Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer 8 - randomly opening and playing ads?


  • This topic is locked This topic is locked
7 replies to this topic

#1 vjmo1

vjmo1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 28 June 2012 - 09:33 AM

Hi,

I have a Windows XP Professional SP 3 running Internet Explorer 8.

Recently, IE8 has started to open randomly - I cannot see these windows, only in the task manager. It then starts to play snippets of ads. I can terminate via task manager but is very annoying.

I have SuperAntiSpyware, Malwarebytes Antimalware and have had AVG Anti-virus running. AVG detected a Tojan horse FakeAV_s.CK which was removed on 18/06/2012.

SuperAntiSpyware detected : Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7BF85892-5719-4F59-B362-B648D216FF15}\RP1814\A0187712.EXE

which was removed as well.

I have had no results (except for cookie trackers) in any other scans.

Can somebody provide some guidance on what to do?

Thanks,

John

BC AdBot (Login to Remove)

 


#2 ElFasso

ElFasso

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:06:05 AM

Posted 28 June 2012 - 10:05 AM

The infected folder from SuperAntiSpyware that he indicates, is in a system restore point.

C:\SYSTEM VOLUME INFORMATION\_RESTORE « System restore point.


Run a scan With MBAM:

Update Malwarebytes' Anti-Malware (aka MBAM), then select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Edited by ElFasso, 28 June 2012 - 10:08 AM.


#3 vjmo1

vjmo1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 28 June 2012 - 04:42 PM

Hi ElFasso,

Here is the log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.28.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: JOHN-FA7BD69C51 [administrator]

29/06/2012 1:23:50 AM
mbam-log-2012-06-29 (01-23-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313736
Time elapsed: 21 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks,

John

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:05 AM

Posted 28 June 2012 - 08:31 PM

Hello., also run these now.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 vjmo1

vjmo1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 29 June 2012 - 06:34 AM

Hi,

Just want to say thanks for the help so far!

Here are the logs as requested.

MiniToolBox by Farbar Version: 25-06-2012
Ran by Administrator (administrator) on 29-06-2012 at 20:36:25
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : john-fa7bd69c51 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : vi.bigpond.net.auEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : vi.bigpond.net.au Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet Physical Address. . . . . . . . . : 00-1A-92-96-6F-CB Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 58.175.244.125 Subnet Mask . . . . . . . . . . . : 255.255.254.0 Default Gateway . . . . . . . . . : 58.175.244.1 DHCP Server . . . . . . . . . . . : 172.18.51.155 DNS Servers . . . . . . . . . . . : 61.9.134.49 61.9.133.193 Lease Obtained. . . . . . . . . . : Friday, 29 June 2012 6:32:22 PM Lease Expires . . . . . . . . . . : Saturday, 30 June 2012 6:32:22 PMServer: dns-cust.win.bigpond.net.au
Address: 61.9.134.49

Name: google.com.net.au
Address: 199.101.28.130

Pinging google.com [74.125.237.134] with 32 bytes of data:Reply from 74.125.237.134: bytes=32 time=21ms TTL=52Reply from 74.125.237.134: bytes=32 time=20ms TTL=53Ping statistics for 74.125.237.134: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 20ms, Maximum = 21ms, Average = 20msServer: dns-cust.win.bigpond.net.au
Address: 61.9.134.49

Name: yahoo.com.net.au
Address: 199.101.28.130

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=286ms TTL=48Reply from 72.30.38.140: bytes=32 time=205ms TTL=48Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 205ms, Maximum = 286ms, Average = 245msServer: dns-cust.win.bigpond.net.au
Address: 61.9.134.49

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=48Reply from 127.0.0.1: bytes=32 time<1ms TTL=48Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a 92 96 6f cb ...... NVIDIA nForce 10/100/1000 Mbps Ethernet
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 58.175.244.1 58.175.244.125 20
58.175.244.0 255.255.254.0 58.175.244.125 58.175.244.125 20
58.175.244.125 255.255.255.255 127.0.0.1 127.0.0.1 20
58.255.255.255 255.255.255.255 58.175.244.125 58.175.244.125 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 58.175.244.125 58.175.244.125 20
224.0.0.0 240.0.0.0 58.175.244.125 58.175.244.125 20
255.255.255.255 255.255.255.255 58.175.244.125 58.175.244.125 1
Default Gateway: 58.175.244.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/29/2012 00:21:57 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010cce.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/29/2012 00:15:47 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010cce.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/28/2012 10:42:19 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (06/27/2012 11:47:38 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY.ITL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (06/26/2012 11:40:52 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010cce.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/26/2012 00:57:58 AM) (Source: ESENT) (User: )
Description: SearchIndexer (2104) Unable to write a shadowed header for file C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (06/26/2012 00:57:58 AM) (Source: ESENT) (User: )
Description: SearchIndexer (2104) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/26/2012 00:57:17 AM) (Source: ESENT) (User: )
Description: SearchIndexer (2104) Unable to write a shadowed header for file C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (06/26/2012 00:57:17 AM) (Source: ESENT) (User: )
Description: SearchIndexer (2104) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/26/2012 00:56:37 AM) (Source: ESENT) (User: )
Description: SearchIndexer (2104) Unable to write a shadowed header for file C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.


System errors:
=============
Error: (06/27/2012 07:42:37 AM) (Source: Service Control Manager) (User: )
Description: The SASDIFSV service failed to start due to the following error:
%%183

Error: (06/26/2012 11:06:35 PM) (Source: Service Control Manager) (User: )
Description: The SABProcEnum service failed to start due to the following error:
%%2

Error: (06/20/2012 04:33:12 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.100.11 for the Network Card with network address 001A92966FCB has been
denied by the DHCP server 172.18.51.155 (The DHCP Server sent a DHCPNACK message).

