Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack - Possibly FastSrch.dll Related


  • This topic is locked This topic is locked
17 replies to this topic

#1 wgrogers

wgrogers

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moonbeamafornia
  • Local time:05:47 PM

Posted 27 June 2012 - 11:10 PM

I noticed earlier today when I did a search on google, that the URL within the search results was not the same URL I saw when the
page opened. So I tried a search where I knew I could find my own domains in the search results and what was interesting was
that when I clicked my URL, (in the search results), I was not taken to the correct page. Something I would know for certain, right?
As I suspected, it took me to a completely different URL. But get this; that other URL, the one I was redirected to, was also one of mine!

I tried both web browsers, Internet Explorer as well as Firefox and got the same kind of results. I looked in the C:\WINDOWS\system32
folder and found a new file called FastSrch.dll. I renamed it to FastSrch.txt and deleted it but it made no difference, I was still getting the
redirects when clicking links within my search results.

I ran DDS and pasted the .txt file below. And, this system is Windows XP Pro SP3, 32bit. Thank you for your expertise!


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Greg at 20:33:39 on 2012-06-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.875 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Greg\My Documents\Downloads\remindme\remindme\RemindMe.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Outlook Express\msimn.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///C:/Documents%20and%20Settings/Greg/Desktop/newindex.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo RX580 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibpa.exe /fu "c:\windows\temp\E_SD6.tmp" /EF "HKCU"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RealNetworks] RUNDLL32.EXE "c:\documents and settings\greg\local settings\application data\realnetworks\xogrefpf.dll",CreateNetwork
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\greg\startm~1\programs\startup\remindme.lnk - c:\documents and settings\greg\my documents\downloads\remindme\remindme\RemindMe.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.0.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/qtinstall.info.apple.com/bizzarini/us/win/QuickTimeInstaller.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269471504921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269471495281
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} - hxxp://192.168.2.3/WebDvr3.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{09A569D0-4A75-448B-AE17-5A5FF51BE181} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6FBD2671-6449-46BD-8D5C-845B368A6CE4} : DhcpNameServer = 192.168.2.1 216.148.227.68
TCP: Interfaces\{891E6D80-13CA-42F7-BBC4-5890410641CD} : DhcpNameServer = 192.168.2.1 216.148.227.68
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\greg\application data\mozilla\firefox\profiles\g9ew7f7y.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Documents%20and%20Settings/Greg/Desktop/newindex.html
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-28 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-2 337880]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-6-28 10872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-2 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 44768]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2007-8-22 598856]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-4 80384]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 12184]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys --> c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-8-5 12184]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-2-6 59328]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-26 23:03:15 -------- d-----w- c:\documents and settings\greg\local settings\application data\RealNetworks
2012-06-24 04:47:29 -------- d-----w- c:\documents and settings\all users\application data\ConeXware
2012-06-24 04:47:18 -------- d-----w- c:\documents and settings\all users\application data\Caphyon
2012-06-24 04:47:12 -------- d-----w- c:\program files\PatchBeam
2012-06-24 04:46:56 -------- d-----w- c:\program files\PowerArchiver
2012-06-03 16:46:50 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-03 16:46:45 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-06-03 16:46:45 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-03 16:43:10 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-06-03 16:42:39 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
==================== Find3M ====================
.
2012-06-26 19:56:56 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-06-09 19:18:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 19:18:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:35:14.73 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 27 June 2012 - 11:12 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 wgrogers

wgrogers
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moonbeamafornia
  • Local time:05:47 PM

Posted 28 June 2012 - 11:18 AM

I'm sure you got my last PM.
Here's what I started to send last night. Logs from Security Check and ComboFix are following...

Security Check Log File
Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
HijackThis 2.0.2
CCleaner
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 11.3.300.257
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````


ComboFix Log File
ComboFix 12-06-28.01 - Greg u 06/28/12 8:29.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1398 [GMT -7:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Greg\Local Settings\Application Data\RealNetworks\xogrefpf.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 02:11 . 2012-06-28 02:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\RealNetworks
2012-06-26 23:03 . 2012-06-28 15:38 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\RealNetworks
2012-06-24 04:47 . 2012-06-24 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ConeXware
2012-06-24 04:47 . 2012-06-24 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Caphyon
2012-06-24 04:47 . 2012-06-24 04:47 -------- d-----w- c:\program files\PatchBeam
2012-06-24 04:46 . 2012-06-28 02:38 -------- d-----w- c:\program files\PowerArchiver
2012-06-03 16:46 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-03 16:46 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-06-03 16:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-03 16:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-06-03 16:42 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 19:18 . 2012-04-04 14:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 19:18 . 2011-05-14 13:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-08-04 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2008-11-29 21:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 01:26 . 2012-04-29 01:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2004-04-29 90169]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-10 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-10 602182]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
RemindMe.lnk - c:\documents and settings\Greg\My Documents\Downloads\remindme\remindme\RemindMe.exe [2007-6-13 228334]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX500]
2003-06-01 20:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX580 Series]
2006-05-23 12:00 139264 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBPA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-11 17:39 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\RankBuilder\\LinkWheel Builder.exe"=
"c:\\Program Files\\RankBuilder\\Profile Link Builder.exe"=
"c:\\Program Files\\RankBuilder\\Article Submitter.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/28/11 10:20 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/2/10 11:35 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/2/10 11:35 PM 20696]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/22/07 1:48 AM 598856]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/4/04 2:26 AM 80384]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/10 2:01 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/10 2:01 AM 12184]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/6/09 5:57 PM 135664]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/5/11 5:23 PM 12184]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/11 11:08 AM 11336]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2/6/03 7:23 PM 59328]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/6/09 5:57 PM 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/04 5:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 00:57]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 00:57]
.
2012-06-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-920026266-854245398-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
.
2012-06-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-920026266-854245398-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
.
2011-12-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-09-29 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Documents%20and%20Settings/Greg/Desktop/newindex.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} - hxxp://192.168.2.3/WebDvr3.cab
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\g9ew7f7y.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Documents%20and%20Settings/Greg/Desktop/newindex.html
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RealNetworks - c:\documents and settings\Greg\Local Settings\Application Data\RealNetworks\xogrefpf.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-28 08:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
RealNetworks = RUNDLL32.EXE "c:\documents and settings\Greg\Local Settings\Application Data\RealNetworks\xogrefpf.dll",CreateNetwork?78?I?m???????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|.W.ݧ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|.W.ݧ\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|Z0~]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|Z0~\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|ZF]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|ZF\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
------------------------ Other Running Processes ------------------------
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2012-06-28 08:48:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 15:48
.
Pre-Run: 56,488,652,800 bytes free
Post-Run: 56,336,396,288 bytes free
.
- - End Of File - - 4CB02601AA66F6A376F77F5EE5CD776E

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 28 June 2012 - 11:42 AM

Greetings

that removed a bad file so I would like to know how things are and I will be around for the next 3 hours for sure

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 wgrogers

wgrogers
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moonbeamafornia
  • Local time:05:47 PM

Posted 28 June 2012 - 07:11 PM

This is the TDSS report, I ran the aswMBR.exe but I'm not finding the results log? Where would it copy to?

