
23:16:01.0924 1288 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:16:01.0924 1288 NetDDE - ok
23:16:01.0944 1288 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:16:01.0944 1288 NetDDEdsdm - ok
23:16:02.0004 1288 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:16:02.0004 1288 Netlogon - ok
23:16:02.0104 1288 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:16:02.0104 1288 Netman - ok
23:16:02.0305 1288 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:16:02.0305 1288 NetTcpPortSharing - ok
23:16:02.0355 1288 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:16:02.0365 1288 NIC1394 - ok
23:16:02.0475 1288 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:16:02.0485 1288 Nla - ok
23:16:02.0735 1288 NMIndexingService (433049770b810d7c83c5c94cdb3e09d2) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
23:16:02.0745 1288 NMIndexingService - ok
23:16:02.0815 1288 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:16:02.0815 1288 Npfs - ok
23:16:03.0006 1288 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:16:03.0016 1288 Ntfs - ok
23:16:03.0046 1288 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:16:03.0046 1288 NtLmSsp - ok
23:16:03.0236 1288 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:16:03.0246 1288 NtmsSvc - ok
23:16:03.0306 1288 NuidFltr (20623a75f3c6c1076ebba64dd8c4bc02) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
23:16:03.0306 1288 NuidFltr - ok
23:16:03.0366 1288 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:16:03.0366 1288 Null - ok
23:16:03.0406 1288 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:16:03.0406 1288 NwlnkFlt - ok
23:16:03.0446 1288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:16:03.0456 1288 NwlnkFwd - ok
23:16:03.0506 1288 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:16:03.0506 1288 ohci1394 - ok
23:16:03.0677 1288 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:16:03.0677 1288 ose - ok
23:16:03.0717 1288 PalmUSBD - ok
23:16:03.0777 1288 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:16:03.0777 1288 Parport - ok
23:16:03.0797 1288 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:16:03.0797 1288 PartMgr - ok
23:16:03.0847 1288 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:16:03.0847 1288 ParVdm - ok
23:16:03.0887 1288 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:16:03.0887 1288 PCI - ok
23:16:03.0907 1288 PCIDump - ok
23:16:03.0927 1288 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:16:03.0927 1288 PCIIde - ok
23:16:03.0977 1288 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:16:03.0977 1288 Pcmcia - ok
23:16:03.0997 1288 PDCOMP - ok
23:16:04.0017 1288 PDFRAME - ok
23:16:04.0037 1288 PDRELI - ok
23:16:04.0057 1288 PDRFRAME - ok
23:16:04.0077 1288 perc2 - ok
23:16:04.0097 1288 perc2hib - ok
23:16:04.0217 1288 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:16:04.0217 1288 PlugPlay - ok
23:16:04.0267 1288 Point32 (d0be72557de73acabbab536496d23115) C:\WINDOWS\system32\DRIVERS\point32.sys
23:16:04.0267 1288 Point32 - ok
23:16:04.0307 1288 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:16:04.0317 1288 PolicyAgent - ok
23:16:04.0388 1288 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:16:04.0388 1288 PptpMiniport - ok
23:16:04.0408 1288 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:16:04.0408 1288 ProtectedStorage - ok
23:16:04.0448 1288 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:16:04.0448 1288 PSched - ok
23:16:04.0478 1288 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:16:04.0478 1288 Ptilink - ok
23:16:04.0538 1288 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
23:16:04.0538 1288 PxHelp20 - ok
23:16:04.0568 1288 ql1080 - ok
23:16:04.0578 1288 Ql10wnt - ok
23:16:04.0598 1288 ql12160 - ok
23:16:04.0618 1288 ql1240 - ok
23:16:04.0628 1288 ql1280 - ok
23:16:04.0678 1288 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:16:04.0678 1288 RasAcd - ok
23:16:04.0738 1288 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:16:04.0738 1288 RasAuto - ok
23:16:04.0778 1288 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:16:04.0778 1288 Rasirda - ok
23:16:04.0838 1288 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:16:04.0838 1288 Rasl2tp - ok
23:16:04.0948 1288 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:16:04.0958 1288 RasMan - ok
23:16:04.0988 1288 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:16:04.0988 1288 RasPppoe - ok
23:16:05.0029 1288 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:16:05.0029 1288 Raspti - ok
23:16:05.0119 1288 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:16:05.0119 1288 Rdbss - ok
23:16:05.0149 1288 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:16:05.0149 1288 RDPCDD - ok
23:16:05.0259 1288 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:16:05.0259 1288 RDPWD - ok
23:16:05.0339 1288 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:16:05.0339 1288 RDSessMgr - ok
23:16:05.0399 1288 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:16:05.0409 1288 redbook - ok
23:16:05.0469 1288 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:16:05.0469 1288 RemoteAccess - ok
23:16:05.0539 1288 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:16:05.0549 1288 RpcLocator - ok
23:16:05.0730 1288 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
23:16:05.0730 1288 RpcSs - ok
23:16:05.0830 1288 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:16:05.0850 1288 RSVP - ok
23:16:05.0910 1288 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
23:16:05.0910 1288 RTL8023 - ok
23:16:06.0000 1288 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
23:16:06.0000 1288 RTL8023xp - ok
23:16:06.0040 1288 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:16:06.0050 1288 SamSs - ok
23:16:06.0120 1288 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:16:06.0120 1288 SCardSvr - ok
23:16:06.0230 1288 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:16:06.0240 1288 Schedule - ok
23:16:06.0300 1288 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:16:06.0300 1288 Secdrv - ok
23:16:06.0350 1288 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:16:06.0350 1288 seclogon - ok
23:16:06.0390 1288 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:16:06.0400 1288 SENS - ok
23:16:06.0451 1288 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:16:06.0451 1288 serenum - ok
23:16:06.0511 1288 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:16:06.0511 1288 Serial - ok
23:16:06.0581 1288 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:16:06.0581 1288 Sfloppy - ok
23:16:06.0741 1288 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:16:06.0751 1288 SharedAccess - ok
23:16:06.0831 1288 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:16:06.0841 1288 ShellHWDetection - ok
23:16:06.0851 1288 Simbad - ok
23:16:06.0921 1288 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
23:16:06.0921 1288 SMCIRDA - ok
23:16:06.0951 1288 Sparrow - ok
23:16:06.0971 1288 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:16:06.0981 1288 splitter - ok
23:16:07.0021 1288 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:16:07.0021 1288 Spooler - ok