Error: (06/20/2012 04:32:41 PM) (Source: Dhcp) (User: )
Description: The IP address lease 58.175.244.125 for the Network Card with network address 001A92966FCB has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (06/19/2012 09:27:59 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (06/13/2012 08:00:58 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (06/12/2012 04:09:46 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.100.11 for the Network Card with network address 001A92966FCB has been
denied by the DHCP server 172.18.51.155 (The DHCP Server sent a DHCPNACK message).

Error: (06/12/2012 04:09:16 PM) (Source: Dhcp) (User: )
Description: The IP address lease 58.175.244.125 for the Network Card with network address 001A92966FCB has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (06/08/2012 07:08:13 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (06/06/2012 07:29:41 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (06/29/2012 00:21:57 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.605500010cce

Error: (06/29/2012 00:15:47 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.605500010cce

Error: (06/28/2012 10:42:19 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (06/27/2012 11:47:38 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY.ITL

Error: (06/26/2012 11:40:52 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.605500010cce

Error: (06/26/2012 00:57:58 AM) (Source: ESENT)(User: )
Description: SearchIndexer2104C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032

Error: (06/26/2012 00:57:58 AM) (Source: ESENT)(User: )
Description: SearchIndexer2104C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (06/26/2012 00:57:17 AM) (Source: ESENT)(User: )
Description: SearchIndexer2104C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032

Error: (06/26/2012 00:57:17 AM) (Source: ESENT)(User: )
Description: SearchIndexer2104C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (06/26/2012 00:56:37 AM) (Source: ESENT)(User: )
Description: SearchIndexer2104C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Armageddon
AVG 2012 (Version: 12.0.2180)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2180)
AVS Disc Creator version 2.1
AVS Video Tools 5.1
Bejeweled 2 Deluxe 1.0
BitTorrent
Bonjour (Version: 3.0.0.10)
Bookworm Adventures Deluxe 1.0
BufferChm (Version: 120.0.194.000)
C5300 (Version: 120.0.235.000)
Cablenut 4.08
Camera Window (Version: 4.6.1)
Canon Camera Support Core Library (Version: 7.0.1.17)
Canon Camera Window for ZoomBrowser EX (Version: 4.6.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 1.1.1.41)
Canon PhotoRecord (Version: 02.00.00029)
Canon RAW Image Task for ZoomBrowser EX (Version: 1.0)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.0.2)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.13)
Canon Utilities ZoomBrowser EX (Version: 04.06.00032)
CCScore (Version: 6.02.1001.0001)
Combat Mission Afrika Korps
Combat Mission Barbarossa to Berlin
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CPUID CPU-Z 1.55
Curse Client (Version: 4.0.1.260)
DB CIF Cam (Version: 1.0)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
Diablo
Diablo III (Version: 1.0.3.10235)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.6.1.9)
DivX Version Checker (Version: 7.1.0.9)
Doomsday
doubleTwist (Version: 2.7.0.3867)
Download Manager 2.3.10 (Version: 2.3.10)
e-tax 2008
e-tax 2009 (Version: 1.0.0.0)
e-tax 2010 (Version: 1.0.682)
e-tax 2011 (Version: 10.1.671)
Easy MP3 Alarm Clock 1.0
ESSBrwr (Version: 6.04.0000.0001)
ESSCDBK (Version: 6.04.0000.0001)
ESScore (Version: 6.04.0000.0003)
ESSgui (Version: 6.04.0000.0001)
ESSini (Version: 6.04.0000.0001)
ESSPCD (Version: 6.04.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSSONIC (Version: 6.4.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.04.0000.0001)
FaceFilter Studio Brother Edition (Version: 1.0)
Fallout (Version: 1.0)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
fflink (Version: 6.02.1001.0001)
Foxtel Download Manager 4.1.500.11 (Version: 4.1.50011)
FOXTEL Download Player (Version: 1.0.10.3)
Free YouTube Downloader 3.5.124
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.111)
GPBaseService2 (Version: 130.0.371.000)
Hearts of Iron
Hearts of Iron 2
Hearts of Iron III
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Photosmart C5300 All-In-One Driver Software 12.0 Rel .4 (Version: 12.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing (Version: 4.05)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
hpphotosmartdisclabelplugin (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 120.0.194.000)
HTC Driver Installer (Version: 2.0.7.016)
iTunes (Version: 10.6.3.25)
J2SE Runtime Environment 5.0 Update 8 (Version: 1.5.0.80)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
jv16 PowerTools 2011 (Version: )
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
Logitech Legacy USB Camera Driver Package
Logitech QuickCam Driver Package
Logitech Vid (Version: 1.50.1040)
Logitech Webcam Software (Version: 12.10.1113)
Magic: The Gathering — Duels of the Planeswalkers 2012
Mah Jongg, Chess & Draughts
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 120.0.226.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft Windows Journal Viewer (Version: 1.5.2316.0)
MovieEdit Task (Version: 1.1.1.41)
MSN
MSVCRT (Version: 14.0.1468.721)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Essentials (Version: 7.02.6186)
netbrdg (Version: 6.04.0000.0001)
Nokia Connectivity Cable Driver (Version: 6.83.9.0)
NVIDIA Display Control Panel (Version: 6.14.11.9745)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA nView Desktop Manager (Version: 6.14.10.12561)
NVIDIA PhysX (Version: 9.10.0129)
OfotoXMI (Version: 6.04.0000.0001)
PaperPort Image Printer (Version: 1.00.0000)
PC Connectivity Solution (Version: 7.7.10.0)
PhotoStitch (Version: 3.1.13)
Power DVD Rip Studio v1.1.7.293
PowerDVD
PS_AIO_04_C5300_Software_Min (Version: 120.0.235.000)
Puzzle Quest: Galactrix
QuickTime (Version: 7.72.80.56)
RAW Image Task 1.0 (Version: 1.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
RealUpgrade 1.1 (Version: 1.1.0)
RemoteCapture Task 1.0.2 (Version: 1.0.2)
Scan (Version: 12.0.0.0)
ScanSoft PaperPort 11 (Version: 11.1.0000)
SCRABBLE® 2005 EDITION (Version: 1.0)
Segoe UI (Version: 14.0.4327.805)
SFR (Version: 6.04.0000.0001)
SHASTA (Version: 6.04.0000.0001)
Shop for HP Supplies (Version: 12)
skin0001 (Version: 6.04.0000.0004)
SKINXSDK (Version: 6.02.1001.0001)
SmartWebPrinting (Version: 120.0.194.000)
SolutionCenter (Version: 130.0.373.000)
SoundMAX (Version: 5.10.01.4570)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
staticcr (Version: 6.04.0000.0005)
Status (Version: 120.0.194.000)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.5.1006)
System Requirements Lab
System Requirements Lab (Version: 4.1.71.0)
System Requirements Lab CYRI (Version: 4.4.21.0)
Toolbox (Version: 120.0.194.000)
tooltips (Version: 6.04.0000.0001)
TrayApp (Version: 120.0.194.000)
TVAnts 1.0
TVUPlayer 2.5.3.1 (Version: 2.5.3.1)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Utility (Version: 1.00.0002)
uTorrentControl2 Toolbar (Version: 6.8.5.1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.4)
VLC media player 2.0.1 (Version: 2.0.1)
VoiceOver Kit (Version: 1.42.128.0)
VPRINTOL (Version: 6.04.0000.0001)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 120.0.194.000)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) (Version: 03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1) (Version: 02/15/2007 3.1)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WIRELESS (Version: 6.04.0000.0001)
World of Warcraft (Version: 4.3.4.15595)
Wow Web Stats Client v3.0
Xilisoft DVD Ripper Ultimate (Version: 5.0.45.1024)