12:15:56.0812 0824 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
12:15:57.0343 0824 ============================================================
12:15:57.0343 0824 Current date / time: 2012/06/28 12:15:57.0343
12:15:57.0343 0824 SystemInfo:
12:15:57.0343 0824
12:15:57.0343 0824 OS Version: 5.1.2600 ServicePack: 3.0
12:15:57.0343 0824 Product type: Workstation
12:15:57.0343 0824 ComputerName: PRIMARY
12:15:57.0343 0824 UserName: Greg
12:15:57.0359 0824 Windows directory: C:\WINDOWS
12:15:57.0359 0824 System windows directory: C:\WINDOWS
12:15:57.0359 0824 Processor architecture: Intel x86
12:15:57.0359 0824 Number of processors: 1
12:15:57.0359 0824 Page size: 0x1000
12:15:57.0359 0824 Boot type: Normal boot
12:15:57.0359 0824 ============================================================
12:16:00.0046 0824 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:16:00.0062 0824 Drive \Device\Harddisk1\DR2 - Size: 0x1EB800000 (7.68 Gb), SectorSize: 0x200, Cylinders: 0x3EA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:16:00.0062 0824 ============================================================
12:16:00.0062 0824 \Device\Harddisk0\DR0:
12:16:00.0062 0824 MBR partitions:
12:16:00.0062 0824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50E02
12:16:00.0062 0824 \Device\Harddisk1\DR2:
12:16:00.0062 0824 MBR partitions:
12:16:00.0062 0824 ============================================================
12:16:00.0203 0824 C: <-> \Device\Harddisk0\DR0\Partition0
12:16:00.0203 0824 ============================================================
12:16:00.0203 0824 Initialize success
12:16:00.0203 0824 ============================================================
12:16:22.0750 3160 ============================================================
12:16:22.0750 3160 Scan started
12:16:22.0750 3160 Mode: Manual;
12:16:22.0750 3160 ============================================================
12:16:23.0140 3160 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:16:23.0140 3160 Aavmker4 - ok
12:16:23.0140 3160 Abiosdsk - ok
12:16:23.0156 3160 abp480n5 - ok
12:16:23.0203 3160 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:16:23.0203 3160 ACPI - ok
12:16:23.0250 3160 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:16:23.0250 3160 ACPIEC - ok
12:16:23.0250 3160 adpu160m - ok
12:16:23.0281 3160 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:16:23.0296 3160 aec - ok
12:16:23.0328 3160 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:16:23.0328 3160 AegisP - ok
12:16:23.0359 3160 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
12:16:23.0359 3160 Afc - ok
12:16:23.0406 3160 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:16:23.0406 3160 AFD - ok
12:16:23.0421 3160 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:16:23.0421 3160 agp440 - ok
12:16:23.0437 3160 Aha154x - ok
12:16:23.0437 3160 aic78u2 - ok
12:16:23.0453 3160 aic78xx - ok
12:16:23.0468 3160 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:16:23.0468 3160 Alerter - ok
12:16:23.0500 3160 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:16:23.0500 3160 ALG - ok
12:16:23.0515 3160 AliIde - ok
12:16:23.0515 3160 amsint - ok
12:16:23.0562 3160 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:16:23.0562 3160 ApfiltrService - ok
12:16:23.0656 3160 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:16:23.0656 3160 Apple Mobile Device - ok
12:16:23.0718 3160 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:16:23.0718 3160 AppMgmt - ok
12:16:23.0750 3160 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:16:23.0750 3160 Arp1394 - ok
12:16:23.0765 3160 asc - ok
12:16:23.0781 3160 asc3350p - ok
12:16:23.0781 3160 asc3550 - ok
12:16:23.0843 3160 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
12:16:23.0843 3160 Aspi32 - ok
12:16:23.0937 3160 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:16:23.0937 3160 aspnet_state - ok
12:16:23.0968 3160 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:16:23.0968 3160 aswFsBlk - ok
12:16:24.0000 3160 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
12:16:24.0000 3160 aswMon2 - ok
12:16:24.0015 3160 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
12:16:24.0015 3160 aswRdr - ok
12:16:24.0093 3160 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
12:16:24.0109 3160 aswSnx - ok
12:16:24.0156 3160 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
12:16:24.0171 3160 aswSP - ok
12:16:24.0187 3160 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
12:16:24.0187 3160 aswTdi - ok
12:16:24.0234 3160 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:16:24.0234 3160 AsyncMac - ok
12:16:24.0250 3160 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:16:24.0250 3160 atapi - ok
12:16:24.0265 3160 Atdisk - ok
12:16:24.0328 3160 Ati HotKey Poller (dfea480ee09bdeb7f51244900170e173) C:\WINDOWS\system32\Ati2evxx.exe
12:16:24.0328 3160 Ati HotKey Poller - ok
12:16:24.0453 3160 ati2mtag (2a6c99cfdc23c9c26d0e30b1c99748d4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:16:24.0468 3160 ati2mtag - ok
12:16:24.0500 3160 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:16:24.0500 3160 Atmarpc - ok
12:16:24.0531 3160 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:16:24.0531 3160 AudioSrv - ok
12:16:24.0562 3160 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:16:24.0562 3160 audstub - ok
12:16:24.0640 3160 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
12:16:24.0640 3160 avast! Antivirus - ok
12:16:24.0640 3160 AVG Anti-Spyware Driver - ok
12:16:24.0687 3160 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
12:16:24.0687 3160 AvgAsCln - ok
12:16:24.0718 3160 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:16:24.0734 3160 b57w2k - ok
12:16:24.0750 3160 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:16:24.0750 3160 Beep - ok
12:16:24.0796 3160 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:16:24.0812 3160 BITS - ok
12:16:24.0875 3160 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
12:16:24.0890 3160 Bonjour Service - ok
12:16:24.0921 3160 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:16:24.0937 3160 Browser - ok
12:16:24.0937 3160 catchme - ok
12:16:24.0968 3160 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:16:24.0968 3160 cbidf2k - ok
12:16:24.0968 3160 cd20xrnt - ok
12:16:25.0000 3160 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:16:25.0000 3160 Cdaudio - ok
12:16:25.0046 3160 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:16:25.0046 3160 Cdfs - ok
12:16:25.0093 3160 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
12:16:25.0093 3160 Cdr4_xp - ok
12:16:25.0109 3160 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
12:16:25.0109 3160 Cdralw2k - ok
12:16:25.0125 3160 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:16:25.0140 3160 Cdrom - ok
12:16:25.0156 3160 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
12:16:25.0171 3160 cdudf_xp - ok
12:16:25.0187 3160 Changer - ok
12:16:25.0203 3160 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:16:25.0218 3160 CiSvc - ok
12:16:25.0234 3160 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:16:25.0234 3160 ClipSrv - ok
12:16:25.0359 3160 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:16:25.0359 3160 clr_optimization_v2.0.50727_32 - ok
12:16:25.0421 3160 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:16:25.0421 3160 clr_optimization_v4.0.30319_32 - ok
12:16:25.0468 3160 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:16:25.0468 3160 CmBatt - ok
12:16:25.0484 3160 CmdIde - ok
12:16:25.0500 3160 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:16:25.0515 3160 Compbatt - ok
12:16:25.0515 3160 COMSysApp - ok
12:16:25.0546 3160 Cpqarray - ok
12:16:25.0640 3160 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
12:16:25.0640 3160 cpudrv - ok
12:16:25.0671 3160 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:16:25.0671 3160 CryptSvc - ok
12:16:25.0687 3160 dac2w2k - ok
12:16:25.0703 3160 dac960nt - ok
12:16:25.0781 3160 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:16:25.0812 3160 DcomLaunch - ok
12:16:25.0859 3160 DevUpper (913938a5382bfb2487aacaea408a14d2) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
12:16:25.0859 3160 DevUpper - ok
12:16:25.0921 3160 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:16:25.0921 3160 Dhcp - ok
12:16:25.0953 3160 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:16:25.0953 3160 Disk - ok
12:16:25.0968 3160 dmadmin - ok
12:16:26.0078 3160 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:16:26.0093 3160 dmboot - ok
12:16:26.0125 3160 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:16:26.0140 3160 dmio - ok
12:16:26.0171 3160 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:16:26.0171 3160 dmload - ok
12:16:26.0203 3160 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:16:26.0203 3160 dmserver - ok
12:16:26.0234 3160 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:16:26.0234 3160 DMusic - ok
12:16:26.0281 3160 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:16:26.0296 3160 Dnscache - ok
12:16:26.0343 3160 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:16:26.0359 3160 Dot3svc - ok
12:16:26.0359 3160 dpti2o - ok
12:16:26.0406 3160 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:16:26.0406 3160 drmkaud - ok
12:16:26.0453 3160 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
12:16:26.0453 3160 dvd_2K - ok
12:16:26.0468 3160 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:16:26.0484 3160 EapHost - ok
12:16:26.0531 3160 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:16:26.0531 3160 ERSvc - ok
12:16:26.0609 3160 esgiguard - ok
12:16:26.0656 3160 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:16:26.0671 3160 Eventlog - ok
12:16:26.0750 3160 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:16:26.0750 3160 EventSystem - ok
12:16:26.0828 3160 EvtEng (f8af9ba55e23599fff540e976194f546) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
12:16:26.0843 3160 EvtEng - ok
12:16:26.0906 3160 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:16:26.0906 3160 Fastfat - ok
12:16:26.0968 3160 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:16:26.0984 3160 FastUserSwitchingCompatibility - ok
12:16:27.0000 3160 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:16:27.0015 3160 Fdc - ok
12:16:27.0031 3160 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:16:27.0031 3160 Fips - ok
12:16:27.0046 3160 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:16:27.0062 3160 Flpydisk - ok
12:16:27.0109 3160 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:16:27.0109 3160 FltMgr - ok
12:16:27.0203 3160 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:16:27.0203 3160 FontCache3.0.0.0 - ok
12:16:27.0234 3160 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:16:27.0234 3160 Fs_Rec - ok
12:16:27.0265 3160 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:16:27.0265 3160 Ftdisk - ok
12:16:27.0296 3160 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:16:27.0296 3160 GEARAspiWDM - ok
