Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adobe Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 jtupper

jtupper

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 16 July 2012 - 12:04 AM

I am on a XP system that is a little outdated. I use it mainly for WordProcessing and Recording, but recently have added wireless connectivity. IE 8 is my explorer and I am on a Private WPA PERSONAL network with one other laptop, the wii, and my iphone. my computer is the only one showing trouble at this time. I have run MiniToolBox, and TDSSKiller and have posted the logs below. Basically my problem is this, the computer has slowed to an incredible pace and about every ten minutes I get a pop-up saing adobe installer is initializing. by the time I get back to my desk there may be up to 20 of these installers. Must be a virus. I ran AVGfree and Spy-bot and found several tracking cookies (of course) and three trojan viruses. AVG said it took care of them but I'm not so sure. any help would be great and thank you in advance.

MINITOOLBOX

MiniToolBox by Farbar Version: 15-07-2012
Ran by Owner (administrator) on 15-07-2012 at 23:40:40
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:6522

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [JARREN1]. Some commands may not be available.
The specified module could not be found.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.1.5 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.1.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=192.168.7.254 register=PRIMARY
set wins name="Local Area Connection" source=static addr=none

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : jarren1 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-11-11-8E-20-38Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 802.11n Wireless LAN Card Physical Address. . . . . . . . . : 00-0D-0A-00-11-F4 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.108 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.7.254 Lease Obtained. . . . . . . . . . : Sunday, July 15, 2012 11:25:35 PM Lease Expires . . . . . . . . . . : Monday, July 16, 2012 11:25:35 PMDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.7.254

Name: google.com
Addresses: 74.125.227.132, 74.125.227.133, 74.125.227.134, 74.125.227.135
74.125.227.136, 74.125.227.137, 74.125.227.142, 74.125.227.128, 74.125.227.129
74.125.227.130, 74.125.227.131

Pinging google.com [74.125.227.70] with 32 bytes of data:Reply from 74.125.227.70: bytes=32 time=33ms TTL=51Reply from 74.125.227.70: bytes=32 time=33ms TTL=51Ping statistics for 74.125.227.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 33ms, Maximum = 33ms, Average = 33msDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.7.254

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=119ms TTL=49Reply from 72.30.38.140: bytes=32 time=97ms TTL=49Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 97ms, Maximum = 119ms, Average = 108msDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.7.254

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 8e 20 38 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x3 ...00 0d 0a 00 11 f4 ...... 802.11n Wireless LAN Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.108 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.108 192.168.1.108 20
192.168.1.0 255.255.255.0 192.168.1.108 192.168.1.108 20
192.168.1.108 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.108 192.168.1.108 20
224.0.0.0 240.0.0.0 192.168.1.108 192.168.1.108 20
255.255.255.255 255.255.255.255 192.168.1.108 2 1
255.255.255.255 255.255.255.255 192.168.1.108 192.168.1.108 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/15/2012 11:39:23 PM) (Source: Application Error) (User: )
Description: Faulting application teatimer.exe, version 1.6.6.32, faulting module teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.
Processing media-specific event for [teatimer.exe!ws!]

Error: (07/15/2012 11:29:10 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (07/14/2012 03:27:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 109841890

Error: (07/14/2012 03:27:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 109841890

Error: (07/14/2012 03:27:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/11/2012 03:20:01 AM) (Source: Bonjour Service) (User: )
Description: 404: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/11/2012 03:20:01 AM) (Source: Bonjour Service) (User: )
Description: 220: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/11/2012 03:20:01 AM) (Source: Bonjour Service) (User: )
Description: 204: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/11/2012 03:20:01 AM) (Source: Bonjour Service) (User: )
Description: 208: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/03/2012 05:17:55 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash10e.ocx, version 10.0.45.2, fault address 0x000ac868.
Processing media-specific event for [iexplore.exe!ws!]


System errors:
=============
Error: (07/15/2012 11:27:50 PM) (Source: 0) (User: )
Description: C:

Error: (07/14/2012 03:26:51 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.108 on the
Network Card with network address 000D0A0011F4.

Error: (06/14/2012 07:51:56 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (06/14/2012 07:51:56 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (06/14/2012 07:44:39 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.108 on the
Network Card with network address 000D0A0011F4.