========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 2047.29 MB
Available physical RAM: 905.33 MB
Total Pagefile: 10082.22 MB
Available Pagefile: 8708.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.67 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:107.42 GB) (Free:58.17 GB) NTFS
2 Drive d: (Games) (Fixed) (Total:358.34 GB) (Free:15.7 GB) NTFS

========================= Users: ========================================

User accounts for \\JOHN-FA7BD69C51

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****


TDS Report

0:37:24.0796 5720 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
20:37:25.0734 5720 ============================================================
20:37:25.0734 5720 Current date / time: 2012/06/29 20:37:25.0734
20:37:25.0734 5720 SystemInfo:
20:37:25.0734 5720
20:37:25.0734 5720 OS Version: 5.1.2600 ServicePack: 3.0
20:37:25.0734 5720 Product type: Workstation
20:37:25.0734 5720 ComputerName: JOHN-FA7BD69C51
20:37:25.0734 5720 UserName: Administrator
20:37:25.0734 5720 Windows directory: C:\WINDOWS
20:37:25.0734 5720 System windows directory: C:\WINDOWS
20:37:25.0734 5720 Processor architecture: Intel x86
20:37:25.0734 5720 Number of processors: 2
20:37:25.0734 5720 Page size: 0x1000
20:37:25.0734 5720 Boot type: Normal boot
20:37:25.0734 5720 ============================================================
20:37:30.0453 5720 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:37:30.0453 5720 ============================================================
20:37:30.0453 5720 \Device\Harddisk0\DR0:
20:37:30.0468 5720 MBR partitions:
20:37:30.0468 5720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD6D7DC8
20:37:30.0468 5720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD6D7E07, BlocksNum 0x2CCACE3A
20:37:30.0468 5720 ============================================================
20:37:30.0468 5720 C: <-> \Device\Harddisk0\DR0\Partition0
20:37:30.0515 5720 D: <-> \Device\Harddisk0\DR0\Partition1
20:37:30.0515 5720 ============================================================
20:37:30.0515 5720 Initialize success
20:37:30.0515 5720 ============================================================
20:38:02.0109 4424 ============================================================
20:38:02.0109 4424 Scan started
20:38:02.0109 4424 Mode: Manual; TDLFS;
20:38:02.0109 4424 ============================================================
20:38:03.0921 4424 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:38:03.0921 4424 !SASCORE - ok
20:38:04.0000 4424 Abiosdsk - ok
20:38:04.0015 4424 abp480n5 - ok
20:38:04.0046 4424 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:38:04.0046 4424 ACPI - ok
20:38:04.0093 4424 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:38:04.0093 4424 ACPIEC - ok
20:38:04.0125 4424 ADIHdAudAddService (c626778fe13f9caa667b81ce6a1b2469) C:\WINDOWS\system32\drivers\ADIHdAud.sys
20:38:04.0125 4424 ADIHdAudAddService - ok
20:38:04.0140 4424 adpu160m - ok
20:38:04.0140 4424 AEAudio (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
20:38:04.0140 4424 AEAudio - ok
20:38:04.0171 4424 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:38:04.0171 4424 aec - ok
20:38:04.0187 4424 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:38:04.0218 4424 AFD - ok
20:38:04.0218 4424 Aha154x - ok
20:38:04.0234 4424 aic78u2 - ok
20:38:04.0234 4424 aic78xx - ok
20:38:04.0265 4424 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:38:04.0281 4424 Alerter - ok
20:38:04.0296 4424 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:38:04.0296 4424 ALG - ok
20:38:04.0296 4424 AliIde - ok
20:38:04.0328 4424 Alpham1 (acd2f2df292b6cc28f58095bba63a068) C:\WINDOWS\system32\DRIVERS\Alpham1.sys
20:38:04.0328 4424 Alpham1 - ok
20:38:04.0343 4424 Alpham2 (f4fafb2e74b83a156408b1b02302799e) C:\WINDOWS\system32\DRIVERS\Alpham2.sys
20:38:04.0343 4424 Alpham2 - ok
20:38:04.0593 4424 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:38:04.0609 4424 AmdK8 - ok
20:38:04.0609 4424 amsint - ok
20:38:04.0671 4424 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:38:04.0687 4424 Apple Mobile Device - ok
20:38:04.0781 4424 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:38:04.0781 4424 AppMgmt - ok
20:38:04.0781 4424 asc - ok
20:38:04.0796 4424 asc3350p - ok
20:38:04.0796 4424 asc3550 - ok
20:38:04.0843 4424 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
20:38:04.0859 4424 Aspi32 - ok
20:38:04.0921 4424 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:38:04.0937 4424 aspnet_state - ok
20:38:04.0953 4424 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:38:04.0953 4424 AsyncMac - ok
20:38:04.0968 4424 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:38:04.0984 4424 atapi - ok
20:38:04.0984 4424 Atdisk - ok
20:38:05.0015 4424 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:38:05.0015 4424 Atmarpc - ok
20:38:05.0031 4424 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:38:05.0031 4424 AudioSrv - ok
20:38:05.0046 4424 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:38:05.0062 4424 audstub - ok
20:38:05.0453 4424 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
20:38:05.0546 4424 AVGIDSAgent - ok
20:38:05.0671 4424 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
20:38:05.0671 4424 AVGIDSDriver - ok
20:38:05.0687 4424 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
20:38:05.0687 4424 AVGIDSFilter - ok
20:38:05.0703 4424 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
20:38:05.0703 4424 AVGIDSHX - ok
20:38:05.0718 4424 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
20:38:05.0734 4424 AVGIDSShim - ok
20:38:05.0765 4424 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:38:05.0765 4424 Avgldx86 - ok
20:38:05.0781 4424 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:38:05.0781 4424 Avgmfx86 - ok
20:38:05.0796 4424 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:38:05.0796 4424 Avgrkx86 - ok
20:38:05.0812 4424 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:38:05.0828 4424 Avgtdix - ok
