Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BHO.B application infection


  • This topic is locked This topic is locked
31 replies to this topic

#1 katiekins

katiekins

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:29 AM

Posted 15 August 2012 - 08:45 AM

Hello

I'm hoping you can help, recently my computer has been very slow starting up, numerous blue screen errors and instant shutting down followed by the 'your computer has recovered from a serious error' message, it's slow on the internet and the setting have appeared to changed themselves, like web pages now sometimes open in another web page and windows updates have been failing to install and then today in one update it told me internet explorer was not my current browser. (As far as I am aware it is!) and then that update kept crashing my computer and I'd get the serious error message upon restart along with another error message when I try and send the error report.

Anyhow I regularly run eset free scanner, avast, mbam and a spyware and nothing was picked I until today.

Eset found ....


C:\Documents and Settings\Katie\ApplicationData\FCTB000061465\Toolbar\Toolbar.dll Win32/Toolbar.BHO.B application cleaned by deleting (after the next restart) - quarantined


Operating memory Win32/Toolbar.BHO.B application



Does this mean the what it has found in the operating memory has not/ can not be deleted? Any help or advice here would really be appreciated.

Thank you.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 20 August 2012 - 09:58 AM

Hello, let's see if there is something else.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use the Firefox or Chrome browser?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


>>>

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

    >>>

    Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 katiekins

katiekins
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:29 AM

Posted 21 August 2012 - 04:24 AM

Hello, let's see if there is something else.


Thank you for helping me :thumbup2:

Are you on a router? Are other machines on it,if so are they redirecting?


I am on a wireless router at home (and work) but I only use this laptop and my mobile phone on them. At work the other computors that use the internet are Macs and I am not sure if there is any problems.

Do you use the Firefox or Chrome browser?


No I use Windows Internet Explorer.

Not sure if this makes a difference but at the moment I am using Works Wireless to download what you have asked/ reply to this. I was also diabling my ineternet connection when it wasn't necessary.

Mini Tool Box results

MiniToolBox by Farbar Version: 23-07-2012
Ran by Katie (administrator) on 21-08-2012 at 08:32:40
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Disconnected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)
Bluetooth LAN Access Server Driver = Bluetooth Network (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Bluetooth Network"

set address name="Bluetooth Network" source=dhcp
set dns name="Bluetooth Network" source=dhcp register=PRIMARY
set wins name="Bluetooth Network" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Katie

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller

Physical Address. . . . . . . . . : 00-13-77-AF-52-0B



Ethernet adapter Bluetooth Network:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

Physical Address. . . . . . . . . : 00-22-69-E1-18-A6

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 77 af 52 0b ...... Generic Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
0x10005 ...00 22 69 e1 18 a6 ...... Bluetooth LAN Access Server Driver - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
255.255.255.255 255.255.255.255 255.255.255.255 10005 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/21/2012 00:25:56 AM) (Source: Application Error) (User: )
Description: Faulting application nero.exe, version 7.0.0.0, faulting module nero.exe, version 7.0.0.0, fault address 0x0027382c.
Processing media-specific event for [nero.exe!ws!]

Error: (08/20/2012 10:03:45 PM) (Source: Application Error) (User: )
Description: Faulting application nero.exe, version 7.0.0.0, faulting module bcgcbpro730.dll, version 7.30.0.0, fault address 0x0011d51b.
Processing media-specific event for [nero.exe!ws!]

Error: (08/05/2012 08:52:24 PM) (Source: Application Error) (User: )
Description: Fault bucket -1242510716.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/05/2012 08:45:45 PM) (Source: Application Error) (User: )
Description: Faulting application avastui.exe, version 7.0.1456.418, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [avastui.exe!ws!]

Error: (08/02/2012 10:02:22 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (07/31/2012 10:02:29 AM) (Source: Application Error) (User: )
Description: Fault bucket -1210479320.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/31/2012 10:02:22 AM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]

Error: (07/31/2012 08:48:59 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\KATIE BIGG\MY DOCUMENTS\SAMSUNG\KIES\BACKUP\GT-S8500\TMP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/30/2012 00:00:08 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 matsboot.exe, P2 3.5.0.29, P3 4f3c8985, P4 mscorlib, P5 2.0.0.0, P6 4ef6c16f, P7 20a3, P8 7, P9 clr20r30, P10 clr20r31.

Error: (07/29/2012 11:52:27 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 matsboot.exe, P2 3.5.0.29, P3 4f3c8985, P4 mscorlib, P5 2.0.0.0, P6 4ef6c16f, P7 20a3, P8 7, P9 clr20r30, P10 clr20r31.


System errors:
=============
Error: (08/21/2012 08:05:30 AM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service failed to start due to the following error:
%%1053

Error: (08/21/2012 08:05:30 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Error: (08/20/2012 10:23:55 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (08/20/2012 10:23:52 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (08/20/2012 10:23:49 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (08/20/2012 10:23:46 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (08/20/2012 10:23:43 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (08/20/2012 10:23:40 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (08/20/2012 10:23:37 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (08/20/2012 10:23:33 PM) (Source: 0) (User: )
Description: \Device\CdRom0


Microsoft Office Sessions:
=========================
Error: (08/21/2012 00:25:56 AM) (Source: Application Error)(User: )
Description: nero.exe7.0.0.0nero.exe7.0.0.00027382c

Error: (08/20/2012 10:03:45 PM) (Source: Application Error)(User: )
Description: nero.exe7.0.0.0bcgcbpro730.dll7.30.0.00011d51b

Error: (08/05/2012 08:52:24 PM) (Source: Application Error)(User: )
Description: -1242510716

Error: (08/05/2012 08:45:45 PM) (Source: Application Error)(User: )
Description: avastui.exe7.0.1456.418unknown0.0.0.000000000

Error: (08/02/2012 10:02:22 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.268ntdll.dll5.1.2600.6055000113c0

Error: (07/31/2012 10:02:29 AM) (Source: Application Error)(User: )
Description: -1210479320

Error: (07/31/2012 10:02:22 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.3.300.268ntdll.dll5.1.2600.6055000113c0

Error: (07/31/2012 08:48:59 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\KATIE BIGG\MY DOCUMENTS\SAMSUNG\KIES\BACKUP\GT-S8500\TMP