12:16:27.0343 3160 getPlus® Helper (78494ae0f93358179b97571b9e76997c) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
12:16:27.0343 3160 getPlus® Helper - ok
12:16:27.0390 3160 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:16:27.0406 3160 Gpc - ok
12:16:27.0500 3160 GTICARD (b14d8f5dedf7c495c7d3104d58e1d31c) C:\WINDOWS\system32\DRIVERS\gticard.sys
12:16:27.0500 3160 GTICARD - ok
12:16:27.0546 3160 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
12:16:27.0562 3160 GTIPCI21 - ok
12:16:27.0640 3160 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
12:16:27.0656 3160 gupdate - ok
12:16:27.0656 3160 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
12:16:27.0671 3160 gupdatem - ok
12:16:27.0734 3160 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:16:27.0734 3160 helpsvc - ok
12:16:27.0750 3160 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:16:27.0765 3160 HidServ - ok
12:16:27.0796 3160 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:16:27.0796 3160 HidUsb - ok
12:16:27.0843 3160 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:16:27.0859 3160 hkmsvc - ok
12:16:27.0875 3160 hpn - ok
12:16:27.0921 3160 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
12:16:27.0937 3160 HSFHWICH - ok
12:16:28.0062 3160 HSF_DP (272914d8e356bbbffbe7e88871a188ef) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:16:28.0093 3160 HSF_DP - ok
12:16:28.0187 3160 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
12:16:28.0218 3160 HSF_DPV - ok
12:16:28.0296 3160 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:16:28.0296 3160 HTTP - ok
12:16:28.0343 3160 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:16:28.0375 3160 HTTPFilter - ok
12:16:28.0390 3160 i2omgmt - ok
12:16:28.0390 3160 i2omp - ok
12:16:28.0437 3160 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:16:28.0453 3160 i8042prt - ok
12:16:28.0578 3160 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:16:28.0593 3160 IDriverT - ok
12:16:28.0750 3160 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:16:28.0781 3160 idsvc - ok
12:16:28.0812 3160 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:16:28.0812 3160 Imapi - ok
12:16:28.0875 3160 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:16:28.0875 3160 ImapiService - ok
12:16:28.0906 3160 ini910u - ok
12:16:28.0953 3160 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:16:28.0953 3160 IntelIde - ok
12:16:29.0000 3160 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:16:29.0000 3160 intelppm - ok
12:16:29.0031 3160 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:16:29.0031 3160 Ip6Fw - ok
12:16:29.0078 3160 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:16:29.0078 3160 IpFilterDriver - ok
12:16:29.0109 3160 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:16:29.0109 3160 IpInIp - ok
12:16:29.0156 3160 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:16:29.0156 3160 IpNat - ok
12:16:29.0187 3160 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:16:29.0187 3160 IPSec - ok
12:16:29.0218 3160 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:16:29.0234 3160 IRENUM - ok
12:16:29.0281 3160 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:16:29.0296 3160 isapnp - ok
12:16:29.0468 3160 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
12:16:29.0468 3160 JavaQuickStarterService - ok
12:16:29.0515 3160 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:16:29.0515 3160 Kbdclass - ok
12:16:29.0546 3160 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:16:29.0546 3160 kbdhid - ok
12:16:29.0609 3160 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:16:29.0609 3160 kmixer - ok
12:16:29.0656 3160 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:16:29.0671 3160 KSecDD - ok
12:16:29.0703 3160 L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
12:16:29.0703 3160 L8042mou - ok
12:16:29.0750 3160 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:16:29.0781 3160 lanmanserver - ok
12:16:29.0843 3160 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:16:29.0859 3160 lanmanworkstation - ok
12:16:29.0906 3160 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
12:16:29.0906 3160 LBeepKE - ok
12:16:29.0921 3160 lbrtfdc - ok
12:16:30.0015 3160 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:16:30.0031 3160 LBTServ - ok
12:16:30.0062 3160 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
12:16:30.0078 3160 LEqdUsb - ok
12:16:30.0093 3160 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
12:16:30.0093 3160 LHidEqd - ok
12:16:30.0109 3160 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
12:16:30.0109 3160 LHidFilt - ok
12:16:30.0156 3160 LHidKe (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
12:16:30.0156 3160 LHidKe - ok
12:16:30.0187 3160 LHidUsbK (cbd1c6bff70e170cec6e1502e7fcfef6) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
12:16:30.0187 3160 LHidUsbK - ok
12:16:30.0234 3160 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:16:30.0234 3160 LmHosts - ok
12:16:30.0250 3160 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
12:16:30.0250 3160 LMouFilt - ok
12:16:30.0296 3160 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
12:16:30.0296 3160 LMouKE - ok
12:16:30.0328 3160 LUsbFilt (0c62957912d4df1e4ba9795e6be3ed38) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
12:16:30.0328 3160 LUsbFilt - ok
12:16:30.0421 3160 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:16:30.0437 3160 MDM - ok
12:16:30.0468 3160 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:16:30.0468 3160 mdmxsdk - ok
12:16:30.0500 3160 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:16:30.0515 3160 Messenger - ok
12:16:30.0546 3160 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
12:16:30.0546 3160 mmc_2K - ok
12:16:30.0593 3160 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:16:30.0593 3160 mnmdd - ok
12:16:30.0625 3160 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:16:30.0640 3160 mnmsrvc - ok
12:16:30.0687 3160 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:16:30.0687 3160 Modem - ok
12:16:30.0734 3160 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:16:30.0734 3160 Mouclass - ok
12:16:30.0765 3160 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:16:30.0765 3160 mouhid - ok
12:16:30.0781 3160 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:16:30.0781 3160 MountMgr - ok
12:16:30.0796 3160 mraid35x - ok
12:16:30.0828 3160 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:16:30.0828 3160 MRxDAV - ok
12:16:30.0906 3160 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:16:30.0921 3160 MRxSmb - ok
12:16:30.0968 3160 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:16:30.0984 3160 MSDTC - ok
12:16:31.0000 3160 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:16:31.0000 3160 Msfs - ok
12:16:31.0015 3160 MSIServer - ok
12:16:31.0031 3160 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:16:31.0046 3160 MSKSSRV - ok
12:16:31.0062 3160 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:16:31.0078 3160 MSPCLOCK - ok
12:16:31.0093 3160 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:16:31.0093 3160 MSPQM - ok
12:16:31.0140 3160 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:16:31.0140 3160 mssmbios - ok
12:16:31.0187 3160 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:16:31.0187 3160 Mup - ok
12:16:31.0250 3160 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:16:31.0265 3160 napagent - ok
12:16:31.0312 3160 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:16:31.0328 3160 NDIS - ok
12:16:31.0375 3160 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:16:31.0375 3160 NdisTapi - ok
12:16:31.0421 3160 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:16:31.0421 3160 Ndisuio - ok
12:16:31.0468 3160 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:16:31.0468 3160 NdisWan - ok
12:16:31.0515 3160 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:16:31.0515 3160 NDProxy - ok
12:16:31.0546 3160 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:16:31.0546 3160 NetBIOS - ok
12:16:31.0578 3160 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:16:31.0593 3160 NetBT - ok
12:16:31.0640 3160 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:16:31.0656 3160 NetDDE - ok
12:16:31.0671 3160 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:16:31.0687 3160 NetDDEdsdm - ok
12:16:31.0718 3160 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:31.0734 3160 Netlogon - ok
12:16:31.0765 3160 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:16:31.0781 3160 Netman - ok
12:16:31.0890 3160 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:16:31.0890 3160 NetTcpPortSharing - ok
12:16:31.0921 3160 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:16:31.0921 3160 NIC1394 - ok
12:16:31.0984 3160 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:16:32.0000 3160 Nla - ok
12:16:32.0062 3160 nosGetPlusHelper (1acf98d80e95add298832c7a8996b48c) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
12:16:32.0062 3160 nosGetPlusHelper - ok
12:16:32.0093 3160 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:16:32.0109 3160 Npfs - ok
12:16:32.0171 3160 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:16:32.0171 3160 Ntfs - ok
12:16:32.0218 3160 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:32.0234 3160 NtLmSsp - ok
12:16:32.0312 3160 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:16:32.0343 3160 NtmsSvc - ok
12:16:32.0375 3160 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:16:32.0375 3160 Null - ok
12:16:32.0546 3160 nv (a933bec064aa03da7af5d259d8ea73e1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:16:32.0593 3160 nv - ok
12:16:32.0703 3160 NVSvc (d2cae11b646f91b1dd9fdfad0013dece) C:\WINDOWS\system32\nvsvc32.exe
12:16:32.0718 3160 NVSvc - ok
12:16:32.0765 3160 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:16:32.0765 3160 NwlnkFlt - ok
12:16:32.0781 3160 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:16:32.0796 3160 NwlnkFwd - ok
12:16:32.0843 3160 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:16:32.0843 3160 ohci1394 - ok
12:16:32.0890 3160 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
12:16:32.0890 3160 OMCI - ok
12:16:32.0953 3160 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:16:32.0968 3160 ose - ok
12:16:33.0000 3160 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:16:33.0000 3160 Parport - ok
12:16:33.0015 3160 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:16:33.0031 3160 PartMgr - ok
12:16:33.0062 3160 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:16:33.0062 3160 ParVdm - ok
12:16:33.0093 3160 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:16:33.0109 3160 PCI - ok
12:16:33.0109 3160 PCIDump - ok
12:16:33.0156 3160 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:16:33.0156 3160 PCIIde - ok
12:16:33.0187 3160 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:16:33.0203 3160 Pcmcia - ok
12:16:33.0203 3160 PDCOMP - ok
12:16:33.0218 3160 PDFRAME - ok
12:16:33.0234 3160 PDRELI - ok
12:16:33.0250 3160 PDRFRAME - ok
