Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Ransom


  • Please log in to reply
19 replies to this topic

#1 grtcrowd

grtcrowd

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 18 August 2012 - 06:45 AM

Approx. 3 weeks ago, my desktop was infected with this nasty little creature. I was able to clear it then by using Rkill and running Malwarebytes in Safemode with networking. Suddenly it has reappeared. Same bug but a different screen now. Put it in Safemode with Networking, downloaded updates to MBAM and ran it and RKILL again. MBAM found only 3 items and deleted. Rebooted the computer. It didn't work. Have tried several more times but to no avail. Any suggestions, as I am obviously missing something.

Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 AM

Posted 18 August 2012 - 06:48 AM

Boot into safemode with networking


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 grtcrowd

grtcrowd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 18 August 2012 - 08:36 AM

The results from the TDSSkiller:
05:04:27.0484 0680 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
05:04:28.0625 0680 ============================================================
05:04:28.0625 0680 Current date / time: 2012/08/18 05:04:28.0625
05:04:28.0625 0680 SystemInfo:
05:04:28.0625 0680
05:04:28.0625 0680 OS Version: 5.1.2600 ServicePack: 3.0
05:04:28.0625 0680 Product type: Workstation
05:04:28.0625 0680 ComputerName: DESK
05:04:28.0625 0680 UserName: Millers
05:04:28.0625 0680 Windows directory: C:\WINDOWS
05:04:28.0625 0680 System windows directory: C:\WINDOWS
05:04:28.0625 0680 Processor architecture: Intel x86
05:04:28.0625 0680 Number of processors: 4
05:04:28.0625 0680 Page size: 0x1000
05:04:28.0625 0680 Boot type: Safe boot with network
05:04:28.0625 0680 ============================================================
05:04:29.0984 0680 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
05:04:29.0984 0680 ============================================================
05:04:29.0984 0680 \Device\Harddisk0\DR0:
05:04:29.0984 0680 MBR partitions:
05:04:29.0984 0680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
05:04:29.0984 0680 ============================================================
05:04:30.0000 0680 C: <-> \Device\Harddisk0\DR0\Partition1
05:04:30.0000 0680 ============================================================
05:04:30.0000 0680 Initialize success
05:04:30.0000 0680 ============================================================
05:04:34.0031 1040 ============================================================
05:04:34.0031 1040 Scan started
05:04:34.0031 1040 Mode: Manual;
05:04:34.0031 1040 ============================================================
05:04:35.0437 1040 ================ Scan services =============================
05:04:35.0671 1040 [ f7eabca8375ea2dc6f35c4bca4757515 ] A2DDA C:\Documents and Settings\Millers\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys
05:04:35.0671 1040 A2DDA - ok
05:04:35.0718 1040 Abiosdsk - ok
05:04:35.0734 1040 abp480n5 - ok
05:04:35.0781 1040 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:04:35.0796 1040 ACPI - ok
05:04:35.0828 1040 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
05:04:35.0828 1040 ACPIEC - ok
05:04:35.0906 1040 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
05:04:35.0921 1040 AdobeFlashPlayerUpdateSvc - ok
05:04:35.0921 1040 adpu160m - ok
05:04:35.0968 1040 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
05:04:35.0968 1040 aec - ok
05:04:36.0031 1040 [ 30bb1bde595ca65fd5549462080d94e5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
05:04:36.0031 1040 AegisP - ok
05:04:36.0078 1040 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
05:04:36.0078 1040 AFD - ok
05:04:36.0093 1040 Aha154x - ok
05:04:36.0109 1040 aic78u2 - ok
05:04:36.0125 1040 aic78xx - ok
05:04:36.0171 1040 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
05:04:36.0187 1040 Alerter - ok
05:04:36.0203 1040 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
05:04:36.0203 1040 ALG - ok
05:04:36.0203 1040 AliIde - ok
05:04:36.0218 1040 amsint - ok
05:04:36.0265 1040 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
05:04:36.0281 1040 AppMgmt - ok
05:04:36.0296 1040 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:04:36.0296 1040 Arp1394 - ok
05:04:36.0312 1040 asc - ok
05:04:36.0328 1040 asc3350p - ok
05:04:36.0343 1040 asc3550 - ok
05:04:36.0468 1040 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
05:04:36.0515 1040 aspnet_state - ok
05:04:36.0562 1040 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:04:36.0562 1040 AsyncMac - ok
05:04:36.0609 1040 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
05:04:36.0609 1040 atapi - ok
05:04:36.0625 1040 Atdisk - ok
05:04:36.0656 1040 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:04:36.0656 1040 Atmarpc - ok
05:04:36.0703 1040 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
05:04:36.0703 1040 AudioSrv - ok
05:04:36.0750 1040 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
05:04:36.0750 1040 audstub - ok
05:04:36.0906 1040 [ 6d440ff3f44ca72edfd6176c6d6a89c0 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
05:04:36.0968 1040 AVGIDSAgent - ok
05:04:37.0000 1040 [ 6699ece24fe4b3f752a66c66a602ee86 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
05:04:37.0000 1040 avgwd - ok
05:04:37.0062 1040 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
05:04:37.0062 1040 Beep - ok
05:04:37.0109 1040 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
05:04:37.0171 1040 BITS - ok
05:04:37.0203 1040 [ f934d1b230f84e1d19dd00ac5a7a83ed ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
05:04:37.0203 1040 Bridge - ok
05:04:37.0218 1040 [ f934d1b230f84e1d19dd00ac5a7a83ed ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
05:04:37.0218 1040 BridgeMP - ok
05:04:37.0250 1040 [ cfd4e51402da9838b5a04ae680af54a0 ] Browser C:\WINDOWS\System32\browser.dll
05:04:37.0250 1040 Browser - ok
05:04:37.0265 1040 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
05:04:37.0265 1040 cbidf2k - ok
05:04:37.0281 1040 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:04:37.0281 1040 CCDECODE - ok
05:04:37.0296 1040 cd20xrnt - ok
05:04:37.0312 1040 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
05:04:37.0312 1040 Cdaudio - ok
05:04:37.0343 1040 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
05:04:37.0343 1040 Cdfs - ok
05:04:37.0390 1040 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:04:37.0390 1040 Cdrom - ok
05:04:37.0453 1040 [ 1c7b1e36f3ced9e4b0b13385e627fe8b ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
05:04:37.0453 1040 cfwids - ok
05:04:37.0468 1040 Changer - ok
05:04:37.0515 1040 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
05:04:37.0515 1040 CiSvc - ok
05:04:37.0562 1040 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
05:04:37.0562 1040 ClipSrv - ok
05:04:37.0609 1040 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:04:37.0656 1040 clr_optimization_v2.0.50727_32 - ok
05:04:37.0671 1040 CmdIde - ok
05:04:37.0687 1040 COMSysApp - ok
05:04:37.0718 1040 Cpqarray - ok
05:04:37.0750 1040 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
05:04:37.0750 1040 CryptSvc - ok
05:04:37.0765 1040 dac2w2k - ok
05:04:37.0781 1040 dac960nt - ok
05:04:37.0843 1040 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
05:04:37.0843 1040 DcomLaunch - ok
05:04:37.0890 1040 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
05:04:37.0890 1040 Dhcp - ok
05:04:37.0906 1040 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
05:04:37.0921 1040 Disk - ok
05:04:37.0921 1040 dmadmin - ok
05:04:37.0984 1040 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
05:04:38.0000 1040 dmboot - ok
05:04:38.0031 1040 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
05:04:38.0031 1040 dmio - ok
05:04:38.0078 1040 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
05:04:38.0078 1040 dmload - ok
05:04:38.0125 1040 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
05:04:38.0125 1040 dmserver - ok
05:04:38.0171 1040 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
05:04:38.0203 1040 DMusic - ok
05:04:38.0234 1040 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
05:04:38.0250 1040 Dnscache - ok
05:04:38.0281 1040 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
05:04:38.0281 1040 Dot3svc - ok
05:04:38.0296 1040 dpti2o - ok
05:04:38.0328 1040 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
05:04:38.0343 1040 drmkaud - ok
05:04:38.0375 1040 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
05:04:38.0375 1040 EapHost - ok
05:04:38.0421 1040 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
05:04:38.0437 1040 ERSvc - ok
05:04:38.0484 1040 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
05:04:38.0546 1040 Eventlog - ok
05:04:38.0609 1040 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\System32\es.dll
05:04:38.0718 1040 EventSystem - ok
05:04:38.0734 1040 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
05:04:38.0734 1040 Fastfat - ok
05:04:38.0781 1040 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
05:04:38.0781 1040 FastUserSwitchingCompatibility - ok
05:04:38.0796 1040 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
05:04:38.0812 1040 Fdc - ok
05:04:38.0859 1040 [ b73ec688c29f81f9da0fcf63682b3ecb ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
05:04:38.0859 1040 FilterService - ok
05:04:38.0906 1040 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
05:04:38.0906 1040 Fips - ok
05:04:38.0921 1040 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
05:04:38.0921 1040 Flpydisk - ok
05:04:38.0937 1040 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
05:04:38.0937 1040 FltMgr - ok
05:04:39.0015 1040 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
05:04:39.0031 1040 FontCache3.0.0.0 - ok
05:04:39.0062 1040 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:04:39.0062 1040 Fs_Rec - ok
05:04:39.0062 1040 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:04:39.0062 1040 Ftdisk - ok
05:04:39.0093 1040 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:04:39.0109 1040 Gpc - ok
05:04:39.0187 1040 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
05:04:39.0187 1040 gupdate - ok
05:04:39.0203 1040 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
05:04:39.0203 1040 gupdatem - ok
05:04:39.0250 1040 [ c1b577b2169900f4cf7190c39f085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
05:04:39.0250 1040 gusvc - ok
05:04:39.0281 1040 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:04:39.0281 1040 HDAudBus - ok
05:04:39.0359 1040 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
05:04:39.0359 1040 helpsvc - ok
05:04:39.0390 1040 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll
05:04:39.0390 1040 HidServ - ok
05:04:39.0421 1040 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:04:39.0421 1040 hidusb - ok
05:04:39.0453 1040 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