23:16:07.0061 1288 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:16:07.0071 1288 sr - ok
23:16:07.0172 1288 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:16:07.0172 1288 srservice - ok
23:16:07.0332 1288 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:16:07.0332 1288 Srv - ok
23:16:07.0402 1288 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:16:07.0402 1288 SSDPSRV - ok
23:16:07.0552 1288 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:16:07.0562 1288 stisvc - ok
23:16:07.0602 1288 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:16:07.0602 1288 swenum - ok
23:16:07.0682 1288 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:16:07.0682 1288 swmidi - ok
23:16:07.0702 1288 SwPrv - ok
23:16:07.0722 1288 symc810 - ok
23:16:07.0742 1288 symc8xx - ok
23:16:07.0762 1288 sym_hi - ok
23:16:07.0782 1288 sym_u3 - ok
23:16:07.0913 1288 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:16:07.0923 1288 SynTP - ok
23:16:08.0003 1288 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:16:08.0003 1288 sysaudio - ok
23:16:08.0073 1288 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:16:08.0083 1288 SysmonLog - ok
23:16:08.0213 1288 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:16:08.0213 1288 TapiSrv - ok
23:16:08.0393 1288 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:16:08.0403 1288 Tcpip - ok
23:16:08.0443 1288 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:16:08.0443 1288 TDPIPE - ok
23:16:08.0483 1288 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:16:08.0483 1288 TDTCP - ok
23:16:08.0544 1288 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:16:08.0544 1288 TermDD - ok
23:16:08.0674 1288 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:16:08.0674 1288 TermService - ok
23:16:08.0764 1288 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:16:08.0774 1288 Themes - ok
23:16:08.0794 1288 TosIde - ok
23:16:08.0874 1288 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:16:08.0874 1288 TrkWks - ok
23:16:08.0944 1288 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
23:16:08.0944 1288 TVICHW32 - ok
23:16:08.0984 1288 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:16:08.0984 1288 Udfs - ok
23:16:09.0004 1288 ultra - ok
23:16:09.0184 1288 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:16:09.0194 1288 Update - ok
23:16:09.0285 1288 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:16:09.0285 1288 upnphost - ok
23:16:09.0335 1288 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:16:09.0335 1288 UPS - ok
23:16:09.0405 1288 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:16:09.0405 1288 USBAAPL - ok
23:16:09.0445 1288 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:16:09.0445 1288 usbccgp - ok
23:16:09.0495 1288 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:16:09.0495 1288 usbehci - ok
23:16:09.0535 1288 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:16:09.0535 1288 usbhub - ok
23:16:09.0575 1288 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:16:09.0575 1288 usbohci - ok
23:16:09.0625 1288 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:16:09.0625 1288 usbscan - ok
23:16:09.0705 1288 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:16:09.0705 1288 USBSTOR - ok
23:16:09.0735 1288 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:16:09.0735 1288 usbuhci - ok
23:16:09.0765 1288 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:16:09.0765 1288 VgaSave - ok
23:16:09.0805 1288 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:16:09.0805 1288 ViaIde - ok
23:16:09.0835 1288 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:16:09.0835 1288 VolSnap - ok
23:16:09.0986 1288 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:16:09.0996 1288 VSS - ok
23:16:10.0657 1288 w22n51 (b6cb2cce557ce57c72c3d31e701e6e39) C:\WINDOWS\system32\DRIVERS\w22n51.sys
23:16:10.0677 1288 w22n51 - ok
23:16:11.0117 1288 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:16:11.0127 1288 W32Time - ok
23:16:11.0217 1288 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:16:11.0227 1288 Wanarp - ok
23:16:11.0428 1288 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:16:11.0438 1288 Wdf01000 - ok
23:16:11.0448 1288 WDICA - ok
23:16:11.0518 1288 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:16:11.0518 1288 wdmaud - ok
23:16:11.0628 1288 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:16:11.0628 1288 WebClient - ok
23:16:11.0918 1288 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:16:11.0918 1288 winachsf - ok
23:16:12.0069 1288 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:16:12.0069 1288 winmgmt - ok
23:16:12.0169 1288 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:16:12.0169 1288 WmdmPmSN - ok
23:16:12.0199 1288 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:16:12.0199 1288 WmiAcpi - ok
23:16:12.0279 1288 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:16:12.0279 1288 WmiApSrv - ok
23:16:12.0690 1288 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:16:12.0700 1288 WMPNetworkSvc - ok
23:16:12.0750 1288 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:16:12.0750 1288 WpdUsb - ok
23:16:12.0800 1288 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:16:12.0800 1288 WS2IFSL - ok
23:16:12.0880 1288 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:16:12.0880 1288 wscsvc - ok
23:16:12.0910 1288 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:16:12.0920 1288 wuauserv - ok
23:16:12.0970 1288 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:16:12.0970 1288 WudfPf - ok
23:16:13.0040 1288 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:16:13.0050 1288 WudfRd - ok
23:16:13.0110 1288 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:16:13.0120 1288 WudfSvc - ok
23:16:13.0360 1288 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:16:13.0371 1288 WZCSVC - ok
23:16:13.0451 1288 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:16:13.0451 1288 xmlprov - ok
23:16:13.0541 1288 {6080A529-897E-4629-A488-ABA0C29B635E} (887d6363d9d8de694e4b66f0186952d4) C:\WINDOWS\system32\drivers\ialmsbw.sys
23:16:13.0541 1288 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
23:16:13.0611 1288 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (9acbcba2a6d11fb9ada56996b9586752) C:\WINDOWS\system32\drivers\ialmkchw.sys
23:16:13.0611 1288 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
23:16:13.0661 1288 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} (dfedb24618117e72d5b5c8f95d877b0b) C:\WINDOWS\system32\drivers\wA301a.sys
23:16:13.0671 1288 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} - ok
23:16:13.0711 1288 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
23:16:14.0232 1288 \Device\Harddisk0\DR0 - ok
23:16:14.0252 1288 Boot (0x1200) (78a3ad4eba82ab4bf3b9e368b7707e40) \Device\Harddisk0\DR0\Partition0
23:16:14.0252 1288 \Device\Harddisk0\DR0\Partition0 - ok
23:16:14.0262 1288 ============================================================
23:16:14.0262 1288 Scan finished
23:16:14.0262 1288 ============================================================
23:16:14.0292 2936 Detected object count: 0
23:16:14.0292 2936 Actual detected object count: 0

