Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't enable antivirus or Microsoft firewall


  • Please log in to reply
15 replies to this topic

#1 earthquakes

earthquakes

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 06 July 2012 - 12:21 AM

My AVG antivirus won't activate, so I removed it and tried Avast with the same problem. I also tried to enable Microsoft's firewall but an error came up. Nothing noticeably strange happening with my computer otherwise.

dds.txt file

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Hal at 19:03:44 on 2012-07-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.922 [GMT -7:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [ASUS Update Checker] c:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{200AAF64-9669-4572-A3FC-CE4303FCDC0B} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-21 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-21 337880]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-21 20696]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-21 44768]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg2012\avgidsagent.exe" --> c:\program files\avg\avg2012\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 2348352]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011\RpcAgentSrv.exe [2012-1-19 93848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-28 05:27:55 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-28 05:27:55 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-28 05:27:11 -------- d-----w- c:\documents and settings\hal.halspc\local settings\application data\Apple
2012-06-26 05:40:37 -------- d-----w- c:\documents and settings\hal.halspc\local settings\application data\Ilivid Player
2012-06-22 01:10:27 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-22 01:10:09 41184 ----a-w- c:\windows\avastSS.scr
2012-06-22 01:09:56 -------- d-----w- c:\program files\AVAST Software
2012-06-22 01:09:56 -------- d-----w- c:\documents and settings\all users.windows\application data\AVAST Software
2012-06-21 22:59:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 22:59:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-16 01:53:38 -------- d-----w- c:\documents and settings\hal.halspc\.config
2012-06-16 01:53:35 -------- d-----w- c:\documents and settings\hal.halspc\application data\calibre
2012-06-15 06:01:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-06-15 06:01:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-15 06:00:17 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-15 06:00:15 -------- d--h--w- C:\$AVG
2012-06-15 06:00:13 -------- d-----w- c:\documents and settings\hal.halspc\application data\AVG2012
2012-06-15 05:59:59 -------- d-----w- c:\documents and settings\all users.windows\application data\AVG2012
2012-06-12 05:26:30 -------- d-----w- c:\windows\system32\cache
2012-06-07 19:01:51 -------- d-----w- c:\documents and settings\hal.halspc\local settings\application data\Apple Computer
2012-06-07 19:01:18 -------- d-----w- c:\documents and settings\all users.windows\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
.
==================== Find3M ====================
.
2012-06-15 05:33:08 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-15 05:33:08 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-06-15 05:32:23 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-05-24 23:00:36 67544 ----a-w- c:\windows\system32\drivers\95d5001af035d519.sys
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 19:04:13.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 11 July 2012 - 12:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459515 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 16 July 2012 - 12:30 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!


Mod Edit: Topic reopened at OP request - Hamluis.

Edited by hamluis, 22 July 2012 - 09:28 AM.
Reopened topic - Hamluis.


#4 earthquakes

earthquakes
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 22 July 2012 - 11:21 PM

dds.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Hal at 20:08:09 on 2012-07-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -7:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [ASUS Update Checker] c:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{200AAF64-9669-4572-A3FC-CE4303FCDC0B} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-21 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-21 337880]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-21 20696]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-21 44768]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg2012\avgidsagent.exe" --> c:\program files\avg\avg2012\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 2348352]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011\RpcAgentSrv.exe [2012-1-19 93848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-22 05:05:11 -------- d-----w- c:\documents and settings\hal.halspc\local settings\application data\HP
2012-06-28 05:27:55 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-28 05:27:55 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-28 05:27:11 -------- d-----w- c:\documents and settings\hal.halspc\local settings\application data\Apple
2012-06-26 05:40:37 -------- d-----w- c:\documents and settings\hal.halspc\local settings\application data\Ilivid Player
.
==================== Find3M ====================
.
2012-06-15 05:33:08 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-15 05:33:08 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-06-15 05:32:23 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-05-24 23:00:36 67544 ----a-w- c:\windows\system32\drivers\95d5001af035d519.sys
.
============= FINISH: 20:08:44.03 ===============
Attached File  hwtgmer.log   1.65KB   3 downloads

#5 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:59 PM

Posted 23 July 2012 - 02:42 PM

Hi and Welcome to the Virus, Trojan, Spyware, and Malware Removal Logs Forum,

My name is TechExtreme and I am here to help you!

While I am helping you clean your computer, please do not run any tools, other than what I direct you to run. By not running any other tools than what I direct you to run, we can make the task of cleaning your computer quicker and easier. Some programs can interfere with others and make the recovery process take a much longer period of time.

Please perform all of the steps in the order I give them to you and do not proceed if you do not understand my directions. I will be happy to answer any questions or clarify anything you are unsure of.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it.

When your computer is clean I will inform you that your logs are clean and I will also provide you with detailed suggestions for prevention of any further infection.

After 3 days if your topic is not replied to I will assume it has been abandoned and I will close it.

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. The tools required to clean your computer will be based on its current state and any changes might delay my ability to help you.

As you have just run a DDS log, Please give me some time to go over it and make my recommendations as to your next plan of attack.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#6 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:59 PM

Posted 24 July 2012 - 02:10 PM

Hi earthquakes,


P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


I'd like you to run Defogger then TDSSKiller by following the below instructions:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#7 earthquakes

earthquakes
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 24 July 2012 - 02:47 PM

Other symptoms I have noticed recently include my DVD drive not working and not being detected, and the inability to load printer drivers successfully for my HP printer/scanner.