05:04:39.0468 1040 hkmsvc - ok
05:04:39.0468 1040 hpn - ok
05:04:39.0515 1040 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
05:04:39.0531 1040 HTTP - ok
05:04:39.0562 1040 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
05:04:39.0562 1040 HTTPFilter - ok
05:04:39.0562 1040 i2omgmt - ok
05:04:39.0578 1040 i2omp - ok
05:04:39.0593 1040 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
05:04:39.0593 1040 Imapi - ok
05:04:39.0625 1040 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\System32\imapi.exe
05:04:39.0640 1040 ImapiService - ok
05:04:39.0656 1040 ini910u - ok
05:04:39.0765 1040 [ 1824c4894aa438cd06c976e44b9e7353 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
05:04:39.0875 1040 IntcAzAudAddService - ok
05:04:39.0875 1040 IntelIde - ok
05:04:39.0937 1040 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:04:39.0937 1040 intelppm - ok
05:04:39.0953 1040 [ 3bb22519a194418d5fec05d800a19ad0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
05:04:39.0953 1040 ip6fw - ok
05:04:39.0984 1040 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:04:39.0984 1040 IpFilterDriver - ok
05:04:40.0000 1040 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:04:40.0000 1040 IpInIp - ok
05:04:40.0015 1040 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:04:40.0015 1040 IpNat - ok
05:04:40.0031 1040 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:04:40.0031 1040 IPSec - ok
05:04:40.0062 1040 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
05:04:40.0062 1040 IRENUM - ok
05:04:40.0109 1040 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:04:40.0109 1040 isapnp - ok
05:04:40.0187 1040 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
05:04:40.0203 1040 JavaQuickStarterService - ok
05:04:40.0218 1040 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:04:40.0218 1040 Kbdclass - ok
05:04:40.0218 1040 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:04:40.0218 1040 kbdhid - ok
05:04:40.0250 1040 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
05:04:40.0250 1040 kmixer - ok
05:04:40.0296 1040 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
05:04:40.0296 1040 KSecDD - ok
05:04:40.0328 1040 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
05:04:40.0328 1040 lanmanserver - ok
05:04:40.0343 1040 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
05:04:40.0359 1040 lanmanworkstation - ok
05:04:40.0359 1040 lbrtfdc - ok
05:04:40.0437 1040 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
05:04:40.0437 1040 LmHosts - ok
05:04:40.0484 1040 [ 1a7db7a00a4b0d8da24cd691a4547291 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
05:04:40.0484 1040 LVPr2Mon - ok
05:04:40.0562 1040 [ 0ddfdcaa92c7f553328db06ba599bea9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
05:04:40.0562 1040 LVPrcSrv - ok
05:04:40.0593 1040 [ 37072ec9299e825f4335cc554b6fac6a ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
05:04:40.0609 1040 LVRS - ok
05:04:40.0718 1040 [ a240e42a7402e927a71b6e8aa4629b13 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
05:04:40.0843 1040 LVUVC - ok
05:04:40.0890 1040 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
05:04:40.0890 1040 MBAMProtector - ok
05:04:40.0953 1040 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
05:04:40.0968 1040 MBAMService - ok
05:04:41.0031 1040 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:04:41.0031 1040 McAfee SiteAdvisor Service - ok
05:04:41.0046 1040 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:04:41.0046 1040 McMPFSvc - ok
05:04:41.0062 1040 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:04:41.0062 1040 mcmscsvc - ok
05:04:41.0078 1040 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:04:41.0078 1040 McNaiAnn - ok
05:04:41.0125 1040 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:04:41.0125 1040 McNASvc - ok
05:04:41.0171 1040 [ 135aa9e9e7047b7dc1f753205d421a26 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
05:04:41.0171 1040 McODS - ok
05:04:41.0187 1040 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:04:41.0187 1040 McProxy - ok
05:04:41.0250 1040 [ 000751813ecef491689176e72b3a8bee ] McPvDrv C:\WINDOWS\system32\drivers\McPvDrv.sys
05:04:41.0250 1040 McPvDrv - ok
05:04:41.0296 1040 [ 85db8ddd2d664716bb5b2d3405f9ef92 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
05:04:41.0296 1040 McShield - ok
05:04:41.0328 1040 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
05:04:41.0328 1040 Messenger - ok
05:04:41.0359 1040 [ 43c31bdf404a6d7a7ac1bfd5ead2a566 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
05:04:41.0359 1040 mfeapfk - ok
05:04:41.0390 1040 [ c1dc5f42d3367f33b6451be78b38bd46 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
05:04:41.0390 1040 mfeavfk - ok
05:04:41.0406 1040 [ 0435c43f4c2be01b84868ad2a906397b ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
05:04:41.0406 1040 mfebopk - ok
05:04:41.0437 1040 [ 183ab9dce971e029c50223765671839c ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
05:04:41.0453 1040 mfefire - ok
05:04:41.0453 1040 [ 4ea6ff90015424517843e931448e00f1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
05:04:41.0453 1040 mfefirek - ok
05:04:41.0484 1040 [ d1e998748ba24a731106611d535c6bbf ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
05:04:41.0484 1040 mfehidk - ok
05:04:41.0515 1040 [ 26c76d10ed650e6492800d6f081ecfba ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
05:04:41.0515 1040 mfendisk - ok
05:04:41.0515 1040 [ 26c76d10ed650e6492800d6f081ecfba ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
05:04:41.0515 1040 mfendiskmp - ok
05:04:41.0578 1040 [ f454a13377f0a006d20a8c14a753c432 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
05:04:41.0578 1040 mferkdet - ok
05:04:41.0593 1040 [ 070d3faf2eac417c59d8674a8752f7a6 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
05:04:41.0593 1040 mfetdi2k - ok
05:04:41.0609 1040 [ 2b8dfc60edddaa33eb5e9f7c91b48acd ] mfevtp C:\WINDOWS\system32\mfevtps.exe
05:04:41.0609 1040 mfevtp - ok
05:04:41.0656 1040 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
05:04:41.0656 1040 mnmdd - ok
05:04:41.0703 1040 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
05:04:41.0703 1040 mnmsrvc - ok
05:04:41.0796 1040 [ 35176fa09a0fc58db630991a81a0ba39 ] MOBKbackup C:\Program Files\McAfee Online Backup\MOBKbackup.exe
05:04:41.0812 1040 MOBKbackup - ok
05:04:41.0812 1040 [ e896775837a8bce436348df460522394 ] MOBKFilter C:\WINDOWS\system32\DRIVERS\MOBK.sys
05:04:41.0828 1040 MOBKFilter - ok
05:04:41.0859 1040 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
05:04:41.0859 1040 Modem - ok
05:04:41.0875 1040 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:04:41.0875 1040 Mouclass - ok
05:04:41.0890 1040 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:04:41.0890 1040 mouhid - ok
05:04:41.0906 1040 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
05:04:41.0921 1040 MountMgr - ok
05:04:41.0921 1040 mraid35x - ok
05:04:41.0968 1040 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:04:41.0968 1040 MRxDAV - ok
05:04:42.0000 1040 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:04:42.0000 1040 MRxSmb - ok
05:04:42.0031 1040 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
05:04:42.0031 1040 MSDTC - ok
05:04:42.0046 1040 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
05:04:42.0046 1040 Msfs - ok
05:04:42.0062 1040 MSIServer - ok
05:04:42.0093 1040 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:04:42.0093 1040 MSK80Service - ok
05:04:42.0140 1040 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:04:42.0140 1040 MSKSSRV - ok
05:04:42.0156 1040 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:04:42.0156 1040 MSPCLOCK - ok
05:04:42.0171 1040 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
05:04:42.0171 1040 MSPQM - ok
05:04:42.0203 1040 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:04:42.0203 1040 mssmbios - ok
05:04:42.0250 1040 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
05:04:42.0250 1040 MSTEE - ok
05:04:42.0265 1040 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
05:04:42.0265 1040 Mup - ok
05:04:42.0296 1040 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:04:42.0296 1040 NABTSFEC - ok
05:04:42.0343 1040 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
05:04:42.0343 1040 napagent - ok
05:04:42.0390 1040 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
05:04:42.0390 1040 NDIS - ok
05:04:42.0531 1040 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:04:42.0531 1040 NdisIP - ok
05:04:42.0593 1040 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:04:42.0593 1040 NdisTapi - ok
05:04:42.0609 1040 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:04:42.0609 1040 Ndisuio - ok
05:04:42.0640 1040 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:04:42.0640 1040 NdisWan - ok
05:04:42.0687 1040 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
05:04:42.0687 1040 NDProxy - ok
05:04:42.0687 1040 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
05:04:42.0703 1040 NetBIOS - ok
05:04:42.0750 1040 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
05:04:42.0750 1040 NetBT - ok
05:04:42.0781 1040 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
05:04:42.0796 1040 NetDDE - ok
05:04:42.0796 1040 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
05:04:42.0796 1040 NetDDEdsdm - ok
05:04:42.0859 1040 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\System32\lsass.exe
05:04:42.0859 1040 Netlogon - ok
05:04:42.0890 1040 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
05:04:42.0890 1040 Netman - ok
05:04:42.0890 1040 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:04:42.0890 1040 NIC1394 - ok
05:04:42.0984 1040 [ c5e030ad636ae338115dc895aa874ff0 ] NitroDriverReadSpool2 C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
05:04:42.0984 1040 NitroDriverReadSpool2 - ok
05:04:43.0031 1040 [ ccc9f57d8bdb89f0d0995131a656de31 ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
05:04:43.0046 1040 NitroReaderDriverReadSpool2 - ok
05:04:43.0062 1040 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
05:04:43.0062 1040 Nla - ok
05:04:43.0078 1040 [ 8828a0a581396d87110973adcda034f2 ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE
05:04:43.0093 1040 nlsX86cc - ok
05:04:43.0125 1040 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
05:04:43.0125 1040 Npfs - ok
05:04:43.0156 1040 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
05:04:43.0156 1040 Ntfs - ok
05:04:43.0171 1040 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
05:04:43.0171 1040 NtLmSsp - ok
05:04:43.0218 1040 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
05:04:43.0218 1040 NtmsSvc - ok
05:04:43.0234 1040 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
05:04:43.0250 1040 Null - ok
05:04:43.0375 1040 [ 6350e7b41c7b6ee630ab1b011ffd4ce2 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
05:04:43.0515 1040 nv - ok
