Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I hear music even when not running program


  • Please log in to reply
21 replies to this topic

#1 katiemay

katiemay

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 25 July 2012 - 04:02 PM

Just returned from vacation and turned on computer-- a few seconds after Windows XP booted, I began hearing what at times sounds like music, at other times sounds like commercials that sometimes accompany video TV episodes or movies on Hulu.
According to System Properties:
My computer is XP SP3
AMD Athlon 64 X2 Dual Core Processor 4400+
2.29 GHz
1.87 GIG Ram
Physical Address Extension

I ran SuperAntiSpyware- and it said it deleted all tracking cookies--- but the music returned in a few minutes
I ran MalwareBytes Anti-Malware with pretty much the same results
I did full scan with AVG and it found one corrupted file which it quaranteened,
and one identified as IRP Hook Removal Rootkit which it said it could not remove.
I then did Googel search which took me to bleepingcomputer.com

I read an article from 2011 which said to download RKill and run it to stop the process and then run MalwareBytes again-- but RKill did not report that it found any bad processes running. So I thought I'd come to the source for additional help.
katiemay

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:06 PM

Posted 25 July 2012 - 04:18 PM

Welcome katiemay
Lets see if we can see this root or possible Bootkit.

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 26 July 2012 - 10:40 AM

Thank you for taking the time to respond- my apologies for not getting back to you sooner, but apparently I did not check enough items in the email notification section.

I followed all instructions you gave, as far as I was able-- below are comments on each step and the logs produced [all in safe mode].

RKILL
following the step you indicate that I should not reboot as I would need to run RKILL again. As you will see later, I had to reboot after TDSSKILLER, BUT did not see a spot in the directions to re-run RKILL [no big deal]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/26/2012 at 8:54:28.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 07/26/2012 at 8:55:09.



TDSSKiller
As stated above-- I was required to reboot at the end of this step.