12:41:34.0687 3036 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:41:35.0156 3036 ============================================================
12:41:35.0156 3036 Current date / time: 2012/07/24 12:41:35.0156
12:41:35.0156 3036 SystemInfo:
12:41:35.0156 3036
12:41:35.0156 3036 OS Version: 5.1.2600 ServicePack: 3.0
12:41:35.0156 3036 Product type: Workstation
12:41:35.0156 3036 ComputerName: HALSPC
12:41:35.0156 3036 UserName: Hal
12:41:35.0156 3036 Windows directory: C:\WINDOWS
12:41:35.0156 3036 System windows directory: C:\WINDOWS
12:41:35.0156 3036 Processor architecture: Intel x86
12:41:35.0156 3036 Number of processors: 2
12:41:35.0156 3036 Page size: 0x1000
12:41:35.0156 3036 Boot type: Normal boot
12:41:35.0156 3036 ============================================================
12:41:42.0359 3036 !crdlk
12:41:42.0390 3036 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
12:41:42.0406 3036 ============================================================
12:41:42.0406 3036 \Device\Harddisk0\DR0:
12:41:42.0406 3036 MBR partitions:
12:41:42.0406 3036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
12:41:42.0406 3036 ============================================================
12:41:42.0421 3036 C: <-> \Device\Harddisk0\DR0\Partition0
12:41:42.0421 3036 ============================================================
12:41:42.0421 3036 Initialize success
12:41:42.0421 3036 ============================================================
12:42:31.0171 3716 ============================================================
12:42:31.0171 3716 Scan started
12:42:31.0171 3716 Mode: Manual;
12:42:31.0171 3716 ============================================================
12:42:31.0296 3716 Suspicious service (NoAccess): 95d5001af035d519
12:42:31.0421 3716 95d5001af035d519 (f528a809992ea627e670e5c8d1c8fdff) C:\WINDOWS\System32\Drivers\95d5001af035d519.sys
12:42:31.0421 3716 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\95d5001af035d519.sys. md5: f528a809992ea627e670e5c8d1c8fdff
12:42:31.0421 3716 95d5001af035d519 ( LockedService.Multi.Generic ) - warning
12:42:31.0421 3716 95d5001af035d519 - detected LockedService.Multi.Generic (1)
12:42:31.0453 3716 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:42:31.0453 3716 Aavmker4 - ok
12:42:31.0468 3716 Abiosdsk - ok
12:42:31.0468 3716 abp480n5 - ok
12:42:31.0531 3716 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:42:31.0531 3716 ACPI - ok
12:42:31.0578 3716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:42:31.0578 3716 ACPIEC - ok
12:42:31.0593 3716 adpu160m - ok
12:42:31.0640 3716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:42:31.0640 3716 aec - ok
12:42:31.0687 3716 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:42:31.0687 3716 AFD - ok
12:42:31.0703 3716 Aha154x - ok
12:42:31.0718 3716 aic78u2 - ok
12:42:31.0734 3716 aic78xx - ok
12:42:31.0765 3716 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:42:31.0781 3716 Alerter - ok
12:42:31.0796 3716 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:42:31.0796 3716 ALG - ok
12:42:31.0828 3716 AliIde - ok
12:42:31.0875 3716 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:42:31.0875 3716 AmdK8 - ok
12:42:31.0890 3716 amsint - ok
12:42:32.0000 3716 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:42:32.0000 3716 Apple Mobile Device - ok
12:42:32.0046 3716 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:42:32.0046 3716 AppMgmt - ok
12:42:32.0093 3716 asc - ok
12:42:32.0109 3716 asc3350p - ok
12:42:32.0109 3716 asc3550 - ok
12:42:32.0171 3716 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
12:42:32.0171 3716 AsIO - ok
12:42:32.0250 3716 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:42:32.0281 3716 aspnet_state - ok
12:42:32.0375 3716 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:42:32.0375 3716 aswFsBlk - ok
12:42:32.0437 3716 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
12:42:32.0437 3716 aswMon2 - ok
12:42:32.0468 3716 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
12:42:32.0468 3716 AswRdr - ok
12:42:32.0515 3716 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
12:42:32.0515 3716 aswSnx - ok
12:42:32.0546 3716 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
12:42:32.0546 3716 aswSP - ok
12:42:32.0578 3716 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
12:42:32.0578 3716 aswTdi - ok
12:42:32.0625 3716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:42:32.0625 3716 AsyncMac - ok
12:42:32.0656 3716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:42:32.0656 3716 atapi - ok
12:42:32.0656 3716 Atdisk - ok
12:42:32.0687 3716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:42:32.0687 3716 Atmarpc - ok
12:42:32.0750 3716 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:42:32.0750 3716 AudioSrv - ok
12:42:32.0796 3716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:42:32.0796 3716 audstub - ok
12:42:32.0890 3716 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:42:32.0890 3716 avast! Antivirus - ok
12:42:32.0968 3716 AVGIDSAgent - ok
12:42:33.0015 3716 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:42:33.0015 3716 AVGIDSDriver - ok
12:42:33.0031 3716 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:42:33.0031 3716 AVGIDSEH - ok
12:42:33.0046 3716 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:42:33.0046 3716 AVGIDSFilter - ok
12:42:33.0062 3716 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:42:33.0062 3716 AVGIDSShim - ok
12:42:33.0125 3716 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:42:33.0125 3716 Avgldx86 - ok
12:42:33.0171 3716 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:42:33.0171 3716 Avgmfx86 - ok
12:42:33.0234 3716 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:42:33.0234 3716 Avgrkx86 - ok
12:42:33.0281 3716 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:42:33.0281 3716 Avgtdix - ok
12:42:33.0296 3716 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
12:42:33.0312 3716 avgwd - ok
12:42:33.0343 3716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:42:33.0343 3716 Beep - ok
12:42:33.0390 3716 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:42:33.0562 3716 BITS - ok
12:42:33.0687 3716 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:42:33.0687 3716 Bonjour Service - ok
12:42:33.0734 3716 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:42:33.0734 3716 Browser - ok
12:42:33.0765 3716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:42:33.0765 3716 cbidf2k - ok
12:42:33.0812 3716 cd20xrnt - ok
12:42:33.0828 3716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:42:33.0828 3716 Cdaudio - ok
12:42:33.0859 3716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:42:33.0859 3716 Cdfs - ok
12:42:33.0875 3716 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:42:33.0875 3716 Cdrom - ok
12:42:33.0890 3716 Changer - ok
12:42:33.0937 3716 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:42:33.0937 3716 CiSvc - ok
12:42:33.0984 3716 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:42:33.0984 3716 ClipSrv - ok
12:42:34.0046 3716 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:42:34.0109 3716 clr_optimization_v2.0.50727_32 - ok
12:42:34.0218 3716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:42:34.0265 3716 clr_optimization_v4.0.30319_32 - ok
12:42:34.0265 3716 CmdIde - ok
12:42:34.0281 3716 COMSysApp - ok
12:42:34.0296 3716 Cpqarray - ok
12:42:34.0359 3716 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:42:34.0359 3716 CryptSvc - ok
12:42:34.0359 3716 dac2w2k - ok
12:42:34.0375 3716 dac960nt - ok
12:42:34.0437 3716 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:42:34.0453 3716 DcomLaunch - ok
12:42:34.0531 3716 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:42:34.0531 3716 Dhcp - ok
12:42:34.0546 3716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:42:34.0546 3716 Disk - ok
12:42:34.0562 3716 dmadmin - ok
12:42:34.0625 3716 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:42:34.0625 3716 dmboot - ok
12:42:34.0640 3716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:42:34.0640 3716 dmio - ok
12:42:34.0671 3716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:42:34.0671 3716 dmload - ok
12:42:34.0718 3716 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:42:34.0718 3716 dmserver - ok
12:42:34.0781 3716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:42:34.0781 3716 DMusic - ok
12:42:34.0812 3716 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:42:34.0812 3716 Dnscache - ok
12:42:34.0890 3716 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:42:34.0890 3716 Dot3svc - ok
12:42:34.0906 3716 dpti2o - ok
12:42:34.0921 3716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:42:34.0921 3716 drmkaud - ok
12:42:34.0937 3716 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:42:34.0937 3716 EapHost - ok
12:42:34.0984 3716 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:42:34.0984 3716 ERSvc - ok
12:42:35.0031 3716 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:42:35.0046 3716 Eventlog - ok
12:42:35.0109 3716 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:42:35.0109 3716 EventSystem - ok
12:42:35.0140 3716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:42:35.0140 3716 Fastfat - ok
12:42:35.0187 3716 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:42:35.0187 3716 FastUserSwitchingCompatibility - ok
12:42:35.0203 3716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:42:35.0203 3716 Fdc - ok
12:42:35.0250 3716 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:42:35.0250 3716 Fips - ok
12:42:35.0265 3716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:42:35.0265 3716 Flpydisk - ok
12:42:35.0281 3716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:42:35.0281 3716 FltMgr - ok
12:42:35.0390 3716 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:42:35.0390 3716 FontCache3.0.0.0 - ok
12:42:35.0421 3716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:42:35.0421 3716 Fs_Rec - ok
12:42:35.0453 3716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:42:35.0453 3716 Ftdisk - ok
12:42:35.0500 3716 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:42:35.0500 3716 GEARAspiWDM - ok
12:42:35.0515 3716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:42:35.0531 3716 Gpc - ok
12:42:35.0546 3716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:42:35.0546 3716 HDAudBus - ok
12:42:35.0578 3716 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:42:35.0593 3716 helpsvc - ok
12:42:35.0609 3716 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:42:35.0609 3716 HidServ - ok
12:42:35.0640 3716 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:42:35.0640 3716 hidusb - ok
12:42:35.0703 3716 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:42:35.0703 3716 hkmsvc - ok
12:42:35.0718 3716 hpn - ok
12:42:35.0875 3716 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:42:35.0875 3716 hpqcxs08 - ok
12:42:35.0953 3716 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:42:35.0953 3716 hpqddsvc - ok
12:42:36.0015 3716 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:42:36.0015 3716 HPZid412 - ok
12:42:36.0046 3716 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:42:36.0046 3716 HPZipr12 - ok
12:42:36.0046 3716 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:42:36.0046 3716 HPZius12 - ok
12:42:36.0093 3716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:42:36.0109 3716 HTTP - ok
12:42:36.0156 3716 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:42:36.0156 3716 HTTPFilter - ok
12:42:36.0171 3716 i2omgmt - ok
12:42:36.0171 3716 i2omp - ok
12:42:36.0218 3716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
12:42:36.0218 3716 i8042prt - ok
12:42:36.0453 3716 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:42:36.0468 3716 idsvc - ok
12:42:36.0484 3716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:42:36.0484 3716 Imapi - ok
12:42:36.0531 3716 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:42:36.0531 3716 ImapiService - ok
12:42:36.0578 3716 ini910u - ok
12:42:36.0781 3716 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:42:36.0796 3716 IntcAzAudAddService - ok
12:42:36.0906 3716 IntelIde - ok
12:42:36.0937 3716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:42:36.0937 3716 Ip6Fw - ok
12:42:37.0000 3716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:42:37.0000 3716 IpFilterDriver - ok
12:42:37.0031 3716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:42:37.0031 3716 IpInIp - ok
12:42:37.0062 3716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:42:37.0078 3716 IpNat - ok
12:42:37.0234 3716 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
12:42:37.0234 3716 iPod Service - ok
12:42:37.0265 3716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:42:37.0265 3716 IPSec - ok
12:42:37.0296 3716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:42:37.0296 3716 IRENUM - ok
12:42:37.0343 3716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:42:37.0343 3716 isapnp - ok
12:42:37.0437 3716 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
12:42:37.0437 3716 JavaQuickStarterService - ok
12:42:37.0484 3716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:42:37.0484 3716 Kbdclass - ok
12:42:37.0500 3716 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:42:37.0500 3716 kbdhid - ok
12:42:37.0546 3716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:42:37.0562 3716 kmixer - ok
12:42:37.0609 3716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:42:37.0609 3716 KSecDD - ok
12:42:37.0656 3716 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:42:37.0656 3716 lanmanserver - ok
12:42:37.0687 3716 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:42:37.0687 3716 lanmanworkstation - ok
12:42:37.0703 3716 lbrtfdc - ok
12:42:37.0734 3716 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:42:37.0734 3716 LmHosts - ok
12:42:37.0765 3716 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:42:37.0765 3716 Messenger - ok
12:42:37.0796 3716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:42:37.0796 3716 mnmdd - ok