Error: (05/30/2012 02:28:16 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (05/30/2012 02:28:16 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (05/30/2012 02:28:16 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (05/30/2012 02:28:16 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (05/27/2012 00:08:06 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================
Error: (07/15/2012 11:39:23 PM) (Source: Application Error)(User: )
Description: teatimer.exe1.6.6.32teatimer.exe1.6.6.320006e66e

Error: (07/15/2012 11:29:10 PM) (Source: WinMgmt)(User: )
Description:

Error: (07/14/2012 03:27:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 109841890

Error: (07/14/2012 03:27:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 109841890

Error: (07/14/2012 03:27:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/11/2012 03:20:01 AM) (Source: Bonjour Service)(User: )
Description: 404: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/11/2012 03:20:01 AM) (Source: Bonjour Service)(User: )
Description: 220: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/11/2012 03:20:01 AM) (Source: Bonjour Service)(User: )
Description: 204: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/11/2012 03:20:01 AM) (Source: Bonjour Service)(User: )
Description: 208: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (07/03/2012 05:17:55 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702flash10e.ocx10.0.45.2000ac868


=========================== Installed Programs ============================

Adobe AIR (Version: 3.3.0.3650)
Adobe Audition CS6 (Version: 5.0)
Adobe Download Assistant (Version: 1.2)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Help Manager (Version: 4.0.244)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.0)
Adobe Reader 8 (Version: 8.0.0)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ASIO4ALL
AVG 2012 (Version: 12.0.2195)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2195)
BeerSmith Brewing Software
BigFix
bl (Version: 1.0.0)
Bonjour (Version: 2.0.2.0)
Bonjour Print Services (Version: 2.0.2.0)
Bookkeeper (Version: 8.0.0.0)
CCleaner (Version: 2.34)
Diablo II
Digital Media Reader (Version: 1.09)
EchoLink (Version: 2.0.908)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
Google Update Helper (Version: 1.3.21.115)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Adapters and Drivers
iTunes (Version: 10.4.1.10)
Java 2 Runtime Environment, SE v1.4.2 (Version: 1.4.2)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
Learn2 Player (Uninstall Only)
Line 6 Uninstaller (Version: )
Live 8.1.1
Logitech Gaming Software 5.10 (Version: 5.10.127)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Picture It! Photo Premium 9 (Version: 9.0.0.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.04.0623)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Multimedia Keyboard Driver
Nero BurnRights
Nero OEM
oobeFlagNetscape0 (Version: 5.0.0)
ph (Version: 1.0.0)
PoiZone
PowerDVD
Preamp Emulator
QuickTime (Version: 7.70.80.34)
Ralink RT2860 Wireless LAN Card (Version: 1.5.7.0)
RealPlayer Basic
Realtek High Definition Audio Driver
rss_upd (Version: 5.0.0)
SoftV92 Data Fax Modem with SmartCP
Sonic Timeworks Sonar 2 Plug-ins
Spybot - Search & Destroy (Version: 1.6.2)
Unity Web Player (Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
VideoPad Video Editor
Viewpoint Media Player
Vivitar Experience Image Manager
WebFldrs XP (Version: 9.50.7523)
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3 (Version: 20080414.031525)
WinSCP 4.3.4 (Version: 4.3.4)

========================= Devices: ================================

Could not list devices.

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 501.79 MB
Available physical RAM: 334.61 MB
Total Pagefile: 1226.43 MB
Available Pagefile: 890.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.95 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:182.06 GB) (Free:120.27 GB) NTFS
2 Drive d: () (Fixed) (Total:4.23 GB) (Free:1.68 GB) FAT32
3 Drive e: (O9PROCD01) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\JARREN1

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini042811-01.dmp
========================= Restore Points ==================================

Could not list Restore Points.