20:38:05.0906 4424 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
20:38:05.0906 4424 avgwd - ok
20:38:05.0953 4424 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:38:05.0953 4424 Beep - ok
20:38:06.0000 4424 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:38:06.0140 4424 BITS - ok
20:38:06.0375 4424 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:38:06.0390 4424 Bonjour Service - ok
20:38:06.0406 4424 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:38:06.0421 4424 Browser - ok
20:38:06.0453 4424 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
20:38:06.0453 4424 BrScnUsb - ok
20:38:06.0468 4424 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:38:06.0484 4424 cbidf2k - ok
20:38:06.0500 4424 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:38:06.0515 4424 CCDECODE - ok
20:38:06.0515 4424 cd20xrnt - ok
20:38:06.0531 4424 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:38:06.0531 4424 Cdaudio - ok
20:38:06.0546 4424 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:38:06.0562 4424 Cdfs - ok
20:38:06.0578 4424 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:38:06.0593 4424 Cdrom - ok
20:38:06.0593 4424 Changer - ok
20:38:06.0609 4424 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:38:06.0625 4424 CiSvc - ok
20:38:06.0640 4424 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:38:06.0640 4424 ClipSrv - ok
20:38:06.0687 4424 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:38:06.0734 4424 clr_optimization_v2.0.50727_32 - ok
20:38:06.0781 4424 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:38:06.0781 4424 clr_optimization_v4.0.30319_32 - ok
20:38:06.0781 4424 CmdIde - ok
20:38:06.0796 4424 COMSysApp - ok
20:38:06.0812 4424 Cpqarray - ok
20:38:06.0843 4424 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
20:38:06.0843 4424 cpuz134 - ok
20:38:06.0859 4424 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:38:06.0859 4424 CryptSvc - ok
20:38:06.0859 4424 dac2w2k - ok
20:38:06.0875 4424 dac960nt - ok
20:38:06.0921 4424 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:38:06.0921 4424 DcomLaunch - ok
20:38:06.0953 4424 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:38:06.0953 4424 Dhcp - ok
20:38:06.0984 4424 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:06.0984 4424 Disk - ok
20:38:06.0984 4424 dmadmin - ok
20:38:07.0062 4424 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:38:07.0078 4424 dmboot - ok
20:38:07.0093 4424 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:38:07.0093 4424 dmio - ok
20:38:07.0125 4424 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:38:07.0125 4424 dmload - ok
20:38:07.0140 4424 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:38:07.0140 4424 dmserver - ok
20:38:07.0156 4424 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:38:07.0156 4424 DMusic - ok
20:38:07.0234 4424 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:38:07.0250 4424 Dnscache - ok
20:38:07.0359 4424 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:38:07.0359 4424 Dot3svc - ok
20:38:07.0375 4424 dpti2o - ok
20:38:07.0406 4424 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:38:07.0406 4424 drmkaud - ok
20:38:07.0468 4424 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:38:07.0468 4424 EapHost - ok
20:38:07.0500 4424 EIO_XP (88b5b982d702cd81874731cecf6ba4db) C:\WINDOWS\system32\drivers\EIO_XP.sys
20:38:07.0500 4424 EIO_XP - ok
20:38:07.0531 4424 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:38:07.0531 4424 ERSvc - ok
20:38:07.0546 4424 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:38:07.0562 4424 Eventlog - ok
20:38:07.0593 4424 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:38:07.0609 4424 EventSystem - ok
20:38:07.0625 4424 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:38:07.0640 4424 Fastfat - ok
20:38:07.0687 4424 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:38:07.0703 4424 FastUserSwitchingCompatibility - ok
20:38:07.0718 4424 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:38:07.0718 4424 Fdc - ok
20:38:07.0750 4424 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:38:07.0750 4424 Fips - ok
20:38:07.0765 4424 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:38:07.0765 4424 Flpydisk - ok
20:38:07.0796 4424 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:38:07.0812 4424 FltMgr - ok
20:38:07.0859 4424 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:38:07.0859 4424 FontCache3.0.0.0 - ok
20:38:07.0953 4424 Foxtel (71e3fce77bf4e161c95f420dcf91afdf) D:\FOXTEL\Download Player\Download Control\DCBin\DCService.exe
20:38:07.0968 4424 Foxtel - ok
20:38:08.0000 4424 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:38:08.0000 4424 Fs_Rec - ok
20:38:08.0015 4424 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:38:08.0015 4424 Ftdisk - ok
20:38:08.0031 4424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:38:08.0031 4424 GEARAspiWDM - ok
20:38:08.0046 4424 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:38:08.0062 4424 Gpc - ok
20:38:08.0140 4424 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:38:08.0140 4424 gupdate - ok
20:38:08.0140 4424 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:38:08.0140 4424 gupdatem - ok
20:38:08.0406 4424 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:38:08.0406 4424 hamachi - ok
20:38:08.0437 4424 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:38:08.0453 4424 HDAudBus - ok
20:38:08.0515 4424 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:38:08.0515 4424 helpsvc - ok
20:38:08.0531 4424 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:38:08.0531 4424 HidServ - ok
20:38:08.0546 4424 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:38:08.0546 4424 HidUsb - ok
20:38:08.0578 4424 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:38:08.0578 4424 hkmsvc - ok
20:38:08.0578 4424 hpn - ok
20:38:09.0515 4424 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:38:09.0515 4424 hpqcxs08 - ok
20:38:09.0546 4424 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:38:09.0546 4424 hpqddsvc - ok