12:42:37.0843 3716 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:42:37.0843 3716 mnmsrvc - ok
12:42:37.0890 3716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:42:37.0890 3716 Modem - ok
12:42:37.0921 3716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:42:37.0921 3716 Mouclass - ok
12:42:37.0953 3716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:42:37.0953 3716 mouhid - ok
12:42:37.0968 3716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:42:37.0968 3716 MountMgr - ok
12:42:37.0984 3716 mraid35x - ok
12:42:38.0000 3716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:42:38.0000 3716 MRxDAV - ok
12:42:38.0046 3716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:42:38.0046 3716 MRxSmb - ok
12:42:38.0109 3716 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:42:38.0109 3716 MSDTC - ok
12:42:38.0140 3716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:42:38.0140 3716 Msfs - ok
12:42:38.0156 3716 MSIServer - ok
12:42:38.0203 3716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:42:38.0203 3716 MSKSSRV - ok
12:42:38.0218 3716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:42:38.0218 3716 MSPCLOCK - ok
12:42:38.0234 3716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:42:38.0234 3716 MSPQM - ok
12:42:38.0265 3716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:42:38.0265 3716 mssmbios - ok
12:42:38.0343 3716 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
12:42:38.0343 3716 MTsensor - ok
12:42:38.0390 3716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:42:38.0390 3716 Mup - ok
12:42:38.0468 3716 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:42:38.0468 3716 napagent - ok
12:42:38.0515 3716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:42:38.0515 3716 NDIS - ok
12:42:38.0531 3716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:42:38.0531 3716 NdisTapi - ok
12:42:38.0546 3716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:42:38.0546 3716 Ndisuio - ok
12:42:38.0562 3716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:42:38.0562 3716 NdisWan - ok
12:42:38.0593 3716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:42:38.0593 3716 NDProxy - ok
12:42:38.0687 3716 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
12:42:38.0687 3716 Net Driver HPZ12 - ok
12:42:38.0703 3716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:42:38.0703 3716 NetBIOS - ok
12:42:38.0718 3716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:42:38.0718 3716 NetBT - ok
12:42:38.0750 3716 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:42:38.0750 3716 NetDDE - ok
12:42:38.0765 3716 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:42:38.0765 3716 NetDDEdsdm - ok
12:42:38.0796 3716 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:42:38.0796 3716 Netlogon - ok
12:42:38.0843 3716 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:42:38.0859 3716 Netman - ok
12:42:38.0953 3716 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:42:38.0953 3716 NetTcpPortSharing - ok
12:42:39.0000 3716 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:42:39.0015 3716 Nla - ok
12:42:39.0031 3716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:42:39.0031 3716 Npfs - ok
12:42:39.0062 3716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:42:39.0062 3716 Ntfs - ok
12:42:39.0078 3716 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:42:39.0078 3716 NtLmSsp - ok
12:42:39.0140 3716 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:42:39.0140 3716 NtmsSvc - ok
12:42:39.0218 3716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:42:39.0218 3716 Null - ok
12:42:39.0781 3716 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:42:39.0859 3716 nv - ok
12:42:40.0000 3716 NVSvc (971b4344aba9b79ed0e9d0bb2a5283c1) C:\WINDOWS\system32\nvsvc32.exe
12:42:40.0015 3716 NVSvc - ok
12:42:40.0187 3716 nvUpdatusService (4cde6d8e0a07dce9e568f58a5dc8086c) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:42:40.0203 3716 nvUpdatusService - ok
12:42:40.0265 3716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:42:40.0265 3716 NwlnkFlt - ok
12:42:40.0312 3716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:42:40.0312 3716 NwlnkFwd - ok
12:42:40.0359 3716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:42:40.0359 3716 Parport - ok
12:42:40.0375 3716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:42:40.0375 3716 PartMgr - ok
12:42:40.0421 3716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:42:40.0421 3716 ParVdm - ok
12:42:40.0437 3716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:42:40.0437 3716 PCI - ok
12:42:40.0437 3716 PCIDump - ok
12:42:40.0468 3716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:42:40.0468 3716 PCIIde - ok
12:42:40.0500 3716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:42:40.0500 3716 Pcmcia - ok
12:42:40.0515 3716 PDCOMP - ok
12:42:40.0515 3716 PDFRAME - ok
12:42:40.0531 3716 PDRELI - ok
12:42:40.0531 3716 PDRFRAME - ok
12:42:40.0546 3716 perc2 - ok
12:42:40.0562 3716 perc2hib - ok
12:42:40.0609 3716 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:42:40.0609 3716 PlugPlay - ok
12:42:40.0687 3716 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
12:42:40.0687 3716 Pml Driver HPZ12 - ok
12:42:40.0718 3716 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:42:40.0718 3716 PolicyAgent - ok
12:42:40.0750 3716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:42:40.0750 3716 PptpMiniport - ok
12:42:40.0765 3716 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:42:40.0765 3716 Processor - ok
12:42:40.0781 3716 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:42:40.0781 3716 ProtectedStorage - ok
12:42:40.0796 3716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:42:40.0796 3716 PSched - ok
12:42:40.0828 3716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:42:40.0828 3716 Ptilink - ok
12:42:40.0843 3716 ql1080 - ok
12:42:40.0859 3716 Ql10wnt - ok
12:42:40.0859 3716 ql12160 - ok
12:42:40.0875 3716 ql1240 - ok
12:42:40.0890 3716 ql1280 - ok
12:42:40.0906 3716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:42:40.0906 3716 RasAcd - ok
12:42:40.0968 3716 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:42:40.0968 3716 RasAuto - ok
12:42:40.0968 3716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:42:40.0984 3716 Rasl2tp - ok
12:42:41.0000 3716 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:42:41.0015 3716 RasMan - ok
12:42:41.0015 3716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:42:41.0015 3716 RasPppoe - ok
12:42:41.0031 3716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:42:41.0031 3716 Raspti - ok
12:42:41.0062 3716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:42:41.0062 3716 Rdbss - ok
12:42:41.0078 3716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:42:41.0078 3716 RDPCDD - ok
12:42:41.0109 3716 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:42:41.0109 3716 rdpdr - ok
12:42:41.0156 3716 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:42:41.0156 3716 RDPWD - ok
12:42:41.0250 3716 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:42:41.0250 3716 RDSessMgr - ok
12:42:41.0281 3716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:42:41.0281 3716 redbook - ok
12:42:41.0328 3716 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:42:41.0328 3716 RemoteAccess - ok
12:42:41.0359 3716 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:42:41.0359 3716 RemoteRegistry - ok
12:42:41.0375 3716 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:42:41.0375 3716 RpcLocator - ok
12:42:41.0437 3716 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:42:41.0437 3716 RpcSs - ok
12:42:41.0468 3716 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:42:41.0468 3716 RSVP - ok
12:42:41.0546 3716 RTLE8023xp (25be98c05808c57e4d8d26477dc12d39) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:42:41.0546 3716 RTLE8023xp - ok
12:42:41.0593 3716 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:42:41.0593 3716 SamSs - ok
12:42:41.0734 3716 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys
12:42:41.0734 3716 SANDRA - ok
12:42:41.0765 3716 SandraAgentSrv (46ddc984860a694d1ca838a773ff1974) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe
12:42:41.0765 3716 SandraAgentSrv - ok
12:42:41.0796 3716 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:42:41.0796 3716 SCardSvr - ok
12:42:41.0859 3716 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:42:41.0859 3716 Schedule - ok
12:42:41.0890 3716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:42:41.0890 3716 Secdrv - ok
12:42:41.0921 3716 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:42:41.0921 3716 seclogon - ok
12:42:41.0953 3716 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:42:41.0953 3716 SENS - ok
12:42:41.0968 3716 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:42:41.0968 3716 serenum - ok
12:42:41.0984 3716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:42:41.0984 3716 Serial - ok
12:42:42.0031 3716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:42:42.0031 3716 Sfloppy - ok
12:42:42.0093 3716 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:42:42.0093 3716 ShellHWDetection - ok
12:42:42.0109 3716 Simbad - ok
12:42:42.0140 3716 Sparrow - ok
12:42:42.0171 3716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:42:42.0171 3716 splitter - ok
12:42:42.0218 3716 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:42:42.0218 3716 Spooler - ok
12:42:42.0265 3716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:42:42.0265 3716 sr - ok
12:42:42.0296 3716 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:42:42.0296 3716 srservice - ok
12:42:42.0343 3716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:42:42.0343 3716 Srv - ok
12:42:42.0390 3716 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:42:42.0390 3716 SSDPSRV - ok
12:42:42.0437 3716 Steam Client Service - ok
12:42:42.0484 3716 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:42:42.0500 3716 stisvc - ok
12:42:42.0515 3716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:42:42.0515 3716 swenum - ok
12:42:42.0562 3716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:42:42.0562 3716 swmidi - ok
12:42:42.0562 3716 SwPrv - ok
12:42:42.0578 3716 symc810 - ok
12:42:42.0593 3716 symc8xx - ok
12:42:42.0609 3716 sym_hi - ok
12:42:42.0609 3716 sym_u3 - ok
12:42:42.0640 3716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:42:42.0640 3716 sysaudio - ok
12:42:42.0687 3716 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:42:42.0687 3716 SysmonLog - ok
12:42:42.0734 3716 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:42:42.0750 3716 TapiSrv - ok
12:42:42.0796 3716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:42:42.0796 3716 Tcpip - ok
12:42:42.0843 3716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:42:42.0843 3716 TDPIPE - ok
12:42:42.0859 3716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:42:42.0859 3716 TDTCP - ok
12:42:42.0890 3716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:42:42.0890 3716 TermDD - ok
12:42:42.0968 3716 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:42:42.0984 3716 TermService - ok
12:42:43.0031 3716 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:42:43.0031 3716 Themes - ok
12:42:43.0078 3716 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:42:43.0078 3716 TlntSvr - ok
12:42:43.0078 3716 TosIde - ok
12:42:43.0125 3716 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:42:43.0125 3716 TrkWks - ok
12:42:43.0156 3716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:42:43.0156 3716 Udfs - ok
12:42:43.0171 3716 ultra - ok
12:42:43.0234 3716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:42:43.0234 3716 Update - ok
12:42:43.0312 3716 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:42:43.0312 3716 upnphost - ok
12:42:43.0343 3716 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:42:43.0343 3716 UPS - ok
12:42:43.0375 3716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:42:43.0375 3716 usbccgp - ok
12:42:43.0406 3716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:42:43.0406 3716 usbehci - ok
12:42:43.0421 3716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:42:43.0421 3716 usbhub - ok
12:42:43.0421 3716 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:42:43.0421 3716 usbohci - ok
12:42:43.0468 3716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:42:43.0468 3716 usbprint - ok
12:42:43.0484 3716 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:42:43.0484 3716 usbscan - ok
12:42:43.0515 3716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:42:43.0515 3716 USBSTOR - ok
12:42:43.0562 3716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:42:43.0562 3716 VgaSave - ok
12:42:43.0578 3716 ViaIde - ok
12:42:43.0609 3716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:42:43.0609 3716 VolSnap - ok
12:42:43.0671 3716 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:42:43.0671 3716 VSS - ok
12:42:43.0703 3716 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:42:43.0703 3716 W32Time - ok
12:42:43.0718 3716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:42:43.0718 3716 Wanarp - ok
12:42:43.0734 3716 WDICA - ok
12:42:43.0781 3716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:42:43.0781 3716 wdmaud - ok
12:42:43.0812 3716 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:42:43.0812 3716 WebClient - ok
12:42:43.0921 3716 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:42:43.0921 3716 winmgmt - ok
12:42:43.0968 3716 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
12:42:43.0968 3716 WmdmPmSN - ok
12:42:44.0046 3716 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:42:44.0046 3716 Wmi - ok
12:42:44.0093 3716 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:42:44.0093 3716 WmiApSrv - ok
12:42:44.0218 3716 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:42:44.0234 3716 WPFFontCache_v0400 - ok
12:42:44.0265 3716 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:42:44.0296 3716 wuauserv - ok