**** End of log ****



TDDSKiller

23:41:57.0734 3384 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
23:41:58.0343 3384 ============================================================
23:41:58.0343 3384 Current date / time: 2012/07/15 23:41:58.0343
23:41:58.0343 3384 SystemInfo:
23:41:58.0343 3384
23:41:58.0343 3384 OS Version: 5.1.2600 ServicePack: 3.0
23:41:58.0343 3384 Product type: Workstation
23:41:58.0343 3384 ComputerName: JARREN1
23:41:58.0343 3384 UserName: Owner
23:41:58.0343 3384 Windows directory: C:\WINDOWS
23:41:58.0343 3384 System windows directory: C:\WINDOWS
23:41:58.0343 3384 Processor architecture: Intel x86
23:41:58.0343 3384 Number of processors: 2
23:41:58.0343 3384 Page size: 0x1000
23:41:58.0343 3384 Boot type: Normal boot
23:41:58.0343 3384 ============================================================
23:42:02.0921 3384 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:42:03.0046 3384 ============================================================
23:42:03.0046 3384 \Device\Harddisk0\DR0:
23:42:03.0437 3384 MBR partitions:
23:42:03.0437 3384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x878EE9, BlocksNum 0x16C21017
23:42:03.0437 3384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x878EAA
23:42:03.0437 3384 ============================================================
23:42:03.0484 3384 C: <-> \Device\Harddisk0\DR0\Partition0
23:42:03.0484 3384 D: <-> \Device\Harddisk0\DR0\Partition1
23:42:03.0484 3384 ============================================================
23:42:03.0484 3384 Initialize success
23:42:03.0484 3384 ============================================================
23:42:13.0703 4068 ============================================================
23:42:13.0703 4068 Scan started
23:42:13.0703 4068 Mode: Manual;
23:42:13.0703 4068 ============================================================
23:42:13.0984 4068 Abiosdsk - ok
23:42:14.0000 4068 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:42:14.0000 4068 abp480n5 - ok
23:42:14.0046 4068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:42:14.0046 4068 ACPI - ok
23:42:14.0062 4068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:42:14.0062 4068 ACPIEC - ok
23:42:14.0078 4068 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:42:14.0078 4068 adpu160m - ok
23:42:14.0093 4068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:42:14.0093 4068 aec - ok
23:42:14.0171 4068 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:42:14.0171 4068 AFD - ok
23:42:14.0171 4068 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:42:14.0171 4068 agp440 - ok
23:42:14.0203 4068 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:42:14.0203 4068 agpCPQ - ok
23:42:14.0218 4068 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:42:14.0218 4068 Aha154x - ok
23:42:14.0218 4068 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:42:14.0218 4068 aic78u2 - ok
23:42:14.0234 4068 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:42:14.0234 4068 aic78xx - ok
23:42:14.0265 4068 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:42:14.0265 4068 Alerter - ok
23:42:14.0296 4068 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:42:14.0296 4068 ALG - ok
23:42:14.0296 4068 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:42:14.0312 4068 AliIde - ok
23:42:14.0312 4068 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:42:14.0312 4068 alim1541 - ok
23:42:14.0328 4068 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:42:14.0328 4068 amdagp - ok
23:42:14.0328 4068 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:42:14.0328 4068 amsint - ok
23:42:14.0484 4068 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:42:14.0484 4068 Apple Mobile Device - ok
23:42:14.0484 4068 AppMgmt - ok
23:42:14.0531 4068 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:42:14.0531 4068 Arp1394 - ok
23:42:14.0546 4068 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:42:14.0546 4068 asc - ok
23:42:14.0546 4068 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:42:14.0546 4068 asc3350p - ok
23:42:14.0562 4068 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:42:14.0562 4068 asc3550 - ok
23:42:14.0609 4068 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
23:42:14.0609 4068 ASCTRM - ok
23:42:14.0718 4068 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:42:14.0734 4068 aspnet_state - ok
23:42:14.0765 4068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:42:14.0765 4068 AsyncMac - ok
23:42:14.0765 4068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:42:14.0765 4068 atapi - ok
23:42:14.0781 4068 Atdisk - ok
23:42:14.0796 4068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:42:14.0812 4068 Atmarpc - ok
23:42:14.0812 4068 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:42:14.0812 4068 AudioSrv - ok
23:42:14.0843 4068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:42:14.0843 4068 audstub - ok
23:42:15.0281 4068 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
23:42:15.0578 4068 AVGIDSAgent - ok
23:42:15.0765 4068 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
23:42:15.0765 4068 AVGIDSDriver - ok
23:42:15.0796 4068 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
23:42:15.0796 4068 AVGIDSFilter - ok
23:42:15.0812 4068 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
23:42:15.0812 4068 AVGIDSHX - ok
23:42:15.0828 4068 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
23:42:15.0828 4068 AVGIDSShim - ok
23:42:15.0859 4068 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:42:15.0859 4068 Avgldx86 - ok
23:42:15.0890 4068 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:42:15.0890 4068 Avgmfx86 - ok
23:42:15.0906 4068 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:42:15.0906 4068 Avgrkx86 - ok
23:42:15.0937 4068 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:42:15.0937 4068 Avgtdix - ok
23:42:16.0109 4068 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