Error: (07/30/2012 00:00:08 AM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3matsboot.exe3.5.0.294f3c8985mscorlib2.0.0.04ef6c16f20a37n3ctrye2kn3c34sgl4zqyrbfte4m13nbNIL

Error: (07/29/2012 11:52:27 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3matsboot.exe3.5.0.294f3c8985mscorlib2.0.0.04ef6c16f20a37n3ctrye2kn3c34sgl4zqyrbfte4m13nbNIL


=========================== Installed Programs ============================

Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AiO_Scan_CDA (Version: 70.0.231.000)
AiOSoftwareNPI (Version: 70.0.231.000)
Amazon MP3 Downloader 1.0.9
Atheros WLAN Client (Version: 16.00.0000)
avast! Free Antivirus (Version: 7.0.1456.0)
AVG 2011 (Version: 10.0.1204)
AVG 2011 (Version: 10.0.1435)
BBC iPlayer Desktop (Version: 3.0.10)
Bing Bar (Version: 7.0.822.0)
BufferChm (Version: 70.0.170.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CustomerResearchQFolder (Version: 1.00.0000)
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DVDFab 8.0.8.5 (19/03/2011)
Easy Display Manager (Version: 2.0.0.0)
Easy Network Manager (Version: 4.0.2)
Easy Resolution Manager (Version: 1.0.0.5)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Facebook Plug-In
Fax_CDA (Version: 70.0.231.000)
FUJIFILM FinePixViewer S Ver.2.1 (Version: 2.1.0.2)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Participation Program 7.0 (Version: 7.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart Essential (Version: 1.9.1.3)
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Detection (Version: 11.14.0001)
HP Solution Center 7.0 (Version: 7.0)
HP Update (Version: 5.002.008.001)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
imagine digital freedom - Samsung (Version: 1.0.2.0)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Graphics Media Accelerator Driver
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8117.416)
Magic Keyboard (Version: 7.0.2.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 70.0.170.000)
Marvell Miniport Driver (Version: 10.69.2.3)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MyFreeCodec
Namuga 1.3M Webcam (Version: 1.00.0000)
Nectar Search Toolbar
Nero 7 Premium (Version: 7.00.0087)
neroxml (Version: 1.0.0)
NewCopy_CDA (Version: 70.0.231.000)
Pinnacle Instant DVD Recorder (Version: 1.60.110)
Play Camera (Version: 2.0.0.13)
ProductContextNPI (Version: 70.0.231.000)
Rapport (Version: 3.5.1201.94)
Readme (Version: 70.0.231.000)
Realtek High Definition Audio Driver (Version: 5.10.0.6278)
RPS CRT (Version: 9.0.34)
Samsung Battery Manager (Version: 1.00)
Samsung EDS (Version: 1.00.0000)
SAMSUNG HSPA Modem Software
Samsung Kies (Version: 2.1.0.11095_121)
Samsung Magic Doctor (Version: 4.00)
Samsung Recovery Solution III (Version: 3.0.0.6)
Samsung Update Plus (Version: 2.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Samsung Wallpaper (Version: 2.0.0.0)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
Segoe UI (Version: 14.0.4327.805)
SK120 Diabetes care
SolutionCenter (Version: 70.0.170.000)
Status (Version: 70.0.170.000)
SUPERAntiSpyware (Version: 5.0.1134)
Synaptics Pointing Device Driver (Version: 11.1.3.2)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
User Guide (Version: 1.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
WIDCOMM Bluetooth Software (Version: 5.1.0.3300)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
YouTube Downloader 3.3
YouTube Downloader Toolbar v4.7 (Version: 4.7)

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1014.36 MB
Available physical RAM: 431.98 MB
Total Pagefile: 2444.38 MB
Available Pagefile: 1412.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:71.04 GB) (Free:9.73 GB) NTFS
2 Drive d: () (Fixed) (Total:72 GB) (Free:26.45 GB) NTFS

========================= Users: ========================================

User accounts for \\KATIE

Administrator ASPNET Guest
HelpAssistant Katie SUPPORT_388945a0


**** End of log ****

aswMBR result

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 08:52:15
-----------------------------
08:52:15.092 OS Version: Windows 5.1.2600 Service Pack 3
08:52:15.092 Number of processors: 2 586 0x1C02
08:52:15.108 ComputerName: KATIE UserName:
08:52:15.701 Initialize success
08:52:19.748 AVAST engine defs: 12081300
08:52:30.342 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:52:30.358 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 00000009 Size: 152627MB BusType: 3
08:52:30.389 Disk 0 MBR read successfully
08:52:30.389 Disk 0 MBR scan
08:52:30.389 Disk 0 unknown MBR code
08:52:30.405 Disk 0 Partition 1 00 12 Compaq diag NTFS 6149 MB offset 63
08:52:30.420 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72749 MB offset 12594960
08:52:30.436 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 73727 MB offset 161585152
08:52:30.451 Disk 0 scanning sectors +312578048
08:52:30.561 Disk 0 scanning C:\WINDOWS\system32\drivers
08:52:47.967 Service scanning
08:53:10.670 Modules scanning
08:53:27.592 Disk 0 trace - called modules:
08:53:27.639 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:53:27.639 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fe08f0]
08:53:27.639 3 CLASSPNP.SYS[f770bfd7] -> nt!IofCallDriver -> \Device\00000074[0x86f65510]
08:53:27.639 5 ACPI.sys[f7682620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f64940]
08:53:28.514 AVAST engine scan C:\WINDOWS
08:53:48.217 AVAST engine scan C:\WINDOWS\system32
08:58:30.483 AVAST engine scan C:\WINDOWS\system32\drivers
08:58:58.217 AVAST engine scan C:\Documents and Settings\Katie
09:28:43.655 AVAST engine scan C:\Documents and Settings\All Users
09:35:36.858 Scan finished successfully
09:36:00.498 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katie\Desktop\Virus\MBR.dat"
09:36:00.530 The log file has been saved successfully to "C:\Documents and Settings\Katie\Desktop\Virus\aswMBR.txt"