08:59:25.0625 3776 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:59:26.0125 3776 ============================================================
08:59:26.0125 3776 Current date / time: 2012/07/26 08:59:26.0125
08:59:26.0125 3776 SystemInfo:
08:59:26.0125 3776
08:59:26.0125 3776 OS Version: 5.1.2600 ServicePack: 3.0
08:59:26.0125 3776 Product type: Workstation
08:59:26.0125 3776 ComputerName: COLEMAN200
08:59:26.0125 3776 UserName: katie
08:59:26.0125 3776 Windows directory: C:\WINDOWS
08:59:26.0125 3776 System windows directory: C:\WINDOWS
08:59:26.0125 3776 Processor architecture: Intel x86
08:59:26.0125 3776 Number of processors: 2
08:59:26.0125 3776 Page size: 0x1000
08:59:26.0125 3776 Boot type: Safe boot with network
08:59:26.0125 3776 ============================================================
08:59:42.0281 3776 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:59:42.0296 3776 ============================================================
08:59:42.0296 3776 \Device\Harddisk0\DR0:
08:59:42.0296 3776 MBR partitions:
08:59:42.0296 3776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
08:59:42.0296 3776 ============================================================
08:59:42.0406 3776 C: <-> \Device\Harddisk0\DR0\Partition0
08:59:42.0406 3776 ============================================================
08:59:42.0406 3776 Initialize success
08:59:42.0406 3776 ============================================================
09:00:11.0671 4004 ============================================================
09:00:11.0671 4004 Scan started
09:00:11.0671 4004 Mode: Manual; TDLFS;
09:00:11.0671 4004 ============================================================
09:00:15.0671 4004 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:00:15.0734 4004 !SASCORE - ok
09:00:17.0203 4004 a2free (0adfa052c927f2a214133e4df2ef5ab0) c:\program files\a-squared free\a2service.exe
09:00:18.0484 4004 a2free - ok
09:00:19.0234 4004 Abiosdsk - ok
09:00:19.0296 4004 abp480n5 - ok
09:00:19.0500 4004 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:00:19.0671 4004 ACPI - ok
09:00:19.0718 4004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:00:19.0718 4004 ACPIEC - ok
09:00:20.0187 4004 AcrSch2Svc (3fc5cc29583196a64185f50448c2f45a) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
09:00:20.0453 4004 AcrSch2Svc - ok
09:00:20.0718 4004 AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
09:00:20.0828 4004 AdobeActiveFileMonitor9.0 - ok
09:00:21.0312 4004 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:00:21.0468 4004 AdobeFlashPlayerUpdateSvc - ok
09:00:21.0500 4004 adpu160m - ok
09:00:22.0265 4004 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
09:00:22.0859 4004 AdvancedSystemCareService5 - ok
09:00:23.0046 4004 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:00:23.0140 4004 aec - ok
09:00:23.0281 4004 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:00:23.0359 4004 AFD - ok
09:00:23.0390 4004 Aha154x - ok
09:00:23.0453 4004 aic78u2 - ok
09:00:23.0500 4004 aic78xx - ok
09:00:23.0578 4004 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:00:23.0593 4004 Alerter - ok
09:00:23.0656 4004 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:00:23.0703 4004 ALG - ok
09:00:23.0765 4004 AliIde - ok
09:00:23.0859 4004 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:00:23.0875 4004 AmdK8 - ok
09:00:23.0984 4004 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
09:00:23.0984 4004 AmdLLD - ok
09:00:24.0015 4004 amsint - ok
09:00:24.0062 4004 AppMgmt - ok
09:00:24.0171 4004 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:00:24.0203 4004 Arp1394 - ok
09:00:24.0281 4004 asc - ok
09:00:24.0531 4004 asc3350p - ok
09:00:24.0578 4004 asc3550 - ok
09:00:24.0859 4004 ASPI32 - ok
09:00:25.0281 4004 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:00:25.0375 4004 aspnet_state - ok
09:00:25.0437 4004 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:00:25.0437 4004 AsyncMac - ok
09:00:25.0562 4004 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:00:25.0562 4004 atapi - ok
09:00:25.0593 4004 Atdisk - ok
09:00:25.0968 4004 Ati HotKey Poller (980b9d7e4f10bcb244cc29e79444ccdb) C:\WINDOWS\system32\Ati2evxx.exe
09:00:26.0218 4004 Ati HotKey Poller - ok
09:00:27.0531 4004 ati2mtag (2af4468ef3c960b9036a279b99d5840d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:00:28.0734 4004 ati2mtag - ok
09:00:29.0359 4004 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:00:29.0390 4004 Atmarpc - ok
09:00:29.0468 4004 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:00:29.0500 4004 AudioSrv - ok
09:00:29.0531 4004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:00:29.0531 4004 audstub - ok
09:00:33.0578 4004 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:00:37.0296 4004 AVGIDSAgent - ok
09:00:37.0890 4004 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
09:00:38.0015 4004 AVGIDSDriver - ok
09:00:38.0125 4004 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
09:00:38.0140 4004 AVGIDSFilter - ok
09:00:38.0203 4004 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
09:00:38.0218 4004 AVGIDSHX - ok
09:00:38.0296 4004 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
09:00:38.0296 4004 AVGIDSShim - ok
09:00:38.0500 4004 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:00:38.0640 4004 Avgldx86 - ok
09:00:38.0750 4004 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:00:38.0765 4004 Avgmfx86 - ok
09:00:38.0812 4004 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:00:38.0843 4004 Avgrkx86 - ok
09:00:39.0203 4004 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:00:39.0218 4004 Avgtdix - ok
09:00:39.0531 4004 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:00:39.0656 4004 avgwd - ok
09:00:39.0781 4004 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
09:00:39.0796 4004 BANTExt - ok
09:00:39.0859 4004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:00:39.0859 4004 Beep - ok
09:00:40.0218 4004 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:00:40.0468 4004 BITS - ok
09:00:40.0578 4004 Brother XP spl Service (34f2f5b6a6d28b8fb872dfd57c5323ac) C:\WINDOWS\system32\brsvc01a.exe
09:00:40.0625 4004 Brother XP spl Service - ok
09:00:40.0718 4004 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:00:40.0734 4004 Browser - ok
09:00:40.0812 4004 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
09:00:40.0828 4004 BrPar - ok
09:00:40.0875 4004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:00:40.0890 4004 cbidf2k - ok
09:00:40.0984 4004 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:00:41.0000 4004 CCDECODE - ok
09:00:41.0031 4004 cd20xrnt - ok
09:00:41.0093 4004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:00:41.0109 4004 Cdaudio - ok
09:00:41.0187 4004 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:00:41.0234 4004 Cdfs - ok
09:00:41.0312 4004 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:00:41.0359 4004 Cdrom - ok
09:00:41.0375 4004 Changer - ok
09:00:41.0453 4004 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:00:41.0468 4004 CiSvc - ok
09:00:41.0578 4004 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:00:41.0593 4004 ClipSrv - ok
09:00:41.0828 4004 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:00:42.0015 4004 clr_optimization_v2.0.50727_32 - ok
09:00:42.0234 4004 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:00:42.0343 4004 clr_optimization_v4.0.30319_32 - ok
09:00:42.0375 4004 CmdIde - ok
09:00:42.0421 4004 COMSysApp - ok
09:00:42.0515 4004 Cpqarray - ok
09:00:42.0734 4004 cpuz130 - ok
09:00:42.0859 4004 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:00:42.0890 4004 CryptSvc - ok
09:00:43.0125 4004 CSQ200 (1dfa19bf74a80a0a008f4921e6ee6519) C:\WINDOWS\system32\Drivers\CSQ200.sys
09:00:43.0156 4004 CSQ200 - ok
09:00:43.0203 4004 dac2w2k - ok
09:00:43.0250 4004 dac960nt - ok
09:00:43.0640 4004 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:00:43.0906 4004 DcomLaunch - ok
09:00:44.0171 4004 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:00:44.0234 4004 Dhcp - ok
09:00:44.0312 4004 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:00:44.0328 4004 Disk - ok
09:00:44.0359 4004 dmadmin - ok
09:00:44.0890 4004 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:00:45.0437 4004 dmboot - ok
09:00:45.0562 4004 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:00:45.0656 4004 dmio - ok
09:00:45.0703 4004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:00:45.0718 4004 dmload - ok
09:00:45.0796 4004 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:00:45.0812 4004 dmserver - ok
09:00:45.0890 4004 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:00:45.0921 4004 DMusic - ok
09:00:46.0093 4004 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:00:46.0109 4004 Dnscache - ok
09:00:46.0312 4004 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:00:46.0390 4004 Dot3svc - ok
09:00:46.0421 4004 dpti2o - ok
09:00:46.0500 4004 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:00:46.0500 4004 drmkaud - ok
09:00:46.0593 4004 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:00:46.0625 4004 EapHost - ok
09:00:46.0671 4004 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
09:00:46.0687 4004 epmntdrv - ok
09:00:46.0796 4004 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:00:46.0812 4004 ERSvc - ok
09:00:46.0906 4004 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
09:00:46.0921 4004 EuGdiDrv - ok
09:00:47.0250 4004 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:00:47.0281 4004 Eventlog - ok
09:00:47.0515 4004 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:00:47.0687 4004 EventSystem - ok
09:00:47.0796 4004 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:00:47.0890 4004 Fastfat - ok
09:00:48.0093 4004 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:00:48.0203 4004 FastUserSwitchingCompatibility - ok
09:00:48.0265 4004 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:00:48.0281 4004 Fdc - ok
09:00:48.0343 4004 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
09:00:48.0359 4004 FilterService - ok
09:00:48.0484 4004 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:00:48.0500 4004 Fips - ok
09:00:48.0578 4004 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:00:48.0593 4004 Flpydisk - ok
09:00:48.0734 4004 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:00:48.0812 4004 FltMgr - ok
09:00:49.0000 4004 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:00:49.0140 4004 FontCache3.0.0.0 - ok
09:00:49.0203 4004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:00:49.0203 4004 Fs_Rec - ok
09:00:49.0312 4004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:00:49.0406 4004 Ftdisk - ok
09:00:49.0437 4004 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
09:00:49.0453 4004 giveio - ok
09:00:49.0500 4004 GMSIPCI - ok
09:00:49.0578 4004 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:00:49.0609 4004 Gpc - ok
09:00:49.0843 4004 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:00:49.0921 4004 gupdate - ok
09:00:50.0015 4004 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:00:50.0031 4004 gupdatem - ok
09:00:50.0218 4004 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:00:50.0296 4004 gusvc - ok
09:00:50.0453 4004 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:00:50.0453 4004 HDAudBus - ok
09:00:50.0562 4004 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:00:50.0578 4004 helpsvc - ok
09:00:50.0609 4004 HidServ - ok
09:00:50.0687 4004 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:00:50.0687 4004 hidusb - ok
09:00:50.0781 4004 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:00:50.0812 4004 hkmsvc - ok
09:00:50.0890 4004 hotcore3 (5d7b322ade369be5f617dcbcd2ca5b9a) C:\WINDOWS\system32\DRIVERS\hotcore3.sys
09:00:50.0906 4004 hotcore3 - ok
09:00:50.0984 4004 hpn - ok
09:00:51.0203 4004 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:00:51.0390 4004 HTTP - ok
09:00:51.0453 4004 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:00:51.0453 4004 HTTPFilter - ok
09:00:51.0484 4004 i2omgmt - ok
09:00:51.0531 4004 i2omp - ok
09:00:51.0609 4004 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:00:51.0640 4004 i8042prt - ok
09:00:52.0312 4004 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:00:52.0875 4004 idsvc - ok
09:00:53.0046 4004 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:00:53.0078 4004 Imapi - ok
09:00:53.0218 4004 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:00:53.0312 4004 ImapiService - ok
09:00:53.0375 4004 ini910u - ok
09:00:56.0484 4004 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:00:59.0468 4004 IntcAzAudAddService - ok
09:00:59.0937 4004 IntelIde - ok
09:01:00.0031 4004 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:01:00.0046 4004 Ip6Fw - ok
09:01:00.0109 4004 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
09:01:00.0125 4004 IPFilter - ok
09:01:00.0171 4004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:01:00.0203 4004 IpFilterDriver - ok
09:01:00.0281 4004 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:01:00.0281 4004 IpInIp - ok
09:01:00.0437 4004 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:01:00.0515 4004 IpNat - ok
09:01:00.0640 4004 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:01:00.0687 4004 IPSec - ok
09:01:00.0734 4004 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:01:00.0750 4004 IRENUM - ok
09:01:00.0875 4004 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:01:00.0890 4004 isapnp - ok
09:01:01.0203 4004 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
09:01:01.0328 4004 JavaQuickStarterService - ok
09:01:01.0390 4004 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:01:01.0406 4004 Kbdclass - ok
09:01:01.0609 4004 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:01:01.0718 4004 kmixer - ok
09:01:01.0828 4004 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:01:01.0890 4004 KSecDD - ok
09:01:02.0062 4004 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:01:02.0109 4004 lanmanserver - ok
09:01:02.0250 4004 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:01:02.0296 4004 lanmanworkstation - ok
09:01:02.0328 4004 Lbd - ok
09:01:02.0375 4004 lbrtfdc - ok
09:01:02.0562 4004 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:01:02.0609 4004 LightScribeService - ok
09:01:02.0687 4004 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:01:02.0687 4004 LmHosts - ok
09:01:02.0812 4004 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
09:01:02.0890 4004 lvpopflt - ok
09:01:02.0953 4004 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
09:01:02.0968 4004 LVPr2Mon - ok
09:01:03.0250 4004 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
09:01:03.0359 4004 LVPrcSrv - ok
09:01:03.0562 4004 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
09:01:03.0718 4004 LVRS - ok
09:01:03.0796 4004 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
09:01:03.0812 4004 LVUSBSta - ok
09:01:08.0234 4004 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
09:01:12.0562 4004 LVUVC - ok
09:01:13.0093 4004 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
09:01:13.0109 4004 MBAMSwissArmy - ok
09:01:13.0203 4004 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:01:13.0218 4004 Messenger - ok
09:01:13.0281 4004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:01:13.0296 4004 mnmdd - ok
09:01:13.0375 4004 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:01:13.0406 4004 mnmsrvc - ok
09:01:13.0468 4004 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:01:13.0484 4004 Modem - ok
09:01:13.0546 4004 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:01:13.0562 4004 Mouclass - ok
09:01:13.0625 4004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:01:13.0640 4004 mouhid - ok
09:01:13.0703 4004 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:01:13.0734 4004 MountMgr - ok
09:01:13.0906 4004 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:01:13.0984 4004 MozillaMaintenance - ok
09:01:14.0015 4004 mraid35x - ok
09:01:14.0203 4004 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:01:14.0312 4004 MRxDAV - ok
09:01:14.0640 4004 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:01:14.0906 4004 MRxSmb - ok
09:01:14.0968 4004 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:01:14.0968 4004 MSDTC - ok
09:01:15.0171 4004 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:01:15.0187 4004 Msfs - ok
09:01:15.0234 4004 MSIServer - ok
09:01:15.0312 4004 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:01:15.0312 4004 MSKSSRV - ok
09:01:15.0359 4004 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:01:15.0359 4004 MSPCLOCK - ok
09:01:15.0421 4004 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:01:15.0421 4004 MSPQM - ok
09:01:15.0500 4004 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:01:15.0515 4004 mssmbios - ok
09:01:15.0562 4004 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:01:15.0562 4004 MSTEE - ok
09:01:15.0671 4004 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:01:15.0734 4004 Mup - ok
09:01:15.0843 4004 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:01:15.0906 4004 NABTSFEC - ok
09:01:16.0156 4004 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:01:16.0343 4004 napagent - ok
09:01:17.0093 4004 NBService (3bae2bfcb6d69e19c8373f635dd544dc) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
09:01:17.0593 4004 NBService - ok
09:01:17.0750 4004 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:01:17.0859 4004 NDIS - ok
09:01:17.0921 4004 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:01:17.0937 4004 NdisIP - ok
09:01:17.0984 4004 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:01:18.0000 4004 NdisTapi - ok
09:01:18.0078 4004 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:01:18.0078 4004 Ndisuio - ok
09:01:18.0156 4004 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:01:18.0218 4004 NdisWan - ok
09:01:18.0312 4004 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:01:18.0328 4004 NDProxy - ok
09:01:18.0390 4004 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:01:18.0406 4004 NetBIOS - ok
09:01:18.0578 4004 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:01:18.0671 4004 NetBT - ok
09:01:18.0796 4004 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:01:18.0875 4004 NetDDE - ok
09:01:18.0921 4004 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:01:18.0921 4004 NetDDEdsdm - ok
09:01:19.0000 4004 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:01:19.0000 4004 Netlogon - ok
09:01:19.0171 4004 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:01:19.0265 4004 Netman - ok
09:01:19.0484 4004 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:01:19.0578 4004 NetTcpPortSharing - ok
09:01:19.0687 4004 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:01:19.0734 4004 NIC1394 - ok
09:01:19.0937 4004 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:01:20.0078 4004 Nla - ok
09:01:20.0468 4004 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
09:01:20.0640 4004 NMIndexingService - ok
09:01:20.0703 4004 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:01:20.0718 4004 Npfs - ok
09:01:21.0171 4004 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:01:21.0531 4004 Ntfs - ok
09:01:21.0609 4004 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:01:21.0609 4004 NtLmSsp - ok
09:01:21.0921 4004 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:01:22.0203 4004 NtmsSvc - ok
09:01:22.0328 4004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:01:22.0328 4004 Null - ok
09:01:22.0390 4004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:01:22.0406 4004 NwlnkFlt - ok
09:01:22.0468 4004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:01:22.0500 4004 NwlnkFwd - ok
09:01:22.0578 4004 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:01:22.0609 4004 ohci1394 - ok
09:01:22.0687 4004 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
09:01:22.0703 4004 PalmUSBD - ok
09:01:22.0796 4004 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:01:22.0859 4004 Parport - ok
09:01:22.0906 4004 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:01:22.0921 4004 PartMgr - ok
09:01:22.0984 4004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:01:23.0000 4004 ParVdm - ok
09:01:23.0078 4004 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:01:23.0125 4004 PCI - ok
09:01:23.0171 4004 PCIDump - ok
09:01:23.0218 4004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:01:23.0234 4004 PCIIde - ok
09:01:23.0359 4004 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:01:23.0437 4004 Pcmcia - ok
09:01:23.0468 4004 PDCOMP - ok
09:01:23.0515 4004 PDFRAME - ok
09:01:23.0562 4004 PDRELI - ok
09:01:23.0609 4004 PDRFRAME - ok
09:01:23.0656 4004 perc2 - ok
09:01:23.0703 4004 perc2hib - ok
09:01:24.0156 4004 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
09:01:24.0484 4004 PID_0928 - ok
09:01:24.0593 4004 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
09:01:24.0656 4004 PLFlash DeviceIoControl Service - ok
09:01:24.0781 4004 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:01:24.0781 4004 PlugPlay - ok
09:01:24.0843 4004 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:01:24.0843 4004 PolicyAgent - ok
09:01:24.0921 4004 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:01:24.0953 4004 PptpMiniport - ok
09:01:25.0015 4004 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:01:25.0046 4004 Processor - ok
09:01:25.0093 4004 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:01:25.0093 4004 ProtectedStorage - ok
09:01:25.0171 4004 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:01:25.0218 4004 PSched - ok
09:01:25.0296 4004 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
09:01:25.0312 4004 PSI - ok
09:01:25.0343 4004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:01:25.0359 4004 Ptilink - ok
09:01:25.0453 4004 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:01:25.0484 4004 PxHelp20 - ok
09:01:25.0515 4004 ql1080 - ok
09:01:25.0562 4004 Ql10wnt - ok
09:01:25.0609 4004 ql12160 - ok
09:01:25.0656 4004 ql1240 - ok
09:01:25.0703 4004 ql1280 - ok
09:01:25.0781 4004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:01:25.0781 4004 RasAcd - ok
09:01:25.0906 4004 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:01:25.0968 4004 RasAuto - ok
09:01:26.0046 4004 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:01:26.0078 4004 Rasl2tp - ok
09:01:26.0234 4004 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:01:26.0328 4004 RasMan - ok
09:01:26.0406 4004 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:01:26.0437 4004 RasPppoe - ok
09:01:26.0500 4004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:01:26.0500 4004 Raspti - ok
09:01:26.0671 4004 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:01:26.0796 4004 Rdbss - ok
09:01:26.0828 4004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:01:26.0828 4004 RDPCDD - ok
09:01:27.0046 4004 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:01:27.0125 4004 RDPWD - ok
09:01:27.0281 4004 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:01:27.0375 4004 RDSessMgr - ok
09:01:27.0468 4004 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:01:27.0500 4004 redbook - ok
09:01:27.0593 4004 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:01:27.0625 4004 RemoteAccess - ok
09:01:27.0703 4004 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:01:27.0734 4004 RimVSerPort - ok
09:01:27.0781 4004 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:01:27.0781 4004 ROOTMODEM - ok
09:01:27.0875 4004 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:01:27.0921 4004 RpcLocator - ok
09:01:28.0218 4004 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:01:28.0234 4004 RpcSs - ok
09:01:28.0375 4004 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:01:28.0453 4004 RSVP - ok
09:01:31.0000 4004 RTHDMIAzAudService (220591905257fcaea87a9590a357c014) C:\WINDOWS\system32\drivers\RtHDMI.sys
09:01:33.0468 4004 RTHDMIAzAudService - ok
09:01:34.0187 4004 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:01:34.0359 4004 RTLE8023xp - ok
09:01:34.0453 4004 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:01:34.0453 4004 SamSs - ok
09:01:34.0671 4004 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:01:34.0687 4004 SASDIFSV - ok
09:01:34.0796 4004 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:01:34.0890 4004 SASKUTIL - ok
09:01:35.0218 4004 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:01:35.0312 4004 SCardSvr - ok
09:01:35.0671 4004 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:01:35.0828 4004 Schedule - ok
09:01:35.0937 4004 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:01:35.0953 4004 Secdrv - ok
09:01:36.0140 4004 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:01:36.0156 4004 seclogon - ok
09:01:36.0265 4004 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:01:36.0296 4004 SENS - ok
09:01:36.0359 4004 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:01:36.0359 4004 serenum - ok
09:01:36.0578 4004 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:01:36.0578 4004 Sfloppy - ok
09:01:36.0843 4004 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:01:37.0015 4004 SharedAccess - ok
09:01:37.0203 4004 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:01:37.0203 4004 ShellHWDetection - ok
09:01:37.0234 4004 Simbad - ok
09:01:37.0296 4004 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:01:37.0312 4004 SLIP - ok
09:01:37.0500 4004 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\WINDOWS\system32\DRIVERS\snapman.sys
09:01:37.0593 4004 snapman - ok
09:01:37.0625 4004 Sparrow - ok
09:01:37.0687 4004 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:01:37.0687 4004 splitter - ok
09:01:37.0781 4004 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:01:37.0828 4004 Spooler - ok
09:01:37.0906 4004 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:01:37.0953 4004 sr - ok
09:01:38.0187 4004 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:01:38.0312 4004 srservice - ok
09:01:38.0578 4004 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:01:38.0812 4004 Srv - ok
09:01:38.0921 4004 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
09:01:38.0968 4004 sscdbus - ok
09:01:39.0093 4004 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
09:01:39.0109 4004 sscdmdfl - ok
09:01:39.0234 4004 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
09:01:39.0296 4004 sscdmdm - ok
09:01:39.0390 4004 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
09:01:39.0453 4004 sscdserd - ok
09:01:39.0546 4004 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:01:39.0609 4004 SSDPSRV - ok
09:01:39.0968 4004 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:01:40.0296 4004 stisvc - ok
09:01:40.0390 4004 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:01:40.0390 4004 streamip - ok
09:01:40.0453 4004 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:01:40.0453 4004 swenum - ok
09:01:40.0531 4004 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:01:40.0562 4004 swmidi - ok
09:01:40.0593 4004 SwPrv - ok
09:01:40.0671 4004 symc810 - ok
09:01:40.0718 4004 symc8xx - ok
09:01:40.0765 4004 sym_hi - ok
09:01:40.0812 4004 sym_u3 - ok
09:01:40.0906 4004 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:01:40.0937 4004 sysaudio - ok
09:01:41.0125 4004 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:01:41.0187 4004 SysmonLog - ok
09:01:41.0421 4004 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:01:41.0578 4004 TapiSrv - ok
09:01:42.0000 4004 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:01:42.0468 4004 Tcpip - ok
09:01:42.0609 4004 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:01:42.0656 4004 TDPIPE - ok
09:01:42.0984 4004 tdrpman (eb53ec341458256deae2ad58822c4a17) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
09:01:43.0421 4004 tdrpman - ok
09:01:43.0484 4004 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:01:43.0500 4004 TDTCP - ok
09:01:43.0609 4004 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:01:43.0718 4004 TermDD - ok
09:01:43.0953 4004 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:01:44.0234 4004 TermService - ok
09:01:44.0390 4004 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:01:44.0390 4004 Themes - ok
09:01:44.0468 4004 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
09:01:44.0500 4004 tifsfilter - ok
09:01:44.0828 4004 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
09:01:45.0156 4004 timounter - ok
09:01:45.0187 4004 TosIde - ok
09:01:45.0343 4004 TotRec7 (53d06e5a0fdd4d9447840fd23c3ff4a6) C:\WINDOWS\system32\drivers\TotRec7.sys
09:01:45.0437 4004 TotRec7 - ok
09:01:45.0609 4004 TotRec8 (9647e89bb2909560753ac371c95d3f0e) C:\WINDOWS\system32\drivers\TotRec8.sys
09:01:45.0687 4004 TotRec8 - ok
09:01:45.0781 4004 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:01:45.0843 4004 TrkWks - ok
09:01:46.0390 4004 TryAndDecideService (02c16294d7903fc0c7f2de953126b28a) C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
09:01:46.0718 4004 TryAndDecideService - ok
09:01:46.0828 4004 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:01:46.0875 4004 Udfs - ok
09:01:46.0921 4004 ultra - ok
09:01:47.0359 4004 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:01:47.0578 4004 Update - ok
09:01:47.0750 4004 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:01:47.0921 4004 upnphost - ok
09:01:48.0000 4004 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:01:48.0015 4004 UPS - ok
09:01:48.0265 4004 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:01:48.0312 4004 usbaudio - ok
09:01:48.0406 4004 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:01:48.0437 4004 usbccgp - ok
09:01:48.0531 4004 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:01:48.0546 4004 usbehci - ok
09:01:48.0671 4004 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:01:48.0703 4004 usbhub - ok
09:01:48.0750 4004 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:01:48.0765 4004 usbohci - ok
09:01:48.0843 4004 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:01:48.0859 4004 usbprint - ok
09:01:48.0953 4004 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:01:48.0953 4004 usbscan - ok
09:01:49.0125 4004 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:01:49.0187 4004 USBSTOR - ok
09:01:49.0343 4004 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:01:49.0406 4004 usbvideo - ok
09:01:49.0500 4004 VBoxNetAdp (4ef76d8d7505f20dbf54886c01a7a730) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
09:01:49.0562 4004 VBoxNetAdp - ok
09:01:49.0593 4004 VBoxNetFlt - ok
09:01:49.0687 4004 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:01:49.0703 4004 VgaSave - ok
09:01:49.0750 4004 ViaIde - ok
09:01:49.0875 4004 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:01:49.0906 4004 VolSnap - ok
09:01:50.0265 4004 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:01:50.0437 4004 VSS - ok
09:01:50.0593 4004 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:01:50.0718 4004 W32Time - ok
09:01:50.0796 4004 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:01:50.0812 4004 Wanarp - ok
09:01:50.0843 4004 WDICA - ok
09:01:51.0000 4004 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:01:51.0156 4004 wdmaud - ok
09:01:51.0343 4004 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:01:51.0375 4004 WebClient - ok
09:01:51.0625 4004 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:01:51.0687 4004 winmgmt - ok
09:01:52.0625 4004 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
09:01:53.0468 4004 WinRM - ok
09:01:53.0640 4004 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
09:01:53.0656 4004 WmdmPmSN - ok
09:01:53.0843 4004 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:01:53.0921 4004 WmiApSrv - ok
09:01:55.0000 4004 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:01:55.0781 4004 WMPNetworkSvc - ok
09:01:56.0250 4004 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:01:56.0265 4004 WpdUsb - ok
09:01:57.0218 4004 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:01:57.0734 4004 WPFFontCache_v0400 - ok
09:01:57.0828 4004 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:01:57.0843 4004 WSTCODEC - ok
09:01:57.0984 4004 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:01:58.0000 4004 wuauserv - ok
09:01:58.0234 4004 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:01:58.0296 4004 WudfPf - ok
09:01:58.0390 4004 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:01:58.0453 4004 WudfRd - ok
09:01:58.0562 4004 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:01:58.0593 4004 WudfSvc - ok
09:01:58.0953 4004 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:01:59.0562 4004 WZCSVC - ok
09:01:59.0859 4004 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:01:59.0937 4004 xmlprov - ok
09:02:00.0296 4004 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:02:00.0343 4004 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
09:02:00.0343 4004 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
09:02:02.0296 4004 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:02:02.0296 4004 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:02:02.0375 4004 Boot (0x1200) (4f482c705f53e6860eea482bdd83f686) \Device\Harddisk0\DR0\Partition0
09:02:02.0375 4004 \Device\Harddisk0\DR0\Partition0 - ok
09:02:02.0375 4004 ============================================================
09:02:02.0375 4004 Scan finished
09:02:02.0375 4004 ============================================================
09:02:02.0453 3996 Detected object count: 2
09:02:02.0453 3996 Actual detected object count: 2
09:03:27.0609 3996 \Device\Harddisk0\DR0\# - copied to quarantine
09:03:27.0625 3996 \Device\Harddisk0\DR0 - copied to quarantine
09:03:29.0375 3996 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
09:03:29.0468 3996 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
09:03:29.0468 3996 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
09:03:29.0468 3996 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
09:03:29.0484 3996 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
09:03:29.0500 3996 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
09:03:29.0531 3996 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:03:29.0546 3996 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:03:29.0546 3996 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
09:03:29.0546 3996 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
09:03:29.0546 3996 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:03:29.0562 3996 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:03:29.0562 3996 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
09:03:29.0562 3996 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
09:03:29.0578 3996 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
09:03:29.0625 3996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
09:03:29.0625 3996 \Device\Harddisk0\DR0 - ok
09:03:29.0781 3996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
09:03:29.0781 3996 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:03:29.0781 3996 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:04:05.0734 3768 Deinitialize success