23:42:16.0109 4068 avgwd - ok
23:42:16.0140 4068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:42:16.0140 4068 Beep - ok
23:42:16.0203 4068 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:42:16.0250 4068 BITS - ok
23:42:16.0343 4068 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
23:42:16.0343 4068 Bonjour Service - ok
23:42:16.0390 4068 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:42:16.0390 4068 Browser - ok
23:42:16.0406 4068 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:42:16.0406 4068 cbidf - ok
23:42:16.0406 4068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:42:16.0406 4068 cbidf2k - ok
23:42:16.0453 4068 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:42:16.0453 4068 CCDECODE - ok
23:42:16.0453 4068 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:42:16.0453 4068 cd20xrnt - ok
23:42:16.0468 4068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:42:16.0468 4068 Cdaudio - ok
23:42:16.0484 4068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:42:16.0484 4068 Cdfs - ok
23:42:16.0500 4068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:42:16.0515 4068 Cdrom - ok
23:42:16.0515 4068 Changer - ok
23:42:16.0531 4068 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:42:16.0531 4068 CiSvc - ok
23:42:16.0546 4068 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:42:16.0546 4068 ClipSrv - ok
23:42:16.0656 4068 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:42:16.0687 4068 clr_optimization_v2.0.50727_32 - ok
23:42:16.0687 4068 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:42:16.0687 4068 CmdIde - ok
23:42:16.0703 4068 COMSysApp - ok
23:42:16.0734 4068 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:42:16.0734 4068 Cpqarray - ok
23:42:16.0750 4068 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:42:16.0750 4068 CryptSvc - ok
23:42:16.0765 4068 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:42:16.0765 4068 dac2w2k - ok
23:42:16.0765 4068 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:42:16.0765 4068 dac960nt - ok
23:42:16.0828 4068 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:42:16.0843 4068 DcomLaunch - ok
23:42:16.0875 4068 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:42:16.0875 4068 Dhcp - ok
23:42:16.0890 4068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:42:16.0890 4068 Disk - ok
23:42:16.0890 4068 dmadmin - ok
23:42:16.0937 4068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:42:16.0953 4068 dmboot - ok
23:42:16.0968 4068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:42:16.0968 4068 dmio - ok
23:42:16.0968 4068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:42:16.0968 4068 dmload - ok
23:42:17.0000 4068 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:42:17.0000 4068 dmserver - ok
23:42:17.0031 4068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:42:17.0031 4068 DMusic - ok
23:42:17.0062 4068 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:42:17.0062 4068 Dnscache - ok
23:42:17.0109 4068 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:42:17.0109 4068 Dot3svc - ok
23:42:17.0109 4068 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:42:17.0109 4068 dpti2o - ok
23:42:17.0125 4068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:42:17.0125 4068 drmkaud - ok
23:42:17.0171 4068 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:42:17.0171 4068 E100B - ok
23:42:17.0203 4068 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:42:17.0203 4068 EapHost - ok
23:42:17.0218 4068 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:42:17.0218 4068 ERSvc - ok
23:42:17.0265 4068 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:42:17.0265 4068 Eventlog - ok
23:42:17.0312 4068 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:42:17.0312 4068 EventSystem - ok
23:42:17.0359 4068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:42:17.0359 4068 Fastfat - ok
23:42:17.0406 4068 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:42:17.0406 4068 FastUserSwitchingCompatibility - ok
23:42:17.0421 4068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:42:17.0421 4068 Fdc - ok
23:42:17.0437 4068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:42:17.0453 4068 Fips - ok
23:42:17.0453 4068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:42:17.0453 4068 Flpydisk - ok
23:42:17.0468 4068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:42:17.0468 4068 FltMgr - ok
23:42:17.0562 4068 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:42:17.0562 4068 FontCache3.0.0.0 - ok
23:42:17.0593 4068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:42:17.0593 4068 Fs_Rec - ok
23:42:17.0609 4068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:42:17.0609 4068 Ftdisk - ok
23:42:17.0640 4068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:42:17.0656 4068 GEARAspiWDM - ok
23:42:17.0656 4068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:42:17.0671 4068 Gpc - ok
23:42:17.0796 4068 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
23:42:17.0796 4068 gupdate - ok
23:42:17.0796 4068 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
23:42:17.0812 4068 gupdatem - ok
23:42:17.0843 4068 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
23:42:17.0843 4068 hamachi - ok
23:42:17.0875 4068 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
23:42:17.0875 4068 HdAudAddService - ok
23:42:17.0906 4068 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:42:17.0906 4068 HDAudBus - ok
23:42:17.0984 4068 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:42:17.0984 4068 helpsvc - ok
23:42:18.0000 4068 HidServ - ok
23:42:18.0031 4068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:42:18.0031 4068 HidUsb - ok
23:42:18.0078 4068 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:42:18.0078 4068 hkmsvc - ok
23:42:18.0140 4068 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:42:18.0140 4068 hpn - ok