TDSSKILLER

09:38:42.0264 1924 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
09:38:42.0420 1924 ============================================================
09:38:42.0420 1924 Current date / time: 2012/08/21 09:38:42.0420
09:38:42.0420 1924 SystemInfo:
09:38:42.0420 1924
09:38:42.0420 1924 OS Version: 5.1.2600 ServicePack: 3.0
09:38:42.0420 1924 Product type: Workstation
09:38:42.0420 1924 ComputerName: KATIE
09:38:42.0420 1924 UserName: Katie
09:38:42.0420 1924 Windows directory: C:\WINDOWS
09:38:42.0420 1924 System windows directory: C:\WINDOWS
09:38:42.0420 1924 Processor architecture: Intel x86
09:38:42.0420 1924 Number of processors: 2
09:38:42.0420 1924 Page size: 0x1000
09:38:42.0420 1924 Boot type: Normal boot
09:38:42.0420 1924 ============================================================
09:38:44.0545 1924 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:38:44.0561 1924 ============================================================
09:38:44.0561 1924 \Device\Harddisk0\DR0:
09:38:44.0561 1924 MBR partitions:
09:38:44.0561 1924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x8E168F0
09:38:44.0561 1924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9A19800, BlocksNum 0x8FFF800
09:38:44.0561 1924 ============================================================
09:38:44.0576 1924 C: <-> \Device\Harddisk0\DR0\Partition1
09:38:44.0623 1924 D: <-> \Device\Harddisk0\DR0\Partition2
09:38:44.0623 1924 ============================================================
09:38:44.0623 1924 Initialize success
09:38:44.0623 1924 ============================================================
09:39:16.0936 4772 ============================================================
09:39:16.0936 4772 Scan started
09:39:16.0936 4772 Mode: Manual; TDLFS;
09:39:16.0936 4772 ============================================================
09:39:17.0467 4772 ================ Scan system memory ========================
09:39:17.0467 4772 System memory - ok
09:39:17.0483 4772 ================ Scan services =============================
09:39:17.0623 4772 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:39:17.0623 4772 !SASCORE - ok
09:39:17.0858 4772 [ 0B27AE82C113D3687024D18459440426 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
09:39:17.0858 4772 Aavmker4 - ok
09:39:17.0873 4772 Abiosdsk - ok
09:39:17.0905 4772 abp480n5 - ok
09:39:17.0967 4772 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:39:17.0983 4772 ACPI - ok
09:39:18.0030 4772 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:39:18.0061 4772 ACPIEC - ok
09:39:18.0186 4772 [ F19C98AD81D2C0E1BBFD8153D2C80EE8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:39:18.0201 4772 AdobeFlashPlayerUpdateSvc - ok
09:39:18.0217 4772 adpu160m - ok
09:39:18.0280 4772 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:39:18.0295 4772 aec - ok
09:39:18.0326 4772 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\system32\DRIVERS\AFD.SYS
09:39:18.0342 4772 AFD - ok
09:39:18.0358 4772 Aha154x - ok
09:39:18.0373 4772 aic78u2 - ok
09:39:18.0373 4772 aic78xx - ok
09:39:18.0420 4772 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:39:18.0420 4772 Alerter - ok
09:39:18.0436 4772 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:39:18.0451 4772 ALG - ok
09:39:18.0451 4772 AliIde - ok
09:39:18.0561 4772 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
09:39:18.0623 4772 Ambfilt - ok
09:39:18.0623 4772 amsint - ok
09:39:18.0639 4772 AppMgmt - ok
09:39:18.0733 4772 [ C413E2E549488A5F1969DECB5B03187A ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
09:39:18.0795 4772 AR5416 - ok
09:39:18.0842 4772 [ 875F9079CABEE679D34B49E466B61701 ] ASAPIW2k C:\WINDOWS\system32\drivers\ASAPIW2k.sys
09:39:18.0842 4772 ASAPIW2k - ok
09:39:18.0858 4772 asc - ok
09:39:18.0873 4772 asc3350p - ok
09:39:18.0873 4772 asc3550 - ok
09:39:19.0014 4772 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:39:19.0014 4772 aspnet_state - ok
09:39:19.0045 4772 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:39:19.0045 4772 aswFsBlk - ok
09:39:19.0092 4772 [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
09:39:19.0092 4772 aswMon2 - ok
09:39:19.0123 4772 [ 982E275D1C5801042FE94209FB0160FB ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
09:39:19.0123 4772 aswRdr - ok
09:39:19.0217 4772 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
09:39:19.0248 4772 aswSnx - ok
09:39:19.0295 4772 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
09:39:19.0311 4772 aswSP - ok
09:39:19.0326 4772 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
09:39:19.0342 4772 aswTdi - ok
09:39:19.0405 4772 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:39:19.0405 4772 AsyncMac - ok
09:39:19.0483 4772 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:39:19.0483 4772 atapi - ok
09:39:19.0498 4772 Atdisk - ok
09:39:19.0514 4772 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:39:19.0514 4772 Atmarpc - ok
09:39:19.0576 4772 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:39:19.0576 4772 AudioSrv - ok
09:39:19.0639 4772 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:39:19.0639 4772 audstub - ok
09:39:19.0717 4772 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
09:39:19.0717 4772 avast! Antivirus - ok
09:39:19.0826 4772 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
09:39:19.0826 4772 BBSvc - ok
09:39:19.0873 4772 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
09:39:19.0889 4772 BBUpdate - ok
09:39:19.0936 4772 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:39:19.0951 4772 Beep - ok
09:39:20.0014 4772 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:39:20.0217 4772 BITS - ok
09:39:20.0264 4772 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
09:39:20.0264 4772 Browser - ok
09:39:20.0295 4772 [ ECDC40CC54603C711E1A7A1C9255184A ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
09:39:20.0311 4772 btaudio - ok
09:39:20.0358 4772 [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
09:39:20.0373 4772 BTDriver - ok
09:39:20.0389 4772 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
09:39:20.0389 4772 BthEnum - ok
09:39:20.0405 4772 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
09:39:20.0420 4772 BthPan - ok
09:39:20.0467 4772 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
09:39:20.0483 4772 BTHPORT - ok
09:39:20.0530 4772 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
09:39:20.0530 4772 BthServ - ok
09:39:20.0576 4772 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
09:39:20.0576 4772 BTHUSB - ok
09:39:20.0655 4772 [ 885B6D0F826A216EEE4C3AD883809012 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:39:20.0701 4772 BTKRNL - ok
09:39:20.0764 4772 [ 49E9ED37FAEC5E8C03E81FD73D3884D6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
09:39:20.0795 4772 btwdins - ok
09:39:20.0858 4772 [ B1D350F3F13CF340FCE93912D2BA1EBF ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
09:39:20.0873 4772 BTWDNDIS - ok
09:39:20.0920 4772 [ 8BCD7BFE9C70A8FF7444263435B18AA1 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
09:39:20.0920 4772 btwmodem - ok