aswMBR
Was a little nervous when instructions said this download would be 511KB and the file downloaded as 4.5MB, but seemed to run fine. Also, when program suggested that I install Avast! Free Antivirus I said, "No".

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-26 09:10:28
-----------------------------
09:10:28.468 OS Version: Windows 5.1.2600 Service Pack 3
09:10:28.468 Number of processors: 2 586 0x6B02
09:10:28.468 ComputerName: COLEMAN200 UserName: katie
09:10:34.937 Initialize success
09:12:33.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:12:33.140 Disk 0 Vendor: WDC_WD3200AAJS-00B4A0 01.03A01 Size: 305245MB BusType: 3
09:12:33.203 Disk 0 MBR read successfully
09:12:33.218 Disk 0 MBR scan
09:12:33.250 Disk 0 Windows XP default MBR code
09:12:33.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
09:12:33.343 Disk 0 scanning sectors +625137345
09:12:33.515 Disk 0 scanning C:\WINDOWS\system32\drivers
09:13:33.359 Service scanning
09:14:21.171 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
09:14:59.500 Modules scanning
09:15:18.937 Disk 0 trace - called modules:
09:15:19.015 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
09:15:19.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5859c0]
09:15:21.593 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a5bd9e8]
09:15:21.750 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5f2940]
09:15:21.890 Scan finished successfully
09:15:40.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\katie\Desktop\MBR.dat"
09:15:40.093 The log file has been saved successfully to "C:\Documents and Settings\katie\Desktop\aswMBR.txt"



MBAM
Instructions used the term, "in normal mode"--- I took that to mean the normal mode of the program--- Should I have re-booted before running MBAM??

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.11

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
katie :: COLEMAN200 [administrator]

7/26/2012 9:18:48 AM
mbam-log-2012-07-26 (09-18-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261031
Time elapsed: 29 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I am writing from this computer now and things seem to be running without unwanted audio playing in the background-- thank you.

It is still running slowly, so may have other problems- but that is another question, I am sure.

Thank you for your help thus far
katiemay

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:06 PM

Posted 26 July 2012 - 12:01 PM

Hello,you did fine.
That Pihar was the big issue

Now in regular/normal mode rerun TDSSkiller.
Change the optionon these to Cure or Delete

09:03:29.0781 3996 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:03:29.0781 3996 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Now lets clean the Temp folder,get a little more system info and see if there is anything left.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.