12:42:44.0359 3716 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:42:44.0359 3716 WZCSVC - ok
12:42:44.0390 3716 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:42:44.0406 3716 xmlprov - ok
12:42:44.0468 3716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:42:44.0781 3716 \Device\Harddisk0\DR0 - ok
12:42:44.0781 3716 Boot (0x1200) (86b1c8854a87fcba7ec1c919fdf0bc77) \Device\Harddisk0\DR0\Partition0
12:42:44.0781 3716 \Device\Harddisk0\DR0\Partition0 - ok
12:42:44.0781 3716 ============================================================
12:42:44.0781 3716 Scan finished
12:42:44.0781 3716 ============================================================
12:42:44.0796 3700 Detected object count: 1
12:42:44.0796 3700 Actual detected object count: 1
12:43:35.0734 3700 95d5001af035d519 ( LockedService.Multi.Generic ) - skipped by user
12:43:35.0734 3700 95d5001af035d519 ( LockedService.Multi.Generic ) - User select action: Skip
12:44:06.0062 2664 Deinitialize success

#8 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:59 PM

Posted 26 July 2012 - 07:43 AM

Hi earthquakes,



I'd like you to re-run TDSSKiller and when the scan results show on the screen you will see something similar to this:

Posted Image

Yours will show this filename: C:\WINDOWS\System32\Drivers\95d5001af035d519.sys

Where you see Skip next to it, I want you to change that to Delete as shown below.