09:39:20.0983 4772 [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
09:39:20.0983 4772 BTWUSB - ok
09:39:21.0030 4772 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:39:21.0045 4772 cbidf2k - ok
09:39:21.0092 4772 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:39:21.0092 4772 CCDECODE - ok
09:39:21.0123 4772 cd20xrnt - ok
09:39:21.0186 4772 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:39:21.0186 4772 Cdaudio - ok
09:39:21.0201 4772 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:39:21.0217 4772 Cdfs - ok
09:39:21.0264 4772 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:39:21.0264 4772 Cdrom - ok
09:39:21.0280 4772 Changer - ok
09:39:21.0326 4772 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:39:21.0326 4772 CiSvc - ok
09:39:21.0358 4772 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:39:21.0467 4772 ClipSrv - ok
09:39:21.0530 4772 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:39:21.0655 4772 clr_optimization_v2.0.50727_32 - ok
09:39:21.0733 4772 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:39:21.0748 4772 clr_optimization_v4.0.30319_32 - ok
09:39:21.0795 4772 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:39:21.0795 4772 CmBatt - ok
09:39:21.0795 4772 CmdIde - ok
09:39:21.0811 4772 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:39:21.0826 4772 Compbatt - ok
09:39:21.0826 4772 COMSysApp - ok
09:39:21.0842 4772 Cpqarray - ok
09:39:21.0905 4772 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:39:21.0905 4772 CryptSvc - ok
09:39:21.0905 4772 dac2w2k - ok
09:39:21.0920 4772 dac960nt - ok
09:39:21.0967 4772 [ 5118EA8A2F55FA4D4295516500B78229 ] DCamUSBEMPIA C:\WINDOWS\system32\DRIVERS\emDevice.sys
09:39:21.0967 4772 DCamUSBEMPIA - ok
09:39:22.0045 4772 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:39:22.0092 4772 DcomLaunch - ok
09:39:22.0139 4772 [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys
09:39:22.0155 4772 dgderdrv - ok
09:39:22.0201 4772 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
09:39:22.0201 4772 dg_ssudbus - ok
09:39:22.0248 4772 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:39:22.0264 4772 Dhcp - ok
09:39:22.0311 4772 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:39:22.0311 4772 Disk - ok
09:39:22.0326 4772 dmadmin - ok
09:39:22.0420 4772 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:39:22.0467 4772 dmboot - ok
09:39:22.0514 4772 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:39:22.0530 4772 dmio - ok
09:39:22.0561 4772 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:39:22.0576 4772 dmload - ok
09:39:22.0608 4772 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:39:22.0623 4772 dmserver - ok
09:39:22.0655 4772 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:39:22.0670 4772 DMusic - ok
09:39:22.0717 4772 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:39:22.0733 4772 Dnscache - ok
09:39:22.0764 4772 [ 128AE3AEDDE1E3AE772C88320628FE7C ] DNSeFilter C:\WINDOWS\system32\drivers\SamsungEDS.sys
09:39:22.0764 4772 DNSeFilter - ok
09:39:22.0795 4772 [ 8A4CB9438571814B128B6DC30D698064 ] DOSMEMIO C:\WINDOWS\system32\MEMIO.SYS
09:39:22.0826 4772 DOSMEMIO - ok
09:39:22.0858 4772 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:39:22.0873 4772 Dot3svc - ok
09:39:22.0889 4772 dpti2o - ok
09:39:22.0920 4772 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:39:22.0920 4772 drmkaud - ok
09:39:22.0967 4772 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:39:22.0983 4772 EapHost - ok
09:39:23.0030 4772 [ FFA45148A2D5D05DBB3C0997E579FC9C ] emAudio C:\WINDOWS\system32\drivers\emAudio.sys
09:39:23.0030 4772 emAudio - ok
09:39:23.0076 4772 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:39:23.0092 4772 ERSvc - ok
09:39:23.0155 4772 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:39:23.0201 4772 Eventlog - ok
09:39:23.0264 4772 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:39:23.0280 4772 EventSystem - ok
09:39:23.0326 4772 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:39:23.0342 4772 Fastfat - ok
09:39:23.0389 4772 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:39:23.0451 4772 FastUserSwitchingCompatibility - ok
09:39:23.0498 4772 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
09:39:23.0498 4772 Fdc - ok
09:39:23.0530 4772 [ 6F87E4706F59463B74BC4FAD0F67338F ] FiltUSBEMPIA C:\WINDOWS\system32\DRIVERS\emFilter.sys
09:39:23.0530 4772 FiltUSBEMPIA - ok
09:39:23.0545 4772 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:39:23.0561 4772 Fips - ok
09:39:23.0608 4772 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
09:39:23.0608 4772 Flpydisk - ok
09:39:23.0670 4772 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:39:23.0670 4772 FltMgr - ok
09:39:23.0764 4772 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:39:23.0780 4772 FontCache3.0.0.0 - ok
09:39:23.0826 4772 [ B07663A810E861EEBFD0EAC7E82CA62D ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
09:39:23.0842 4772 FsUsbExDisk - ok
09:39:23.0905 4772 [ F96C429788350DB4BA6771C3034DFD88 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
09:39:23.0936 4772 FsUsbExService - ok
09:39:23.0983 4772 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:39:23.0983 4772 Fs_Rec - ok
09:39:24.0123 4772 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:39:24.0139 4772 Ftdisk - ok
09:39:24.0186 4772 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:39:24.0201 4772 Gpc - ok
09:39:24.0248 4772 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:39:24.0264 4772 HDAudBus - ok
09:39:24.0311 4772 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:39:24.0326 4772 helpsvc - ok
09:39:24.0342 4772 HidServ - ok
09:39:24.0389 4772 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:39:24.0405 4772 HidUsb - ok
09:39:24.0451 4772 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:39:24.0467 4772 hkmsvc - ok
09:39:24.0483 4772 hpn - ok
09:39:24.0530 4772 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:39:24.0545 4772 HPZid412 - ok
09:39:24.0608 4772 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:39:24.0608 4772 HPZipr12 - ok
09:39:24.0655 4772 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:39:24.0655 4772 HPZius12 - ok
09:39:24.0733 4772 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:39:24.0842 4772 HTTP - ok
09:39:24.0905 4772 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:39:25.0139 4772 HTTPFilter - ok
09:39:25.0155 4772 i2omgmt - ok
09:39:25.0155 4772 i2omp - ok
09:39:25.0201 4772 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:39:25.0201 4772 i8042prt - ok
09:39:25.0436 4772 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:39:25.0592 4772 ialm - ok
09:39:25.0717 4772 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:39:25.0764 4772 idsvc - ok
09:39:25.0811 4772 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:39:25.0826 4772 Imapi - ok
09:39:25.0873 4772 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:39:25.0905 4772 ImapiService - ok
09:39:25.0920 4772 InCDFs - ok
09:39:25.0936 4772 InCDPass - ok
09:39:25.0951 4772 InCDRm - ok