This will need a couple hours,so you can post the Mini and Tdss logs first.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 26 July 2012 - 01:38 PM

TDSS & Mini logs

14:05:33.0781 3472 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:05:35.0781 3472 ============================================================
14:05:35.0781 3472 Current date / time: 2012/07/26 14:05:35.0781
14:05:35.0781 3472 SystemInfo:
14:05:35.0781 3472
14:05:35.0781 3472 OS Version: 5.1.2600 ServicePack: 3.0
14:05:35.0781 3472 Product type: Workstation
14:05:35.0781 3472 ComputerName: COLEMAN200
14:05:35.0781 3472 UserName: katie
14:05:35.0781 3472 Windows directory: C:\WINDOWS
14:05:35.0781 3472 System windows directory: C:\WINDOWS
14:05:35.0781 3472 Processor architecture: Intel x86
14:05:35.0781 3472 Number of processors: 2
14:05:35.0781 3472 Page size: 0x1000
14:05:35.0781 3472 Boot type: Normal boot
14:05:35.0781 3472 ============================================================
14:05:46.0171 3472 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:05:46.0187 3472 ============================================================
14:05:46.0187 3472 \Device\Harddisk0\DR0:
14:05:46.0265 3472 MBR partitions:
14:05:46.0265 3472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
14:05:46.0281 3472 ============================================================
14:05:46.0546 3472 C: <-> \Device\Harddisk0\DR0\Partition0
14:05:46.0546 3472 ============================================================
14:05:46.0546 3472 Initialize success
14:05:46.0546 3472 ============================================================
14:07:05.0453 0988 ============================================================
14:07:05.0453 0988 Scan started
14:07:05.0453 0988 Mode: Manual;
14:07:05.0453 0988 ============================================================
14:07:06.0453 0988 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:07:09.0265 0988 !SASCORE - ok
14:07:15.0250 0988 a2free (0adfa052c927f2a214133e4df2ef5ab0) c:\program files\a-squared free\a2service.exe
14:07:20.0593 0988 a2free - ok
14:07:22.0703 0988 Abiosdsk - ok
14:07:22.0703 0988 abp480n5 - ok
14:07:23.0375 0988 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:07:24.0765 0988 ACPI - ok
14:07:24.0937 0988 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:07:25.0937 0988 ACPIEC - ok
14:07:26.0796 0988 AcrSch2Svc (3fc5cc29583196a64185f50448c2f45a) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
14:07:27.0953 0988 AcrSch2Svc - ok
14:07:28.0390 0988 AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
14:07:29.0125 0988 AdobeActiveFileMonitor9.0 - ok
14:07:29.0406 0988 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:07:29.0500 0988 AdobeFlashPlayerUpdateSvc - ok
14:07:29.0515 0988 adpu160m - ok
14:07:31.0328 0988 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
14:07:33.0593 0988 AdvancedSystemCareService5 - ok
14:07:33.0953 0988 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:07:34.0375 0988 aec - ok
14:07:34.0687 0988 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:07:34.0859 0988 AFD - ok
14:07:34.0859 0988 Aha154x - ok
14:07:34.0875 0988 aic78u2 - ok
14:07:34.0921 0988 aic78xx - ok
14:07:35.0203 0988 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:07:36.0640 0988 Alerter - ok
14:07:37.0296 0988 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:07:39.0015 0988 ALG - ok
14:07:39.0031 0988 AliIde - ok
14:07:39.0781 0988 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:07:41.0593 0988 AmdK8 - ok
14:07:42.0156 0988 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
14:07:43.0937 0988 AmdLLD - ok
14:07:43.0937 0988 amsint - ok
14:07:43.0968 0988 AppMgmt - ok
14:07:45.0125 0988 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:07:46.0343 0988 Arp1394 - ok
14:07:46.0359 0988 asc - ok
14:07:46.0375 0988 asc3350p - ok
14:07:46.0375 0988 asc3550 - ok
14:07:46.0390 0988 ASPI32 - ok
14:07:48.0906 0988 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:07:49.0343 0988 aspnet_state - ok
14:07:49.0343 0988 Scan interrupted by user!
14:07:49.0343 0988 Scan interrupted by user!
14:07:49.0343 0988 Scan interrupted by user!
14:07:49.0343 0988 ============================================================
14:07:49.0343 0988 Scan finished
14:07:49.0343 0988 ============================================================
14:07:49.0359 2712 Detected object count: 0
14:07:49.0359 2712 Actual detected object count: 0
14:08:09.0062 3544 ============================================================
14:08:09.0062 3544 Scan started
14:08:09.0062 3544 Mode: Manual; TDLFS;
14:08:09.0062 3544 ============================================================
14:08:13.0250 3544 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:08:13.0250 3544 !SASCORE - ok
14:08:28.0000 3544 a2free (0adfa052c927f2a214133e4df2ef5ab0) c:\program files\a-squared free\a2service.exe
14:08:28.0015 3544 a2free - ok
14:08:31.0671 3544 Abiosdsk - ok
14:08:31.0671 3544 abp480n5 - ok
14:08:32.0843 3544 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:08:32.0843 3544 ACPI - ok
14:08:33.0046 3544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:08:33.0062 3544 ACPIEC - ok
14:08:35.0687 3544 AcrSch2Svc (3fc5cc29583196a64185f50448c2f45a) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
14:08:35.0687 3544 AcrSch2Svc - ok
14:08:37.0234 3544 AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
14:08:37.0234 3544 AdobeActiveFileMonitor9.0 - ok
14:08:38.0718 3544 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:08:38.0718 3544 AdobeFlashPlayerUpdateSvc - ok
14:08:38.0765 3544 adpu160m - ok
14:08:44.0640 3544 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
14:08:44.0687 3544 AdvancedSystemCareService5 - ok
14:08:45.0781 3544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:08:45.0781 3544 aec - ok
14:08:46.0578 3544 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:08:46.0593 3544 AFD - ok
14:08:46.0593 3544 Aha154x - ok
14:08:46.0625 3544 aic78u2 - ok
14:08:46.0656 3544 aic78xx - ok
14:08:46.0828 3544 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:08:46.0859 3544 Alerter - ok
14:08:47.0156 3544 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:08:47.0171 3544 ALG - ok
14:08:47.0187 3544 AliIde - ok
14:08:47.0453 3544 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:08:47.0453 3544 AmdK8 - ok
14:08:47.0734 3544 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
14:08:47.0734 3544 AmdLLD - ok
14:08:47.0734 3544 amsint - ok
14:08:47.0734 3544 AppMgmt - ok
14:08:48.0203 3544 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:08:48.0203 3544 Arp1394 - ok
14:08:48.0234 3544 asc - ok
14:08:48.0234 3544 asc3350p - ok
14:08:48.0250 3544 asc3550 - ok
14:08:48.0328 3544 ASPI32 - ok
14:08:49.0093 3544 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:08:49.0093 3544 aspnet_state - ok
14:08:49.0250 3544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:08:50.0718 3544 AsyncMac - ok
14:08:51.0812 3544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:08:51.0812 3544 atapi - ok
14:08:51.0828 3544 Atdisk - ok
14:08:53.0671 3544 Ati HotKey Poller (980b9d7e4f10bcb244cc29e79444ccdb) C:\WINDOWS\system32\Ati2evxx.exe
14:08:56.0609 3544 Ati HotKey Poller - ok
14:09:05.0593 3544 ati2mtag (2af4468ef3c960b9036a279b99d5840d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:09:10.0734 3544 ati2mtag - ok
14:09:15.0734 3544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:09:16.0875 3544 Atmarpc - ok
14:09:17.0250 3544 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:09:17.0531 3544 AudioSrv - ok
14:09:17.0593 3544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:09:18.0421 3544 audstub - ok
14:09:51.0812 3544 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
14:09:56.0515 3544 AVGIDSAgent - ok
14:09:57.0281 3544 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
14:09:57.0765 3544 AVGIDSDriver - ok
14:09:57.0812 3544 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
14:09:58.0250 3544 AVGIDSFilter - ok
14:09:58.0312 3544 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
14:09:58.0656 3544 AVGIDSHX - ok
14:09:58.0703 3544 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
14:09:59.0046 3544 AVGIDSShim - ok
14:09:59.0296 3544 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:09:59.0765 3544 Avgldx86 - ok
14:09:59.0984 3544 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:10:01.0312 3544 Avgmfx86 - ok
14:10:01.0406 3544 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:10:01.0781 3544 Avgrkx86 - ok
14:10:02.0078 3544 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:10:02.0578 3544 Avgtdix - ok
14:10:02.0921 3544 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:10:03.0937 3544 avgwd - ok
14:10:04.0000 3544 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
14:10:04.0234 3544 BANTExt - ok
14:10:04.0296 3544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:10:04.0546 3544 Beep - ok
14:10:04.0921 3544 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:10:05.0718 3544 BITS - ok
14:10:05.0859 3544 Brother XP spl Service (34f2f5b6a6d28b8fb872dfd57c5323ac) C:\WINDOWS\system32\brsvc01a.exe
14:10:06.0265 3544 Brother XP spl Service - ok
14:10:06.0406 3544 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:10:06.0546 3544 Browser - ok
14:10:06.0625 3544 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
14:10:06.0890 3544 BrPar - ok
14:10:06.0953 3544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:10:07.0250 3544 cbidf2k - ok
14:10:07.0296 3544 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:10:07.0546 3544 CCDECODE - ok
14:10:07.0546 3544 cd20xrnt - ok
14:10:07.0609 3544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:10:07.0781 3544 Cdaudio - ok
14:10:07.0859 3544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:10:08.0109 3544 Cdfs - ok
14:10:08.0187 3544 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:10:08.0515 3544 Cdrom - ok
14:10:08.0515 3544 Changer - ok
14:10:08.0562 3544 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:10:08.0734 3544 CiSvc - ok
14:10:08.0796 3544 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:10:09.0234 3544 ClipSrv - ok
14:10:09.0531 3544 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:10:09.0562 3544 clr_optimization_v2.0.50727_32 - ok
14:10:09.0796 3544 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:10:09.0906 3544 clr_optimization_v4.0.30319_32 - ok
14:10:09.0906 3544 CmdIde - ok
14:10:09.0921 3544 COMSysApp - ok
14:10:09.0937 3544 Cpqarray - ok
14:10:10.0109 3544 cpuz130 - ok
14:10:10.0218 3544 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:10:10.0343 3544 CryptSvc - ok
14:10:10.0421 3544 CSQ200 (1dfa19bf74a80a0a008f4921e6ee6519) C:\WINDOWS\system32\Drivers\CSQ200.sys
14:10:10.0609 3544 CSQ200 - ok
14:10:10.0625 3544 dac2w2k - ok
14:10:10.0625 3544 dac960nt - ok
14:10:11.0046 3544 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:10:11.0343 3544 DcomLaunch - ok
14:10:11.0468 3544 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:10:11.0734 3544 Dhcp - ok
14:10:11.0859 3544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:10:12.0125 3544 Disk - ok
14:10:12.0125 3544 dmadmin - ok
14:10:12.0953 3544 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:10:13.0812 3544 dmboot - ok
14:10:13.0968 3544 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:10:14.0656 3544 dmio - ok
14:10:14.0703 3544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:10:14.0984 3544 dmload - ok
14:10:15.0062 3544 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:10:15.0140 3544 dmserver - ok
14:10:15.0234 3544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:10:15.0343 3544 DMusic - ok
14:10:15.0500 3544 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:10:15.0531 3544 Dnscache - ok
14:10:15.0640 3544 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:10:16.0390 3544 Dot3svc - ok
14:10:16.0406 3544 dpti2o - ok
14:10:16.0437 3544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:10:16.0484 3544 drmkaud - ok
14:10:16.0609 3544 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:10:17.0093 3544 EapHost - ok
14:10:17.0218 3544 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
14:10:18.0046 3544 epmntdrv - ok
14:10:18.0187 3544 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:10:18.0281 3544 ERSvc - ok
14:10:18.0390 3544 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
14:10:18.0843 3544 EuGdiDrv - ok
14:10:18.0953 3544 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:10:19.0015 3544 Eventlog - ok
14:10:19.0250 3544 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:10:19.0453 3544 EventSystem - ok
14:10:19.0562 3544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:10:20.0046 3544 Fastfat - ok
14:10:20.0281 3544 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:10:20.0406 3544 FastUserSwitchingCompatibility - ok
14:10:20.0531 3544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:10:20.0750 3544 Fdc - ok
14:10:20.0890 3544 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
14:10:21.0093 3544 FilterService - ok
14:10:21.0171 3544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:10:21.0593 3544 Fips - ok
14:10:21.0625 3544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:10:21.0875 3544 Flpydisk - ok
14:10:22.0031 3544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:10:22.0515 3544 FltMgr - ok
14:10:22.0750 3544 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:10:22.0750 3544 FontCache3.0.0.0 - ok
14:10:22.0812 3544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:10:23.0125 3544 Fs_Rec - ok
14:10:23.0250 3544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:10:24.0093 3544 Ftdisk - ok
14:10:24.0156 3544 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
14:10:24.0625 3544 giveio - ok
14:10:24.0625 3544 GMSIPCI - ok
14:10:24.0687 3544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:10:25.0140 3544 Gpc - ok
14:10:25.0812 3544 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:10:25.0984 3544 gupdate - ok
14:10:25.0984 3544 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:10:25.0984 3544 gupdatem - ok
14:10:26.0546 3544 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:10:27.0078 3544 gusvc - ok
14:10:27.0656 3544 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:10:28.0515 3544 HDAudBus - ok
14:10:28.0859 3544 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:10:29.0078 3544 helpsvc - ok
14:10:29.0093 3544 HidServ - ok
14:10:29.0187 3544 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:10:29.0390 3544 hidusb - ok
14:10:29.0515 3544 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:10:29.0703 3544 hkmsvc - ok
14:10:29.0843 3544 hotcore3 (5d7b322ade369be5f617dcbcd2ca5b9a) C:\WINDOWS\system32\DRIVERS\hotcore3.sys
14:10:30.0015 3544 hotcore3 - ok
14:10:30.0031 3544 hpn - ok
14:10:30.0328 3544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:10:30.0484 3544 HTTP - ok
14:10:30.0562 3544 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:10:30.0828 3544 HTTPFilter - ok
14:10:30.0843 3544 i2omgmt - ok
14:10:30.0843 3544 i2omp - ok
14:10:31.0000 3544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:10:31.0453 3544 i8042prt - ok
14:10:32.0187 3544 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:10:32.0187 3544 idsvc - ok
14:10:32.0234 3544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:10:32.0546 3544 Imapi - ok
14:10:32.0765 3544 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:10:33.0000 3544 ImapiService - ok
14:10:33.0015 3544 ini910u - ok
14:10:36.0953 3544 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:10:40.0593 3544 IntcAzAudAddService - ok
14:10:41.0500 3544 IntelIde - ok
14:10:41.0593 3544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:10:42.0171 3544 Ip6Fw - ok
14:10:42.0234 3544 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
14:10:42.0609 3544 IPFilter - ok
14:10:42.0671 3544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:10:43.0140 3544 IpFilterDriver - ok
14:10:43.0203 3544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:10:43.0453 3544 IpInIp - ok
14:10:43.0562 3544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:10:44.0187 3544 IpNat - ok
14:10:44.0312 3544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:10:44.0609 3544 IPSec - ok
14:10:44.0640 3544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:10:45.0046 3544 IRENUM - ok
14:10:45.0093 3544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:10:45.0421 3544 isapnp - ok
14:10:45.0750 3544 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
14:10:46.0515 3544 JavaQuickStarterService - ok
14:10:46.0765 3544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:10:46.0984 3544 Kbdclass - ok
14:10:47.0296 3544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:10:47.0437 3544 kmixer - ok
14:10:47.0531 3544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:10:47.0593 3544 KSecDD - ok
14:10:47.0843 3544 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:10:47.0906 3544 lanmanserver - ok
14:10:48.0031 3544 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:10:48.0250 3544 lanmanworkstation - ok
14:10:48.0281 3544 Lbd - ok
14:10:48.0312 3544 lbrtfdc - ok
14:10:48.0687 3544 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:10:49.0812 3544 LightScribeService - ok
14:10:49.0906 3544 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:10:50.0140 3544 LmHosts - ok
14:10:50.0265 3544 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
14:10:50.0609 3544 lvpopflt - ok
14:10:50.0671 3544 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
14:10:51.0609 3544 LVPr2Mon - ok
14:10:52.0156 3544 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
14:10:53.0187 3544 LVPrcSrv - ok
14:10:53.0453 3544 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
14:10:53.0812 3544 LVRS - ok
14:10:53.0968 3544 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
14:10:53.0968 3544 LVUSBSta - ok
14:11:00.0281 3544 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
14:11:06.0156 3544 LVUVC - ok
14:11:07.0375 3544 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:11:07.0671 3544 Messenger - ok
14:11:07.0765 3544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:11:08.0281 3544 mnmdd - ok
14:11:08.0406 3544 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:11:09.0625 3544 mnmsrvc - ok
14:11:09.0750 3544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:11:10.0625 3544 Modem - ok
14:11:10.0718 3544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:11:11.0031 3544 Mouclass - ok
14:11:11.0093 3544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:11:11.0359 3544 mouhid - ok
14:11:11.0468 3544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:11:12.0156 3544 MountMgr - ok