12:16:33.0265 3160 perc2 - ok
12:16:33.0281 3160 perc2hib - ok
12:16:33.0343 3160 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:16:33.0359 3160 PlugPlay - ok
12:16:33.0375 3160 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:33.0375 3160 PolicyAgent - ok
12:16:33.0406 3160 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:16:33.0406 3160 PptpMiniport - ok
12:16:33.0421 3160 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:33.0421 3160 ProtectedStorage - ok
12:16:33.0437 3160 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:16:33.0437 3160 PSched - ok
12:16:33.0484 3160 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:16:33.0484 3160 PSI_SVC_2 - ok
12:16:33.0500 3160 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:16:33.0515 3160 Ptilink - ok
12:16:33.0546 3160 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
12:16:33.0546 3160 pwd_2k - ok
12:16:33.0578 3160 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:16:33.0578 3160 PxHelp20 - ok
12:16:33.0593 3160 ql1080 - ok
12:16:33.0593 3160 Ql10wnt - ok
12:16:33.0609 3160 ql12160 - ok
12:16:33.0609 3160 ql1240 - ok
12:16:33.0625 3160 ql1280 - ok
12:16:33.0656 3160 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:16:33.0656 3160 RasAcd - ok
12:16:33.0703 3160 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:16:33.0703 3160 RasAuto - ok
12:16:33.0718 3160 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:16:33.0718 3160 Rasl2tp - ok
12:16:33.0765 3160 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:16:33.0781 3160 RasMan - ok
12:16:33.0796 3160 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:16:33.0796 3160 RasPppoe - ok
12:16:33.0812 3160 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:16:33.0812 3160 Raspti - ok
12:16:33.0875 3160 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:16:33.0875 3160 Rdbss - ok
12:16:33.0890 3160 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:16:33.0890 3160 RDPCDD - ok
12:16:33.0921 3160 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:16:33.0921 3160 rdpdr - ok
12:16:33.0968 3160 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:16:33.0984 3160 RDPWD - ok
12:16:34.0015 3160 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:16:34.0031 3160 RDSessMgr - ok
12:16:34.0062 3160 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:16:34.0062 3160 redbook - ok
12:16:34.0171 3160 RegSrvc (68a4629a901cfb5b6628af55ae0d0808) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
12:16:34.0187 3160 RegSrvc - ok
12:16:34.0218 3160 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:16:34.0234 3160 RemoteAccess - ok
12:16:34.0265 3160 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:16:34.0281 3160 RemoteRegistry - ok
12:16:34.0328 3160 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:16:34.0343 3160 RpcLocator - ok
12:16:34.0406 3160 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:16:34.0437 3160 RpcSs - ok
12:16:34.0468 3160 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:16:34.0500 3160 RSVP - ok
12:16:34.0578 3160 S24EventMonitor (44833553a6fbdac1554f290f10018ba4) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
12:16:34.0593 3160 S24EventMonitor - ok
12:16:34.0625 3160 s24trans (662c9f09076a2e1224c8833def1f5cb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:16:34.0640 3160 s24trans - ok
12:16:34.0656 3160 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:16:34.0671 3160 SamSs - ok
12:16:34.0718 3160 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:16:34.0734 3160 SCardSvr - ok
12:16:34.0796 3160 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:16:34.0812 3160 Schedule - ok
12:16:34.0859 3160 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:16:34.0875 3160 Secdrv - ok
12:16:34.0906 3160 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:16:34.0921 3160 seclogon - ok
12:16:34.0937 3160 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:16:34.0953 3160 SENS - ok
12:16:34.0984 3160 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:16:34.0984 3160 serenum - ok
12:16:35.0046 3160 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:16:35.0046 3160 Serial - ok
12:16:35.0093 3160 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:16:35.0109 3160 Sfloppy - ok
12:16:35.0156 3160 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:16:35.0187 3160 SharedAccess - ok
12:16:35.0203 3160 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:16:35.0234 3160 ShellHWDetection - ok
12:16:35.0250 3160 Simbad - ok
12:16:35.0265 3160 Sparrow - ok
12:16:35.0281 3160 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:16:35.0296 3160 splitter - ok
12:16:35.0343 3160 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:16:35.0359 3160 Spooler - ok
12:16:35.0390 3160 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:16:35.0390 3160 sr - ok
12:16:35.0437 3160 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:16:35.0437 3160 srservice - ok
12:16:35.0500 3160 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:16:35.0515 3160 Srv - ok
12:16:35.0531 3160 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:16:35.0531 3160 SSDPSRV - ok
12:16:35.0593 3160 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\stac97.sys
12:16:35.0609 3160 STAC97 - ok
12:16:35.0656 3160 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:16:35.0671 3160 stisvc - ok
12:16:35.0718 3160 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:16:35.0718 3160 swenum - ok
12:16:35.0734 3160 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:16:35.0734 3160 swmidi - ok
12:16:35.0750 3160 SwPrv - ok
12:16:35.0765 3160 symc810 - ok
12:16:35.0765 3160 symc8xx - ok
12:16:35.0781 3160 sym_hi - ok
12:16:35.0781 3160 sym_u3 - ok
12:16:35.0812 3160 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:16:35.0812 3160 sysaudio - ok
12:16:35.0843 3160 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:16:35.0859 3160 SysmonLog - ok
12:16:35.0890 3160 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:16:35.0906 3160 TapiSrv - ok
12:16:35.0984 3160 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:16:36.0000 3160 Tcpip - ok
12:16:36.0031 3160 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:16:36.0046 3160 TDPIPE - ok
12:16:36.0062 3160 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:16:36.0062 3160 TDTCP - ok
12:16:36.0093 3160 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:16:36.0093 3160 TermDD - ok
12:16:36.0171 3160 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:16:36.0187 3160 TermService - ok
12:16:36.0218 3160 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:16:36.0234 3160 Themes - ok
12:16:36.0281 3160 tiumfwl (a4c6f3e34358c94e5c3acfc3392f8907) C:\WINDOWS\system32\drivers\tiumfwl.sys
12:16:36.0281 3160 tiumfwl - ok
12:16:36.0343 3160 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:16:36.0359 3160 TlntSvr - ok
12:16:36.0359 3160 TosIde - ok
12:16:36.0406 3160 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:16:36.0421 3160 TrkWks - ok
12:16:36.0468 3160 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
12:16:36.0484 3160 UdfReadr_xp - ok
12:16:36.0515 3160 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:16:36.0515 3160 Udfs - ok
12:16:36.0531 3160 ultra - ok
12:16:36.0593 3160 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:16:36.0609 3160 Update - ok
12:16:36.0656 3160 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:16:36.0671 3160 upnphost - ok
12:16:36.0703 3160 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:16:36.0718 3160 UPS - ok
12:16:36.0765 3160 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:16:36.0781 3160 USBAAPL - ok
12:16:36.0828 3160 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:16:36.0828 3160 usbccgp - ok
12:16:36.0875 3160 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:16:36.0875 3160 usbehci - ok
12:16:36.0890 3160 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:16:36.0906 3160 usbhub - ok
12:16:36.0953 3160 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:16:36.0953 3160 usbprint - ok
12:16:36.0968 3160 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:16:36.0984 3160 usbscan - ok
12:16:37.0000 3160 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:16:37.0000 3160 USBSTOR - ok
12:16:37.0031 3160 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:16:37.0031 3160 usbuhci - ok
12:16:37.0062 3160 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:16:37.0062 3160 VgaSave - ok
12:16:37.0078 3160 ViaIde - ok
12:16:37.0109 3160 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:16:37.0125 3160 VolSnap - ok
12:16:37.0187 3160 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:16:37.0203 3160 VSS - ok
12:16:37.0437 3160 w22n51 (4fed83668f087ecbe810ea90beceb765) C:\WINDOWS\system32\DRIVERS\w22n51.sys
12:16:37.0484 3160 w22n51 - ok
12:16:37.0921 3160 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
12:16:38.0015 3160 w29n51 - ok
12:16:38.0156 3160 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:16:38.0171 3160 W32Time - ok
12:16:38.0234 3160 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:16:38.0234 3160 Wanarp - ok
12:16:38.0343 3160 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:16:38.0343 3160 Wdf01000 - ok
12:16:38.0359 3160 WDICA - ok
12:16:38.0406 3160 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:16:38.0421 3160 wdmaud - ok
12:16:38.0453 3160 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:16:38.0484 3160 WebClient - ok
12:16:38.0593 3160 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:16:38.0609 3160 winachsf - ok
12:16:38.0718 3160 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:16:38.0718 3160 winmgmt - ok
12:16:38.0859 3160 WLANKEEPER (617e537771b3ba1d54091527d0d72de4) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
12:16:38.0875 3160 WLANKEEPER - ok
12:16:38.0906 3160 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:16:38.0937 3160 WmdmPmSN - ok
12:16:39.0015 3160 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:16:39.0046 3160 Wmi - ok
12:16:39.0093 3160 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:16:39.0109 3160 WmiApSrv - ok
12:16:39.0250 3160 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:16:39.0281 3160 WMPNetworkSvc - ok
12:16:39.0468 3160 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:16:39.0484 3160 WPFFontCache_v0400 - ok
12:16:39.0609 3160 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:16:39.0609 3160 WS2IFSL - ok
12:16:39.0656 3160 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:16:39.0687 3160 wscsvc - ok
12:16:39.0703 3160 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:16:39.0718 3160 wuauserv - ok
12:16:39.0781 3160 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:16:39.0781 3160 WudfPf - ok
12:16:39.0828 3160 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:16:39.0843 3160 WudfSvc - ok
12:16:40.0000 3160 wwEngineSvc (be0b3774113713059527fcf071ccdbfe) C:\Program Files\Webroot\Washer\WasherSvc.exe
12:16:40.0000 3160 wwEngineSvc - ok
12:16:40.0062 3160 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:16:40.0093 3160 WZCSVC - ok