#9 hurricane mouth

hurricane mouth
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 23 June 2012 - 06:21 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 23:18:13
-----------------------------
23:18:13.684 OS Version: Windows 5.1.2600 Service Pack 3
23:18:13.694 Number of processors: 1 586 0x905
23:18:13.694 ComputerName: HPLAPTOP UserName: Reed
23:18:16.498 Initialize success
23:22:40.878 AVAST engine defs: 12062301
23:23:15.407 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:23:15.407 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD5A Size: 57231MB BusType: 3
23:23:15.437 Disk 0 MBR read successfully
23:23:15.447 Disk 0 MBR scan
23:23:15.728 Disk 0 unknown MBR code
23:23:15.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
23:23:15.768 Disk 0 scanning sectors +117194175
23:23:15.958 Disk 0 scanning C:\WINDOWS\system32\drivers
23:23:58.930 Service scanning
23:24:44.676 Modules scanning
23:25:05.265 Disk 0 trace - called modules:
23:25:05.305 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
23:25:05.315 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86785ab8]
23:25:05.716 3 CLASSPNP.SYS[f7782fd7] -> nt!IofCallDriver -> \Device\00000077[0x867a4f18]
23:25:05.726 5 ACPI.sys[f76f9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x867ca940]
23:25:08.921 AVAST engine scan C:\WINDOWS
23:26:37.668 AVAST engine scan C:\WINDOWS\system32
23:38:31.605 AVAST engine scan C:\WINDOWS\system32\drivers
23:39:14.506 AVAST engine scan C:\Documents and Settings\Reed
23:46:27.649 AVAST engine scan C:\Documents and Settings\All Users
23:48:20.822 Scan finished successfully
00:19:37.370 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Reed\Desktop\MBR.dat"
00:19:37.410 The log file has been saved successfully to "C:\Documents and Settings\Reed\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 23 June 2012 - 08:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hurricane mouth

hurricane mouth
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 24 June 2012 - 04:46 AM