05:04:43.0562 1040 [ 98cabfce7741d5378f700dbf33be854d ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
05:04:43.0562 1040 NVSvc - ok
05:04:43.0609 1040 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:04:43.0609 1040 NwlnkFlt - ok
05:04:43.0609 1040 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:04:43.0609 1040 NwlnkFwd - ok
05:04:43.0656 1040 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:04:43.0671 1040 ohci1394 - ok
05:04:43.0718 1040 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\drivers\Parport.sys
05:04:43.0718 1040 Parport - ok
05:04:43.0718 1040 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
05:04:43.0718 1040 PartMgr - ok
05:04:43.0750 1040 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
05:04:43.0750 1040 ParVdm - ok
05:04:43.0796 1040 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
05:04:43.0796 1040 PCI - ok
05:04:43.0812 1040 PCIDump - ok
05:04:43.0828 1040 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
05:04:43.0828 1040 PCIIde - ok
05:04:43.0875 1040 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
05:04:43.0875 1040 Pcmcia - ok
05:04:43.0875 1040 PDCOMP - ok
05:04:43.0890 1040 PDFRAME - ok
05:04:43.0906 1040 PDRELI - ok
05:04:43.0921 1040 PDRFRAME - ok
05:04:43.0937 1040 perc2 - ok
05:04:43.0953 1040 perc2hib - ok
05:04:44.0015 1040 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
05:04:44.0015 1040 PlugPlay - ok
05:04:44.0031 1040 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
05:04:44.0031 1040 PolicyAgent - ok
05:04:44.0046 1040 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:04:44.0046 1040 PptpMiniport - ok
05:04:44.0062 1040 [ a32bebaf723557681bfc6bd93e98bd26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
05:04:44.0062 1040 Processor - ok
05:04:44.0062 1040 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
05:04:44.0078 1040 ProtectedStorage - ok
05:04:44.0093 1040 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
05:04:44.0093 1040 PSched - ok
05:04:44.0140 1040 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:04:44.0140 1040 Ptilink - ok
05:04:44.0156 1040 ql1080 - ok
05:04:44.0171 1040 Ql10wnt - ok
05:04:44.0187 1040 ql12160 - ok
05:04:44.0187 1040 ql1240 - ok
05:04:44.0203 1040 ql1280 - ok
05:04:44.0265 1040 QuickBooksDB - ok
05:04:44.0312 1040 RadioPI_4eService - ok
05:04:44.0328 1040 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:04:44.0328 1040 RasAcd - ok
05:04:44.0359 1040 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
05:04:44.0359 1040 RasAuto - ok
05:04:44.0390 1040 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:04:44.0390 1040 Rasl2tp - ok
05:04:44.0406 1040 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
05:04:44.0406 1040 RasMan - ok
05:04:44.0421 1040 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:04:44.0421 1040 RasPppoe - ok
05:04:44.0437 1040 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
05:04:44.0437 1040 Raspti - ok
05:04:44.0468 1040 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:04:44.0468 1040 Rdbss - ok
05:04:44.0468 1040 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:04:44.0468 1040 RDPCDD - ok
05:04:44.0500 1040 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:04:44.0500 1040 rdpdr - ok
05:04:44.0546 1040 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
05:04:44.0546 1040 RDPWD - ok
05:04:44.0578 1040 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
05:04:44.0578 1040 RDSessMgr - ok
05:04:44.0593 1040 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
05:04:44.0593 1040 redbook - ok
05:04:44.0625 1040 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
05:04:44.0625 1040 RemoteAccess - ok
05:04:44.0656 1040 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
05:04:44.0656 1040 RemoteRegistry - ok
05:04:44.0687 1040 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\System32\locator.exe
05:04:44.0687 1040 RpcLocator - ok
05:04:44.0703 1040 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\system32\rpcss.dll
05:04:44.0718 1040 RpcSs - ok
05:04:44.0765 1040 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\System32\rsvp.exe
05:04:44.0765 1040 RSVP - ok
05:04:44.0796 1040 [ 8fb81531fb97e46efa3adfc4e4dcadbe ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
05:04:44.0796 1040 rtl8185 - ok
05:04:44.0828 1040 [ 89619ef503f949fae09252a8b883ee11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
05:04:44.0828 1040 RTLE8023xp - ok
05:04:44.0843 1040 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
05:04:44.0843 1040 SamSs - ok
05:04:44.0859 1040 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
05:04:44.0859 1040 SCardSvr - ok
05:04:44.0875 1040 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
05:04:44.0890 1040 Schedule - ok
05:04:44.0906 1040 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:04:44.0906 1040 Secdrv - ok
05:04:44.0937 1040 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
05:04:44.0937 1040 seclogon - ok
05:04:44.0937 1040 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
05:04:44.0953 1040 SENS - ok
05:04:44.0968 1040 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
05:04:44.0968 1040 Serial - ok
05:04:45.0000 1040 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
05:04:45.0000 1040 Sfloppy - ok
05:04:45.0031 1040 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
05:04:45.0031 1040 ShellHWDetection - ok
05:04:45.0046 1040 Simbad - ok
05:04:45.0093 1040 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:04:45.0093 1040 SLIP - ok
05:04:45.0109 1040 Sparrow - ok
05:04:45.0156 1040 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
05:04:45.0156 1040 splitter - ok
05:04:45.0187 1040 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
05:04:45.0187 1040 Spooler - ok
05:04:45.0218 1040 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
05:04:45.0218 1040 sr - ok
05:04:45.0265 1040 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\System32\srsvc.dll
05:04:45.0265 1040 srservice - ok
05:04:45.0312 1040 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
05:04:45.0312 1040 Srv - ok
05:04:45.0328 1040 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
05:04:45.0328 1040 SSDPSRV - ok
05:04:45.0343 1040 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
05:04:45.0343 1040 stisvc - ok
05:04:45.0359 1040 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:04:45.0359 1040 streamip - ok
05:04:45.0390 1040 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
05:04:45.0390 1040 swenum - ok
05:04:45.0406 1040 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
05:04:45.0406 1040 swmidi - ok
05:04:45.0406 1040 SwPrv - ok
05:04:45.0437 1040 symc810 - ok
05:04:45.0453 1040 symc8xx - ok
05:04:45.0453 1040 sym_hi - ok
05:04:45.0468 1040 sym_u3 - ok
05:04:45.0500 1040 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
05:04:45.0500 1040 sysaudio - ok
05:04:45.0515 1040 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
05:04:45.0531 1040 SysmonLog - ok
05:04:45.0546 1040 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
05:04:45.0562 1040 TapiSrv - ok
05:04:45.0609 1040 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:04:45.0609 1040 Tcpip - ok
05:04:45.0640 1040 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
05:04:45.0640 1040 TDPIPE - ok
05:04:45.0671 1040 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
05:04:45.0671 1040 TDTCP - ok
05:04:45.0671 1040 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
05:04:45.0671 1040 TermDD - ok
05:04:45.0703 1040 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
05:04:45.0703 1040 TermService - ok
05:04:45.0718 1040 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
05:04:45.0718 1040 Themes - ok
05:04:45.0750 1040 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
05:04:45.0750 1040 TlntSvr - ok
05:04:45.0750 1040 TosIde - ok
05:04:45.0796 1040 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
05:04:45.0796 1040 TrkWks - ok
05:04:45.0828 1040 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
05:04:45.0828 1040 Udfs - ok
05:04:45.0859 1040 [ c3cd138762aab1797805c26bf5defcbe ] UGURU C:\WINDOWS\system32\drivers\uGuru.sys
05:04:45.0859 1040 UGURU - ok
05:04:45.0875 1040 ultra - ok
05:04:45.0906 1040 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
05:04:45.0906 1040 Update - ok
05:04:45.0937 1040 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
05:04:45.0937 1040 upnphost - ok
05:04:45.0937 1040 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
05:04:45.0937 1040 UPS - ok
05:04:45.0984 1040 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
05:04:45.0984 1040 usbaudio - ok
05:04:46.0031 1040 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:04:46.0031 1040 usbccgp - ok
05:04:46.0093 1040 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:04:46.0093 1040 usbehci - ok
05:04:46.0093 1040 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:04:46.0093 1040 usbhub - ok
05:04:46.0156 1040 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:04:46.0156 1040 usbprint - ok
05:04:46.0187 1040 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:04:46.0187 1040 usbscan - ok
05:04:46.0218 1040 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:04:46.0218 1040 USBSTOR - ok
05:04:46.0218 1040 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:04:46.0218 1040 usbuhci - ok
05:04:46.0296 1040 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
05:04:46.0296 1040 usbvideo - ok
05:04:46.0359 1040 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
05:04:46.0359 1040 VgaSave - ok
05:04:46.0359 1040 ViaIde - ok
05:04:46.0421 1040 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
05:04:46.0421 1040 VolSnap - ok
05:04:46.0453 1040 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
05:04:46.0453 1040 VSS - ok
05:04:46.0484 1040 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\System32\w32time.dll
05:04:46.0484 1040 W32Time - ok
05:04:46.0500 1040 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:04:46.0500 1040 Wanarp - ok
05:04:46.0515 1040 WDICA - ok
05:04:46.0562 1040 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
05:04:46.0562 1040 wdmaud - ok
05:04:46.0593 1040 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
05:04:46.0593 1040 WebClient - ok
05:04:46.0703 1040 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
05:04:46.0703 1040 winmgmt - ok
05:04:46.0765 1040 [ c7e39ea41233e9f5b86c8da3a9f1e4a8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
05:04:46.0765 1040 WmdmPmSN - ok
05:04:46.0843 1040 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
05:04:46.0859 1040 Wmi - ok
05:04:46.0906 1040 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
05:04:46.0921 1040 WmiApSrv - ok
05:04:46.0953 1040 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:04:46.0953 1040 WSTCODEC - ok
05:04:46.0984 1040 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
05:04:47.0015 1040 wuauserv - ok
05:04:47.0046 1040 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
05:04:47.0046 1040 WZCSVC - ok