12:16:40.0140 3160 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:16:40.0171 3160 xmlprov - ok
12:16:40.0218 3160 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:16:40.0828 3160 \Device\Harddisk0\DR0 - ok
12:16:40.0843 3160 MBR (0x1B8) (c6042f4c796bfa0798efa4128438d3c5) \Device\Harddisk1\DR2
12:16:42.0359 3160 \Device\Harddisk1\DR2 - ok
12:16:42.0390 3160 Boot (0x1200) (69ce3c22dbe66614196a18640e5db573) \Device\Harddisk0\DR0\Partition0
12:16:42.0406 3160 \Device\Harddisk0\DR0\Partition0 - ok
12:16:42.0406 3160 ============================================================
12:16:42.0406 3160 Scan finished
12:16:42.0406 3160 ============================================================
12:16:42.0421 3972 Detected object count: 0
12:16:42.0421 3972 Actual detected object count: 0
12:21:09.0578 4000 ============================================================
12:21:09.0578 4000 Scan started
12:21:09.0578 4000 Mode: Manual;
12:21:09.0578 4000 ============================================================
12:21:09.0906 4000 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:21:09.0906 4000 Aavmker4 - ok
12:21:09.0906 4000 Abiosdsk - ok
12:21:09.0921 4000 abp480n5 - ok
12:21:09.0968 4000 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:21:09.0968 4000 ACPI - ok
12:21:10.0000 4000 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:21:10.0000 4000 ACPIEC - ok
12:21:10.0015 4000 adpu160m - ok
12:21:10.0046 4000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:21:10.0046 4000 aec - ok
12:21:10.0078 4000 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:21:10.0078 4000 AegisP - ok
12:21:10.0125 4000 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
12:21:10.0125 4000 Afc - ok
12:21:10.0171 4000 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:21:10.0171 4000 AFD - ok
12:21:10.0171 4000 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:21:10.0171 4000 agp440 - ok
12:21:10.0187 4000 Aha154x - ok
12:21:10.0187 4000 aic78u2 - ok
12:21:10.0203 4000 aic78xx - ok
12:21:10.0234 4000 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:21:10.0234 4000 Alerter - ok
12:21:10.0265 4000 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:21:10.0265 4000 ALG - ok
12:21:10.0265 4000 AliIde - ok
12:21:10.0281 4000 amsint - ok
12:21:10.0328 4000 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:21:10.0328 4000 ApfiltrService - ok
12:21:10.0421 4000 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:21:10.0421 4000 Apple Mobile Device - ok
12:21:10.0484 4000 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:21:10.0484 4000 AppMgmt - ok
12:21:10.0515 4000 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:21:10.0515 4000 Arp1394 - ok
12:21:10.0531 4000 asc - ok
12:21:10.0546 4000 asc3350p - ok
12:21:10.0562 4000 asc3550 - ok
12:21:10.0625 4000 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
12:21:10.0625 4000 Aspi32 - ok
12:21:10.0718 4000 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:21:10.0718 4000 aspnet_state - ok
12:21:10.0765 4000 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:21:10.0765 4000 aswFsBlk - ok
12:21:10.0781 4000 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
12:21:10.0781 4000 aswMon2 - ok
12:21:10.0812 4000 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
12:21:10.0812 4000 aswRdr - ok
12:21:10.0890 4000 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
12:21:10.0906 4000 aswSnx - ok
12:21:10.0953 4000 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
12:21:10.0968 4000 aswSP - ok
12:21:10.0984 4000 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
12:21:10.0984 4000 aswTdi - ok
12:21:11.0046 4000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:21:11.0046 4000 AsyncMac - ok
12:21:11.0078 4000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:21:11.0093 4000 atapi - ok
12:21:11.0093 4000 Atdisk - ok
12:21:11.0156 4000 Ati HotKey Poller (dfea480ee09bdeb7f51244900170e173) C:\WINDOWS\system32\Ati2evxx.exe
12:21:11.0171 4000 Ati HotKey Poller - ok
12:21:11.0281 4000 ati2mtag (2a6c99cfdc23c9c26d0e30b1c99748d4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:21:11.0296 4000 ati2mtag - ok
12:21:11.0343 4000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:21:11.0343 4000 Atmarpc - ok
12:21:11.0375 4000 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:21:11.0390 4000 AudioSrv - ok
12:21:11.0406 4000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:21:11.0406 4000 audstub - ok
12:21:11.0515 4000 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
12:21:11.0515 4000 avast! Antivirus - ok
12:21:11.0531 4000 AVG Anti-Spyware Driver - ok
12:21:11.0578 4000 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
12:21:11.0578 4000 AvgAsCln - ok
12:21:11.0625 4000 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:21:11.0640 4000 b57w2k - ok
12:21:11.0671 4000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:21:11.0671 4000 Beep - ok
12:21:11.0750 4000 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:21:11.0765 4000 BITS - ok
12:21:11.0843 4000 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
12:21:11.0859 4000 Bonjour Service - ok
12:21:11.0906 4000 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:21:11.0906 4000 Browser - ok
12:21:11.0921 4000 catchme - ok
12:21:11.0953 4000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:21:11.0953 4000 cbidf2k - ok
12:21:11.0953 4000 cd20xrnt - ok
12:21:11.0984 4000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:21:11.0984 4000 Cdaudio - ok
12:21:12.0031 4000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:21:12.0046 4000 Cdfs - ok
12:21:12.0093 4000 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
12:21:12.0093 4000 Cdr4_xp - ok
12:21:12.0109 4000 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
12:21:12.0109 4000 Cdralw2k - ok
12:21:12.0125 4000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:21:12.0125 4000 Cdrom - ok
12:21:12.0156 4000 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
12:21:12.0171 4000 cdudf_xp - ok
12:21:12.0171 4000 Changer - ok
12:21:12.0203 4000 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:21:12.0203 4000 CiSvc - ok
12:21:12.0234 4000 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:21:12.0234 4000 ClipSrv - ok
12:21:12.0359 4000 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:21:12.0359 4000 clr_optimization_v2.0.50727_32 - ok
12:21:12.0421 4000 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:21:12.0421 4000 clr_optimization_v4.0.30319_32 - ok
12:21:12.0468 4000 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:21:12.0468 4000 CmBatt - ok
12:21:12.0484 4000 CmdIde - ok
12:21:12.0500 4000 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:21:12.0500 4000 Compbatt - ok
12:21:12.0515 4000 COMSysApp - ok
12:21:12.0531 4000 Cpqarray - ok
12:21:12.0625 4000 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
12:21:12.0625 4000 cpudrv - ok
12:21:12.0671 4000 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:21:12.0671 4000 CryptSvc - ok
12:21:12.0687 4000 dac2w2k - ok
12:21:12.0687 4000 dac960nt - ok
12:21:12.0765 4000 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:21:12.0796 4000 DcomLaunch - ok
12:21:12.0843 4000 DevUpper (913938a5382bfb2487aacaea408a14d2) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
12:21:12.0843 4000 DevUpper - ok
12:21:12.0906 4000 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:21:12.0906 4000 Dhcp - ok
12:21:12.0937 4000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:21:12.0937 4000 Disk - ok
12:21:12.0953 4000 dmadmin - ok
12:21:13.0046 4000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:21:13.0062 4000 dmboot - ok
12:21:13.0109 4000 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:21:13.0109 4000 dmio - ok
12:21:13.0140 4000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:21:13.0140 4000 dmload - ok
12:21:13.0171 4000 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:21:13.0171 4000 dmserver - ok
12:21:13.0203 4000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:21:13.0203 4000 DMusic - ok
12:21:13.0250 4000 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:21:13.0250 4000 Dnscache - ok
12:21:13.0296 4000 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:21:13.0312 4000 Dot3svc - ok
12:21:13.0312 4000 dpti2o - ok
12:21:13.0359 4000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:21:13.0359 4000 drmkaud - ok
12:21:13.0406 4000 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
12:21:13.0406 4000 dvd_2K - ok
12:21:13.0437 4000 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:21:13.0437 4000 EapHost - ok
12:21:13.0484 4000 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:21:13.0500 4000 ERSvc - ok
12:21:13.0562 4000 esgiguard - ok
12:21:13.0625 4000 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:21:13.0640 4000 Eventlog - ok
12:21:13.0703 4000 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:21:13.0718 4000 EventSystem - ok
12:21:13.0796 4000 EvtEng (f8af9ba55e23599fff540e976194f546) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
12:21:13.0796 4000 EvtEng - ok
12:21:13.0843 4000 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:21:13.0859 4000 Fastfat - ok
12:21:13.0906 4000 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:21:13.0937 4000 FastUserSwitchingCompatibility - ok
12:21:13.0953 4000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:21:13.0953 4000 Fdc - ok
12:21:13.0984 4000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:21:13.0984 4000 Fips - ok
12:21:14.0000 4000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:21:14.0000 4000 Flpydisk - ok
12:21:14.0046 4000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:21:14.0046 4000 FltMgr - ok
12:21:14.0140 4000 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:21:14.0140 4000 FontCache3.0.0.0 - ok
12:21:14.0171 4000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:21:14.0171 4000 Fs_Rec - ok
12:21:14.0203 4000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:21:14.0203 4000 Ftdisk - ok
12:21:14.0234 4000 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:21:14.0234 4000 GEARAspiWDM - ok
12:21:14.0281 4000 getPlus® Helper (78494ae0f93358179b97571b9e76997c) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
12:21:14.0296 4000 getPlus® Helper - ok
12:21:14.0359 4000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:21:14.0359 4000 Gpc - ok
12:21:14.0406 4000 GTICARD (b14d8f5dedf7c495c7d3104d58e1d31c) C:\WINDOWS\system32\DRIVERS\gticard.sys
12:21:14.0406 4000 GTICARD - ok
12:21:14.0453 4000 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
12:21:14.0453 4000 GTIPCI21 - ok
12:21:14.0546 4000 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
12:21:14.0546 4000 gupdate - ok
12:21:14.0562 4000 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
12:21:14.0562 4000 gupdatem - ok
12:21:14.0640 4000 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:21:14.0640 4000 helpsvc - ok
12:21:14.0671 4000 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:21:14.0671 4000 HidServ - ok