20:38:09.0687 4424 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:38:09.0687 4424 HPZid412 - ok
20:38:09.0703 4424 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:38:09.0703 4424 HPZipr12 - ok
20:38:09.0718 4424 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:38:09.0718 4424 HPZius12 - ok
20:38:09.0750 4424 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
20:38:09.0750 4424 HTCAND32 - ok
20:38:09.0781 4424 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:38:09.0796 4424 HTTP - ok
20:38:09.0812 4424 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:38:09.0812 4424 HTTPFilter - ok
20:38:09.0812 4424 i2omgmt - ok
20:38:09.0828 4424 i2omp - ok
20:38:09.0859 4424 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:38:09.0859 4424 i8042prt - ok
20:38:09.0906 4424 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:38:09.0906 4424 IDriverT - ok
20:38:10.0000 4424 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:38:10.0015 4424 idsvc - ok
20:38:10.0046 4424 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:38:10.0046 4424 Imapi - ok
20:38:10.0062 4424 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:38:10.0078 4424 ImapiService - ok
20:38:10.0078 4424 ini910u - ok
20:38:10.0093 4424 IntelIde - ok
20:38:10.0109 4424 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:38:10.0109 4424 Ip6Fw - ok
20:38:10.0125 4424 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:38:10.0125 4424 IpFilterDriver - ok
20:38:10.0140 4424 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:38:10.0140 4424 IpInIp - ok
20:38:10.0156 4424 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:38:10.0156 4424 IpNat - ok
20:38:10.0250 4424 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
20:38:10.0265 4424 iPod Service - ok
20:38:10.0296 4424 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys
20:38:10.0296 4424 iPodDrv - ok
20:38:10.0312 4424 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:38:10.0312 4424 IPSec - ok
20:38:10.0328 4424 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:38:10.0328 4424 IRENUM - ok
20:38:10.0343 4424 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:38:10.0343 4424 isapnp - ok
20:38:10.0390 4424 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
20:38:10.0406 4424 JavaQuickStarterService - ok
20:38:10.0437 4424 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:38:10.0437 4424 Kbdclass - ok
20:38:10.0453 4424 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:38:10.0453 4424 kbdhid - ok
20:38:10.0468 4424 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:38:10.0468 4424 kmixer - ok
20:38:10.0484 4424 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:38:10.0484 4424 KSecDD - ok
20:38:10.0515 4424 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:38:10.0515 4424 lanmanserver - ok
20:38:10.0546 4424 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:38:10.0578 4424 lanmanworkstation - ok
20:38:10.0578 4424 lbrtfdc - ok
20:38:10.0593 4424 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:38:10.0609 4424 LmHosts - ok
20:38:10.0625 4424 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
20:38:10.0625 4424 LVPr2Mon - ok
20:38:10.0671 4424 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:38:10.0687 4424 LVPrcSrv - ok
20:38:10.0703 4424 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
20:38:10.0718 4424 LVUSBSta - ok
20:38:10.0765 4424 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:38:10.0765 4424 MDM - ok
20:38:10.0781 4424 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:38:10.0796 4424 Messenger - ok
20:38:10.0812 4424 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:38:10.0812 4424 mnmdd - ok
20:38:10.0843 4424 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:38:10.0843 4424 mnmsrvc - ok
20:38:10.0875 4424 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:38:10.0875 4424 Modem - ok
20:38:10.0890 4424 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:38:10.0890 4424 Mouclass - ok
20:38:10.0921 4424 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:38:10.0921 4424 mouhid - ok
20:38:10.0937 4424 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:38:10.0937 4424 MountMgr - ok
20:38:10.0937 4424 mraid35x - ok
20:38:10.0953 4424 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:38:10.0953 4424 MRxDAV - ok
20:38:11.0000 4424 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:38:11.0000 4424 MRxSmb - ok
20:38:11.0015 4424 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:38:11.0031 4424 MSDTC - ok
20:38:11.0046 4424 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:38:11.0046 4424 Msfs - ok
20:38:11.0046 4424 MSIServer - ok
20:38:11.0062 4424 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:38:11.0078 4424 MSKSSRV - ok
20:38:11.0078 4424 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:38:11.0078 4424 MSPCLOCK - ok
20:38:11.0078 4424 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:38:11.0078 4424 MSPQM - ok
20:38:11.0093 4424 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:38:11.0093 4424 mssmbios - ok
20:38:11.0109 4424 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:38:11.0109 4424 MSTEE - ok
20:38:11.0140 4424 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
20:38:11.0140 4424 MTsensor - ok
20:38:11.0156 4424 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:38:11.0156 4424 Mup - ok
20:38:11.0187 4424 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:38:11.0187 4424 NABTSFEC - ok
20:38:11.0218 4424 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:38:11.0234 4424 napagent - ok
20:38:11.0343 4424 NBService (c0c326c4957d1027b757769b4d9271bb) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
20:38:11.0359 4424 NBService - ok
20:38:11.0390 4424 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:38:11.0390 4424 NDIS - ok
20:38:11.0406 4424 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:38:11.0406 4424 NdisIP - ok
20:38:11.0421 4424 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:38:11.0421 4424 NdisTapi - ok