05:04:47.0093 1040 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
05:04:47.0125 1040 xmlprov - ok
05:04:47.0171 1040 ================ Scan global ===============================
05:04:47.0203 1040 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
05:04:47.0250 1040 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
05:04:47.0250 1040 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
05:04:47.0265 1040 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:04:47.0265 1040 [Global] - ok
05:04:47.0265 1040 ================ Scan MBR ==================================
05:04:47.0281 1040 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
05:04:47.0421 1040 \Device\Harddisk0\DR0 - ok
05:04:47.0421 1040 ================ Scan VBR ==================================
05:04:47.0437 1040 Boot (0x1200) (86ada430f99ceb9e895491b5381803f7) \Device\Harddisk0\DR0\Partition1
05:04:47.0437 1040 \Device\Harddisk0\DR0\Partition1 - ok
05:04:47.0437 1040 ============================================================
05:04:47.0437 1040 Scan finished
05:04:47.0437 1040 ============================================================
05:04:47.0468 1028 Detected object count: 0
05:04:47.0468 1028 Actual detected object count: 0
05:05:11.0546 0388 ============================================================
05:05:11.0546 0388 Scan started
05:05:11.0546 0388 Mode: Manual; TDLFS;
05:05:11.0546 0388 ============================================================
05:05:11.0921 0388 ================ Scan services =============================
05:05:12.0062 0388 [ f7eabca8375ea2dc6f35c4bca4757515 ] A2DDA C:\Documents and Settings\Millers\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys
05:05:12.0062 0388 A2DDA - ok
05:05:12.0109 0388 Abiosdsk - ok
05:05:12.0125 0388 abp480n5 - ok
05:05:12.0156 0388 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:05:12.0156 0388 ACPI - ok
05:05:12.0187 0388 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
05:05:12.0203 0388 ACPIEC - ok
05:05:12.0265 0388 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
05:05:12.0265 0388 AdobeFlashPlayerUpdateSvc - ok
05:05:12.0265 0388 adpu160m - ok
05:05:12.0312 0388 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
05:05:12.0312 0388 aec - ok
05:05:12.0359 0388 [ 30bb1bde595ca65fd5549462080d94e5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
05:05:12.0359 0388 AegisP - ok
05:05:12.0406 0388 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
05:05:12.0406 0388 AFD - ok
05:05:12.0421 0388 Aha154x - ok
05:05:12.0437 0388 aic78u2 - ok
05:05:12.0453 0388 aic78xx - ok
05:05:12.0484 0388 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
05:05:12.0484 0388 Alerter - ok
05:05:12.0515 0388 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
05:05:12.0515 0388 ALG - ok
05:05:12.0515 0388 AliIde - ok
05:05:12.0531 0388 amsint - ok
05:05:12.0562 0388 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
05:05:12.0562 0388 AppMgmt - ok
05:05:12.0578 0388 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:05:12.0578 0388 Arp1394 - ok
05:05:12.0593 0388 asc - ok
05:05:12.0609 0388 asc3350p - ok
05:05:12.0625 0388 asc3550 - ok
05:05:12.0734 0388 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
05:05:12.0734 0388 aspnet_state - ok
05:05:12.0765 0388 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:05:12.0765 0388 AsyncMac - ok
05:05:12.0796 0388 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
05:05:12.0796 0388 atapi - ok
05:05:12.0812 0388 Atdisk - ok
05:05:12.0843 0388 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:05:12.0843 0388 Atmarpc - ok
05:05:12.0875 0388 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
05:05:12.0875 0388 AudioSrv - ok
05:05:12.0921 0388 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
05:05:12.0921 0388 audstub - ok
05:05:13.0062 0388 [ 6d440ff3f44ca72edfd6176c6d6a89c0 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
05:05:13.0093 0388 AVGIDSAgent - ok
05:05:13.0125 0388 [ 6699ece24fe4b3f752a66c66a602ee86 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
05:05:13.0125 0388 avgwd - ok
05:05:13.0171 0388 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
05:05:13.0171 0388 Beep - ok
05:05:13.0218 0388 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
05:05:13.0234 0388 BITS - ok
05:05:13.0250 0388 [ f934d1b230f84e1d19dd00ac5a7a83ed ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
05:05:13.0265 0388 Bridge - ok
05:05:13.0265 0388 [ f934d1b230f84e1d19dd00ac5a7a83ed ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
05:05:13.0265 0388 BridgeMP - ok
05:05:13.0312 0388 [ cfd4e51402da9838b5a04ae680af54a0 ] Browser C:\WINDOWS\System32\browser.dll
05:05:13.0312 0388 Browser - ok
05:05:13.0328 0388 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
05:05:13.0328 0388 cbidf2k - ok
05:05:13.0328 0388 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:05:13.0328 0388 CCDECODE - ok
05:05:13.0343 0388 cd20xrnt - ok
05:05:13.0359 0388 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
05:05:13.0359 0388 Cdaudio - ok
05:05:13.0390 0388 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
05:05:13.0390 0388 Cdfs - ok
05:05:13.0406 0388 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:05:13.0406 0388 Cdrom - ok
05:05:13.0468 0388 [ 1c7b1e36f3ced9e4b0b13385e627fe8b ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
05:05:13.0468 0388 cfwids - ok
05:05:13.0468 0388 Changer - ok
05:05:13.0515 0388 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
05:05:13.0515 0388 CiSvc - ok
05:05:13.0531 0388 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
05:05:13.0531 0388 ClipSrv - ok
05:05:13.0578 0388 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:05:13.0578 0388 clr_optimization_v2.0.50727_32 - ok
05:05:13.0593 0388 CmdIde - ok
05:05:13.0609 0388 COMSysApp - ok
05:05:13.0640 0388 Cpqarray - ok
05:05:13.0656 0388 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
05:05:13.0656 0388 CryptSvc - ok
05:05:13.0671 0388 dac2w2k - ok
05:05:13.0671 0388 dac960nt - ok
05:05:13.0718 0388 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
05:05:13.0718 0388 DcomLaunch - ok
05:05:13.0750 0388 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
05:05:13.0750 0388 Dhcp - ok
05:05:13.0765 0388 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
05:05:13.0765 0388 Disk - ok
05:05:13.0781 0388 dmadmin - ok
05:05:13.0812 0388 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
05:05:13.0812 0388 dmboot - ok
05:05:13.0875 0388 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
05:05:13.0875 0388 dmio - ok
05:05:13.0890 0388 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
05:05:13.0890 0388 dmload - ok
05:05:13.0906 0388 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
05:05:13.0906 0388 dmserver - ok
05:05:13.0968 0388 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
05:05:13.0968 0388 DMusic - ok
05:05:14.0000 0388 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
05:05:14.0000 0388 Dnscache - ok
05:05:14.0015 0388 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
05:05:14.0015 0388 Dot3svc - ok
05:05:14.0031 0388 dpti2o - ok
05:05:14.0031 0388 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
05:05:14.0031 0388 drmkaud - ok
05:05:14.0046 0388 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
05:05:14.0046 0388 EapHost - ok
05:05:14.0062 0388 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
05:05:14.0062 0388 ERSvc - ok
05:05:14.0078 0388 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
05:05:14.0078 0388 Eventlog - ok
05:05:14.0125 0388 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\System32\es.dll
05:05:14.0125 0388 EventSystem - ok
05:05:14.0140 0388 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
05:05:14.0140 0388 Fastfat - ok
05:05:14.0171 0388 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
05:05:14.0171 0388 FastUserSwitchingCompatibility - ok
05:05:14.0187 0388 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
05:05:14.0187 0388 Fdc - ok
05:05:14.0218 0388 [ b73ec688c29f81f9da0fcf63682b3ecb ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
05:05:14.0218 0388 FilterService - ok
05:05:14.0265 0388 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
05:05:14.0265 0388 Fips - ok
05:05:14.0265 0388 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
05:05:14.0265 0388 Flpydisk - ok
05:05:14.0281 0388 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
05:05:14.0281 0388 FltMgr - ok
05:05:14.0328 0388 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
05:05:14.0328 0388 FontCache3.0.0.0 - ok
05:05:14.0359 0388 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:05:14.0359 0388 Fs_Rec - ok
05:05:14.0359 0388 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:05:14.0359 0388 Ftdisk - ok
05:05:14.0406 0388 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:05:14.0406 0388 Gpc - ok
05:05:14.0484 0388 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
05:05:14.0484 0388 gupdate - ok
05:05:14.0484 0388 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
05:05:14.0484 0388 gupdatem - ok
05:05:14.0515 0388 [ c1b577b2169900f4cf7190c39f085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
05:05:14.0515 0388 gusvc - ok
05:05:14.0546 0388 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:05:14.0546 0388 HDAudBus - ok
05:05:14.0609 0388 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
05:05:14.0609 0388 helpsvc - ok
05:05:14.0625 0388 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll
05:05:14.0625 0388 HidServ - ok
05:05:14.0625 0388 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:05:14.0625 0388 hidusb - ok
05:05:14.0656 0388 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
05:05:14.0656 0388 hkmsvc - ok
05:05:14.0656 0388 hpn - ok
05:05:14.0687 0388 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
05:05:14.0687 0388 HTTP - ok
05:05:14.0703 0388 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
05:05:14.0703 0388 HTTPFilter - ok
05:05:14.0703 0388 i2omgmt - ok
05:05:14.0703 0388 i2omp - ok
05:05:14.0703 0388 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
05:05:14.0703 0388 Imapi - ok
05:05:14.0734 0388 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\System32\imapi.exe
05:05:14.0734 0388 ImapiService - ok
05:05:14.0734 0388 ini910u - ok
05:05:14.0843 0388 [ 1824c4894aa438cd06c976e44b9e7353 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
05:05:14.0859 0388 IntcAzAudAddService - ok
05:05:14.0875 0388 IntelIde - ok
05:05:14.0906 0388 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:05:14.0906 0388 intelppm - ok
05:05:14.0921 0388 [ 3bb22519a194418d5fec05d800a19ad0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
05:05:14.0921 0388 ip6fw - ok
05:05:14.0937 0388 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:05:14.0937 0388 IpFilterDriver - ok
05:05:14.0937 0388 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:05:14.0937 0388 IpInIp - ok