12:21:14.0703 4000 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:21:14.0703 4000 HidUsb - ok
12:21:14.0750 4000 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:21:14.0765 4000 hkmsvc - ok
12:21:14.0765 4000 hpn - ok
12:21:14.0828 4000 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
12:21:14.0843 4000 HSFHWICH - ok
12:21:14.0968 4000 HSF_DP (272914d8e356bbbffbe7e88871a188ef) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:21:15.0000 4000 HSF_DP - ok
12:21:15.0109 4000 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
12:21:15.0125 4000 HSF_DPV - ok
12:21:15.0187 4000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:21:15.0203 4000 HTTP - ok
12:21:15.0250 4000 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:21:15.0265 4000 HTTPFilter - ok
12:21:15.0281 4000 i2omgmt - ok
12:21:15.0296 4000 i2omp - ok
12:21:15.0343 4000 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:21:15.0343 4000 i8042prt - ok
12:21:15.0500 4000 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:21:15.0500 4000 IDriverT - ok
12:21:15.0656 4000 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:21:15.0671 4000 idsvc - ok
12:21:15.0703 4000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:21:15.0703 4000 Imapi - ok
12:21:15.0765 4000 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:21:15.0781 4000 ImapiService - ok
12:21:15.0796 4000 ini910u - ok
12:21:15.0843 4000 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:21:15.0843 4000 IntelIde - ok
12:21:15.0890 4000 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:21:15.0890 4000 intelppm - ok
12:21:15.0921 4000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:21:15.0921 4000 Ip6Fw - ok
12:21:15.0953 4000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:21:15.0953 4000 IpFilterDriver - ok
12:21:15.0984 4000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:21:15.0984 4000 IpInIp - ok
12:21:16.0031 4000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:21:16.0031 4000 IpNat - ok
12:21:16.0062 4000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:21:16.0062 4000 IPSec - ok
12:21:16.0109 4000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:21:16.0109 4000 IRENUM - ok
12:21:16.0171 4000 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:21:16.0171 4000 isapnp - ok
12:21:16.0296 4000 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
12:21:16.0296 4000 JavaQuickStarterService - ok
12:21:16.0359 4000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:21:16.0359 4000 Kbdclass - ok
12:21:16.0375 4000 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:21:16.0390 4000 kbdhid - ok
12:21:16.0437 4000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:21:16.0437 4000 kmixer - ok
12:21:16.0484 4000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:21:16.0500 4000 KSecDD - ok
12:21:16.0531 4000 L8042mou (20c919b52897b72ebcb2ad2fc29d8ef0) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
12:21:16.0546 4000 L8042mou - ok
12:21:16.0593 4000 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:21:16.0625 4000 lanmanserver - ok
12:21:16.0687 4000 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:21:16.0718 4000 lanmanworkstation - ok
12:21:16.0765 4000 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
12:21:16.0781 4000 LBeepKE - ok
12:21:16.0781 4000 lbrtfdc - ok
12:21:16.0875 4000 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:21:16.0875 4000 LBTServ - ok
12:21:16.0906 4000 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
12:21:16.0906 4000 LEqdUsb - ok
12:21:16.0921 4000 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
12:21:16.0921 4000 LHidEqd - ok
12:21:16.0937 4000 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
12:21:16.0937 4000 LHidFilt - ok
12:21:16.0968 4000 LHidKe (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
12:21:16.0968 4000 LHidKe - ok
12:21:16.0984 4000 LHidUsbK (cbd1c6bff70e170cec6e1502e7fcfef6) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
12:21:16.0984 4000 LHidUsbK - ok
12:21:17.0031 4000 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:21:17.0031 4000 LmHosts - ok
12:21:17.0046 4000 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
12:21:17.0046 4000 LMouFilt - ok
12:21:17.0078 4000 LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
12:21:17.0078 4000 LMouKE - ok
12:21:17.0109 4000 LUsbFilt (0c62957912d4df1e4ba9795e6be3ed38) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
12:21:17.0109 4000 LUsbFilt - ok
12:21:17.0187 4000 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:21:17.0187 4000 MDM - ok
12:21:17.0234 4000 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:21:17.0234 4000 mdmxsdk - ok
12:21:17.0250 4000 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:21:17.0265 4000 Messenger - ok
12:21:17.0281 4000 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
12:21:17.0281 4000 mmc_2K - ok
12:21:17.0328 4000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:21:17.0328 4000 mnmdd - ok
12:21:17.0375 4000 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:21:17.0375 4000 mnmsrvc - ok
12:21:17.0406 4000 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:21:17.0406 4000 Modem - ok
12:21:17.0453 4000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:21:17.0453 4000 Mouclass - ok
12:21:17.0468 4000 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:21:17.0468 4000 mouhid - ok
12:21:17.0500 4000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:21:17.0500 4000 MountMgr - ok
12:21:17.0500 4000 mraid35x - ok
12:21:17.0531 4000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:21:17.0531 4000 MRxDAV - ok
12:21:17.0609 4000 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:21:17.0609 4000 MRxSmb - ok
12:21:17.0656 4000 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:21:17.0656 4000 MSDTC - ok
12:21:17.0703 4000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:21:17.0703 4000 Msfs - ok
12:21:17.0718 4000 MSIServer - ok
12:21:17.0734 4000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:21:17.0734 4000 MSKSSRV - ok
12:21:17.0750 4000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:21:17.0750 4000 MSPCLOCK - ok
12:21:17.0765 4000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:21:17.0765 4000 MSPQM - ok
12:21:17.0812 4000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:21:17.0812 4000 mssmbios - ok
12:21:17.0843 4000 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:21:17.0843 4000 Mup - ok
12:21:17.0906 4000 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:21:17.0921 4000 napagent - ok
12:21:17.0968 4000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:21:17.0968 4000 NDIS - ok
12:21:18.0015 4000 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:21:18.0015 4000 NdisTapi - ok
12:21:18.0062 4000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:21:18.0062 4000 Ndisuio - ok
12:21:18.0093 4000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:21:18.0093 4000 NdisWan - ok
12:21:18.0140 4000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:21:18.0140 4000 NDProxy - ok
12:21:18.0156 4000 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:21:18.0171 4000 NetBIOS - ok
12:21:18.0203 4000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:21:18.0203 4000 NetBT - ok
12:21:18.0265 4000 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:21:18.0281 4000 NetDDE - ok
12:21:18.0281 4000 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:21:18.0296 4000 NetDDEdsdm - ok
12:21:18.0328 4000 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:21:18.0343 4000 Netlogon - ok
12:21:18.0375 4000 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:21:18.0390 4000 Netman - ok
12:21:18.0484 4000 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:21:18.0484 4000 NetTcpPortSharing - ok
12:21:18.0515 4000 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:21:18.0515 4000 NIC1394 - ok
12:21:18.0578 4000 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:21:18.0593 4000 Nla - ok
12:21:18.0687 4000 nosGetPlusHelper (1acf98d80e95add298832c7a8996b48c) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
12:21:18.0687 4000 nosGetPlusHelper - ok
12:21:18.0734 4000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:21:18.0734 4000 Npfs - ok
12:21:18.0796 4000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:21:18.0812 4000 Ntfs - ok
12:21:18.0859 4000 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:21:18.0859 4000 NtLmSsp - ok
12:21:18.0937 4000 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:21:18.0953 4000 NtmsSvc - ok
12:21:19.0000 4000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:21:19.0000 4000 Null - ok
12:21:19.0140 4000 nv (a933bec064aa03da7af5d259d8ea73e1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:21:19.0171 4000 nv - ok
12:21:19.0281 4000 NVSvc (d2cae11b646f91b1dd9fdfad0013dece) C:\WINDOWS\system32\nvsvc32.exe
12:21:19.0296 4000 NVSvc - ok
12:21:19.0343 4000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:21:19.0343 4000 NwlnkFlt - ok
12:21:19.0375 4000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:21:19.0375 4000 NwlnkFwd - ok
12:21:19.0421 4000 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:21:19.0421 4000 ohci1394 - ok
12:21:19.0468 4000 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
12:21:19.0484 4000 OMCI - ok
12:21:19.0562 4000 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:21:19.0562 4000 ose - ok
12:21:19.0609 4000 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:21:19.0625 4000 Parport - ok
12:21:19.0640 4000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:21:19.0640 4000 PartMgr - ok
12:21:19.0671 4000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:21:19.0687 4000 ParVdm - ok
12:21:19.0734 4000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:21:19.0734 4000 PCI - ok
12:21:19.0750 4000 PCIDump - ok
12:21:19.0781 4000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:21:19.0781 4000 PCIIde - ok
12:21:19.0812 4000 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:21:19.0828 4000 Pcmcia - ok
12:21:19.0843 4000 PDCOMP - ok
12:21:19.0859 4000 PDFRAME - ok
12:21:19.0859 4000 PDRELI - ok
12:21:19.0875 4000 PDRFRAME - ok
12:21:19.0890 4000 perc2 - ok
12:21:19.0906 4000 perc2hib - ok
12:21:19.0968 4000 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:21:19.0968 4000 PlugPlay - ok
12:21:20.0000 4000 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:21:20.0000 4000 PolicyAgent - ok
12:21:20.0031 4000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:21:20.0031 4000 PptpMiniport - ok
12:21:20.0031 4000 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:21:20.0046 4000 ProtectedStorage - ok
12:21:20.0046 4000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:21:20.0062 4000 PSched - ok
12:21:20.0093 4000 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:21:20.0093 4000 PSI_SVC_2 - ok
12:21:20.0125 4000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:21:20.0125 4000 Ptilink - ok
12:21:20.0171 4000 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