20:38:11.0437 4424 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:38:11.0437 4424 Ndisuio - ok
20:38:11.0453 4424 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:38:11.0453 4424 NdisWan - ok
20:38:11.0468 4424 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:38:11.0468 4424 NDProxy - ok
20:38:11.0515 4424 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
20:38:11.0515 4424 Net Driver HPZ12 - ok
20:38:11.0531 4424 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:38:11.0531 4424 NetBIOS - ok
20:38:11.0546 4424 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:38:11.0546 4424 NetBT - ok
20:38:11.0578 4424 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:38:11.0578 4424 NetDDE - ok
20:38:11.0593 4424 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:38:11.0593 4424 NetDDEdsdm - ok
20:38:11.0625 4424 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:38:11.0625 4424 Netlogon - ok
20:38:11.0640 4424 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:38:11.0640 4424 Netman - ok
20:38:11.0703 4424 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:38:11.0703 4424 NetTcpPortSharing - ok
20:38:11.0750 4424 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:38:11.0750 4424 Nla - ok
20:38:11.0843 4424 NMIndexingService (d003b59b1a1522308b55462ca866e4d2) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:38:11.0859 4424 NMIndexingService - ok
20:38:11.0906 4424 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
20:38:11.0906 4424 nmwcd - ok
20:38:11.0921 4424 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
20:38:11.0937 4424 nmwcdc - ok
20:38:11.0953 4424 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
20:38:11.0953 4424 nmwcdcj - ok
20:38:11.0968 4424 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
20:38:11.0984 4424 nmwcdcm - ok
20:38:12.0000 4424 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:38:12.0000 4424 Npfs - ok
20:38:12.0031 4424 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:38:12.0046 4424 Ntfs - ok
20:38:12.0062 4424 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:38:12.0062 4424 NtLmSsp - ok
20:38:12.0125 4424 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:38:12.0140 4424 NtmsSvc - ok
20:38:12.0156 4424 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:38:12.0187 4424 Null - ok
20:38:12.0906 4424 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:38:13.0046 4424 nv - ok
20:38:13.0109 4424 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:38:13.0109 4424 NVENETFD - ok
20:38:13.0140 4424 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:38:13.0140 4424 nvnetbus - ok
20:38:13.0171 4424 NVSvc (c0204c1a7a2d2433d48f49e4ecc09ab6) C:\WINDOWS\system32\nvsvc32.exe
20:38:13.0171 4424 NVSvc - ok
20:38:13.0203 4424 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:38:13.0218 4424 NwlnkFlt - ok
20:38:13.0265 4424 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:38:13.0265 4424 NwlnkFwd - ok
20:38:13.0343 4424 OmniDrv (6b71e0619b676e5d485a97a741ec223f) C:\WINDOWS\system32\DRIVERS\OmniDrv.sys
20:38:13.0359 4424 OmniDrv - ok
20:38:13.0421 4424 OmniUsb (e6622491f114b8c9cb179011d300c009) C:\WINDOWS\system32\DRIVERS\OmniUsb.sys
20:38:13.0421 4424 OmniUsb - ok
20:38:13.0437 4424 OmniUsbl (a20310e06fb9a26753979220fd50382c) C:\WINDOWS\system32\DRIVERS\OmniUsbl.sys
20:38:13.0437 4424 OmniUsbl - ok
20:38:13.0515 4424 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:38:13.0546 4424 ose - ok
20:38:13.0578 4424 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:38:13.0578 4424 Parport - ok
20:38:13.0593 4424 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:38:13.0593 4424 PartMgr - ok
20:38:13.0625 4424 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:38:13.0625 4424 ParVdm - ok
20:38:13.0656 4424 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:38:13.0656 4424 PCI - ok
20:38:13.0656 4424 PCIDump - ok
20:38:13.0671 4424 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:38:13.0671 4424 PCIIde - ok
20:38:13.0703 4424 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:38:13.0718 4424 Pcmcia - ok
20:38:13.0765 4424 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
20:38:13.0765 4424 pcouffin - ok
20:38:13.0765 4424 PDCOMP - ok
20:38:13.0781 4424 PDFRAME - ok
20:38:13.0781 4424 PDRELI - ok
20:38:13.0796 4424 PDRFRAME - ok
20:38:13.0796 4424 perc2 - ok
20:38:13.0812 4424 perc2hib - ok
20:38:13.0906 4424 PID_0928 (99dde24b5426f1b0cf0b2e21afae3eef) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
20:38:13.0921 4424 PID_0928 - ok
20:38:13.0937 4424 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:38:13.0937 4424 PlugPlay - ok
20:38:13.0968 4424 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
20:38:13.0968 4424 Pml Driver HPZ12 - ok
20:38:14.0000 4424 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:38:14.0000 4424 PolicyAgent - ok
20:38:14.0031 4424 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:38:14.0031 4424 PptpMiniport - ok
20:38:14.0046 4424 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:38:14.0046 4424 Processor - ok
20:38:14.0046 4424 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:38:14.0046 4424 ProtectedStorage - ok
20:38:14.0062 4424 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:38:14.0062 4424 PSched - ok
20:38:14.0078 4424 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:38:14.0078 4424 Ptilink - ok
20:38:14.0093 4424 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:38:14.0093 4424 PxHelp20 - ok
20:38:14.0109 4424 ql1080 - ok
20:38:14.0109 4424 Ql10wnt - ok
20:38:14.0109 4424 ql12160 - ok
20:38:14.0125 4424 ql1240 - ok
20:38:14.0125 4424 ql1280 - ok
20:38:14.0156 4424 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:38:14.0156 4424 RasAcd - ok
20:38:14.0203 4424 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:38:14.0203 4424 RasAuto - ok
20:38:14.0265 4424 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:38:14.0265 4424 Rasl2tp - ok
20:38:14.0296 4424 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:38:14.0296 4424 RasMan - ok