09:39:25.0967 4772 ini910u - ok
09:39:26.0233 4772 [ ED90E04F7A1E385E2EA956CAD83F8070 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:39:26.0436 4772 IntcAzAudAddService - ok
09:39:26.0451 4772 IntelIde - ok
09:39:26.0498 4772 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:39:26.0498 4772 intelppm - ok
09:39:26.0530 4772 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:39:26.0530 4772 Ip6Fw - ok
09:39:26.0545 4772 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:39:26.0545 4772 IpFilterDriver - ok
09:39:26.0561 4772 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:39:26.0576 4772 IpInIp - ok
09:39:26.0592 4772 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:39:26.0592 4772 IpNat - ok
09:39:26.0655 4772 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:39:26.0655 4772 IPSec - ok
09:39:26.0701 4772 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:39:26.0701 4772 IRENUM - ok
09:39:26.0733 4772 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:39:26.0733 4772 isapnp - ok
09:39:26.0826 4772 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:39:26.0826 4772 JavaQuickStarterService - ok
09:39:26.0873 4772 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:39:26.0889 4772 Kbdclass - ok
09:39:26.0905 4772 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:39:26.0920 4772 kbdhid - ok
09:39:26.0951 4772 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:39:26.0967 4772 kmixer - ok
09:39:26.0998 4772 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:39:26.0998 4772 KSecDD - ok
09:39:27.0045 4772 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
09:39:27.0061 4772 LanmanServer - ok
09:39:27.0108 4772 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:39:27.0139 4772 lanmanworkstation - ok
09:39:27.0139 4772 lbrtfdc - ok
09:39:27.0186 4772 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:39:27.0201 4772 LmHosts - ok
09:39:27.0248 4772 [ 269C14D512B74CC28D2812FF7D1EB066 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
09:39:27.0264 4772 MarvinBus - ok
09:39:27.0295 4772 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:39:27.0311 4772 Messenger - ok
09:39:27.0358 4772 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:39:27.0358 4772 mnmdd - ok
09:39:27.0405 4772 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:39:27.0405 4772 mnmsrvc - ok
09:39:27.0436 4772 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:39:27.0451 4772 Modem - ok
09:39:27.0498 4772 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
09:39:27.0545 4772 Monfilt - ok
09:39:27.0561 4772 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:39:27.0561 4772 Mouclass - ok
09:39:27.0623 4772 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:39:27.0623 4772 mouhid - ok
09:39:27.0639 4772 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:39:27.0639 4772 MountMgr - ok
09:39:27.0655 4772 mraid35x - ok
09:39:27.0686 4772 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:39:27.0701 4772 MRxDAV - ok
09:39:27.0748 4772 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:39:27.0764 4772 MRxSmb - ok
09:39:27.0811 4772 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:39:27.0811 4772 MSDTC - ok
09:39:27.0889 4772 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:39:27.0889 4772 Msfs - ok
09:39:27.0905 4772 MSIServer - ok
09:39:28.0014 4772 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:39:28.0014 4772 MSKSSRV - ok
09:39:28.0030 4772 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:39:28.0045 4772 MSPCLOCK - ok
09:39:28.0061 4772 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:39:28.0061 4772 MSPQM - ok
09:39:28.0108 4772 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:39:28.0108 4772 mssmbios - ok
09:39:28.0139 4772 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
09:39:28.0201 4772 MSTEE - ok
09:39:28.0264 4772 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:39:28.0326 4772 Mup - ok
09:39:28.0373 4772 [ 88705DC61B9275B82E48904D53031F5B ] n558 C:\WINDOWS\system32\Drivers\n558.sys
09:39:28.0405 4772 n558 - ok
09:39:28.0451 4772 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:39:28.0467 4772 NABTSFEC - ok
09:39:28.0498 4772 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:39:28.0530 4772 napagent - ok
09:39:28.0576 4772 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:39:28.0592 4772 NDIS - ok
09:39:28.0592 4772 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:39:28.0608 4772 NdisIP - ok
09:39:28.0639 4772 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:39:28.0639 4772 NdisTapi - ok
09:39:28.0670 4772 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:39:28.0670 4772 Ndisuio - ok
09:39:28.0686 4772 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:39:28.0701 4772 NdisWan - ok
09:39:28.0748 4772 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:39:28.0764 4772 NDProxy - ok
09:39:28.0780 4772 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:39:28.0780 4772 NetBIOS - ok
09:39:28.0811 4772 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:39:28.0811 4772 NetBT - ok
09:39:28.0842 4772 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:39:28.0873 4772 NetDDE - ok
09:39:28.0873 4772 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:39:28.0889 4772 NetDDEdsdm - ok
09:39:28.0936 4772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:39:28.0936 4772 Netlogon - ok
09:39:28.0967 4772 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:39:28.0983 4772 Netman - ok
09:39:29.0045 4772 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:39:29.0045 4772 NetTcpPortSharing - ok
09:39:29.0108 4772 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:39:29.0139 4772 Nla - ok
09:39:29.0170 4772 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:39:29.0170 4772 Npfs - ok
09:39:29.0217 4772 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:39:29.0248 4772 Ntfs - ok
09:39:29.0264 4772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:39:29.0280 4772 NtLmSsp - ok
09:39:29.0342 4772 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:39:29.0373 4772 NtmsSvc - ok
09:39:29.0420 4772 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:39:29.0436 4772 Null - ok
09:39:29.0451 4772 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:39:29.0451 4772 NwlnkFlt - ok
09:39:29.0483 4772 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:39:29.0483 4772 NwlnkFwd - ok
09:39:29.0576 4772 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:39:29.0576 4772 ose - ok
09:39:29.0623 4772 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
09:39:29.0623 4772 Parport - ok
09:39:29.0655 4772 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:39:29.0655 4772 PartMgr - ok
09:39:29.0686 4772 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:39:29.0686 4772 ParVdm - ok
09:39:29.0748 4772 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:39:29.0748 4772 PCI - ok
09:39:29.0764 4772 PCIDump - ok
09:39:29.0780 4772 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:39:29.0780 4772 PCIIde - ok