12:21:20.0171 4000 pwd_2k - ok
12:21:20.0203 4000 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:21:20.0203 4000 PxHelp20 - ok
12:21:20.0218 4000 ql1080 - ok
12:21:20.0218 4000 Ql10wnt - ok
12:21:20.0234 4000 ql12160 - ok
12:21:20.0234 4000 ql1240 - ok
12:21:20.0250 4000 ql1280 - ok
12:21:20.0265 4000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:21:20.0265 4000 RasAcd - ok
12:21:20.0312 4000 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:21:20.0312 4000 RasAuto - ok
12:21:20.0328 4000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:21:20.0328 4000 Rasl2tp - ok
12:21:20.0375 4000 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:21:20.0375 4000 RasMan - ok
12:21:20.0390 4000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:21:20.0390 4000 RasPppoe - ok
12:21:20.0406 4000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:21:20.0406 4000 Raspti - ok
12:21:20.0468 4000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:21:20.0468 4000 Rdbss - ok
12:21:20.0484 4000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:21:20.0484 4000 RDPCDD - ok
12:21:20.0500 4000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:21:20.0515 4000 rdpdr - ok
12:21:20.0546 4000 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:21:20.0562 4000 RDPWD - ok
12:21:20.0593 4000 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:21:20.0609 4000 RDSessMgr - ok
12:21:20.0640 4000 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:21:20.0640 4000 redbook - ok
12:21:20.0750 4000 RegSrvc (68a4629a901cfb5b6628af55ae0d0808) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
12:21:20.0750 4000 RegSrvc - ok
12:21:20.0796 4000 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:21:20.0796 4000 RemoteAccess - ok
12:21:20.0843 4000 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:21:20.0859 4000 RemoteRegistry - ok
12:21:20.0890 4000 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:21:20.0890 4000 RpcLocator - ok
12:21:20.0953 4000 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:21:20.0968 4000 RpcSs - ok
12:21:21.0015 4000 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:21:21.0031 4000 RSVP - ok
12:21:21.0109 4000 S24EventMonitor (44833553a6fbdac1554f290f10018ba4) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
12:21:21.0109 4000 S24EventMonitor - ok
12:21:21.0140 4000 s24trans (662c9f09076a2e1224c8833def1f5cb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:21:21.0140 4000 s24trans - ok
12:21:21.0187 4000 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:21:21.0203 4000 SamSs - ok
12:21:21.0250 4000 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:21:21.0265 4000 SCardSvr - ok
12:21:21.0328 4000 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:21:21.0343 4000 Schedule - ok
12:21:21.0375 4000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:21:21.0375 4000 Secdrv - ok
12:21:21.0406 4000 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:21:21.0421 4000 seclogon - ok
12:21:21.0453 4000 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:21:21.0453 4000 SENS - ok
12:21:21.0484 4000 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:21:21.0484 4000 serenum - ok
12:21:21.0515 4000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:21:21.0531 4000 Serial - ok
12:21:21.0562 4000 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:21:21.0578 4000 Sfloppy - ok
12:21:21.0640 4000 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:21:21.0656 4000 SharedAccess - ok
12:21:21.0703 4000 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:21:21.0718 4000 ShellHWDetection - ok
12:21:21.0734 4000 Simbad - ok
12:21:21.0750 4000 Sparrow - ok
12:21:21.0781 4000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:21:21.0781 4000 splitter - ok
12:21:21.0828 4000 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:21:21.0843 4000 Spooler - ok
12:21:21.0875 4000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:21:21.0875 4000 sr - ok
12:21:21.0937 4000 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:21:21.0953 4000 srservice - ok
12:21:22.0031 4000 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:21:22.0046 4000 Srv - ok
12:21:22.0062 4000 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:21:22.0093 4000 SSDPSRV - ok
12:21:22.0140 4000 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\stac97.sys
12:21:22.0156 4000 STAC97 - ok
12:21:22.0234 4000 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:21:22.0250 4000 stisvc - ok
12:21:22.0296 4000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:21:22.0312 4000 swenum - ok
12:21:22.0359 4000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:21:22.0359 4000 swmidi - ok
12:21:22.0375 4000 SwPrv - ok
12:21:22.0406 4000 symc810 - ok
12:21:22.0406 4000 symc8xx - ok
12:21:22.0421 4000 sym_hi - ok
12:21:22.0437 4000 sym_u3 - ok
12:21:22.0468 4000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:21:22.0468 4000 sysaudio - ok
12:21:22.0515 4000 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:21:22.0531 4000 SysmonLog - ok
12:21:22.0578 4000 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:21:22.0593 4000 TapiSrv - ok
12:21:22.0671 4000 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:21:22.0687 4000 Tcpip - ok
12:21:22.0718 4000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:21:22.0718 4000 TDPIPE - ok
12:21:22.0750 4000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:21:22.0750 4000 TDTCP - ok
12:21:22.0781 4000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:21:22.0781 4000 TermDD - ok
12:21:22.0859 4000 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:21:22.0875 4000 TermService - ok
12:21:22.0937 4000 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:21:22.0953 4000 Themes - ok
12:21:23.0000 4000 tiumfwl (a4c6f3e34358c94e5c3acfc3392f8907) C:\WINDOWS\system32\drivers\tiumfwl.sys
12:21:23.0000 4000 tiumfwl - ok
12:21:23.0046 4000 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:21:23.0078 4000 TlntSvr - ok
12:21:23.0093 4000 TosIde - ok
12:21:23.0125 4000 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:21:23.0140 4000 TrkWks - ok
12:21:23.0187 4000 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
12:21:23.0187 4000 UdfReadr_xp - ok
12:21:23.0234 4000 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:21:23.0234 4000 Udfs - ok
12:21:23.0250 4000 ultra - ok
12:21:23.0312 4000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:21:23.0312 4000 Update - ok
12:21:23.0359 4000 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:21:23.0390 4000 upnphost - ok
12:21:23.0421 4000 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:21:23.0437 4000 UPS - ok
12:21:23.0484 4000 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:21:23.0500 4000 USBAAPL - ok
12:21:23.0546 4000 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:21:23.0546 4000 usbccgp - ok
12:21:23.0593 4000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:21:23.0593 4000 usbehci - ok
12:21:23.0609 4000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:21:23.0625 4000 usbhub - ok
12:21:23.0671 4000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:21:23.0671 4000 usbprint - ok
12:21:23.0703 4000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:21:23.0703 4000 usbscan - ok
12:21:23.0718 4000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:21:23.0718 4000 USBSTOR - ok
12:21:23.0750 4000 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:21:23.0765 4000 usbuhci - ok
12:21:23.0781 4000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:21:23.0796 4000 VgaSave - ok
12:21:23.0812 4000 ViaIde - ok
12:21:23.0828 4000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:21:23.0843 4000 VolSnap - ok
12:21:23.0906 4000 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:21:23.0937 4000 VSS - ok
12:21:24.0109 4000 w22n51 (4fed83668f087ecbe810ea90beceb765) C:\WINDOWS\system32\DRIVERS\w22n51.sys
12:21:24.0140 4000 w22n51 - ok
12:21:24.0593 4000 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
12:21:24.0656 4000 w29n51 - ok
12:21:24.0796 4000 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:21:24.0828 4000 W32Time - ok
12:21:24.0890 4000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:21:24.0890 4000 Wanarp - ok
12:21:24.0984 4000 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:21:25.0000 4000 Wdf01000 - ok
12:21:25.0015 4000 WDICA - ok
12:21:25.0062 4000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:21:25.0078 4000 wdmaud - ok
12:21:25.0109 4000 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:21:25.0125 4000 WebClient - ok
12:21:25.0234 4000 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:21:25.0234 4000 winachsf - ok
12:21:25.0343 4000 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:21:25.0359 4000 winmgmt - ok
12:21:25.0515 4000 WLANKEEPER (617e537771b3ba1d54091527d0d72de4) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
12:21:25.0515 4000 WLANKEEPER - ok
12:21:25.0562 4000 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:21:25.0578 4000 WmdmPmSN - ok
12:21:25.0656 4000 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:21:25.0671 4000 Wmi - ok
12:21:25.0734 4000 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:21:25.0734 4000 WmiApSrv - ok
12:21:25.0875 4000 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:21:25.0890 4000 WMPNetworkSvc - ok
12:21:26.0062 4000 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:21:26.0078 4000 WPFFontCache_v0400 - ok
12:21:26.0187 4000 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:21:26.0187 4000 WS2IFSL - ok
12:21:26.0234 4000 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:21:26.0265 4000 wscsvc - ok
12:21:26.0281 4000 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:21:26.0296 4000 wuauserv - ok
12:21:26.0359 4000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:21:26.0359 4000 WudfPf - ok
12:21:26.0390 4000 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:21:26.0421 4000 WudfSvc - ok
12:21:26.0593 4000 wwEngineSvc (be0b3774113713059527fcf071ccdbfe) C:\Program Files\Webroot\Washer\WasherSvc.exe
12:21:26.0593 4000 wwEngineSvc - ok
12:21:26.0656 4000 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:21:26.0687 4000 WZCSVC - ok
12:21:26.0734 4000 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:21:26.0765 4000 xmlprov - ok
12:21:26.0812 4000 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:21:27.0343 4000 \Device\Harddisk0\DR0 - ok
12:21:27.0359 4000 MBR (0x1B8) (c6042f4c796bfa0798efa4128438d3c5) \Device\Harddisk1\DR2
12:21:29.0015 4000 \Device\Harddisk1\DR2 - ok
12:21:29.0015 4000 Boot (0x1200) (69ce3c22dbe66614196a18640e5db573) \Device\Harddisk0\DR0\Partition0
12:21:29.0015 4000 \Device\Harddisk0\DR0\Partition0 - ok
12:21:29.0031 4000 ============================================================
12:21:29.0031 4000 Scan finished
12:21:29.0031 4000 ============================================================
12:21:29.0031 3080 Detected object count: 0
12:21:29.0031 3080 Actual detected object count: 0
12:22:34.0546 2084 Deinitialize success