23:42:18.0187 4068 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
23:42:18.0203 4068 HSFHWBS2 - ok
23:42:18.0250 4068 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
23:42:18.0265 4068 HSF_DP - ok
23:42:18.0281 4068 HSF_DPV - ok
23:42:18.0328 4068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:42:18.0328 4068 HTTP - ok
23:42:18.0375 4068 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:42:18.0375 4068 HTTPFilter - ok
23:42:18.0375 4068 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:42:18.0390 4068 i2omgmt - ok
23:42:18.0390 4068 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:42:18.0390 4068 i2omp - ok
23:42:18.0421 4068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:42:18.0421 4068 i8042prt - ok
23:42:18.0500 4068 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:42:18.0515 4068 ialm - ok
23:42:18.0640 4068 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:42:18.0640 4068 IDriverT - ok
23:42:18.0796 4068 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:42:18.0828 4068 idsvc - ok
23:42:18.0921 4068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:42:18.0921 4068 Imapi - ok
23:42:18.0953 4068 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:42:18.0968 4068 ImapiService - ok
23:42:19.0000 4068 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:42:19.0000 4068 ini910u - ok
23:42:19.0125 4068 IntcAzAudAddService (c60b77a9eac40774556201a736e050a8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:42:19.0203 4068 IntcAzAudAddService - ok
23:42:19.0265 4068 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:42:19.0265 4068 IntelIde - ok
23:42:19.0312 4068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:42:19.0312 4068 intelppm - ok
23:42:19.0328 4068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:42:19.0328 4068 Ip6Fw - ok
23:42:19.0328 4068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:42:19.0328 4068 IpFilterDriver - ok
23:42:19.0343 4068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:42:19.0343 4068 IpInIp - ok
23:42:19.0359 4068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:42:19.0359 4068 IpNat - ok
23:42:19.0468 4068 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
23:42:19.0500 4068 iPod Service - ok
23:42:19.0515 4068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:42:19.0515 4068 IPSec - ok
23:42:19.0531 4068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:42:19.0531 4068 IRENUM - ok
23:42:19.0531 4068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:42:19.0531 4068 isapnp - ok
23:42:19.0625 4068 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
23:42:19.0625 4068 JavaQuickStarterService - ok
23:42:19.0640 4068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:42:19.0640 4068 Kbdclass - ok
23:42:19.0640 4068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:42:19.0640 4068 kbdhid - ok
23:42:19.0656 4068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:42:19.0656 4068 kmixer - ok
23:42:19.0703 4068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:42:19.0703 4068 KSecDD - ok
23:42:19.0765 4068 L6UX2 (2c289a7746c29fd835f771aa835248ca) C:\WINDOWS\system32\Drivers\L6UX2.sys
23:42:19.0765 4068 L6UX2 - ok
23:42:19.0812 4068 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:42:19.0812 4068 lanmanserver - ok
23:42:19.0828 4068 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:42:19.0843 4068 lanmanworkstation - ok
23:42:19.0843 4068 lbrtfdc - ok
23:42:19.0859 4068 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:42:19.0859 4068 LmHosts - ok
23:42:20.0000 4068 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
23:42:20.0015 4068 McciCMService - ok
23:42:20.0046 4068 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:42:20.0046 4068 mdmxsdk - ok
23:42:20.0078 4068 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:42:20.0078 4068 Messenger - ok
23:42:20.0109 4068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:42:20.0109 4068 mnmdd - ok
23:42:20.0156 4068 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:42:20.0156 4068 mnmsrvc - ok
23:42:20.0171 4068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:42:20.0171 4068 Modem - ok
23:42:20.0187 4068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:42:20.0187 4068 Mouclass - ok
23:42:20.0218 4068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:42:20.0218 4068 mouhid - ok
23:42:20.0234 4068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:42:20.0234 4068 MountMgr - ok
23:42:20.0234 4068 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:42:20.0250 4068 mraid35x - ok
23:42:20.0281 4068 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:42:20.0281 4068 MREMP50 - ok
23:42:20.0281 4068 MREMPR5 - ok
23:42:20.0296 4068 MRENDIS5 - ok
23:42:20.0296 4068 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:42:20.0296 4068 MRESP50 - ok
23:42:20.0312 4068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:42:20.0328 4068 MRxDAV - ok
23:42:20.0359 4068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:42:20.0375 4068 MRxSmb - ok
23:42:20.0406 4068 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:42:20.0406 4068 MSDTC - ok
23:42:20.0421 4068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:42:20.0421 4068 Msfs - ok
23:42:20.0421 4068 MSIServer - ok
23:42:20.0437 4068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:42:20.0437 4068 MSKSSRV - ok
23:42:20.0453 4068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:42:20.0453 4068 MSPCLOCK - ok
23:42:20.0453 4068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:42:20.0453 4068 MSPQM - ok
23:42:20.0468 4068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:42:20.0468 4068 mssmbios - ok
23:42:20.0515 4068 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:42:20.0515 4068 MSTEE - ok
23:42:20.0546 4068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:42:20.0546 4068 Mup - ok
23:42:20.0562 4068 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