Posted Image

You should once again have a log file created in the root directory for the second run of TDSSKiller. Please post that in your reply.

Edited by techextreme, 26 July 2012 - 08:10 AM.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#9 earthquakes

earthquakes
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 26 July 2012 - 03:06 PM

12:49:25.0078 3004 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:49:25.0500 3004 ============================================================
12:49:25.0500 3004 Current date / time: 2012/07/26 12:49:25.0500
12:49:25.0500 3004 SystemInfo:
12:49:25.0500 3004
12:49:25.0500 3004 OS Version: 5.1.2600 ServicePack: 3.0
12:49:25.0500 3004 Product type: Workstation
12:49:25.0500 3004 ComputerName: HALSPC
12:49:25.0500 3004 UserName: Hal
12:49:25.0500 3004 Windows directory: C:\WINDOWS
12:49:25.0500 3004 System windows directory: C:\WINDOWS
12:49:25.0500 3004 Processor architecture: Intel x86
12:49:25.0500 3004 Number of processors: 2
12:49:25.0500 3004 Page size: 0x1000
12:49:25.0500 3004 Boot type: Normal boot
12:49:25.0500 3004 ============================================================
12:49:42.0078 3004 !crdlk
12:49:42.0125 3004 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
12:49:42.0125 3004 ============================================================
12:49:42.0125 3004 \Device\Harddisk0\DR0:
12:49:42.0125 3004 MBR partitions:
12:49:42.0125 3004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
12:49:42.0125 3004 ============================================================
12:49:42.0140 3004 C: <-> \Device\Harddisk0\DR0\Partition0
12:49:42.0140 3004 ============================================================
12:49:42.0140 3004 Initialize success
12:49:42.0140 3004 ============================================================
12:49:57.0859 3716 ============================================================
12:49:57.0859 3716 Scan started
12:49:57.0859 3716 Mode: Manual;
12:49:57.0859 3716 ============================================================
12:49:57.0968 3716 Suspicious service (NoAccess): 95d5001af035d519
12:49:58.0062 3716 95d5001af035d519 (f528a809992ea627e670e5c8d1c8fdff) C:\WINDOWS\System32\Drivers\95d5001af035d519.sys
12:49:58.0062 3716 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\95d5001af035d519.sys. md5: f528a809992ea627e670e5c8d1c8fdff
12:49:58.0062 3716 95d5001af035d519 ( LockedService.Multi.Generic ) - warning
12:49:58.0062 3716 95d5001af035d519 - detected LockedService.Multi.Generic (1)
12:49:58.0109 3716 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:49:58.0109 3716 Aavmker4 - ok
12:49:58.0125 3716 Abiosdsk - ok
12:49:58.0140 3716 abp480n5 - ok
12:49:58.0187 3716 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:49:58.0187 3716 ACPI - ok
12:49:58.0234 3716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:49:58.0234 3716 ACPIEC - ok
12:49:58.0250 3716 adpu160m - ok
12:49:58.0312 3716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:49:58.0312 3716 aec - ok
12:49:58.0359 3716 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:49:58.0359 3716 AFD - ok
12:49:58.0375 3716 Aha154x - ok
12:49:58.0390 3716 aic78u2 - ok
12:49:58.0390 3716 aic78xx - ok
12:49:58.0437 3716 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:49:58.0437 3716 Alerter - ok
12:49:58.0484 3716 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:49:58.0484 3716 ALG - ok
12:49:58.0500 3716 AliIde - ok
12:49:58.0578 3716 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:49:58.0578 3716 AmdK8 - ok
12:49:58.0578 3716 amsint - ok
12:49:58.0687 3716 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:49:58.0687 3716 Apple Mobile Device - ok
12:49:58.0750 3716 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:49:58.0750 3716 AppMgmt - ok
12:49:58.0765 3716 asc - ok
12:49:58.0781 3716 asc3350p - ok
12:49:58.0796 3716 asc3550 - ok
12:49:58.0828 3716 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
12:49:58.0828 3716 AsIO - ok
12:49:58.0921 3716 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:49:58.0953 3716 aspnet_state - ok
12:49:59.0046 3716 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:49:59.0046 3716 aswFsBlk - ok
12:49:59.0109 3716 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
12:49:59.0109 3716 aswMon2 - ok
12:49:59.0125 3716 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
12:49:59.0125 3716 AswRdr - ok
12:49:59.0187 3716 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
12:49:59.0187 3716 aswSnx - ok
12:49:59.0218 3716 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
12:49:59.0218 3716 aswSP - ok
12:49:59.0234 3716 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
12:49:59.0234 3716 aswTdi - ok
12:49:59.0296 3716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:49:59.0296 3716 AsyncMac - ok
12:49:59.0312 3716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:49:59.0312 3716 atapi - ok
12:49:59.0328 3716 Atdisk - ok
12:49:59.0343 3716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:49:59.0359 3716 Atmarpc - ok
12:49:59.0406 3716 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:49:59.0406 3716 AudioSrv - ok
12:49:59.0453 3716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:49:59.0453 3716 audstub - ok
12:49:59.0609 3716 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:49:59.0609 3716 avast! Antivirus - ok
12:49:59.0703 3716 AVGIDSAgent - ok
12:49:59.0750 3716 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:49:59.0750 3716 AVGIDSDriver - ok
12:49:59.0765 3716 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:49:59.0765 3716 AVGIDSEH - ok
12:49:59.0781 3716 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:49:59.0781 3716 AVGIDSFilter - ok
12:49:59.0796 3716 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:49:59.0796 3716 AVGIDSShim - ok
12:49:59.0859 3716 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:49:59.0859 3716 Avgldx86 - ok
12:49:59.0890 3716 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:49:59.0890 3716 Avgmfx86 - ok
12:49:59.0953 3716 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:49:59.0953 3716 Avgrkx86 - ok
12:49:59.0984 3716 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:49:59.0984 3716 Avgtdix - ok
12:50:00.0000 3716 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
12:50:00.0031 3716 avgwd - ok
12:50:00.0046 3716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:50:00.0046 3716 Beep - ok
12:50:00.0093 3716 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:50:00.0265 3716 BITS - ok
12:50:00.0390 3716 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:50:00.0390 3716 Bonjour Service - ok
12:50:00.0437 3716 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:50:00.0437 3716 Browser - ok
12:50:00.0468 3716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:50:00.0468 3716 cbidf2k - ok
12:50:00.0484 3716 cd20xrnt - ok
12:50:00.0500 3716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:50:00.0500 3716 Cdaudio - ok
12:50:00.0546 3716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:50:00.0546 3716 Cdfs - ok
12:50:00.0562 3716 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:50:00.0562 3716 Cdrom - ok
12:50:00.0593 3716 Changer - ok
12:50:00.0609 3716 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:50:00.0609 3716 CiSvc - ok
12:50:00.0640 3716 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:50:00.0640 3716 ClipSrv - ok
12:50:00.0703 3716 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:50:00.0765 3716 clr_optimization_v2.0.50727_32 - ok
12:50:00.0875 3716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:50:00.0906 3716 clr_optimization_v4.0.30319_32 - ok
12:50:00.0921 3716 CmdIde - ok
12:50:00.0921 3716 COMSysApp - ok
12:50:00.0937 3716 Cpqarray - ok
12:50:00.0984 3716 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:50:00.0984 3716 CryptSvc - ok
12:50:01.0000 3716 dac2w2k - ok
12:50:01.0000 3716 dac960nt - ok
12:50:01.0062 3716 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:50:01.0093 3716 DcomLaunch - ok
12:50:01.0156 3716 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:50:01.0156 3716 Dhcp - ok
12:50:01.0171 3716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:50:01.0171 3716 Disk - ok
12:50:01.0187 3716 dmadmin - ok
12:50:01.0250 3716 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:50:01.0250 3716 dmboot - ok
12:50:01.0265 3716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:50:01.0265 3716 dmio - ok
12:50:01.0296 3716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:50:01.0296 3716 dmload - ok
12:50:01.0328 3716 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:50:01.0328 3716 dmserver - ok
12:50:01.0390 3716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:50:01.0390 3716 DMusic - ok
12:50:01.0437 3716 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:50:01.0437 3716 Dnscache - ok
12:50:01.0531 3716 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:50:01.0546 3716 Dot3svc - ok
12:50:01.0546 3716 dpti2o - ok
12:50:01.0562 3716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:50:01.0562 3716 drmkaud - ok
12:50:01.0593 3716 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:50:01.0593 3716 EapHost - ok
12:50:01.0640 3716 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:50:01.0640 3716 ERSvc - ok
12:50:01.0671 3716 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:50:01.0687 3716 Eventlog - ok
12:50:01.0750 3716 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:50:01.0750 3716 EventSystem - ok
12:50:01.0781 3716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:50:01.0781 3716 Fastfat - ok
12:50:01.0812 3716 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:50:01.0812 3716 FastUserSwitchingCompatibility - ok
12:50:01.0828 3716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:50:01.0828 3716 Fdc - ok
12:50:01.0875 3716 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:50:01.0875 3716 Fips - ok