09:39:29.0826 4772 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:39:29.0826 4772 Pcmcia - ok
09:39:29.0873 4772 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
09:39:29.0889 4772 pcouffin - ok
09:39:29.0889 4772 PDCOMP - ok
09:39:29.0905 4772 PDFRAME - ok
09:39:29.0920 4772 PDRELI - ok
09:39:29.0920 4772 PDRFRAME - ok
09:39:29.0936 4772 perc2 - ok
09:39:29.0936 4772 perc2hib - ok
09:39:29.0998 4772 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:39:30.0014 4772 PlugPlay - ok
09:39:30.0045 4772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:39:30.0061 4772 PolicyAgent - ok
09:39:30.0092 4772 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:39:30.0108 4772 PptpMiniport - ok
09:39:30.0108 4772 Profos - ok
09:39:30.0123 4772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:39:30.0139 4772 ProtectedStorage - ok
09:39:30.0170 4772 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:39:30.0170 4772 PSched - ok
09:39:30.0217 4772 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:39:30.0233 4772 Ptilink - ok
09:39:30.0233 4772 ql1080 - ok
09:39:30.0248 4772 Ql10wnt - ok
09:39:30.0248 4772 ql12160 - ok
09:39:30.0264 4772 ql1240 - ok
09:39:30.0280 4772 ql1280 - ok
09:39:30.0420 4772 [ 9054C4B91761773F0EFA59BED70C54B6 ] RapportCerberus_42020 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys
09:39:30.0436 4772 RapportCerberus_42020 - ok
09:39:30.0498 4772 [ 093B6A040BCF3FD4A0FFF397BAF28330 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
09:39:30.0498 4772 RapportEI - ok
09:39:30.0639 4772 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys
09:39:30.0639 4772 RapportIaso - ok
09:39:30.0686 4772 [ 660436FBE447EBC73873EF2B0B2094B4 ] RapportKELL C:\WINDOWS\system32\Drivers\RapportKELL.sys
09:39:30.0701 4772 RapportKELL - ok
09:39:30.0764 4772 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
09:39:30.0795 4772 RapportMgmtService - ok
09:39:30.0873 4772 [ 3DE33A522BB73E161F20D444687E978B ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
09:39:30.0889 4772 RapportPG - ok
09:39:30.0920 4772 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:39:30.0936 4772 RasAcd - ok
09:39:30.0983 4772 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:39:31.0014 4772 RasAuto - ok
09:39:31.0061 4772 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:39:31.0061 4772 Rasl2tp - ok
09:39:31.0092 4772 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:39:31.0123 4772 RasMan - ok
09:39:31.0155 4772 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:39:31.0155 4772 RasPppoe - ok
09:39:31.0170 4772 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:39:31.0186 4772 Raspti - ok
09:39:31.0248 4772 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:39:31.0264 4772 Rdbss - ok
09:39:31.0295 4772 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:39:31.0295 4772 RDPCDD - ok
09:39:31.0358 4772 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:39:31.0373 4772 RDPWD - ok
09:39:31.0420 4772 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:39:31.0701 4772 RDSessMgr - ok
09:39:31.0780 4772 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:39:31.0811 4772 redbook - ok
09:39:31.0858 4772 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:39:31.0873 4772 RemoteAccess - ok
09:39:31.0905 4772 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
09:39:31.0905 4772 RFCOMM - ok
09:39:31.0951 4772 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
09:39:31.0967 4772 RpcLocator - ok
09:39:31.0998 4772 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:39:32.0014 4772 RpcSs - ok
09:39:32.0061 4772 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:39:32.0076 4772 RSVP - ok
09:39:32.0108 4772 SABKUTIL - ok
09:39:32.0155 4772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:39:32.0170 4772 SamSs - ok
09:39:32.0233 4772 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:39:32.0248 4772 SASDIFSV - ok
09:39:32.0264 4772 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:39:32.0264 4772 SASKUTIL - ok
09:39:32.0311 4772 [ F5A633609777C212EC5FF19927FC5955 ] ScanUSBEMPIA C:\WINDOWS\system32\DRIVERS\emScan.sys
09:39:32.0311 4772 ScanUSBEMPIA - ok
09:39:32.0358 4772 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:39:32.0373 4772 SCardSvr - ok
09:39:32.0420 4772 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:39:32.0467 4772 Schedule - ok
09:39:32.0514 4772 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:39:32.0530 4772 Secdrv - ok
09:39:32.0561 4772 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:39:32.0592 4772 seclogon - ok
09:39:32.0639 4772 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:39:32.0686 4772 SENS - ok
09:39:32.0701 4772 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
09:39:32.0717 4772 Serial - ok
09:39:32.0795 4772 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:39:32.0811 4772 Sfloppy - ok
09:39:32.0873 4772 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:39:32.0905 4772 SharedAccess - ok
09:39:32.0951 4772 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:39:32.0983 4772 ShellHWDetection - ok
09:39:32.0998 4772 Simbad - ok
09:39:33.0045 4772 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:39:33.0045 4772 SLIP - ok
09:39:33.0108 4772 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:39:33.0108 4772 SONYPVU1 - ok
09:39:33.0123 4772 Sparrow - ok
09:39:33.0170 4772 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:39:33.0186 4772 splitter - ok
09:39:33.0248 4772 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:39:33.0295 4772 Spooler - ok
09:39:33.0342 4772 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:39:33.0342 4772 sr - ok
09:39:33.0373 4772 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:39:33.0420 4772 srservice - ok
09:39:33.0498 4772 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:39:33.0514 4772 Srv - ok
09:39:33.0576 4772 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus C:\WINDOWS\system32\DRIVERS\sscebus.sys
09:39:33.0576 4772 sscebus - ok
09:39:33.0608 4772 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
09:39:33.0623 4772 sscemdfl - ok
09:39:33.0670 4772 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm C:\WINDOWS\system32\DRIVERS\sscemdm.sys
09:39:33.0686 4772 sscemdm - ok
09:39:33.0717 4772 [ 60CD4AD33AA52E58FAAC3ABAD18CF8EF ] ssceserd C:\WINDOWS\system32\DRIVERS\ssceserd.sys
09:39:33.0733 4772 ssceserd - ok
09:39:33.0795 4772 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:39:33.0826 4772 SSDPSRV - ok
09:39:33.0889 4772 [ 07318149E102FD9197AB444C27774372 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
09:39:33.0905 4772 ssudmdm - ok
09:39:33.0936 4772 [ 4AD3A7D6963C8BA28F7001E853AF1BDC ] ssudserd C:\WINDOWS\system32\DRIVERS\ssudserd.sys
09:39:33.0951 4772 ssudserd - ok
09:39:34.0030 4772 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:39:34.0092 4772 stisvc - ok
09:39:34.0108 4772 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:39:34.0123 4772 streamip - ok
09:39:34.0186 4772 [ C0137B5947AE3D3FC1C17BA6FDFB3DAD ] SUEPD C:\WINDOWS\system32\DRIVERS\SUE_PD.sys
09:39:34.0186 4772 SUEPD - ok