14:11:12.0421 3544 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:11:13.0515 3544 MozillaMaintenance - ok
14:11:13.0515 3544 mraid35x - ok
14:11:13.0671 3544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:11:13.0812 3544 MRxDAV - ok
14:11:14.0312 3544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:11:14.0593 3544 MRxSmb - ok
14:11:14.0671 3544 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:11:15.0000 3544 MSDTC - ok
14:11:15.0031 3544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:11:15.0359 3544 Msfs - ok
14:11:15.0375 3544 MSIServer - ok
14:11:15.0500 3544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:11:15.0859 3544 MSKSSRV - ok
14:11:15.0906 3544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:11:16.0125 3544 MSPCLOCK - ok
14:11:16.0140 3544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:11:16.0421 3544 MSPQM - ok
14:11:16.0484 3544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:11:16.0734 3544 mssmbios - ok
14:11:16.0781 3544 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:11:17.0031 3544 MSTEE - ok
14:11:17.0265 3544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:11:17.0343 3544 Mup - ok
14:11:17.0421 3544 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:11:17.0703 3544 NABTSFEC - ok
14:11:18.0000 3544 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:11:18.0546 3544 napagent - ok
14:11:19.0453 3544 NBService (3bae2bfcb6d69e19c8373f635dd544dc) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
14:11:20.0656 3544 NBService - ok
14:11:20.0796 3544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:11:21.0390 3544 NDIS - ok
14:11:21.0437 3544 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:11:21.0578 3544 NdisIP - ok
14:11:21.0671 3544 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:11:21.0703 3544 NdisTapi - ok
14:11:21.0765 3544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:11:21.0796 3544 Ndisuio - ok
14:11:21.0859 3544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:11:22.0156 3544 NdisWan - ok
14:11:22.0343 3544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:11:22.0375 3544 NDProxy - ok
14:11:22.0437 3544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:11:22.0703 3544 NetBIOS - ok
14:11:22.0906 3544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:11:23.0281 3544 NetBT - ok
14:11:23.0421 3544 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:11:23.0859 3544 NetDDE - ok
14:11:23.0890 3544 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:11:23.0937 3544 NetDDEdsdm - ok
14:11:23.0984 3544 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:11:23.0984 3544 Netlogon - ok
14:11:24.0156 3544 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:11:24.0375 3544 Netman - ok
14:11:24.0640 3544 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:11:24.0640 3544 NetTcpPortSharing - ok
14:11:24.0703 3544 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:11:25.0312 3544 NIC1394 - ok
14:11:25.0562 3544 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:11:25.0703 3544 Nla - ok
14:11:26.0203 3544 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
14:11:26.0812 3544 NMIndexingService - ok
14:11:26.0953 3544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:11:27.0218 3544 Npfs - ok
14:11:28.0156 3544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:11:28.0750 3544 Ntfs - ok
14:11:28.0953 3544 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:11:28.0953 3544 NtLmSsp - ok
14:11:29.0609 3544 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:11:30.0312 3544 NtmsSvc - ok
14:11:30.0359 3544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:11:30.0609 3544 Null - ok
14:11:30.0656 3544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:11:31.0000 3544 NwlnkFlt - ok
14:11:31.0062 3544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:11:31.0390 3544 NwlnkFwd - ok
14:11:31.0453 3544 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:11:31.0812 3544 ohci1394 - ok
14:11:31.0968 3544 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
14:11:32.0156 3544 PalmUSBD - ok
14:11:32.0296 3544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:11:32.0656 3544 Parport - ok
14:11:32.0687 3544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:11:33.0046 3544 PartMgr - ok
14:11:33.0140 3544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:11:33.0312 3544 ParVdm - ok
14:11:33.0531 3544 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:11:34.0281 3544 PCI - ok
14:11:34.0281 3544 PCIDump - ok
14:11:34.0328 3544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:11:34.0421 3544 PCIIde - ok
14:11:34.0578 3544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:11:35.0078 3544 Pcmcia - ok
14:11:35.0093 3544 PDCOMP - ok
14:11:35.0093 3544 PDFRAME - ok
14:11:35.0093 3544 PDRELI - ok
14:11:35.0109 3544 PDRFRAME - ok
14:11:35.0109 3544 perc2 - ok
14:11:35.0125 3544 perc2hib - ok
14:11:35.0531 3544 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
14:11:36.0156 3544 PID_0928 - ok
14:11:36.0234 3544 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
14:11:36.0500 3544 PLFlash DeviceIoControl Service - ok
14:11:36.0968 3544 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:11:36.0968 3544 PlugPlay - ok
14:11:37.0125 3544 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:11:37.0156 3544 PolicyAgent - ok
14:11:37.0250 3544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:11:37.0578 3544 PptpMiniport - ok
14:11:37.0640 3544 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:11:38.0062 3544 Processor - ok
14:11:38.0062 3544 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:11:38.0062 3544 ProtectedStorage - ok
14:11:38.0125 3544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:11:38.0328 3544 PSched - ok
14:11:38.0437 3544 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
14:11:38.0625 3544 PSI - ok
14:11:38.0687 3544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:11:39.0109 3544 Ptilink - ok
14:11:39.0312 3544 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:11:39.0531 3544 PxHelp20 - ok
14:11:39.0531 3544 ql1080 - ok
14:11:39.0546 3544 Ql10wnt - ok
14:11:39.0546 3544 ql12160 - ok
14:11:39.0546 3544 ql1240 - ok
14:11:39.0562 3544 ql1280 - ok
14:11:39.0656 3544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:11:39.0781 3544 RasAcd - ok
14:11:39.0968 3544 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:11:40.0156 3544 RasAuto - ok
14:11:40.0281 3544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:11:40.0421 3544 Rasl2tp - ok
14:11:40.0609 3544 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:11:41.0078 3544 RasMan - ok
14:11:41.0203 3544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:11:41.0375 3544 RasPppoe - ok
14:11:41.0484 3544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:11:41.0671 3544 Raspti - ok
14:11:41.0921 3544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:11:42.0500 3544 Rdbss - ok
14:11:42.0593 3544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:11:42.0734 3544 RDPCDD - ok
14:11:42.0937 3544 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:11:43.0015 3544 RDPWD - ok
14:11:43.0203 3544 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:11:43.0515 3544 RDSessMgr - ok
14:11:43.0578 3544 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:11:43.0781 3544 redbook - ok
14:11:43.0859 3544 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:11:44.0250 3544 RemoteAccess - ok
14:11:44.0296 3544 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
14:11:44.0437 3544 RimVSerPort - ok
14:11:44.0484 3544 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
14:11:44.0625 3544 ROOTMODEM - ok
14:11:44.0781 3544 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:11:44.0984 3544 RpcLocator - ok
14:11:45.0437 3544 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:11:45.0453 3544 RpcSs - ok
14:11:45.0734 3544 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:11:46.0156 3544 RSVP - ok
14:11:49.0312 3544 RTHDMIAzAudService (220591905257fcaea87a9590a357c014) C:\WINDOWS\system32\drivers\RtHDMI.sys
14:11:52.0234 3544 RTHDMIAzAudService - ok
14:11:52.0953 3544 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:11:53.0125 3544 RTLE8023xp - ok
14:11:53.0203 3544 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:11:53.0203 3544 SamSs - ok
14:11:53.0328 3544 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:11:53.0531 3544 SASDIFSV - ok
14:11:53.0578 3544 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:11:53.0843 3544 SASKUTIL - ok
14:11:53.0984 3544 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:11:54.0187 3544 SCardSvr - ok
14:11:54.0406 3544 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:11:54.0609 3544 Schedule - ok
14:11:54.0671 3544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:11:54.0718 3544 Secdrv - ok
14:11:54.0750 3544 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:11:54.0796 3544 seclogon - ok
14:11:54.0875 3544 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:11:54.0906 3544 SENS - ok
14:11:54.0953 3544 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:11:55.0140 3544 serenum - ok
14:11:55.0187 3544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:11:55.0531 3544 Sfloppy - ok
14:11:55.0875 3544 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:11:56.0125 3544 SharedAccess - ok
14:11:56.0250 3544 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:11:56.0250 3544 ShellHWDetection - ok
14:11:56.0250 3544 Simbad - ok
14:11:56.0343 3544 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:11:56.0515 3544 SLIP - ok
14:11:56.0750 3544 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\WINDOWS\system32\DRIVERS\snapman.sys
14:11:57.0156 3544 snapman - ok
14:11:57.0171 3544 Sparrow - ok
14:11:57.0187 3544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:11:57.0218 3544 splitter - ok
14:11:57.0296 3544 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:11:57.0328 3544 Spooler - ok
14:11:57.0421 3544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:11:57.0625 3544 sr - ok
14:11:57.0796 3544 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:11:58.0000 3544 srservice - ok
14:11:58.0265 3544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:11:58.0609 3544 Srv - ok
14:11:58.0765 3544 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
14:11:59.0156 3544 sscdbus - ok
14:11:59.0250 3544 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
14:11:59.0765 3544 sscdmdfl - ok
14:12:00.0046 3544 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
14:12:00.0390 3544 sscdmdm - ok
14:12:00.0468 3544 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
14:12:00.0843 3544 sscdserd - ok
14:12:00.0968 3544 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:12:01.0140 3544 SSDPSRV - ok
14:12:01.0562 3544 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:12:01.0812 3544 stisvc - ok
14:12:01.0906 3544 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:12:02.0203 3544 streamip - ok
14:12:02.0218 3544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:12:02.0468 3544 swenum - ok
14:12:02.0562 3544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:12:02.0625 3544 swmidi - ok
14:12:02.0640 3544 SwPrv - ok
14:12:02.0640 3544 symc810 - ok
14:12:02.0656 3544 symc8xx - ok
14:12:02.0656 3544 sym_hi - ok
14:12:02.0671 3544 sym_u3 - ok
14:12:02.0796 3544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:12:02.0906 3544 sysaudio - ok
14:12:03.0015 3544 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:12:03.0234 3544 SysmonLog - ok
14:12:03.0453 3544 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:12:03.0859 3544 TapiSrv - ok
14:12:04.0265 3544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:12:04.0515 3544 Tcpip - ok
14:12:04.0578 3544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:12:04.0781 3544 TDPIPE - ok
14:12:05.0234 3544 tdrpman (eb53ec341458256deae2ad58822c4a17) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
14:12:05.0875 3544 tdrpman - ok
14:12:05.0968 3544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:12:06.0203 3544 TDTCP - ok
14:12:06.0281 3544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:12:07.0062 3544 TermDD - ok
14:12:07.0500 3544 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:12:08.0203 3544 TermService - ok
14:12:08.0484 3544 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:12:08.0484 3544 Themes - ok
14:12:08.0656 3544 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
14:12:09.0203 3544 tifsfilter - ok
14:12:09.0765 3544 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
14:12:10.0750 3544 timounter - ok
14:12:10.0750 3544 TosIde - ok
14:12:11.0078 3544 TotRec7 (53d06e5a0fdd4d9447840fd23c3ff4a6) C:\WINDOWS\system32\drivers\TotRec7.sys
14:12:11.0609 3544 TotRec7 - ok
14:12:11.0687 3544 TotRec8 (9647e89bb2909560753ac371c95d3f0e) C:\WINDOWS\system32\drivers\TotRec8.sys
14:12:12.0031 3544 TotRec8 - ok
14:12:12.0125 3544 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:12:12.0218 3544 TrkWks - ok
14:12:13.0109 3544 TryAndDecideService (02c16294d7903fc0c7f2de953126b28a) C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
14:12:13.0593 3544 TryAndDecideService - ok
14:12:13.0687 3544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:12:13.0968 3544 Udfs - ok
14:12:13.0984 3544 ultra - ok
14:12:14.0343 3544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:12:14.0812 3544 Update - ok
14:12:15.0062 3544 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:12:15.0390 3544 upnphost - ok
14:12:15.0421 3544 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:12:15.0656 3544 UPS - ok
14:12:15.0734 3544 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:12:16.0187 3544 usbaudio - ok
14:12:16.0265 3544 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:12:16.0500 3544 usbccgp - ok
14:12:16.0562 3544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:12:16.0828 3544 usbehci - ok
14:12:17.0000 3544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:12:17.0234 3544 usbhub - ok
14:12:17.0328 3544 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:12:17.0531 3544 usbohci - ok
14:12:17.0593 3544 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:12:17.0593 3544 usbprint - ok
14:12:17.0625 3544 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:12:17.0890 3544 usbscan - ok
14:12:17.0953 3544 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:12:18.0656 3544 USBSTOR - ok
14:12:19.0062 3544 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:12:19.0453 3544 usbvideo - ok
14:12:19.0593 3544 VBoxNetAdp (4ef76d8d7505f20dbf54886c01a7a730) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
14:12:19.0906 3544 VBoxNetAdp - ok
14:12:19.0906 3544 VBoxNetFlt - ok
14:12:20.0046 3544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:12:20.0250 3544 VgaSave - ok
14:12:20.0250 3544 ViaIde - ok
14:12:20.0328 3544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:12:20.0484 3544 VolSnap - ok
14:12:20.0718 3544 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:12:21.0218 3544 VSS - ok
14:12:21.0359 3544 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:12:21.0593 3544 W32Time - ok
14:12:21.0625 3544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:12:21.0765 3544 Wanarp - ok
14:12:21.0765 3544 WDICA - ok
14:12:21.0906 3544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:12:22.0000 3544 wdmaud - ok
14:12:22.0125 3544 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:12:22.0218 3544 WebClient - ok
14:12:22.0468 3544 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:12:22.0578 3544 winmgmt - ok
14:12:24.0187 3544 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
14:12:25.0718 3544 WinRM - ok
14:12:25.0828 3544 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
14:12:25.0953 3544 WmdmPmSN - ok
14:12:26.0140 3544 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:12:26.0437 3544 WmiApSrv - ok
14:12:27.0281 3544 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:12:28.0640 3544 WMPNetworkSvc - ok
14:12:28.0843 3544 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:12:29.0125 3544 WpdUsb - ok
14:12:30.0093 3544 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:12:30.0093 3544 WPFFontCache_v0400 - ok
14:12:30.0203 3544 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:12:30.0343 3544 WSTCODEC - ok
14:12:30.0390 3544 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:12:30.0421 3544 wuauserv - ok
14:12:30.0546 3544 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:12:30.0640 3544 WudfPf - ok
14:12:30.0843 3544 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:12:31.0031 3544 WudfRd - ok
14:12:31.0187 3544 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:12:31.0625 3544 WudfSvc - ok
14:12:32.0125 3544 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:12:32.0640 3544 WZCSVC - ok
14:12:32.0734 3544 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:12:33.0093 3544 xmlprov - ok
14:12:33.0140 3544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:12:34.0171 3544 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:12:34.0171 3544 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:12:34.0171 3544 Boot (0x1200) (4f482c705f53e6860eea482bdd83f686) \Device\Harddisk0\DR0\Partition0
14:12:34.0171 3544 \Device\Harddisk0\DR0\Partition0 - ok
14:12:34.0171 3544 ============================================================
14:12:34.0171 3544 Scan finished
14:12:34.0171 3544 ============================================================
14:12:34.0187 1024 Detected object count: 1
14:12:34.0187 1024 Actual detected object count: 1
14:13:00.0968 1024 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:13:01.0000 1024 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:13:01.0000 1024 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:13:01.0031 1024 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:13:01.0046 1024 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:13:01.0078 1024 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:13:01.0187 1024 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:13:01.0203 1024 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:13:01.0218 1024 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:13:01.0218 1024 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:13:01.0218 1024 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:13:01.0234 1024 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:13:01.0234 1024 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:13:01.0250 1024 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:13:01.0531 1024 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:13:01.0531 1024 \Device\Harddisk0\DR0\TDLFS - deleted
14:13:01.0531 1024 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
14:13:57.0671 2572 Deinitialize success