12:50:01.0890 3716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:50:01.0890 3716 Flpydisk - ok
12:50:01.0906 3716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:50:01.0906 3716 FltMgr - ok
12:50:02.0046 3716 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:50:02.0046 3716 FontCache3.0.0.0 - ok
12:50:02.0078 3716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:50:02.0078 3716 Fs_Rec - ok
12:50:02.0093 3716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:50:02.0093 3716 Ftdisk - ok
12:50:02.0125 3716 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:50:02.0125 3716 GEARAspiWDM - ok
12:50:02.0187 3716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:50:02.0187 3716 Gpc - ok
12:50:02.0203 3716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:50:02.0203 3716 HDAudBus - ok
12:50:02.0265 3716 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:50:02.0265 3716 helpsvc - ok
12:50:02.0296 3716 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:50:02.0296 3716 HidServ - ok
12:50:02.0312 3716 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:50:02.0312 3716 hidusb - ok
12:50:02.0390 3716 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:50:02.0390 3716 hkmsvc - ok
12:50:02.0406 3716 hpn - ok
12:50:02.0578 3716 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:50:02.0578 3716 hpqcxs08 - ok
12:50:02.0671 3716 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:50:02.0671 3716 hpqddsvc - ok
12:50:02.0703 3716 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:50:02.0703 3716 HPZid412 - ok
12:50:02.0718 3716 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:50:02.0718 3716 HPZipr12 - ok
12:50:02.0718 3716 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:50:02.0718 3716 HPZius12 - ok
12:50:02.0781 3716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:50:02.0781 3716 HTTP - ok
12:50:02.0828 3716 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:50:02.0828 3716 HTTPFilter - ok
12:50:02.0843 3716 i2omgmt - ok
12:50:02.0859 3716 i2omp - ok
12:50:02.0890 3716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
12:50:02.0890 3716 i8042prt - ok
12:50:03.0140 3716 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:50:03.0140 3716 idsvc - ok
12:50:03.0171 3716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:50:03.0171 3716 Imapi - ok
12:50:03.0218 3716 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:50:03.0218 3716 ImapiService - ok
12:50:03.0265 3716 ini910u - ok
12:50:03.0437 3716 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:50:03.0468 3716 IntcAzAudAddService - ok
12:50:03.0578 3716 IntelIde - ok
12:50:03.0640 3716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:50:03.0640 3716 Ip6Fw - ok
12:50:03.0671 3716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:50:03.0671 3716 IpFilterDriver - ok
12:50:03.0687 3716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:50:03.0687 3716 IpInIp - ok
12:50:03.0734 3716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:50:03.0734 3716 IpNat - ok
12:50:03.0875 3716 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
12:50:03.0890 3716 iPod Service - ok
12:50:03.0937 3716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:50:03.0937 3716 IPSec - ok
12:50:03.0953 3716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:50:03.0953 3716 IRENUM - ok
12:50:03.0984 3716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:50:03.0984 3716 isapnp - ok
12:50:04.0078 3716 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
12:50:04.0078 3716 JavaQuickStarterService - ok
12:50:04.0140 3716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:50:04.0140 3716 Kbdclass - ok
12:50:04.0156 3716 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:50:04.0156 3716 kbdhid - ok
12:50:04.0203 3716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:50:04.0203 3716 kmixer - ok
12:50:04.0234 3716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:50:04.0234 3716 KSecDD - ok
12:50:04.0281 3716 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:50:04.0296 3716 lanmanserver - ok
12:50:04.0328 3716 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:50:04.0343 3716 lanmanworkstation - ok
12:50:04.0359 3716 lbrtfdc - ok
12:50:04.0406 3716 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:50:04.0421 3716 LmHosts - ok
12:50:04.0437 3716 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:50:04.0453 3716 Messenger - ok
12:50:04.0468 3716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:50:04.0468 3716 mnmdd - ok
12:50:04.0515 3716 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:50:04.0531 3716 mnmsrvc - ok
12:50:04.0562 3716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:50:04.0562 3716 Modem - ok
12:50:04.0593 3716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:50:04.0593 3716 Mouclass - ok
12:50:04.0640 3716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:50:04.0640 3716 mouhid - ok
12:50:04.0656 3716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:50:04.0656 3716 MountMgr - ok
12:50:04.0671 3716 mraid35x - ok
12:50:04.0703 3716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:50:04.0703 3716 MRxDAV - ok
12:50:04.0734 3716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:50:04.0734 3716 MRxSmb - ok
12:50:04.0750 3716 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:50:04.0750 3716 MSDTC - ok
12:50:04.0781 3716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:50:04.0781 3716 Msfs - ok
12:50:04.0796 3716 MSIServer - ok
12:50:04.0828 3716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:50:04.0828 3716 MSKSSRV - ok
12:50:04.0890 3716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:50:04.0890 3716 MSPCLOCK - ok
12:50:04.0906 3716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:50:04.0921 3716 MSPQM - ok
12:50:04.0937 3716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:50:04.0937 3716 mssmbios - ok
12:50:04.0984 3716 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
12:50:04.0984 3716 MTsensor - ok
12:50:05.0015 3716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:50:05.0015 3716 Mup - ok
12:50:05.0109 3716 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:50:05.0109 3716 napagent - ok
12:50:05.0156 3716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:50:05.0156 3716 NDIS - ok
12:50:05.0187 3716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:50:05.0187 3716 NdisTapi - ok
12:50:05.0203 3716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:50:05.0203 3716 Ndisuio - ok
12:50:05.0218 3716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:50:05.0218 3716 NdisWan - ok
12:50:05.0250 3716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:50:05.0250 3716 NDProxy - ok
12:50:05.0343 3716 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
12:50:05.0343 3716 Net Driver HPZ12 - ok
12:50:05.0343 3716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:50:05.0359 3716 NetBIOS - ok
12:50:05.0375 3716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:50:05.0375 3716 NetBT - ok
12:50:05.0421 3716 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:50:05.0421 3716 NetDDE - ok
12:50:05.0437 3716 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:50:05.0437 3716 NetDDEdsdm - ok
12:50:05.0468 3716 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:50:05.0468 3716 Netlogon - ok
12:50:05.0531 3716 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:50:05.0546 3716 Netman - ok
12:50:05.0640 3716 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:50:05.0656 3716 NetTcpPortSharing - ok
12:50:05.0703 3716 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:50:05.0703 3716 Nla - ok
12:50:05.0718 3716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:50:05.0718 3716 Npfs - ok
12:50:05.0750 3716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:50:05.0765 3716 Ntfs - ok
12:50:05.0765 3716 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:50:05.0765 3716 NtLmSsp - ok
12:50:05.0828 3716 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:50:05.0828 3716 NtmsSvc - ok
12:50:05.0890 3716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:50:05.0890 3716 Null - ok
12:50:06.0437 3716 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:50:06.0500 3716 nv - ok
12:50:06.0656 3716 NVSvc (971b4344aba9b79ed0e9d0bb2a5283c1) C:\WINDOWS\system32\nvsvc32.exe
12:50:06.0656 3716 NVSvc - ok
12:50:06.0828 3716 nvUpdatusService (4cde6d8e0a07dce9e568f58a5dc8086c) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:50:06.0843 3716 nvUpdatusService - ok
12:50:06.0906 3716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:50:06.0906 3716 NwlnkFlt - ok
12:50:06.0953 3716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:50:06.0953 3716 NwlnkFwd - ok
12:50:06.0984 3716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:50:07.0000 3716 Parport - ok
12:50:07.0015 3716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:50:07.0015 3716 PartMgr - ok
12:50:07.0046 3716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:50:07.0046 3716 ParVdm - ok
12:50:07.0062 3716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:50:07.0062 3716 PCI - ok
12:50:07.0078 3716 PCIDump - ok
12:50:07.0109 3716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:50:07.0109 3716 PCIIde - ok
12:50:07.0140 3716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:50:07.0140 3716 Pcmcia - ok
12:50:07.0140 3716 PDCOMP - ok
12:50:07.0156 3716 PDFRAME - ok
12:50:07.0171 3716 PDRELI - ok
12:50:07.0171 3716 PDRFRAME - ok
12:50:07.0187 3716 perc2 - ok
12:50:07.0203 3716 perc2hib - ok
12:50:07.0250 3716 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:50:07.0250 3716 PlugPlay - ok
12:50:07.0328 3716 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
12:50:07.0328 3716 Pml Driver HPZ12 - ok
12:50:07.0359 3716 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:50:07.0359 3716 PolicyAgent - ok
12:50:07.0390 3716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:50:07.0390 3716 PptpMiniport - ok