23:42:20.0562 4068 mxnic - ok
23:42:20.0609 4068 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:42:20.0609 4068 NABTSFEC - ok
23:42:20.0640 4068 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:42:20.0640 4068 napagent - ok
23:42:20.0671 4068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:42:20.0671 4068 NDIS - ok
23:42:20.0687 4068 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:42:20.0687 4068 NdisIP - ok
23:42:20.0718 4068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:42:20.0734 4068 NdisTapi - ok
23:42:20.0734 4068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:42:20.0734 4068 Ndisuio - ok
23:42:20.0750 4068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:42:20.0765 4068 NdisWan - ok
23:42:20.0781 4068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:42:20.0781 4068 NDProxy - ok
23:42:20.0796 4068 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\WINDOWS\system32\DRIVERS\netaapl.sys
23:42:20.0796 4068 Netaapl - ok
23:42:20.0828 4068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:42:20.0828 4068 NetBIOS - ok
23:42:20.0843 4068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:42:20.0843 4068 NetBT - ok
23:42:20.0890 4068 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:42:20.0890 4068 NetDDE - ok
23:42:20.0890 4068 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:42:20.0890 4068 NetDDEdsdm - ok
23:42:20.0937 4068 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:42:20.0937 4068 Netlogon - ok
23:42:20.0953 4068 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:42:20.0953 4068 Netman - ok
23:42:21.0093 4068 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:42:21.0093 4068 NetTcpPortSharing - ok
23:42:21.0109 4068 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:42:21.0109 4068 NIC1394 - ok
23:42:21.0156 4068 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:42:21.0171 4068 Nla - ok
23:42:21.0171 4068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:42:21.0171 4068 Npfs - ok
23:42:21.0203 4068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:42:21.0203 4068 Ntfs - ok
23:42:21.0218 4068 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:42:21.0218 4068 NtLmSsp - ok
23:42:21.0250 4068 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:42:21.0265 4068 NtmsSvc - ok
23:42:21.0296 4068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:42:21.0296 4068 Null - ok
23:42:21.0421 4068 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:42:21.0500 4068 nv - ok
23:42:21.0671 4068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:42:21.0687 4068 NwlnkFlt - ok
23:42:21.0687 4068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:42:21.0687 4068 NwlnkFwd - ok
23:42:21.0703 4068 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:42:21.0703 4068 ohci1394 - ok
23:42:21.0718 4068 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
23:42:21.0718 4068 P3 - ok
23:42:21.0765 4068 PARPEPPY (791fa8d6465f66daecda2e48d565cbc2) C:\WINDOWS\system32\PARPEPPY.SYS
23:42:21.0765 4068 PARPEPPY - ok
23:42:21.0781 4068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:42:21.0781 4068 Parport - ok
23:42:21.0796 4068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:42:21.0796 4068 PartMgr - ok
23:42:21.0796 4068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:42:21.0796 4068 ParVdm - ok
23:42:21.0812 4068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:42:21.0812 4068 PCI - ok
23:42:21.0812 4068 PCIDump - ok
23:42:21.0843 4068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:42:21.0843 4068 PCIIde - ok
23:42:21.0843 4068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:42:21.0859 4068 Pcmcia - ok
23:42:21.0859 4068 PDCOMP - ok
23:42:21.0859 4068 PDFRAME - ok
23:42:21.0875 4068 PDRELI - ok
23:42:21.0875 4068 PDRFRAME - ok
23:42:21.0890 4068 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:42:21.0890 4068 perc2 - ok
23:42:21.0890 4068 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:42:21.0890 4068 perc2hib - ok
23:42:21.0937 4068 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:42:21.0953 4068 PlugPlay - ok
23:42:21.0984 4068 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:42:21.0984 4068 PolicyAgent - ok
23:42:22.0000 4068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:42:22.0000 4068 PptpMiniport - ok
23:42:22.0125 4068 PrismXL (33d7285f12d934268a34206dfc4ad1b3) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
23:42:22.0125 4068 PrismXL - ok
23:42:22.0125 4068 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:42:22.0125 4068 ProtectedStorage - ok
23:42:22.0140 4068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:42:22.0140 4068 PSched - ok
23:42:22.0156 4068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:42:22.0156 4068 Ptilink - ok
23:42:22.0203 4068 PxHelp20 (053a608bcfeb5a4d0cecdda703b08c83) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:42:22.0203 4068 PxHelp20 - ok
23:42:22.0203 4068 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:42:22.0203 4068 ql1080 - ok
23:42:22.0218 4068 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:42:22.0218 4068 Ql10wnt - ok
23:42:22.0234 4068 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:42:22.0234 4068 ql12160 - ok
23:42:22.0234 4068 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:42:22.0234 4068 ql1240 - ok
23:42:22.0250 4068 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:42:22.0250 4068 ql1280 - ok
23:42:22.0343 4068 RalinkRegistryWriter (720fea3aaa15fe7e0beab10ac2e6d2b0) C:\Program Files\Ralink\Common\RaRegistry.exe
23:42:22.0343 4068 RalinkRegistryWriter - ok
23:42:22.0390 4068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:42:22.0390 4068 RasAcd - ok
23:42:22.0421 4068 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:42:22.0421 4068 RasAuto - ok
23:42:22.0437 4068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:42:22.0453 4068 Rasl2tp - ok