MINI Tool log

MiniToolBox by Farbar Version: 23-07-2012
Ran by katie (administrator) on 26-07-2012 at 14:15:47
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=208.67.222.222 register=PRIMARY
add dns name="Local Area Connection" addr=208.67.220.220 index=2
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : COLEMAN200 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain.invalidEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : domain.invalid Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC Physical Address. . . . . . . . . : 00-1D-92-28-67-CC Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.254.4 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.254.254 DHCP Server . . . . . . . . . . . : 192.168.254.254 DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220 Lease Obtained. . . . . . . . . . : Thursday, July 26, 2012 10:55:41 AM Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PMServer: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com
Addresses: 74.125.228.4, 74.125.228.1, 74.125.228.7, 74.125.228.3
74.125.228.9, 74.125.228.14, 74.125.228.6, 74.125.228.0, 74.125.228.5
74.125.228.8, 74.125.228.2

Pinging google.com [74.125.228.3] with 32 bytes of data:Reply from 74.125.228.3: bytes=32 time=56ms TTL=55Reply from 74.125.228.3: bytes=32 time=57ms TTL=55Ping statistics for 74.125.228.3: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 56ms, Maximum = 57ms, Average = 56msServer: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=98ms TTL=52Reply from 209.191.122.70: bytes=32 time=87ms TTL=52Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 87ms, Maximum = 98ms, Average = 92msServer: resolver1.opendns.com
Address: 208.67.222.222

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 92 28 67 cc ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.254.254 192.168.254.4 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.254.0 255.255.255.0 192.168.254.4 192.168.254.4 20
192.168.254.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.254.255 255.255.255.255 192.168.254.4 192.168.254.4 20
224.0.0.0 240.0.0.0 192.168.254.4 192.168.254.4 20
255.255.255.255 255.255.255.255 192.168.254.4 192.168.254.4 1
Default Gateway: 192.168.254.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/26/2012 10:57:54 AM) (Source: LightScribeService) (User: )
Description: Data for previous error event.

Error: (07/25/2012 05:18:15 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/25/2012 05:18:15 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/30/2012 11:19:32 PM) (Source: Application Error) (User: )
Description: Faulting application nxplite.exe, version 1.5.3.0, faulting module ole32.dll, version 5.1.2600.6168, fault address 0x0002c8fd.
Processing media-specific event for [nxplite.exe!ws!]

Error: (06/27/2012 04:25:25 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/14/2012 05:20:14 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error: (06/14/2012 04:32:33 AM) (Source: ESENT) (User: )
Description: svchost (1580) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/14/2012 04:32:31 AM) (Source: ESENT) (User: )
Description: svchost (1580) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/14/2012 04:32:28 AM) (Source: ESENT) (User: )
Description: svchost (1580) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (06/14/2012 04:32:27 AM) (Source: ESENT) (User: )
Description: svchost (1580) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (07/26/2012 10:59:54 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (07/26/2012 10:59:54 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service hung on starting.