ComboFix 12-06-23.06 - Reed 24/06/2012 10:10:55.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.447 [GMT 1:00]
Running from: c:\documents and settings\Reed\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Reed\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-22 11:44 . 2012-06-22 11:44 -------- d-----w- c:\program files\ESET
2012-06-22 08:48 . 2012-06-22 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-06-22 08:47 . 2012-06-22 08:47 73728 ----a-r- c:\documents and settings\Reed\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-22 08:47 . 2012-06-22 08:47 73728 ----a-r- c:\documents and settings\Reed\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-22 08:47 . 2012-06-22 08:47 73728 ----a-r- c:\documents and settings\Reed\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-22 08:46 . 2012-06-22 08:46 -------- d-----w- c:\program files\Sophos
2012-06-21 16:34 . 2012-06-21 16:34 -------- d-----w- c:\documents and settings\Reed\Application Data\Malwarebytes
2012-06-21 16:34 . 2012-06-21 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-21 16:34 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 16:34 . 2012-06-21 16:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-18 20:07 . 2012-06-18 20:07 -------- d-----w- c:\program files\7-Zip
2012-06-18 17:28 . 2012-06-18 17:28 -------- d-----w- c:\program files\iPod
2012-06-18 17:27 . 2012-06-18 17:30 -------- d-----w- c:\program files\iTunes
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-06-18 17:09 . 2012-06-18 17:09 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-06-18 17:05 . 2012-06-18 17:05 1409 ----a-w- c:\windows\QTFont.for
2012-06-03 22:34 . 2012-06-03 22:34 -------- d-----w- C:\$AVG
2012-06-03 22:12 . 2012-06-03 22:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-06-03 22:11 . 2012-06-03 22:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-06-03 05:04 . 2012-06-10 15:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-03 05:04 . 2012-06-10 15:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-03 03:06 . 2012-06-03 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-03 02:58 . 2012-06-03 02:58 -------- d-----w- c:\program files\Apple Software Update
2012-06-03 02:49 . 2012-06-03 02:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-06-03 02:48 . 2012-02-15 17:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-06-03 02:48 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-06-03 02:46 . 2012-06-03 02:46 -------- d-----w- c:\program files\Bonjour
2012-06-03 02:30 . 2012-06-03 02:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_14.26.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-24 08:23 . 2012-06-24 08:23 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
+ 2004-08-07 13:30 . 2012-06-23 17:04 80094 c:\windows\system32\perfc009.dat
- 2004-08-07 13:30 . 2012-06-23 08:14 80094 c:\windows\system32\perfc009.dat
+ 2004-08-07 13:30 . 2012-06-23 17:04 462574 c:\windows\system32\perfh009.dat
- 2004-08-07 13:30 . 2012-06-23 08:14 462574 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-12 67128]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"LXCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2005-08-15 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-05-02 2077536]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-12 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-4-19 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-29 08:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/05/2010 5:43 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/05/2010 5:43 AM 243152]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29/07/2010 9:03 AM 308136]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://192.168.2.1:5120/?/upnp/IGD1.xml
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-24 10:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?4?3?9??????? ???B?????????????H<C? ??????
LXCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3004)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-24 10:33:23
ComboFix-quarantined-files.txt 2012-06-24 09:33
ComboFix2.txt 2012-06-23 14:31
.
Pre-Run: 29,958,565,888 bytes free
Post-Run: 30,136,135,680 bytes free
.
- - End Of File - - 0AC8948A1F173523D22BE09B778EA5ED

I haven't heard any sounds lately so that must be good! The only things is (not sure if it's related) I cannot see any icons. They all have the red "x". The computer seems to be running fine otherwise.

#12 hurricane mouth

hurricane mouth
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 24 June 2012 - 06:18 AM

What I've noticed now since all this is that playing music from iTunes or watching YouTube videos is all choppy.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 24 June 2012 - 12:25 PM

Greetings


The only things is (not sure if it's related) I cannot see any icons. - I would like to see a screen shot of this please




I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 hurricane mouth

hurricane mouth
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 24 June 2012 - 02:18 PM

The screen shot is attached. I also reset the DMA.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 PM

Posted 24 June 2012 - 08:35 PM

I don't see the screenshot and how are things running after the reset


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users