05:05:14.0937 0388 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:05:14.0953 0388 IpNat - ok
05:05:14.0953 0388 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:05:14.0953 0388 IPSec - ok
05:05:14.0968 0388 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
05:05:14.0968 0388 IRENUM - ok
05:05:15.0000 0388 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:05:15.0000 0388 isapnp - ok
05:05:15.0046 0388 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
05:05:15.0046 0388 JavaQuickStarterService - ok
05:05:15.0046 0388 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:05:15.0046 0388 Kbdclass - ok
05:05:15.0046 0388 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:05:15.0046 0388 kbdhid - ok
05:05:15.0062 0388 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
05:05:15.0062 0388 kmixer - ok
05:05:15.0093 0388 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
05:05:15.0093 0388 KSecDD - ok
05:05:15.0140 0388 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
05:05:15.0140 0388 lanmanserver - ok
05:05:15.0140 0388 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
05:05:15.0156 0388 lanmanworkstation - ok
05:05:15.0156 0388 lbrtfdc - ok
05:05:15.0156 0388 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
05:05:15.0156 0388 LmHosts - ok
05:05:15.0203 0388 [ 1a7db7a00a4b0d8da24cd691a4547291 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
05:05:15.0203 0388 LVPr2Mon - ok
05:05:15.0250 0388 [ 0ddfdcaa92c7f553328db06ba599bea9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
05:05:15.0250 0388 LVPrcSrv - ok
05:05:15.0296 0388 [ 37072ec9299e825f4335cc554b6fac6a ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
05:05:15.0296 0388 LVRS - ok
05:05:15.0390 0388 [ a240e42a7402e927a71b6e8aa4629b13 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
05:05:15.0437 0388 LVUVC - ok
05:05:15.0468 0388 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
05:05:15.0468 0388 MBAMProtector - ok
05:05:15.0515 0388 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
05:05:15.0515 0388 MBAMService - ok
05:05:15.0578 0388 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:05:15.0578 0388 McAfee SiteAdvisor Service - ok
05:05:15.0578 0388 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:05:15.0578 0388 McMPFSvc - ok
05:05:15.0578 0388 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:05:15.0578 0388 mcmscsvc - ok
05:05:15.0578 0388 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:05:15.0578 0388 McNaiAnn - ok
05:05:15.0593 0388 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:05:15.0593 0388 McNASvc - ok
05:05:15.0640 0388 [ 135aa9e9e7047b7dc1f753205d421a26 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
05:05:15.0640 0388 McODS - ok
05:05:15.0640 0388 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:05:15.0640 0388 McProxy - ok
05:05:15.0687 0388 [ 000751813ecef491689176e72b3a8bee ] McPvDrv C:\WINDOWS\system32\drivers\McPvDrv.sys
05:05:15.0687 0388 McPvDrv - ok
05:05:15.0718 0388 [ 85db8ddd2d664716bb5b2d3405f9ef92 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
05:05:15.0718 0388 McShield - ok
05:05:15.0750 0388 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
05:05:15.0750 0388 Messenger - ok
05:05:15.0781 0388 [ 43c31bdf404a6d7a7ac1bfd5ead2a566 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
05:05:15.0781 0388 mfeapfk - ok
05:05:15.0828 0388 [ c1dc5f42d3367f33b6451be78b38bd46 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
05:05:15.0828 0388 mfeavfk - ok
05:05:15.0828 0388 [ 0435c43f4c2be01b84868ad2a906397b ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
05:05:15.0828 0388 mfebopk - ok
05:05:15.0890 0388 [ 183ab9dce971e029c50223765671839c ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
05:05:15.0890 0388 mfefire - ok
05:05:15.0890 0388 [ 4ea6ff90015424517843e931448e00f1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
05:05:15.0890 0388 mfefirek - ok
05:05:15.0906 0388 [ d1e998748ba24a731106611d535c6bbf ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
05:05:15.0906 0388 mfehidk - ok
05:05:15.0921 0388 [ 26c76d10ed650e6492800d6f081ecfba ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
05:05:15.0921 0388 mfendisk - ok
05:05:15.0921 0388 [ 26c76d10ed650e6492800d6f081ecfba ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
05:05:15.0921 0388 mfendiskmp - ok
05:05:15.0921 0388 [ f454a13377f0a006d20a8c14a753c432 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
05:05:15.0921 0388 mferkdet - ok
05:05:15.0937 0388 [ 070d3faf2eac417c59d8674a8752f7a6 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
05:05:15.0937 0388 mfetdi2k - ok
05:05:15.0937 0388 [ 2b8dfc60edddaa33eb5e9f7c91b48acd ] mfevtp C:\WINDOWS\system32\mfevtps.exe
05:05:15.0937 0388 mfevtp - ok
05:05:15.0984 0388 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
05:05:15.0984 0388 mnmdd - ok
05:05:16.0031 0388 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
05:05:16.0031 0388 mnmsrvc - ok
05:05:16.0093 0388 [ 35176fa09a0fc58db630991a81a0ba39 ] MOBKbackup C:\Program Files\McAfee Online Backup\MOBKbackup.exe
05:05:16.0109 0388 MOBKbackup - ok
05:05:16.0109 0388 [ e896775837a8bce436348df460522394 ] MOBKFilter C:\WINDOWS\system32\DRIVERS\MOBK.sys
05:05:16.0109 0388 MOBKFilter - ok
05:05:16.0125 0388 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
05:05:16.0125 0388 Modem - ok
05:05:16.0156 0388 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:05:16.0156 0388 Mouclass - ok
05:05:16.0171 0388 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:05:16.0171 0388 mouhid - ok
05:05:16.0171 0388 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
05:05:16.0171 0388 MountMgr - ok
05:05:16.0171 0388 mraid35x - ok
05:05:16.0187 0388 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:05:16.0187 0388 MRxDAV - ok
05:05:16.0234 0388 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:05:16.0234 0388 MRxSmb - ok
05:05:16.0250 0388 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
05:05:16.0250 0388 MSDTC - ok
05:05:16.0250 0388 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
05:05:16.0250 0388 Msfs - ok
05:05:16.0250 0388 MSIServer - ok
05:05:16.0265 0388 [ 7e6932eeda54c8eaf7dc6c2225261b85 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:05:16.0265 0388 MSK80Service - ok
05:05:16.0296 0388 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:05:16.0296 0388 MSKSSRV - ok
05:05:16.0328 0388 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:05:16.0328 0388 MSPCLOCK - ok
05:05:16.0328 0388 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
05:05:16.0328 0388 MSPQM - ok
05:05:16.0359 0388 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:05:16.0359 0388 mssmbios - ok
05:05:16.0406 0388 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
05:05:16.0406 0388 MSTEE - ok
05:05:16.0406 0388 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
05:05:16.0406 0388 Mup - ok
05:05:16.0406 0388 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:05:16.0406 0388 NABTSFEC - ok
05:05:16.0437 0388 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
05:05:16.0437 0388 napagent - ok
05:05:16.0437 0388 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
05:05:16.0437 0388 NDIS - ok
05:05:16.0468 0388 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:05:16.0468 0388 NdisIP - ok
05:05:16.0500 0388 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:05:16.0500 0388 NdisTapi - ok
05:05:16.0531 0388 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:05:16.0531 0388 Ndisuio - ok
05:05:16.0531 0388 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:05:16.0531 0388 NdisWan - ok
05:05:16.0531 0388 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
05:05:16.0531 0388 NDProxy - ok
05:05:16.0531 0388 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
05:05:16.0531 0388 NetBIOS - ok
05:05:16.0546 0388 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
05:05:16.0546 0388 NetBT - ok
05:05:16.0578 0388 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
05:05:16.0578 0388 NetDDE - ok
05:05:16.0578 0388 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
05:05:16.0578 0388 NetDDEdsdm - ok
05:05:16.0625 0388 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\System32\lsass.exe
05:05:16.0625 0388 Netlogon - ok
05:05:16.0625 0388 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
05:05:16.0640 0388 Netman - ok
05:05:16.0640 0388 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:05:16.0640 0388 NIC1394 - ok
05:05:16.0734 0388 [ c5e030ad636ae338115dc895aa874ff0 ] NitroDriverReadSpool2 C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
05:05:16.0734 0388 NitroDriverReadSpool2 - ok
05:05:16.0765 0388 [ ccc9f57d8bdb89f0d0995131a656de31 ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
05:05:16.0765 0388 NitroReaderDriverReadSpool2 - ok
05:05:16.0781 0388 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
05:05:16.0781 0388 Nla - ok
05:05:16.0812 0388 [ 8828a0a581396d87110973adcda034f2 ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE
05:05:16.0828 0388 nlsX86cc - ok
05:05:16.0859 0388 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
05:05:16.0859 0388 Npfs - ok
05:05:16.0875 0388 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
05:05:16.0890 0388 Ntfs - ok
05:05:16.0890 0388 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
05:05:16.0890 0388 NtLmSsp - ok
05:05:16.0921 0388 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
05:05:16.0937 0388 NtmsSvc - ok
05:05:16.0953 0388 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
05:05:16.0953 0388 Null - ok
05:05:17.0078 0388 [ 6350e7b41c7b6ee630ab1b011ffd4ce2 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
05:05:17.0109 0388 nv - ok
05:05:17.0109 0388 [ 98cabfce7741d5378f700dbf33be854d ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
05:05:17.0109 0388 NVSvc - ok
05:05:17.0187 0388 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:05:17.0187 0388 NwlnkFlt - ok
05:05:17.0218 0388 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:05:17.0218 0388 NwlnkFwd - ok
05:05:17.0218 0388 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:05:17.0218 0388 ohci1394 - ok
05:05:17.0234 0388 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\drivers\Parport.sys
05:05:17.0234 0388 Parport - ok
05:05:17.0234 0388 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
05:05:17.0234 0388 PartMgr - ok
05:05:17.0265 0388 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
05:05:17.0265 0388 ParVdm - ok
05:05:17.0281 0388 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
05:05:17.0281 0388 PCI - ok
05:05:17.0281 0388 PCIDump - ok
05:05:17.0296 0388 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
05:05:17.0296 0388 PCIIde - ok
05:05:17.0312 0388 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
05:05:17.0312 0388 Pcmcia - ok
05:05:17.0328 0388 PDCOMP - ok
05:05:17.0328 0388 PDFRAME - ok
05:05:17.0328 0388 PDRELI - ok
05:05:17.0328 0388 PDRFRAME - ok
05:05:17.0328 0388 perc2 - ok