20:38:14.0296 4424 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:38:14.0312 4424 RasPppoe - ok
20:38:14.0312 4424 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:38:14.0312 4424 Raspti - ok
20:38:14.0343 4424 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:38:14.0343 4424 Rdbss - ok
20:38:14.0359 4424 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:38:14.0359 4424 RDPCDD - ok
20:38:14.0375 4424 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:38:14.0390 4424 rdpdr - ok
20:38:14.0453 4424 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:38:14.0453 4424 RDPWD - ok
20:38:14.0468 4424 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:38:14.0484 4424 RDSessMgr - ok
20:38:14.0500 4424 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:38:14.0500 4424 redbook - ok
20:38:14.0515 4424 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:38:14.0515 4424 RemoteAccess - ok
20:38:14.0546 4424 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:38:14.0546 4424 RemoteRegistry - ok
20:38:14.0578 4424 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:38:14.0578 4424 RpcLocator - ok
20:38:14.0625 4424 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:38:14.0625 4424 RpcSs - ok
20:38:14.0718 4424 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:38:14.0718 4424 RSVP - ok
20:38:14.0765 4424 SABProcEnum - ok
20:38:14.0796 4424 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:38:14.0796 4424 SamSs - ok
20:38:14.0828 4424 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:38:14.0828 4424 SASDIFSV - ok
20:38:14.0859 4424 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:38:14.0859 4424 SASKUTIL - ok
20:38:14.0875 4424 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:38:14.0890 4424 SCardSvr - ok
20:38:14.0921 4424 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:38:14.0937 4424 Schedule - ok
20:38:14.0968 4424 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:38:14.0968 4424 Secdrv - ok
20:38:14.0984 4424 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:38:14.0984 4424 seclogon - ok
20:38:15.0031 4424 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
20:38:15.0046 4424 SenFiltService - ok
20:38:15.0062 4424 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:38:15.0062 4424 SENS - ok
20:38:15.0093 4424 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:38:15.0093 4424 serenum - ok
20:38:15.0109 4424 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:38:15.0109 4424 Serial - ok
20:38:15.0187 4424 ServiceLayer (78546cd2eca6dd6bdcd4b13048621f88) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:38:15.0203 4424 ServiceLayer - ok
20:38:15.0234 4424 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:38:15.0250 4424 Sfloppy - ok
20:38:15.0296 4424 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:38:15.0312 4424 SharedAccess - ok
20:38:15.0375 4424 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:38:15.0390 4424 ShellHWDetection - ok
20:38:15.0390 4424 Simbad - ok
20:38:15.0406 4424 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:38:15.0406 4424 SLIP - ok
20:38:15.0421 4424 Sparrow - ok
20:38:15.0437 4424 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:38:15.0437 4424 splitter - ok
20:38:15.0468 4424 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:38:15.0468 4424 Spooler - ok
20:38:15.0484 4424 SQTECH9052 (69b4ad63ab4e4329773efa33c69c1943) C:\WINDOWS\system32\Drivers\Capt9052.sys
20:38:15.0484 4424 SQTECH9052 - ok
20:38:15.0515 4424 SQTECH905C (ae35d551fb28e0355c154e0c1fa20e2d) C:\WINDOWS\system32\Drivers\Capt905c.sys
20:38:15.0515 4424 SQTECH905C - ok
20:38:15.0531 4424 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:38:15.0531 4424 sr - ok
20:38:15.0578 4424 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:38:15.0578 4424 srservice - ok
20:38:15.0609 4424 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:38:15.0609 4424 Srv - ok
20:38:15.0625 4424 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:38:15.0625 4424 SSDPSRV - ok
20:38:15.0656 4424 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:38:15.0656 4424 stisvc - ok
20:38:15.0671 4424 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:38:15.0671 4424 streamip - ok
20:38:15.0687 4424 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:38:15.0687 4424 swenum - ok
20:38:15.0703 4424 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:38:15.0703 4424 swmidi - ok
20:38:15.0718 4424 SwPrv - ok
20:38:15.0734 4424 symc810 - ok
20:38:15.0734 4424 symc8xx - ok
20:38:15.0734 4424 sym_hi - ok
20:38:15.0750 4424 sym_u3 - ok
20:38:15.0765 4424 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:38:15.0765 4424 sysaudio - ok
20:38:15.0781 4424 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:38:15.0781 4424 SysmonLog - ok
20:38:15.0812 4424 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:38:15.0812 4424 TapiSrv - ok
20:38:15.0859 4424 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:38:15.0859 4424 Tcpip - ok
20:38:15.0875 4424 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:38:15.0875 4424 TDPIPE - ok
20:38:15.0890 4424 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:38:15.0890 4424 TDTCP - ok
20:38:15.0906 4424 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:38:15.0906 4424 TermDD - ok
20:38:15.0937 4424 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:38:15.0937 4424 TermService - ok
20:38:15.0968 4424 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:38:15.0968 4424 Themes - ok
20:38:16.0000 4424 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:38:16.0015 4424 TlntSvr - ok
20:38:16.0015 4424 TosIde - ok
20:38:16.0062 4424 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:38:16.0062 4424 TrkWks - ok
20:38:16.0093 4424 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:38:16.0109 4424 Udfs - ok
20:38:16.0125 4424 ultra - ok
20:38:16.0140 4424 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:38:16.0156 4424 Update - ok
20:38:16.0203 4424 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:38:16.0203 4424 upnphost - ok