#6 wgrogers

wgrogers
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moonbeamafornia
  • Local time:05:47 PM

Posted 28 June 2012 - 08:21 PM

I read where aswMBR is supposed to allow you to click save log. Not sure what happened, tool was gone and no log saved so I am running it again.
It took quite awhile the first go-round, sort of like the gmer program, and I had a 30 min meet I had to do, when I came back I couldn't see any log of
aswMBR. As soon as it's done, I'll post it.

#7 wgrogers

wgrogers
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moonbeamafornia
  • Local time:05:47 PM

Posted 28 June 2012 - 10:40 PM

Now I know what happened. I ran aswMBR.exe the first time and when I returned, I saw the desktop but no log file. I ran it again, took about 3hrs and I didn't see where it was in the scan but I got a BSOD, mem dump and reboot. That was why I couldn't find a log. It's not letting me complete the scan.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 29 June 2012 - 08:28 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 wgrogers

wgrogers
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moonbeamafornia
  • Local time:05:47 PM

Posted 29 June 2012 - 10:51 AM

Hey Gringo!

Ran the combofix with the text as requested. Kind of stumped me for a second, as the program began to run and the dos window appeared,
so did a pop up saying "A New Version of ComboFix is Available. Download Now?" Followed by either YES or NO bars. I'm thinking, "Great! How am
I supposed to answer if I can't click the mouse after it starts??" I chose to download and it processed that request first and then started to run
CF after installing.

Here is the copy of the log file for Combo with the ClearJavaCache:: text file....

ComboFix 12-06-28.03 - Greg i 06/29/12 7:15.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1448 [GMT -7:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Greg\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-28 02:11 . 2012-06-28 02:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\RealNetworks
2012-06-26 23:03 . 2012-06-28 15:38 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\RealNetworks
2012-06-24 04:47 . 2012-06-24 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ConeXware
2012-06-24 04:47 . 2012-06-24 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Caphyon
2012-06-24 04:47 . 2012-06-24 04:47 -------- d-----w- c:\program files\PatchBeam
2012-06-24 04:46 . 2012-06-28 02:38 -------- d-----w- c:\program files\PowerArchiver
2012-06-03 16:46 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-03 16:46 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-06-03 16:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-03 16:43 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-06-03 16:42 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 12:52 . 2010-06-03 06:35 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-28 12:52 . 2010-06-03 06:35 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-28 12:52 . 2011-03-01 05:20 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-28 12:52 . 2010-06-03 06:35 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-06-28 12:52 . 2010-06-03 06:35 97352 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-06-28 12:52 . 2010-06-03 06:35 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-06-28 12:52 . 2010-06-03 06:35 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-28 12:52 . 2010-06-03 06:35 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-06-28 12:52 . 2010-06-29 23:03 41224 ----a-w- c:\windows\avastSS.scr
2012-06-28 12:51 . 2010-06-03 06:34 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-09 19:18 . 2012-04-04 14:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 19:18 . 2011-05-14 13:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-08-04 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2008-11-29 21:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 01:26 . 2012-04-29 01:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-28_15.41.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-29 12:31 . 2012-06-29 12:31 16384 c:\windows\temp\Perflib_Perfdata_260.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2004-04-29 90169]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-10 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-10 602182]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
RemindMe.lnk - c:\documents and settings\Greg\My Documents\Downloads\remindme\remindme\RemindMe.exe [2007-6-13 228334]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX500]
2003-06-01 20:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX580 Series]
2006-05-23 12:00 139264 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBPA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-11 17:39 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\RankBuilder\\LinkWheel Builder.exe"=
"c:\\Program Files\\RankBuilder\\Profile Link Builder.exe"=
"c:\\Program Files\\RankBuilder\\Article Submitter.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/28/11 10:20 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/2/10 11:35 PM 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/2/10 11:35 PM 21256]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/22/07 1:48 AM 598856]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/4/04 2:26 AM 80384]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/10 2:01 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/10 2:01 AM 12184]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/6/09 5:57 PM 135664]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/5/11 5:23 PM 12184]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/11 11:08 AM 11336]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2/6/03 7:23 PM 59328]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/6/09 5:57 PM 135664]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/04 5:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 00:57]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 00:57]
.
2012-06-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-920026266-854245398-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
.
2012-06-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-920026266-854245398-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
.
2011-12-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2007-09-29 23:31]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Documents%20and%20Settings/Greg/Desktop/newindex.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} - hxxp://192.168.2.3/WebDvr3.cab
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\g9ew7f7y.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Documents%20and%20Settings/Greg/Desktop/newindex.html
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 07:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|.W.ݧ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|.W.ݧ\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|Z0~]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|Z0~\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|ZF]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1390067357-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*֚|ZF\OpenWithList]
@Class="Shell"
"a"="Corel PaintShop Pro.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3968)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-29 07:30:04
ComboFix-quarantined-files.txt 2012-06-29 14:30
ComboFix2.txt 2012-06-28 15:48
.
Pre-Run: 56,006,721,536 bytes free
Post-Run: 55,989,858,304 bytes free
.
- - End Of File - - 93D12A5D018D27134EF99AD66B121479

#10 wgrogers

wgrogers
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moonbeamafornia
  • Local time:05:47 PM

Posted 29 June 2012 - 10:53 AM

BTW, I tried to duplicate the searches from the other day using google and got no redirect on any. It appears that the
file taking control of the browser has been neutralized.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 29 June 2012 - 08:36 PM

Hello

BTW, I tried to duplicate the searches from the other day using google and got no redirect on any. It appears that the
file taking control of the browser has been neutralized.

I was going to ask about that


I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 wgrogers

wgrogers
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moonbeamafornia
  • Local time:05:47 PM

Posted 29 June 2012 - 11:38 PM

In case someone else reads this and they can't get anything to happen when pressing the windows key + R, like happened to me,
it opens the Run dialog you can also access from the start button. Having said that, here's the report:

7-Zip 9.20
ABBYY FineReader 5.0 Sprint Plus
Acrobat.com
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Standard
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
AIM 7
ALIAS Find And Replace 1.3.0
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ArcSoft Software Suite
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
C-Major Audio
CardBus
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.92 Modem
Corel Paint Shop Pro X
Corel PaintShop Pro X4
Critical Update for Windows Media Player 11 (KB959772)
CSE HTML Validator Lite v11.01
CuteFTP 5.0 XP
Dell Driver Download Manager
Dell ResourceCD
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy CD Creator 5 Basic
eBook Pro 6.0
EPSON CardMonitor
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON Stylus Photo RX580 Scanner Driver Update
EPSON Stylus Photo RX580 User's Guide
eReg
FreeDiff v1.1.2
getPlus® for Adobe
Good Keywords v3 121708
Google AdWords Editor
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HoverAd Creator 2.0
HTML Executable IERuntime
ICA
Image Ad Builder 0.8
Intel® PROSet/Wireless Software
InterActual Player
InterVideo WinDVD
IPM_PSP_COM
iTunes
Jasc Animation Shop 3
Java Auto Updater
Java™ 6 Update 30
K-Lite Mega Codec Pack 4.3.4
Logitech SetPoint 6.32
Malwarebytes' RogueRemover
Malwarebytes Anti-Malware version 1.61.0.1400
mCore
mDriver
mDrWiFi
Memorex exPressit Label Design Studio
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mirar
mIWA
mLogView
mMHouse
Mozilla Firefox 11.0 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
mSSO
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mWMI
mXML
MySoftware Fonts
mZConfig
Notepad++
NVIDIA Windows 2000/XP Display Drivers
OGA Notifier 2.0.0048.0
PatchBeam
PCI 7510 CardBus Controller with SmartCard and Software
PowerArchiver 2011
PSPPContent
PSPPHelp
QuickTime
RankBuilder
RealPlayer
RealUpgrade 1.0
RevenueWire Keyword Manager
Screen Calipers
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Setup
SigmaTel AC97 Audio Drivers
Skype 3.8
SnadBoy's Revelation v2
SpeedPPC Campaign Builder
SpeedPPC Campaign Builder Version 4
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
System Requirements Lab for Intel
Texas Instruments PCIxx21/x515 drivers.
The Logo Creator v5.2
TIxx21/x515
TopStyle Lite (Version 3.0)
Traffic Travis 3.3.2
Tweak UI
TweetAssassinSetup
Uninstall Alarmking DVR Client
Unknown Device Identifier 8.00
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
VIGOS Gsitemap 0.97a
WebFldrs XP
Window Washer
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xml Viewer

Let me know what you think!

Thanks,
Greg

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 29 June 2012 - 11:47 PM

Hdello Greg


are you sure you were pressing the windows key?



Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java 6 Update 30
Mirar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 wgrogers

wgrogers
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Moonbeamafornia
  • Local time:05:47 PM

Posted 30 June 2012 - 05:05 AM

First, the MBAM Report

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Greg :: PRIMARY [administrator]

6/29/12 11:45:31 PM
mbam-log-2012-06-29 (23-45-31).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 379205
Time elapsed: 1 hour(s), 51 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Followed by HiJackThis...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:01:55 AM, on 6/30/12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Apoint\HidFind.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Greg/Desktop/newindex.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -update plugin
O4 - Startup: RemindMe.lnk = C:\Documents and Settings\Greg\My Documents\Downloads\remindme\remindme\RemindMe.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.0.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/bizzarini/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269471504921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269471495281
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://192.168.2.3/WebDvr3.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 10681 bytes


Yes to your question, the windows key on my keyboard has a windows logo and sits between the Alt and Ctrl keys. Pressing it and R
simultaneously did not cause the run dialoge box to appear. Nothing popped up.

Thanks
Greg

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 30 June 2012 - 10:39 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -update plugin
      O4 - Startup: RemindMe.lnk = C:\Documents and Settings\Greg\My Documents\Downloads\remindme\remindme\RemindMe.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users