23:42:22.0500 4068 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:42:22.0500 4068 RasMan - ok
23:42:22.0515 4068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:42:22.0515 4068 RasPppoe - ok
23:42:22.0515 4068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:42:22.0515 4068 Raspti - ok
23:42:22.0562 4068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:42:22.0562 4068 Rdbss - ok
23:42:22.0562 4068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:42:22.0578 4068 RDPCDD - ok
23:42:22.0593 4068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:42:22.0593 4068 rdpdr - ok
23:42:22.0625 4068 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
23:42:22.0625 4068 RDPWD - ok
23:42:22.0656 4068 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:42:22.0656 4068 RDSessMgr - ok
23:42:22.0687 4068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:42:22.0687 4068 redbook - ok
23:42:22.0734 4068 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:42:22.0734 4068 RemoteAccess - ok
23:42:22.0750 4068 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:42:22.0750 4068 RpcLocator - ok
23:42:22.0796 4068 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:42:22.0796 4068 RpcSs - ok
23:42:22.0828 4068 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:42:22.0828 4068 RSVP - ok
23:42:22.0890 4068 RT80x86 (7dcc219c0d5634f87ce4d33eb1f6dada) C:\WINDOWS\system32\DRIVERS\RT2860.sys
23:42:22.0937 4068 RT80x86 - ok
23:42:22.0937 4068 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:42:22.0953 4068 SamSs - ok
23:42:22.0968 4068 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:42:22.0968 4068 SCardSvr - ok
23:42:23.0015 4068 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:42:23.0015 4068 Schedule - ok
23:42:23.0093 4068 Scutum50 (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys
23:42:23.0093 4068 Scutum50 - ok
23:42:23.0140 4068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:42:23.0140 4068 Secdrv - ok
23:42:23.0140 4068 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:42:23.0156 4068 seclogon - ok
23:42:23.0156 4068 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:42:23.0156 4068 SENS - ok
23:42:23.0171 4068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:42:23.0171 4068 serenum - ok
23:42:23.0187 4068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:42:23.0187 4068 Serial - ok
23:42:23.0203 4068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:42:23.0203 4068 Sfloppy - ok
23:42:23.0250 4068 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:42:23.0250 4068 ShellHWDetection - ok
23:42:23.0265 4068 Simbad - ok
23:42:23.0281 4068 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:42:23.0281 4068 sisagp - ok
23:42:23.0296 4068 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:42:23.0296 4068 SLIP - ok
23:42:23.0312 4068 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:42:23.0328 4068 Sparrow - ok
23:42:23.0359 4068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:42:23.0359 4068 splitter - ok
23:42:23.0406 4068 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:42:23.0406 4068 Spooler - ok
23:42:23.0421 4068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:42:23.0421 4068 sr - ok
23:42:23.0437 4068 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:42:23.0437 4068 srservice - ok
23:42:23.0484 4068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:42:23.0500 4068 Srv - ok
23:42:23.0500 4068 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:42:23.0515 4068 SSDPSRV - ok
23:42:23.0531 4068 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:42:23.0531 4068 stisvc - ok
23:42:23.0562 4068 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:42:23.0562 4068 streamip - ok
23:42:23.0593 4068 SunkFilt (9152dc78005a58a17e79390aa0853bb1) C:\WINDOWS\System32\Drivers\sunkfilt.sys
23:42:23.0593 4068 SunkFilt - ok
23:42:23.0625 4068 SunkFilt39 (ed67900e1553b2fc56daa64aab4b304f) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
23:42:23.0625 4068 SunkFilt39 - ok
23:42:23.0625 4068 Sunkfiltp - ok
23:42:23.0656 4068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:42:23.0656 4068 swenum - ok
23:42:23.0671 4068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:42:23.0671 4068 swmidi - ok
23:42:23.0687 4068 SwPrv - ok
23:42:23.0718 4068 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:42:23.0718 4068 symc810 - ok
23:42:23.0718 4068 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:42:23.0718 4068 symc8xx - ok
23:42:23.0734 4068 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:42:23.0734 4068 sym_hi - ok
23:42:23.0734 4068 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:42:23.0734 4068 sym_u3 - ok
23:42:23.0765 4068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:42:23.0765 4068 sysaudio - ok
23:42:23.0781 4068 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:42:23.0781 4068 SysmonLog - ok
23:42:23.0812 4068 tap0901 (2e644070f2240cca9775a6b79cae62cd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
23:42:23.0812 4068 tap0901 - ok
23:42:23.0843 4068 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:42:23.0843 4068 TapiSrv - ok
23:42:23.0906 4068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:42:23.0906 4068 Tcpip - ok
23:42:23.0921 4068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:42:23.0921 4068 TDPIPE - ok
23:42:23.0921 4068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:42:23.0921 4068 TDTCP - ok
23:42:23.0953 4068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:42:23.0968 4068 TermDD - ok
23:42:23.0984 4068 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:42:23.0984 4068 TermService - ok
23:42:24.0031 4068 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:42:24.0031 4068 Themes - ok
23:42:24.0046 4068 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:42:24.0046 4068 TosIde - ok
23:42:24.0062 4068 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:42:24.0062 4068 TrkWks - ok