09:39:34.0248 4772 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:39:34.0264 4772 swenum - ok
09:39:34.0280 4772 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:39:34.0295 4772 swmidi - ok
09:39:34.0311 4772 SwPrv - ok
09:39:34.0326 4772 symc810 - ok
09:39:34.0342 4772 symc8xx - ok
09:39:34.0373 4772 sym_hi - ok
09:39:34.0405 4772 sym_u3 - ok
09:39:34.0451 4772 [ EA447F6DB6115E8A32352F9FAFFA824D ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:39:34.0467 4772 SynTP - ok
09:39:34.0514 4772 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:39:34.0514 4772 sysaudio - ok
09:39:34.0561 4772 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:39:34.0592 4772 SysmonLog - ok
09:39:34.0623 4772 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:39:34.0639 4772 TapiSrv - ok
09:39:34.0701 4772 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:39:34.0733 4772 Tcpip - ok
09:39:34.0780 4772 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:39:34.0780 4772 TDPIPE - ok
09:39:34.0795 4772 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:39:34.0811 4772 TDTCP - ok
09:39:34.0826 4772 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:39:34.0842 4772 TermDD - ok
09:39:34.0889 4772 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:39:35.0233 4772 TermService - ok
09:39:35.0248 4772 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:39:35.0280 4772 Themes - ok
09:39:35.0295 4772 TosIde - ok
09:39:35.0342 4772 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:39:35.0358 4772 TrkWks - ok
09:39:35.0373 4772 Trufos - ok
09:39:35.0420 4772 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:39:35.0436 4772 Udfs - ok
09:39:35.0451 4772 ultra - ok
09:39:35.0514 4772 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:39:35.0530 4772 Update - ok
09:39:35.0561 4772 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:39:35.0576 4772 upnphost - ok
09:39:35.0608 4772 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:39:35.0639 4772 UPS - ok
09:39:35.0670 4772 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:39:35.0670 4772 usbccgp - ok
09:39:35.0701 4772 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:39:35.0701 4772 usbehci - ok
09:39:35.0748 4772 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:39:35.0748 4772 usbhub - ok
09:39:35.0811 4772 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:39:35.0811 4772 usbprint - ok
09:39:35.0858 4772 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:39:35.0873 4772 usbscan - ok
09:39:35.0889 4772 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:39:35.0905 4772 USBSTOR - ok
09:39:35.0920 4772 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:39:35.0920 4772 usbuhci - ok
09:39:35.0983 4772 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
09:39:35.0983 4772 usbvideo - ok
09:39:36.0014 4772 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:39:36.0014 4772 VgaSave - ok
09:39:36.0030 4772 ViaIde - ok
09:39:36.0076 4772 [ 4F101E48D060E318752FBC458A4B49F0 ] VMC326 C:\WINDOWS\system32\Drivers\VMC326.sys
09:39:36.0076 4772 VMC326 - ok
09:39:36.0139 4772 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:39:36.0139 4772 VolSnap - ok
09:39:36.0186 4772 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:39:36.0217 4772 VSS - ok
09:39:36.0248 4772 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
09:39:36.0280 4772 W32Time - ok
09:39:36.0342 4772 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:39:36.0342 4772 Wanarp - ok
09:39:36.0358 4772 WDICA - ok
09:39:36.0373 4772 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:39:36.0373 4772 wdmaud - ok
09:39:36.0545 4772 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:39:36.0561 4772 WebClient - ok
09:39:36.0670 4772 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:39:36.0670 4772 winmgmt - ok
09:39:36.0748 4772 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
09:39:36.0811 4772 WinRM - ok
09:39:36.0858 4772 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:39:36.0873 4772 WmdmPmSN - ok
09:39:36.0889 4772 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:39:36.0905 4772 WmiApSrv - ok
09:39:36.0998 4772 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
09:39:37.0030 4772 WMPNetworkSvc - ok
09:39:37.0076 4772 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:39:37.0092 4772 WpdUsb - ok
09:39:37.0186 4772 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:39:37.0233 4772 WPFFontCache_v0400 - ok
09:39:37.0264 4772 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:39:37.0264 4772 WS2IFSL - ok
09:39:37.0295 4772 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:39:37.0326 4772 wscsvc - ok
09:39:37.0342 4772 WSearch - ok
09:39:37.0358 4772 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:39:37.0358 4772 WSTCODEC - ok
09:39:37.0420 4772 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:39:37.0467 4772 wuauserv - ok
09:39:37.0514 4772 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:39:37.0514 4772 WudfPf - ok
09:39:37.0530 4772 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:39:37.0530 4772 WudfRd - ok
09:39:37.0545 4772 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:39:37.0576 4772 WudfSvc - ok
09:39:37.0639 4772 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:39:37.0686 4772 WZCSVC - ok
09:39:37.0717 4772 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:39:37.0811 4772 xmlprov - ok
09:39:37.0858 4772 [ 7578410B1512FAD9C485B134561E8B78 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
09:39:37.0873 4772 yukonwxp - ok
09:39:37.0920 4772 ================ Scan global ===============================
09:39:37.0967 4772 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:39:38.0014 4772 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:39:38.0076 4772 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:39:38.0108 4772 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:39:38.0139 4772 [Global] - ok
09:39:38.0139 4772 ================ Scan MBR ==================================
09:39:38.0155 4772 [ A0A345F7AB6F3BAC008FB0DE602E66CD ] \Device\Harddisk0\DR0
09:39:38.0811 4772 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:39:38.0811 4772 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:39:38.0811 4772 ================ Scan VBR ==================================
09:39:38.0811 4772 [ 0CFA7CABD431DBCBFA6142C94DF1DAC9 ] \Device\Harddisk0\DR0\Partition1
09:39:38.0826 4772 \Device\Harddisk0\DR0\Partition1 - ok
09:39:38.0842 4772 [ F42644035F0122FC4E4D3B5466E630A5 ] \Device\Harddisk0\DR0\Partition2
09:39:38.0842 4772 \Device\Harddisk0\DR0\Partition2 - ok
09:39:38.0842 4772 ============================================================
09:39:38.0842 4772 Scan finished
09:39:38.0842 4772 ============================================================
09:39:38.0873 2500 Detected object count: 1
09:39:38.0873 2500 Actual detected object count: 1
09:40:54.0842 2500 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:40:54.0842 2500 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:41:04.0748 6128 Deinitialize success