20:38:16.0218 4424 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:38:16.0218 4424 UPS - ok
20:38:16.0296 4424 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:38:16.0296 4424 USBAAPL - ok
20:38:16.0296 4424 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:38:16.0312 4424 usbaudio - ok
20:38:16.0312 4424 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:38:16.0328 4424 usbccgp - ok
20:38:16.0328 4424 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:38:16.0328 4424 usbehci - ok
20:38:16.0343 4424 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:38:16.0343 4424 usbhub - ok
20:38:16.0359 4424 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:38:16.0375 4424 usbohci - ok
20:38:16.0390 4424 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:38:16.0390 4424 usbprint - ok
20:38:16.0406 4424 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:38:16.0406 4424 usbscan - ok
20:38:16.0453 4424 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:16.0453 4424 USBSTOR - ok
20:38:16.0468 4424 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:38:16.0468 4424 VgaSave - ok
20:38:16.0468 4424 ViaIde - ok
20:38:16.0484 4424 Video3D - ok
20:38:16.0515 4424 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:38:16.0515 4424 VolSnap - ok
20:38:16.0546 4424 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:38:16.0546 4424 VSS - ok
20:38:16.0578 4424 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:38:16.0578 4424 W32Time - ok
20:38:16.0593 4424 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:38:16.0593 4424 Wanarp - ok
20:38:16.0609 4424 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
20:38:16.0609 4424 wceusbsh - ok
20:38:16.0671 4424 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:38:16.0687 4424 Wdf01000 - ok
20:38:16.0687 4424 WDICA - ok
20:38:16.0718 4424 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:38:16.0718 4424 wdmaud - ok
20:38:16.0750 4424 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:38:16.0750 4424 WebClient - ok
20:38:16.0812 4424 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:38:16.0828 4424 winmgmt - ok
20:38:16.0890 4424 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
20:38:16.0906 4424 WinRM - ok
20:38:16.0937 4424 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:38:16.0937 4424 WmdmPmSN - ok
20:38:16.0984 4424 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:38:17.0000 4424 Wmi - ok
20:38:17.0015 4424 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:38:17.0031 4424 WmiApSrv - ok
20:38:17.0125 4424 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:38:17.0156 4424 WMPNetworkSvc - ok
20:38:17.0281 4424 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:38:17.0296 4424 WPFFontCache_v0400 - ok
20:38:17.0375 4424 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:38:17.0375 4424 wscsvc - ok
20:38:17.0375 4424 WSearch - ok
20:38:17.0421 4424 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:38:17.0421 4424 WSTCODEC - ok
20:38:17.0437 4424 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:38:17.0437 4424 wuauserv - ok
20:38:17.0468 4424 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:38:17.0468 4424 WudfPf - ok
20:38:17.0484 4424 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:38:17.0500 4424 WudfRd - ok
20:38:17.0515 4424 WudfSvc (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
20:38:17.0531 4424 WudfSvc - ok
20:38:17.0578 4424 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:38:17.0593 4424 WZCSVC - ok
20:38:17.0625 4424 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:38:17.0625 4424 xmlprov - ok
20:38:17.0656 4424 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:38:18.0140 4424 \Device\Harddisk0\DR0 - ok
20:38:18.0140 4424 Boot (0x1200) (d6757cfaccbec6f74cf8f115a9a47b88) \Device\Harddisk0\DR0\Partition0
20:38:18.0140 4424 \Device\Harddisk0\DR0\Partition0 - ok
20:38:18.0171 4424 Boot (0x1200) (da36a556b16775f521b3c29d02992ba3) \Device\Harddisk0\DR0\Partition1
20:38:18.0171 4424 \Device\Harddisk0\DR0\Partition1 - ok
20:38:18.0171 4424 ============================================================
20:38:18.0171 4424 Scan finished
20:38:18.0171 4424 ============================================================
20:38:18.0187 5696 Detected object count: 0
20:38:18.0187 5696 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-29 21:07:58
-----------------------------
21:07:58.812 OS Version: Windows 5.1.2600 Service Pack 3
21:07:58.812 Number of processors: 2 586 0x6B01
21:07:58.812 ComputerName: JOHN-FA7BD69C51 UserName: Administrator
21:07:59.796 Initialze error C000010E - driver not loaded
21:07:59.843 write error "aswCmnB.dll". The process cannot access the file because it is

being used by another process.
21:08:07.890 AVAST engine defs: 12062901
21:08:15.203 Service scanning
21:08:27.031 Modules scanning
21:08:27.031 Disk 0 trace - called modules:
21:08:27.031
21:08:27.562 AVAST engine scan C:\WINDOWS
21:08:34.515 AVAST engine scan C:\WINDOWS\system32
21:10:36.546 AVAST engine scan C:\WINDOWS\system32\drivers
21:10:45.546 AVAST engine scan C:\Documents and Settings\Administrator
21:27:40.078 AVAST engine scan C:\Documents and Settings\All Users
21:28:55.046 Scan finished successfully
21:31:12.718 The log file has been saved successfully to "C:\Documents and

Settings\Administrator\Desktop\aswMBR.txt"


***Interesting note - the ads kept playing during all these scans***

Thanks,

John

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:05 AM

Posted 29 June 2012 - 09:31 AM

Appears to be a Bootkit. We need to repost and find it.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 vjmo1

vjmo1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 30 June 2012 - 06:46 PM

Hi,

I have stared the new topic with the requested logs here:

http://www.bleepingcomputer.com/forums/topic458892.html

Thanks for the help,

John

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:05 AM

Posted 30 June 2012 - 09:25 PM

Thank you!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users