Error: (07/26/2012 10:59:34 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (07/26/2012 10:59:34 AM) (Source: Service Control Manager) (User: )
Description: The ASPI32 service failed to start due to the following error:
%%2

Error: (07/26/2012 10:59:34 AM) (Source: Service Control Manager) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (07/26/2012 10:59:34 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (07/26/2012 10:50:30 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/26/2012 10:39:45 AM) (Source: DCOM) (User: COLEMAN200)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/26/2012 09:06:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK8
Avgldx86
Avgmfx86
BANTExt
Fips
Lbd
SASDIFSV
SASKUTIL

Error: (07/26/2012 09:06:42 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (07/26/2012 10:57:54 AM) (Source: LightScribeService)(User: )
Description:

Error: (07/25/2012 05:18:15 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/25/2012 05:18:15 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/30/2012 11:19:32 PM) (Source: Application Error)(User: )
Description: nxplite.exe1.5.3.0ole32.dll5.1.2600.61680002c8fd

Error: (06/27/2012 04:25:25 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/14/2012 05:20:14 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (06/14/2012 04:32:33 AM) (Source: ESENT)(User: )
Description: svchost1580C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (06/14/2012 04:32:31 AM) (Source: ESENT)(User: )
Description: svchost1580C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (06/14/2012 04:32:28 AM) (Source: ESENT)(User: )
Description: svchost1580C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (06/14/2012 04:32:27 AM) (Source: ESENT)(User: )
Description: svchost1580C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.


=========================== Installed Programs ============================

ABBYY FineReader 7.0 Professional Edition (Version: 7.00.705.36012)
Acoustica Effects Pack (Version: 1.0)
Acronis True Image Home (Version: 11.0.8053)
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.2.1)
Adobe Community Help (Version: 3.2.1.650)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Photoshop Elements 9 (Version: 9.0.3.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Advanced SystemCare 5 (Version: 5.3.0)
AM-DeadLink 3.3 (Version: 3.3)
Amazon Kindle
Amazon MP3 Downloader 1.0.3
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1016)
ATI Catalyst Control Center (Version: 1.007.0313.2138)
ATI Display Driver (Version: 8.353-070313a-045714C-MSI)
ATI Parental Control & Encoder (Version: 3.0)
Audacity 1.2.6
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
AVIVO Codecs (Version: 9.14.0.60504)
azzCardfile 4.0
Batch Update (Version: 3.0)
Belarc Advisor 8.1
Bible Data Type System Files (Version: 3.0)
BlackBerry_9330 1.0 (Version: 1.0)
Brother 1440
Brownie
CalcTape (Version: 5.0.0)
CASIO USB Driver V1.2.2474.0623 (Version: 1.2.2474.0623)
Catalyst Control Center Core Implementation (Version: 2007.0313.2139.36813)
Catalyst Control Center Graphics Full Existing (Version: 2007.0313.2139.36813)
Catalyst Control Center Graphics Full New (Version: 2007.0313.2139.36813)
Catalyst Control Center Graphics Light (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Czech (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Danish (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Dutch (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Finnish (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization French (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization German (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Greek (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Hungarian (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Italian (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Japanese (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Korean (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Norwegian (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Polish (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Portuguese (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Russian (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Spanish (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Swedish (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Thai (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Turkish (Version: 2007.0313.2139.36813)
ccc-core-static (Version: 2007.0313.2139.36813)
ccc-utility (Version: 2007.0313.2139.36813)
CCC Help Chinese Standard (Version: 2007.0313.2138.36813)
CCC Help Chinese Traditional (Version: 2007.0313.2138.36813)
CCC Help Czech (Version: 2007.0313.2138.36813)
CCC Help Danish (Version: 2007.0313.2138.36813)
CCC Help Dutch (Version: 2007.0313.2138.36813)
CCC Help English (Version: 2007.0313.2138.36813)
CCC Help Finnish (Version: 2007.0313.2138.36813)
CCC Help French (Version: 2007.0313.2138.36813)
CCC Help German (Version: 2007.0313.2138.36813)
CCC Help Greek (Version: 2007.0313.2138.36813)
CCC Help Hungarian (Version: 2007.0313.2138.36813)
CCC Help Italian (Version: 2007.0313.2138.36813)
CCC Help Japanese (Version: 2007.0313.2138.36813)
CCC Help Korean (Version: 2007.0313.2138.36813)
CCC Help Norwegian (Version: 2007.0313.2138.36813)
CCC Help Polish (Version: 2007.0313.2138.36813)
CCC Help Portuguese (Version: 2007.0313.2138.36813)
CCC Help Russian (Version: 2007.0313.2138.36813)
CCC Help Spanish (Version: 2007.0313.2138.36813)
CCC Help Swedish (Version: 2007.0313.2138.36813)
CCC Help Thai (Version: 2007.0313.2138.36813)
CCC Help Turkish (Version: 2007.0313.2138.36813)
CCleaner (Version: 3.20)
CD-DVD Printer Application (Version: 1.00.0000)
CDex extraction audio
Common System Files (Version: 3.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dropbox (Version: 1.4.9)
Dual-Core Optimizer (Version: 1.1.1.0135)
e-Sword (Version: 7.09.0008)
EASEUS Partition Master 6.1.1 Professional
Easy RoboCopy 1.0.7
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
EmailStripper 2.2
Eudora (Version: 7.0)
Evernote v. 4.5.7 (Version: 4.5.7.7146)
FileNote (Remove Only)
Foxit Reader (Version: 4.2.0.928)
Futuremark SystemInfo (Version: 3.21.2.1)
Garmin City Navigator North America NT 2010.30 (Version: 13.30.0.0)
Garmin WebUpdater (Version: 2.4.1.1)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
Graphical Query Editor (Version: 3.0)
Help 2.0 (Version: 2.0)
IrfanView (remove only) (Version: 4.30)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
LAME v3.98.2 for Audacity
Levelator
LG Android Drivers (Version: 1.1)
LG USB Modem driver (Version: 4.9.4)
Libronix Digital Library System
Libronix Digital Library System (Version: 3.0)
Libronix DLS Application (Version: 3.0)
Libronix DLS Shortcuts (Version: 3.0)
Libronix Update (Version: 3.0)
LightScribe 1.6.43.1 (Version: 1.6.43.1)
LLS Resource Driver (Version: 3.0)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Magical Jelly Bean KeyFinder (Version: 2.0.8.2)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 4.1 (Version: 4.10.0851)
Microsoft IntelliType Pro 2.2 (Version: 2.20.447.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Office 2000 SR-1 Disc 2 (Version: 9.00.3821)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Motorola Driver Installation 3.9.0 (Version: 3.9.0)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
Mozilla Thunderbird 13.0.1 (x86 en-US) (Version: 13.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
Nero 7 Essentials (Version: 7.03.1357)
neroxml (Version: 1.0.0)
nLite 1.4.9.1 (Version: 1.4.9.1)
OEB Resource Driver (Version: 3.0)
Ogg Codecs 0.81.15562 (Version: 0.81.15562)
OpenDNS Updater 2.2.1 (Version: 2.2.1)
OpenOffice.org 3.4 (Version: 3.4.9590)
Opera 11.62 (Version: 11.62.1347)
Palm Desktop (Version: 4.1)
Palm Desktop (Version: 4.1.0410)
Pantech Handset Driver (Version: 2.0.14)
Paragon Partition Manager™ 9.5 Personal (Version: 90.00.0003)
PDF-Viewer (Version: 2.0.46.0)
PDF-Viewer (Version: 2.5.200.0)
PDF Resource Driver (Version: 3.0)
PDFCreator (Version: 1.4.2)
pdfsam (Version: 2.2.1)
Picasa 3 (Version: 3.8)
PowerDVD
QT Lite 2.5.1 (Version: 2.5.1)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 5.10.0.5397)
RefreshPC (Version: 1.0)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (Version: 4.47)
Samsung_I500 1.0 (Version: 1.0)
Sansa Updater (Version: 1.313)
ScanWizard 5
Secunia PSI
Sentence Diagramming (Version: 3.0)
Serif PagePlus X3 (Version: 13.0.8.031)
Serif PagePlus X3 Resources (Version: 13.0.2.009)
Skins (Version: 2007.0313.2139.36813)
Skype web features (Version: 1.0.3971)
Skype™ 5.0 (Version: 5.0.152)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
SUPERAntiSpyware (Version: 4.46.1000)
Total Recorder 8.1
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
V CAST Media Manager (Version: 1.5)
VC 9.0 Runtime (Version: 1.0.0)
VCAST Media Manager Update 1.0.0.1 (Version: 1.0.0.1)
VideoFileDownload (Version: 1.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinHTTrack Website Copier 3.45-3 (Version: 3.45.3)
WS9 Pastor's Appreciation
WS9 Pastor's Appreciation (Version: 9)
YouSendIt Express (Version: 2.10.2)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 1919.36 MB
Available physical RAM: 1361.91 MB
Total Pagefile: 6948.37 MB
Available Pagefile: 6457.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.79 MB

========================= Partitions: =====================================

1 Drive c: (XP original) (Fixed) (Total:298.09 GB) (Free:135.06 GB) NTFS

========================= Users: ========================================

User accounts for \\COLEMAN200

Administrator ASPNET katie
Guest HelpAssistant Owner
SUPPORT_388945a0


**** End of log ****



Currently running TFC--- will post log when finished
katie

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:06 PM

Posted 26 July 2012 - 01:57 PM

Ok, that was a great removal,things should be a lot better,

Let me know after the ESET scan. We will neeed to update some things.
I sse you have Superantispyware ,but its old . Should update and run that also.

Edited by boopme, 26 July 2012 - 01:58 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 26 July 2012 - 07:05 PM

Still running ESET Online Scanner-- currently says 30% complete after 4 hours and 42 minutes--- and only 88,540 items scanned.

Will poste as soon as done.

katie

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:06 PM

Posted 26 July 2012 - 07:08 PM

Thanks... Some times it can take long,

Edited by boopme, 26 July 2012 - 07:08 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 27 July 2012 - 06:02 AM

Here is the scan report from ESET OnlineScan
I have not rebooted since running this scan, should I?

C:\SanDisk 128 USB stick\Zone Alarm- new&old\zlsSetup_70_462_000_en.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_08.59.26\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_08.59.26\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_08.59.26\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_08.59.26\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_08.59.26\mbr0000\tdlfs0000\tsk0006.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_08.59.26\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_08.59.26\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_08.59.26\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_08.59.26\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.05.35\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.05.35\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.05.35\tdlfs0000\tsk0004.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.05.35\tdlfs0000\tsk0005.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.05.35\tdlfs0000\tsk0006.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.05.35\tdlfs0000\tsk0007.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.05.35\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.05.35\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.07.2012_14.05.35\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined


Thank you for your help-- You mentioned updating Superantispyware- I am wondering if some of the problems I was having have kept updates from occurring, as I ran the program the other day and thought I did the update at that time-- perhaps now it will actually update as it should have

katie

#10 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 27 July 2012 - 09:08 AM

Update on process.

Just opened Firefox and immediately greeted by a new tab that said, "Thank you for installing AVG Security Toolbar 12.1.0.21". I had not installed it- so immediately disabled the toolbar, closed Firefox and re-opened it and found my homepage had been changed to AVG Secure Search [Google with AVG Secure Search logo on it].

I have always used Google Firefox as my homepage--- Haven't changed it yet, but wanted to update you on what I am finding.

katie

PS- on a good note, computer is running quite a bit faster and haven't noticed any Internet activity like I had before.

Edited by katiemay, 27 July 2012 - 09:09 AM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:06 PM

Posted 27 July 2012 - 07:29 PM

Ok, you are most welcome!

I think it should update now.

Reboot the machine now.

We still have things to update..

Do you really like AVG??

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
............
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

>>>>>>>>>>>>>
Rerun MiniToolBox.

Checkmark the following checkboxes:
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List Installed Programs
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.



If I may ask are you a Pastor?

Edited by boopme, 27 July 2012 - 07:40 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 27 July 2012 - 11:19 PM

Do you really like AVG??