05:05:17.0328 0388 perc2hib - ok
05:05:17.0375 0388 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
05:05:17.0375 0388 PlugPlay - ok
05:05:17.0406 0388 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
05:05:17.0406 0388 PolicyAgent - ok
05:05:17.0421 0388 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:05:17.0421 0388 PptpMiniport - ok
05:05:17.0421 0388 [ a32bebaf723557681bfc6bd93e98bd26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
05:05:17.0421 0388 Processor - ok
05:05:17.0421 0388 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
05:05:17.0421 0388 ProtectedStorage - ok
05:05:17.0437 0388 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
05:05:17.0437 0388 PSched - ok
05:05:17.0437 0388 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:05:17.0437 0388 Ptilink - ok
05:05:17.0437 0388 ql1080 - ok
05:05:17.0437 0388 Ql10wnt - ok
05:05:17.0437 0388 ql12160 - ok
05:05:17.0453 0388 ql1240 - ok
05:05:17.0453 0388 ql1280 - ok
05:05:17.0500 0388 QuickBooksDB - ok
05:05:17.0546 0388 RadioPI_4eService - ok
05:05:17.0562 0388 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:05:17.0562 0388 RasAcd - ok
05:05:17.0578 0388 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
05:05:17.0578 0388 RasAuto - ok
05:05:17.0593 0388 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:05:17.0593 0388 Rasl2tp - ok
05:05:17.0609 0388 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
05:05:17.0609 0388 RasMan - ok
05:05:17.0609 0388 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:05:17.0609 0388 RasPppoe - ok
05:05:17.0609 0388 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
05:05:17.0609 0388 Raspti - ok
05:05:17.0625 0388 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:05:17.0625 0388 Rdbss - ok
05:05:17.0640 0388 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:05:17.0640 0388 RDPCDD - ok
05:05:17.0640 0388 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:05:17.0640 0388 rdpdr - ok
05:05:17.0671 0388 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
05:05:17.0671 0388 RDPWD - ok
05:05:17.0703 0388 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
05:05:17.0703 0388 RDSessMgr - ok
05:05:17.0718 0388 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
05:05:17.0734 0388 redbook - ok
05:05:17.0765 0388 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
05:05:17.0765 0388 RemoteAccess - ok
05:05:17.0796 0388 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
05:05:17.0796 0388 RemoteRegistry - ok
05:05:17.0812 0388 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\System32\locator.exe
05:05:17.0812 0388 RpcLocator - ok
05:05:17.0828 0388 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\system32\rpcss.dll
05:05:17.0843 0388 RpcSs - ok
05:05:17.0875 0388 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\System32\rsvp.exe
05:05:17.0875 0388 RSVP - ok
05:05:17.0906 0388 [ 8fb81531fb97e46efa3adfc4e4dcadbe ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
05:05:17.0906 0388 rtl8185 - ok
05:05:17.0937 0388 [ 89619ef503f949fae09252a8b883ee11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
05:05:17.0937 0388 RTLE8023xp - ok
05:05:17.0984 0388 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
05:05:17.0984 0388 SamSs - ok
05:05:17.0984 0388 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
05:05:17.0984 0388 SCardSvr - ok
05:05:17.0984 0388 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
05:05:17.0984 0388 Schedule - ok
05:05:18.0000 0388 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:05:18.0000 0388 Secdrv - ok
05:05:18.0000 0388 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
05:05:18.0000 0388 seclogon - ok
05:05:18.0000 0388 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
05:05:18.0000 0388 SENS - ok
05:05:18.0015 0388 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
05:05:18.0015 0388 Serial - ok
05:05:18.0015 0388 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
05:05:18.0015 0388 Sfloppy - ok
05:05:18.0046 0388 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
05:05:18.0046 0388 ShellHWDetection - ok
05:05:18.0062 0388 Simbad - ok
05:05:18.0093 0388 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:05:18.0093 0388 SLIP - ok
05:05:18.0093 0388 Sparrow - ok
05:05:18.0125 0388 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
05:05:18.0125 0388 splitter - ok
05:05:18.0140 0388 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
05:05:18.0140 0388 Spooler - ok
05:05:18.0171 0388 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
05:05:18.0171 0388 sr - ok
05:05:18.0187 0388 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\System32\srsvc.dll
05:05:18.0187 0388 srservice - ok
05:05:18.0203 0388 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
05:05:18.0218 0388 Srv - ok
05:05:18.0234 0388 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
05:05:18.0234 0388 SSDPSRV - ok
05:05:18.0234 0388 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
05:05:18.0234 0388 stisvc - ok
05:05:18.0250 0388 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:05:18.0250 0388 streamip - ok
05:05:18.0250 0388 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
05:05:18.0250 0388 swenum - ok
05:05:18.0250 0388 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
05:05:18.0250 0388 swmidi - ok
05:05:18.0250 0388 SwPrv - ok
05:05:18.0265 0388 symc810 - ok
05:05:18.0265 0388 symc8xx - ok
05:05:18.0265 0388 sym_hi - ok
05:05:18.0265 0388 sym_u3 - ok
05:05:18.0265 0388 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
05:05:18.0265 0388 sysaudio - ok
05:05:18.0296 0388 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
05:05:18.0296 0388 SysmonLog - ok
05:05:18.0296 0388 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
05:05:18.0296 0388 TapiSrv - ok
05:05:18.0343 0388 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:05:18.0343 0388 Tcpip - ok
05:05:18.0359 0388 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
05:05:18.0359 0388 TDPIPE - ok
05:05:18.0390 0388 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
05:05:18.0390 0388 TDTCP - ok
05:05:18.0390 0388 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
05:05:18.0390 0388 TermDD - ok
05:05:18.0406 0388 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
05:05:18.0406 0388 TermService - ok
05:05:18.0421 0388 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
05:05:18.0421 0388 Themes - ok
05:05:18.0437 0388 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
05:05:18.0453 0388 TlntSvr - ok
05:05:18.0453 0388 TosIde - ok
05:05:18.0468 0388 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
05:05:18.0468 0388 TrkWks - ok
05:05:18.0500 0388 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
05:05:18.0500 0388 Udfs - ok
05:05:18.0515 0388 [ c3cd138762aab1797805c26bf5defcbe ] UGURU C:\WINDOWS\system32\drivers\uGuru.sys
05:05:18.0515 0388 UGURU - ok
05:05:18.0515 0388 ultra - ok
05:05:18.0531 0388 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
05:05:18.0531 0388 Update - ok
05:05:18.0562 0388 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
05:05:18.0562 0388 upnphost - ok
05:05:18.0562 0388 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
05:05:18.0562 0388 UPS - ok
05:05:18.0593 0388 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
05:05:18.0593 0388 usbaudio - ok
05:05:18.0656 0388 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:05:18.0656 0388 usbccgp - ok
05:05:18.0687 0388 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:05:18.0703 0388 usbehci - ok
05:05:18.0703 0388 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:05:18.0703 0388 usbhub - ok
05:05:18.0734 0388 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:05:18.0734 0388 usbprint - ok
05:05:18.0765 0388 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:05:18.0765 0388 usbscan - ok
05:05:18.0781 0388 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:05:18.0781 0388 USBSTOR - ok
05:05:18.0781 0388 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:05:18.0781 0388 usbuhci - ok
05:05:18.0796 0388 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
05:05:18.0796 0388 usbvideo - ok
05:05:18.0812 0388 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
05:05:18.0812 0388 VgaSave - ok
05:05:18.0812 0388 ViaIde - ok
05:05:18.0828 0388 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
05:05:18.0828 0388 VolSnap - ok
05:05:18.0843 0388 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
05:05:18.0843 0388 VSS - ok
05:05:18.0859 0388 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\System32\w32time.dll
05:05:18.0859 0388 W32Time - ok
05:05:18.0859 0388 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:05:18.0859 0388 Wanarp - ok
05:05:18.0859 0388 WDICA - ok
05:05:18.0875 0388 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
05:05:18.0875 0388 wdmaud - ok
05:05:18.0875 0388 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
05:05:18.0875 0388 WebClient - ok
05:05:18.0953 0388 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
05:05:18.0953 0388 winmgmt - ok
05:05:18.0984 0388 [ c7e39ea41233e9f5b86c8da3a9f1e4a8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
05:05:18.0984 0388 WmdmPmSN - ok
05:05:19.0015 0388 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
05:05:19.0031 0388 Wmi - ok
05:05:19.0046 0388 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
05:05:19.0046 0388 WmiApSrv - ok
05:05:19.0062 0388 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:05:19.0062 0388 WSTCODEC - ok
05:05:19.0093 0388 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
05:05:19.0093 0388 wuauserv - ok
05:05:19.0140 0388 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
05:05:19.0140 0388 WZCSVC - ok
05:05:19.0171 0388 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
05:05:19.0171 0388 xmlprov - ok
05:05:19.0171 0388 ================ Scan global ===============================
05:05:19.0187 0388 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
05:05:19.0218 0388 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
05:05:19.0218 0388 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
05:05:19.0234 0388 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:05:19.0234 0388 [Global] - ok
05:05:19.0234 0388 ================ Scan MBR ==================================
05:05:19.0250 0388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
05:05:19.0468 0388 \Device\Harddisk0\DR0 - ok
05:05:19.0468 0388 ================ Scan VBR ==================================
05:05:19.0468 0388 Boot (0x1200) (86ada430f99ceb9e895491b5381803f7) \Device\Harddisk0\DR0\Partition1
05:05:19.0468 0388 \Device\Harddisk0\DR0\Partition1 - ok
05:05:19.0468 0388 ============================================================
05:05:19.0468 0388 Scan finished
05:05:19.0468 0388 ============================================================
05:05:19.0468 0620 Detected object count: 0
05:05:19.0468 0620 Actual detected object count: 0