12:50:07.0406 3716 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:50:07.0406 3716 Processor - ok
12:50:07.0421 3716 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:50:07.0421 3716 ProtectedStorage - ok
12:50:07.0437 3716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:50:07.0437 3716 PSched - ok
12:50:07.0468 3716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:50:07.0468 3716 Ptilink - ok
12:50:07.0484 3716 ql1080 - ok
12:50:07.0500 3716 Ql10wnt - ok
12:50:07.0500 3716 ql12160 - ok
12:50:07.0515 3716 ql1240 - ok
12:50:07.0531 3716 ql1280 - ok
12:50:07.0562 3716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:50:07.0562 3716 RasAcd - ok
12:50:07.0578 3716 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:50:07.0578 3716 RasAuto - ok
12:50:07.0625 3716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:50:07.0625 3716 Rasl2tp - ok
12:50:07.0640 3716 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:50:07.0640 3716 RasMan - ok
12:50:07.0656 3716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:50:07.0656 3716 RasPppoe - ok
12:50:07.0671 3716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:50:07.0671 3716 Raspti - ok
12:50:07.0703 3716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:50:07.0703 3716 Rdbss - ok
12:50:07.0703 3716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:50:07.0703 3716 RDPCDD - ok
12:50:07.0734 3716 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:50:07.0734 3716 rdpdr - ok
12:50:07.0781 3716 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:50:07.0781 3716 RDPWD - ok
12:50:07.0828 3716 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:50:07.0828 3716 RDSessMgr - ok
12:50:07.0859 3716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:50:07.0859 3716 redbook - ok
12:50:07.0890 3716 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:50:07.0890 3716 RemoteAccess - ok
12:50:07.0937 3716 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:50:07.0937 3716 RemoteRegistry - ok
12:50:07.0953 3716 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:50:07.0953 3716 RpcLocator - ok
12:50:08.0015 3716 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:50:08.0015 3716 RpcSs - ok
12:50:08.0046 3716 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:50:08.0046 3716 RSVP - ok
12:50:08.0093 3716 RTLE8023xp (25be98c05808c57e4d8d26477dc12d39) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:50:08.0093 3716 RTLE8023xp - ok
12:50:08.0125 3716 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:50:08.0125 3716 SamSs - ok
12:50:08.0312 3716 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys
12:50:08.0312 3716 SANDRA - ok
12:50:08.0343 3716 SandraAgentSrv (46ddc984860a694d1ca838a773ff1974) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe
12:50:08.0343 3716 SandraAgentSrv - ok
12:50:08.0375 3716 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:50:08.0390 3716 SCardSvr - ok
12:50:08.0421 3716 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:50:08.0421 3716 Schedule - ok
12:50:08.0468 3716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:50:08.0468 3716 Secdrv - ok
12:50:08.0500 3716 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:50:08.0515 3716 seclogon - ok
12:50:08.0546 3716 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:50:08.0546 3716 SENS - ok
12:50:08.0593 3716 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:50:08.0593 3716 serenum - ok
12:50:08.0609 3716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:50:08.0609 3716 Serial - ok
12:50:08.0656 3716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:50:08.0656 3716 Sfloppy - ok
12:50:08.0718 3716 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:50:08.0718 3716 ShellHWDetection - ok
12:50:08.0734 3716 Simbad - ok
12:50:08.0750 3716 Sparrow - ok
12:50:08.0796 3716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:50:08.0796 3716 splitter - ok
12:50:08.0859 3716 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:50:08.0859 3716 Spooler - ok
12:50:08.0906 3716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:50:08.0906 3716 sr - ok
12:50:08.0937 3716 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:50:08.0937 3716 srservice - ok
12:50:08.0984 3716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:50:08.0984 3716 Srv - ok
12:50:09.0000 3716 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:50:09.0015 3716 SSDPSRV - ok
12:50:09.0062 3716 Steam Client Service - ok
12:50:09.0125 3716 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:50:09.0125 3716 stisvc - ok
12:50:09.0156 3716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:50:09.0156 3716 swenum - ok
12:50:09.0187 3716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:50:09.0187 3716 swmidi - ok
12:50:09.0203 3716 SwPrv - ok
12:50:09.0218 3716 symc810 - ok
12:50:09.0234 3716 symc8xx - ok
12:50:09.0250 3716 sym_hi - ok
12:50:09.0250 3716 sym_u3 - ok
12:50:09.0281 3716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:50:09.0281 3716 sysaudio - ok
12:50:09.0328 3716 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:50:09.0328 3716 SysmonLog - ok
12:50:09.0359 3716 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:50:09.0359 3716 TapiSrv - ok
12:50:09.0406 3716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:50:09.0421 3716 Tcpip - ok
12:50:09.0468 3716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:50:09.0468 3716 TDPIPE - ok
12:50:09.0484 3716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:50:09.0484 3716 TDTCP - ok
12:50:09.0515 3716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:50:09.0515 3716 TermDD - ok
12:50:09.0578 3716 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:50:09.0578 3716 TermService - ok
12:50:09.0640 3716 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:50:09.0640 3716 Themes - ok
12:50:09.0703 3716 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:50:09.0703 3716 TlntSvr - ok
12:50:09.0718 3716 TosIde - ok
12:50:09.0734 3716 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:50:09.0734 3716 TrkWks - ok
12:50:09.0765 3716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:50:09.0765 3716 Udfs - ok
12:50:09.0781 3716 ultra - ok
12:50:09.0843 3716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:50:09.0843 3716 Update - ok
12:50:09.0906 3716 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:50:09.0906 3716 upnphost - ok
12:50:09.0937 3716 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:50:09.0937 3716 UPS - ok
12:50:09.0953 3716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:50:09.0953 3716 usbccgp - ok
12:50:09.0984 3716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:50:09.0984 3716 usbehci - ok
12:50:10.0000 3716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:50:10.0000 3716 usbhub - ok
12:50:10.0000 3716 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:50:10.0000 3716 usbohci - ok
12:50:10.0046 3716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:50:10.0046 3716 usbprint - ok
12:50:10.0078 3716 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:50:10.0093 3716 usbscan - ok
12:50:10.0109 3716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:50:10.0109 3716 USBSTOR - ok
12:50:10.0140 3716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:50:10.0140 3716 VgaSave - ok
12:50:10.0156 3716 ViaIde - ok
12:50:10.0171 3716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:50:10.0171 3716 VolSnap - ok
12:50:10.0234 3716 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:50:10.0234 3716 VSS - ok
12:50:10.0265 3716 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:50:10.0265 3716 W32Time - ok
12:50:10.0296 3716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:50:10.0296 3716 Wanarp - ok
12:50:10.0312 3716 WDICA - ok
12:50:10.0359 3716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:50:10.0359 3716 wdmaud - ok
12:50:10.0375 3716 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:50:10.0375 3716 WebClient - ok
12:50:10.0468 3716 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:50:10.0468 3716 winmgmt - ok
12:50:10.0562 3716 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
12:50:10.0578 3716 WmdmPmSN - ok
12:50:10.0640 3716 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:50:10.0640 3716 Wmi - ok
12:50:10.0687 3716 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:50:10.0687 3716 WmiApSrv - ok
12:50:10.0843 3716 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:50:10.0859 3716 WPFFontCache_v0400 - ok
12:50:10.0937 3716 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:50:10.0968 3716 wuauserv - ok
12:50:11.0015 3716 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:50:11.0015 3716 WZCSVC - ok
12:50:11.0062 3716 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:50:11.0062 3716 xmlprov - ok
12:50:11.0078 3716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:50:11.0390 3716 \Device\Harddisk0\DR0 - ok
12:50:11.0390 3716 Boot (0x1200) (86b1c8854a87fcba7ec1c919fdf0bc77) \Device\Harddisk0\DR0\Partition0
12:50:11.0390 3716 \Device\Harddisk0\DR0\Partition0 - ok
12:50:11.0390 3716 ============================================================
12:50:11.0390 3716 Scan finished
12:50:11.0390 3716 ============================================================
12:50:11.0406 3408 Detected object count: 1
12:50:11.0406 3408 Actual detected object count: 1
12:50:39.0921 3408 C:\WINDOWS\System32\Drivers\95d5001af035d519.sys - copied to quarantine
12:50:39.0984 3408 HKLM\SYSTEM\ControlSet001\services\95d5001af035d519 - will be deleted on reboot
12:50:40.0031 3408 HKLM\SYSTEM\ControlSet003\services\95d5001af035d519 - will be deleted on reboot
12:50:40.0156 3408 C:\WINDOWS\System32\Drivers\95d5001af035d519.sys - will be deleted on reboot
12:50:40.0156 3408 95d5001af035d519 ( LockedService.Multi.Generic ) - User select action: Delete
12:50:48.0812 3696 Deinitialize success