I went back to it after having some problems with Microsoft Security Essentials. I have used various AV programs over the years--- do you have one you would recommend?


If I may ask are you a Pastor?

Yes, I pastor a small church in the Buffalo-Rochester area of New York State. (The software gave me away, didn't it?)


MiniToolBox by Farbar Version: 23-07-2012
Ran by katie (administrator) on 27-07-2012 at 23:54:55
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
Hosts file not detected in the default directory
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=208.67.222.222 register=PRIMARY
add dns name="Local Area Connection" addr=208.67.220.220 index=2
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : COLEMAN200 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : domain.invalidEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : domain.invalid Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC Physical Address. . . . . . . . . : 00-1D-92-28-67-CC Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.254.4 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.254.254 DHCP Server . . . . . . . . . . . : 192.168.254.254 DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220 Lease Obtained. . . . . . . . . . : Friday, July 27, 2012 11:48:41 PM Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PMServer: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com
Addresses: 74.125.228.33, 74.125.228.36, 74.125.228.37, 74.125.228.46
74.125.228.38, 74.125.228.35, 74.125.228.32, 74.125.228.41, 74.125.228.40
74.125.228.34, 74.125.228.39

Pinging google.com [74.125.228.32] with 32 bytes of data:Reply from 74.125.228.32: bytes=32 time=55ms TTL=55Reply from 74.125.228.32: bytes=32 time=54ms TTL=55Ping statistics for 74.125.228.32: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 54ms, Maximum = 55ms, Average = 54msServer: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=81ms TTL=51Reply from 98.139.183.24: bytes=32 time=110ms TTL=50Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 81ms, Maximum = 110ms, Average = 95msServer: resolver1.opendns.com
Address: 208.67.222.222

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 92 28 67 cc ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.254.254 192.168.254.4 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.254.0 255.255.255.0 192.168.254.4 192.168.254.4 20
192.168.254.4 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.254.255 255.255.255.255 192.168.254.4 192.168.254.4 20
224.0.0.0 240.0.0.0 192.168.254.4 192.168.254.4 20
255.255.255.255 255.255.255.255 192.168.254.4 192.168.254.4 1
Default Gateway: 192.168.254.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

=========================== Installed Programs ============================

ABBYY FineReader 7.0 Professional Edition (Version: 7.00.705.36012)
Acoustica Effects Pack (Version: 1.0)
Acronis True Image Home (Version: 11.0.8053)
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.2.1)
Adobe Community Help (Version: 3.2.1.650)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Flash Player 11 Plugin (Version: 11.3.300.268)
Adobe Photoshop Elements 9 (Version: 9.0.3.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Advanced SystemCare 5 (Version: 5.3.0)
AM-DeadLink 3.3 (Version: 3.3)
Amazon Kindle
Amazon MP3 Downloader 1.0.3
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1016)
ATI Catalyst Control Center (Version: 1.007.0313.2138)
ATI Display Driver (Version: 8.353-070313a-045714C-MSI)
ATI Parental Control & Encoder (Version: 3.0)
Audacity 1.2.6
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
AVG Security Toolbar (Version: 12.1.0.21)
AVIVO Codecs (Version: 9.14.0.60504)
azzCardfile 4.0
Batch Update (Version: 3.0)
Belarc Advisor 8.1
Bible Data Type System Files (Version: 3.0)
BlackBerry_9330 1.0 (Version: 1.0)
Brother 1440
Brownie
CalcTape (Version: 5.0.0)
CASIO USB Driver V1.2.2474.0623 (Version: 1.2.2474.0623)
Catalyst Control Center Core Implementation (Version: 2007.0313.2139.36813)
Catalyst Control Center Graphics Full Existing (Version: 2007.0313.2139.36813)
Catalyst Control Center Graphics Full New (Version: 2007.0313.2139.36813)
Catalyst Control Center Graphics Light (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Czech (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Danish (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Dutch (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Finnish (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization French (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization German (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Greek (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Hungarian (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Italian (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Japanese (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Korean (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Norwegian (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Polish (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Portuguese (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Russian (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Spanish (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Swedish (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Thai (Version: 2007.0313.2139.36813)
Catalyst Control Center Localization Turkish (Version: 2007.0313.2139.36813)
ccc-core-static (Version: 2007.0313.2139.36813)
ccc-utility (Version: 2007.0313.2139.36813)
CCC Help Chinese Standard (Version: 2007.0313.2138.36813)
CCC Help Chinese Traditional (Version: 2007.0313.2138.36813)
CCC Help Czech (Version: 2007.0313.2138.36813)
CCC Help Danish (Version: 2007.0313.2138.36813)
CCC Help Dutch (Version: 2007.0313.2138.36813)
CCC Help English (Version: 2007.0313.2138.36813)
CCC Help Finnish (Version: 2007.0313.2138.36813)
CCC Help French (Version: 2007.0313.2138.36813)
CCC Help German (Version: 2007.0313.2138.36813)
CCC Help Greek (Version: 2007.0313.2138.36813)
CCC Help Hungarian (Version: 2007.0313.2138.36813)
CCC Help Italian (Version: 2007.0313.2138.36813)
CCC Help Japanese (Version: 2007.0313.2138.36813)
CCC Help Korean (Version: 2007.0313.2138.36813)
CCC Help Norwegian (Version: 2007.0313.2138.36813)
CCC Help Polish (Version: 2007.0313.2138.36813)
CCC Help Portuguese (Version: 2007.0313.2138.36813)
CCC Help Russian (Version: 2007.0313.2138.36813)
CCC Help Spanish (Version: 2007.0313.2138.36813)
CCC Help Swedish (Version: 2007.0313.2138.36813)
CCC Help Thai (Version: 2007.0313.2138.36813)
CCC Help Turkish (Version: 2007.0313.2138.36813)
CCleaner (Version: 3.20)
CD-DVD Printer Application (Version: 1.00.0000)
CDex extraction audio
Common System Files (Version: 3.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dropbox (Version: 1.4.9)
Dual-Core Optimizer (Version: 1.1.1.0135)
e-Sword (Version: 7.09.0008)
EASEUS Partition Master 6.1.1 Professional
Easy RoboCopy 1.0.7
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
EmailStripper 2.2
ESET Online Scanner v3
Eudora (Version: 7.0)
Evernote v. 4.5.7 (Version: 4.5.7.7146)
FileNote (Remove Only)
Foxit Reader (Version: 4.2.0.928)
Futuremark SystemInfo (Version: 3.21.2.1)
Garmin City Navigator North America NT 2010.30 (Version: 13.30.0.0)
Garmin WebUpdater (Version: 2.4.1.1)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
Graphical Query Editor (Version: 3.0)
Help 2.0 (Version: 2.0)
IrfanView (remove only) (Version: 4.30)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
LAME v3.98.2 for Audacity
Levelator
LG Android Drivers (Version: 1.1)
LG USB Modem driver (Version: 4.9.4)
Libronix Digital Library System
Libronix Digital Library System (Version: 3.0)
Libronix DLS Application (Version: 3.0)
Libronix DLS Shortcuts (Version: 3.0)
Libronix Update (Version: 3.0)
LightScribe 1.6.43.1 (Version: 1.6.43.1)
LLS Resource Driver (Version: 3.0)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Magical Jelly Bean KeyFinder (Version: 2.0.8.2)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 4.1 (Version: 4.10.0851)
Microsoft IntelliType Pro 2.2 (Version: 2.20.447.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Office 2000 SR-1 Disc 2 (Version: 9.00.3821)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Motorola Driver Installation 3.9.0 (Version: 3.9.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mozilla Thunderbird 14.0 (x86 en-US) (Version: 14.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
Nero 7 Essentials (Version: 7.03.1357)
neroxml (Version: 1.0.0)
nLite 1.4.9.1 (Version: 1.4.9.1)
OEB Resource Driver (Version: 3.0)
Ogg Codecs 0.81.15562 (Version: 0.81.15562)
OpenDNS Updater 2.2.1 (Version: 2.2.1)
OpenOffice.org 3.4 (Version: 3.4.9590)
Opera 11.62 (Version: 11.62.1347)
Palm Desktop (Version: 4.1)
Palm Desktop (Version: 4.1.0410)
Pantech Handset Driver (Version: 2.0.14)
Paragon Partition Manager™ 9.5 Personal (Version: 90.00.0003)
PDF-Viewer (Version: 2.0.46.0)
PDF-Viewer (Version: 2.5.200.0)
PDF Resource Driver (Version: 3.0)
PDFCreator (Version: 1.4.3)
pdfsam (Version: 2.2.1)
Picasa 3 (Version: 3.8)
PowerDVD
QT Lite 2.5.1 (Version: 2.5.1)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 5.10.0.5397)
RefreshPC (Version: 1.0)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (Version: 4.47)
Samsung_I500 1.0 (Version: 1.0)
Sansa Updater (Version: 1.313)
ScanWizard 5
Secunia PSI
Sentence Diagramming (Version: 3.0)
Serif PagePlus X3 (Version: 13.0.8.031)
Serif PagePlus X3 Resources (Version: 13.0.2.009)
Skins (Version: 2007.0313.2139.36813)
Skype web features (Version: 1.0.3971)
Skype™ 5.0 (Version: 5.0.152)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
SUPERAntiSpyware (Version: 4.46.1000)
Total Recorder 8.1
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
V CAST Media Manager (Version: 1.5)
VC 9.0 Runtime (Version: 1.0.0)
VCAST Media Manager Update 1.0.0.1 (Version: 1.0.0.1)
VideoFileDownload (Version: 1.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinHTTrack Website Copier 3.45-3 (Version: 3.45.3)
WS9 Pastor's Appreciation
WS9 Pastor's Appreciation (Version: 9)
YouSendIt Express (Version: 2.10.2)

**** End of log ****



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:06 PM

Posted 28 July 2012 - 07:58 PM

OK, well I want to uninstall AVG and either reinstall or replace it with Avira(free). I like it as it has great detection rat and uses less system resources. Up to you as maybe you are comfortable with it.
I want to reinstall but NOTE to uncheck the box for "installing AVG Security Toolbar" Let me know.

Is the music gone now??
Do you have an XP install disk?


Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.



>>>
Can you Update and scan with SUPERAntispyware (SAS) now?


We still need to update JAVA too.
I think I will wait until after you have done the above.

Also, yes I saw the Pastoral apps. I was the local and state treasurer for the Gideons Int'l for a while.
I love pastors. So much great research and work goes into a sermon.. I always appreciated hat from mine. God Bless you.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 29 July 2012 - 01:57 PM

I Reset the HOSTS file- using the automatic option--- went fine

I updated Super Antispyware and ran a scan-- 56 tracking cookies-- all deleted.

Rebooted

Decided to uninstall AVG- and probably a mistake, but decided to start with removing the AVG Toolbar------ Blue Screen Of Death
======
Edited: Tried re-booting as stated below--- my back was to it, so do not know if welcoming screen came up or not--- but never came to desktop and monitor powered down. I hit the power button and tried to reboot--- now is stuck at MSI welcome screen. Tried it again and again at welcoming screen.
=================

So, I am now writing to you from another computer while that one reboots--- I'll hold off on un-installing AVG and replacing it with AVIRA Free until I hear back from you regarding the BSOD

Also holding off on JAVA until you say to do it.

As for XP install Disk- I do have one---

Gideons-- I have always admired and appreciated the work you do. Have had great fellowship with Gideons over many years--- thank you for your service.
katie

Edited by katiemay, 29 July 2012 - 02:09 PM.


#15 katiemay

katiemay
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 29 July 2012 - 02:26 PM

Apparently False Alarm-- sorry for that.

Indeed, the computer stuck on the welcoming screen-- but then I actually unplugged the computer and tried it again. It may have taken a couple tries, but I finally got it to boot into safe mode. Then had it do a restart into normal mode and it is coming up now.

Seems to be working as it was before. Thankfully.
katie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users