23:42:24.0093 4068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:42:24.0093 4068 Udfs - ok
23:42:24.0093 4068 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:42:24.0093 4068 ultra - ok
23:42:24.0140 4068 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
23:42:24.0140 4068 UMWdf - ok
23:42:24.0171 4068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:42:24.0171 4068 Update - ok
23:42:24.0234 4068 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:42:24.0234 4068 upnphost - ok
23:42:24.0265 4068 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:42:24.0265 4068 UPS - ok
23:42:24.0296 4068 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:42:24.0296 4068 USBAAPL - ok
23:42:24.0343 4068 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:42:24.0343 4068 usbaudio - ok
23:42:24.0343 4068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:42:24.0343 4068 usbccgp - ok
23:42:24.0359 4068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:42:24.0359 4068 usbehci - ok
23:42:24.0375 4068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:42:24.0375 4068 usbhub - ok
23:42:24.0406 4068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:42:24.0421 4068 usbscan - ok
23:42:24.0421 4068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:42:24.0421 4068 USBSTOR - ok
23:42:24.0453 4068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:42:24.0453 4068 usbuhci - ok
23:42:24.0500 4068 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:42:24.0500 4068 usbvideo - ok
23:42:24.0515 4068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:42:24.0515 4068 VgaSave - ok
23:42:24.0562 4068 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:42:24.0562 4068 viaagp - ok
23:42:24.0562 4068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:42:24.0562 4068 ViaIde - ok
23:42:24.0578 4068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:42:24.0578 4068 VolSnap - ok
23:42:24.0593 4068 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:42:24.0593 4068 VSS - ok
23:42:24.0765 4068 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
23:42:24.0781 4068 vToolbarUpdater11.2.0 - ok
23:42:24.0796 4068 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:42:24.0812 4068 W32Time - ok
23:42:24.0859 4068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:42:24.0859 4068 Wanarp - ok
23:42:24.0859 4068 wanatw - ok
23:42:24.0937 4068 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:42:24.0953 4068 Wdf01000 - ok
23:42:24.0953 4068 WDICA - ok
23:42:24.0984 4068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:42:25.0000 4068 wdmaud - ok
23:42:25.0015 4068 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:42:25.0015 4068 WebClient - ok
23:42:25.0078 4068 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:42:25.0078 4068 winachsf - ok
23:42:25.0140 4068 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:42:25.0140 4068 winmgmt - ok
23:42:25.0171 4068 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys
23:42:25.0171 4068 WmBEnum - ok
23:42:25.0203 4068 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
23:42:25.0203 4068 WmdmPmSN - ok
23:42:25.0218 4068 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys
23:42:25.0218 4068 WmFilter - ok
23:42:25.0281 4068 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:42:25.0281 4068 WmiApSrv - ok
23:42:25.0296 4068 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys
23:42:25.0296 4068 WmVirHid - ok
23:42:25.0312 4068 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys
23:42:25.0312 4068 WmXlCore - ok
23:42:25.0359 4068 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:42:25.0359 4068 WSTCODEC - ok
23:42:25.0390 4068 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:42:25.0390 4068 wuauserv - ok
23:42:25.0453 4068 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:42:25.0515 4068 WZCSVC - ok
23:42:25.0546 4068 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:42:25.0578 4068 xmlprov - ok
23:42:25.0609 4068 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
23:42:25.0671 4068 \Device\Harddisk0\DR0 - ok
23:42:25.0671 4068 Boot (0x1200) (4bdaff4b0b01afa091d357adff1db8e0) \Device\Harddisk0\DR0\Partition0
23:42:25.0671 4068 \Device\Harddisk0\DR0\Partition0 - ok
23:42:25.0671 4068 Boot (0x1200) (b65ae3a764fdeb6117baa4f73c0fa798) \Device\Harddisk0\DR0\Partition1
23:42:25.0687 4068 \Device\Harddisk0\DR0\Partition1 - ok
23:42:25.0687 4068 ============================================================
23:42:25.0687 4068 Scan finished
23:42:25.0687 4068 ============================================================
23:42:25.0687 4060 Detected object count: 0
23:42:25.0687 4060 Actual detected object count: 0


I also ran a malwarebytes quick scan with the following results:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: JARREN1 [administrator]

7/15/2012 11:58:36 PM
mbam-log-2012-07-16 (00-15-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255041
Time elapsed: 16 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Owner\Local Settings\Application Data\{46f5f852-7d5b-d431-d1a8-416de736189a}\n. -> No action taken.

Registry Data Items Detected: 2
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{46f5f852-7d5b-d431-d1a8-416de736189a}\n.) Good: (wbemess.dll) -> No action taken.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken.
C:\WINDOWS\Installer\{46f5f852-7d5b-d431-d1a8-416de736189a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\WINDOWS\Installer\{46f5f852-7d5b-d431-d1a8-416de736189a}\U\80000000.@ (Trojan.Sirefef) -> No action taken.

(end)

Thanks in advanvce

Edited by jtupper, 16 July 2012 - 12:18 AM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 20 July 2012 - 01:12 PM

Hello, jtupper.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
















Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 28 July 2012 - 05:38 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users