aswMBR results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-18 05:09:18
-----------------------------
05:09:18.828 OS Version: Windows 5.1.2600 Service Pack 3
05:09:18.828 Number of processors: 4 586 0xF0B
05:09:18.828 ComputerName: DESK UserName:
05:09:19.437 Initialize success
05:25:10.093 AVAST engine defs: 12081800
05:25:24.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
05:25:24.890 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
05:25:24.906 Disk 0 MBR read successfully
05:25:24.921 Disk 0 MBR scan
05:25:24.968 Disk 0 Windows XP default MBR code
05:25:25.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
05:25:25.000 Disk 0 scanning sectors +976752000
05:25:25.093 Disk 0 scanning C:\WINDOWS\system32\drivers
05:25:33.203 Service scanning
05:25:46.781 Modules scanning
05:25:50.312 Disk 0 trace - called modules:
05:25:50.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
05:25:50.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac99ab8]
05:25:50.375 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8ac9f9e8]
05:25:50.531 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x8ad0d940]
05:25:59.812 AVAST engine scan C:\WINDOWS
05:26:19.500 AVAST engine scan C:\WINDOWS\system32
05:28:27.937 AVAST engine scan C:\WINDOWS\system32\drivers
05:28:47.031 AVAST engine scan C:\Documents and Settings\Millers
05:35:38.921 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
05:36:56.609 Scan finished successfully
05:37:11.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Millers\Desktop\MBR.dat"
05:37:11.453 The log file has been saved successfully to "C:\Documents and Settings\Millers\Desktop\aswMBR.txt"