It found 1 suspicious file that I skipped. No reboot was required.

Malwarebytes Anti-Malware

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Katie Bigg :: KATIE [administrator]

21/08/2012 10:00:04
mbam-log-2012-08-21 (10-00-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193207
Time elapsed: 11 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 21 August 2012 - 02:01 PM

Hello, Please rerun TDSS and see if you can change the option for these 2 to..Cure or Delete.
09:40:54.0842 2500 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:40:54.0842 2500 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


I see both Avast and AVG installed,you cannot have 2 active AV's they cause trouble. Disable or remove one (AVG my choice).

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u6-windows-i586.exe (or jre-7u6-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 katiekins

katiekins
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:29 AM

Posted 21 August 2012 - 03:24 PM

Good Evening Boopme

Thank you for the quick response.


As instructed I ran TDSS killer again, I deleted the suspicious file. Do you need to see the file log?

As far as I am aware I am not running AVG along side Avast, I deleted AVG at least a year or two ago, I checked in my start menu and in add/ remove programmes section of control panel and cannot see it listed in their either!!! I have however noticed a few folders named AVG in the Local Disk (C ) and (D) section in my computer which 'appear' to be empty. Could these be left over files or has it not unistalled completely?

As for the Java I clicked on the link, Clicked the "Download JRE" button, Accepted the License Agreement but I can't see from the list my OS and Platform. I can see Windows x86, Windows x86 Offline and Windows x64 but as far as I am aware I am Windows XP and 32-bit. So I am unsure how to update this or which one to pick? :o

Thanks for your help.

Edited by katiekins, 21 August 2012 - 03:25 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 21 August 2012 - 03:41 PM

Hi, delete those AVG files.
I saw this in the installed programs list.
avast! Free Antivirus (Version: 7.0.1456.0)
AVG 2011 (Version: 10.0.1204)
AVG 2011 (Version: 10.0.1435)



Install this Java
Windows x86 Offline 29.73 MB jre-7u6-windows-i586.exe
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 katiekins

katiekins
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:29 AM

Posted 21 August 2012 - 03:59 PM

Hi, delete those AVG files.
I saw this in the installed programs list.
avast! Free Antivirus (Version: 7.0.1456.0)
AVG 2011 (Version: 10.0.1204)
AVG 2011 (Version: 10.0.1435)



Install this Java
Windows x86 Offline 29.73 MB jre-7u6-windows-i586.exe


Java is installed.

I have deleted those two AVG folders but is that what the programme list its referring to or could there be traces somewhere else I need to remove?

Thanks.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 21 August 2012 - 04:19 PM

Try running this AVG Remover and see if it sees anything,if not then it.s all gone.
http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_2125.exe
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 katiekins

katiekins
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:29 AM

Posted 22 August 2012 - 03:46 AM

Try running this AVG Remover and see if it sees anything,if not then it.s all gone.
http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_2125.exe


Done. It didn't say it found anything or needed a reboot.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 22 August 2012 - 09:42 PM

Well it looks good.
If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 katiekins

katiekins
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:29 AM

Posted 23 August 2012 - 03:59 AM

Hello

I have created a new system restore point and deleted the previous ones. I have also read the information you have linked - thank you- very insightfull!

I am still unable to update custom updates from the microsoft update website (software and hardware), it just fails to install but doesn't give me an error message or anything, I have tried to run the Microsoft fix it tool but this encounters an error and needs to close!

I also have had a blue screen error and shut down this morning whilst trying to update, followed by the system has recovered from a serious error message!

#12 katiekins

katiekins
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:29 AM

Posted 23 August 2012 - 04:05 AM

I am also getting error messages saying that the files I am trying to run (from Microsoft to update Windows messenger/ live) are not valid Win32 application ??????

#13 katiekins

katiekins
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:29 AM

Posted 23 August 2012 - 06:44 AM

I ran ESET again and got ...

C:\TDSSKiller_Quarantine\21.08.2012_20.51.00\tdlfs0000\tsk0004.dta Win32/Olmarik.XU trojan cleaned by deleting - quarantined

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 AM

Posted 23 August 2012 - 12:11 PM

If after reming Olmarik the problem persists ,then we should take a deeper look for a protected malware,perhaps a rootkit.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 katiekins

katiekins
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:29 AM

Posted 23 August 2012 - 06:12 PM

Good evening.

Thank you for replying so promptly.

I am still unable to get the updates to install, run the fix it tool from Microsoft and run other programmes I have downloaded to replace corrupt ones (like msn messenger). Could my registry be corrupt from malware or something? How can I find out?

I will try the next steps in the morning when I'm on my laptop and post the log where you have asked.

The BOB.B malware that was found in the operating memory in the first ESET scan which didn't appear to be quarantined or deleted wasn't picked up in the latest ESET scan, it's it likely that it has been cleaned/ deleted/ quarantined or could it still be there somewhere?

Thanks :-)

Edited by katiekins, 23 August 2012 - 06:15 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users