#10 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:59 PM

Posted 27 July 2012 - 08:27 AM

Hi earthquakes,

Well it looks like TDSSKiller took care of the rootkit that was active on your system.

For the next step, I'd like you to run Malwarebytes Anti-Malware on your computer by following the below instructions:

Open Malwarebytes Posted Image that you already have installed on your computer.

Click on the update tab and then click Update Now.

  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Please let me know how your computer is running.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#11 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:59 PM

Posted 27 July 2012 - 12:43 PM

Hi earthquakes,

I'm gone for the weekend and will be back monday, sorry for the delay.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#12 earthquakes

earthquakes
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 27 July 2012 - 05:46 PM

I think my only issue now is with scanning on my HP Deskjet/Scanner but it seems to be a Windows/HP driver issue and AVG is still showing up and I can't delete it. I will work those problems out myself since they do not appear to be virus/malware related. Everything else is working as it should.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.27.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Hal :: HALSPC [administrator]

7/27/2012 2:25:52 PM
mbam-log-2012-07-27 (14-25-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386016
Time elapsed: 49 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:59 PM

Posted 30 July 2012 - 10:37 AM

Hi earthquakes,

Ok. Your Malwarebytes log looks good but let's run an online virus scan to be sure then we finish with some "housekeeping" and be done here.

Please perform a scan with Eset Onlinescan (NOD32).
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista Users be sure to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

  • You will see the Terms of Use. Tick the check-box in front of YES, I accept the Terms of Use
  • Now click Start.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.
  • A new window will appear asking "Do you want to install this software?" (OnlineScanner.cab)".
  • Answer Yes to install and download the ActiveX controls that allows the scan to run.
  • Click Start.(the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, check: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan to start the online scan. (this could take some time to complete)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software. Just close the window.
  • Now click Start > Run... > type: C:\Program Files\Eset\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad.
  • Copy and paste the log results in your next reply.

Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn\ them back on after you are finished

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#14 earthquakes

earthquakes
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 03 August 2012 - 07:47 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=41867cdee77f194db2ab3024d98b960e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-04 12:38:26
# local_time=2012-08-03 05:38:26 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 3299410 3299410 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=201496
# found=19
# cleaned=19
# scan_time=4774
C:\Documents and Settings\Hal\Local Settings\Temp\ICReinstall\cnet_Setup_FreeBurner_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Hal\Local Settings\Temp\is1598539481\zgInstaller.exe Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Hal\My Documents\Downloads\cnet_Setup_FreeBurner_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Hal.HALSPC\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll a variant of Win32/Adware.Gamevance.BZ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Hal.HALSPC\Desktop\Jaimecard\2011-01-30\ImageViewerSetup.exe a variant of Win32/SweetIM.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\002DQAQT\firstload_com[1].txt HTML/Hoax.FastDownload.C.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\455QB91Y\smart-reviews-from-stupid-celebrities-battleship-you-sank-my-heart-not-really[1].txt JS/Kryptik.PH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\94337EIH\celebritybabycraze_com[1].txt JS/Kryptik.PH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\C3VUWSN8\firstload_com[1].txt HTML/Hoax.FastDownload.C.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\EAYZW6JL\vixtravelhotels_biz[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\G96JGG6K\inspirationforexcellence_com[3].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\JSW0CK21\inspirationforexcellence_com[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\LB093HYR\inspirationforexcellence_com[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\M7P887E2\firstload_com[1].txt HTML/Hoax.FastDownload.C.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\MA3JPZIC\naughtiest-celebrity-scandals-of-2011-recap[1].txt JS/Kryptik.PH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\NJX85SI2\celebritybabycraze_com[1].txt JS/Kryptik.PH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\XYK19QS6\index7[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\XYK19QS6\index7[2].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_12.49.25\susp0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.MN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:59 PM

Posted 12 August 2012 - 01:54 AM

My apologies for the delay, as techextreme is currently unavailable I'll continue working with you. Can you please tell me if you still have any problem left at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users