ESET results:

C:\Documents and Settings\Millers\Local Settings\Temp\1jfuweif.exe a variant of Win32/Injector.VES trojan cleaned by deleting - quarantined
C:\Documents and Settings\Millers\Local Settings\Temp\V.class a variant of Java/Exploit.CVE-2011-3544.BQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Millers\Local Settings\Temp\ICReinstall\cnet_InternationalPrimoPDF_exe[1].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 AM

Posted 18 August 2012 - 08:45 AM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#5 grtcrowd

grtcrowd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 18 August 2012 - 11:39 AM

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Alcmtr" "Realtek Azalia Audio - Event Monitor" "Realtek Semiconductor Corp." "c:\windows\alcmtr.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "LogitechQuickCamRibbon" "Camera Software" "Logitech Inc." "c:\program files\logitech\logitech webcam software\lws.exe"
+ "Malwarebytes' Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamgui.exe"
+ "McPvTray_exe" "McAfee AntiTheft Tray" "McAfee, Inc." "c:\program files\mcafee\mat\mcpvtray.exe"
+ "mcui_exe" "McAfee Security Center" "McAfee, Inc." "c:\program files\mcafee.com\agent\mcagent.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 120.57 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "RadioPI Search Scope Monitor" "" "" "File not found: C:\PROGRA~1\RADIOP~2\bar\1.bin\4esrchmn.exe"
+ "ROC_roc_dec12" "" "" "File not found: C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup" "" "" ""
+ "Microsoft Office.lnk" "Microsoft Office XP component" "Microsoft Corporation" "c:\program files\microsoft office\office10\osa.exe"
+ "QuickBooks Update Agent.lnk" "QuickBooks Automatic Update" "Intuit Inc." "c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe"
+ "REALTEK RTL8185 Wireless LAN Utility.lnk" "RtWLan MFC Application" "Realtek Semiconductor Corp." "c:\program files\realtek rtl8185 wireless lan driver and utility\rtwlan.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "DriverFinder" "" "" "File not found: C:\Program Files\DriverFinder\DriverFinder.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\millers\local settings\application data\google\update\googleupdate.exe"
+ "GoogleChrome" "" "" "File not found: C:\DOCUME~1\Millers\LOCALS~1\Temp\1jfuweif.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "application/x-mfe-ipt" "McAfee MSC IE plugin DLL" "McAfee, Inc." "c:\program files\mcafee\msc\mcsniepl.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "dssrequest" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgpp.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "sacore" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
+ "NPShellExtension" "Nitro Pro ShellExtension " "" "c:\program files\nitro pdf\professional 7\npshellextension.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "MOBK" "McAfee Online Backup Shell Extensions" "McAfee, Inc." "c:\program files\mcafee online backup\mobkshell.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "MOBK" "McAfee Online Backup Shell Extensions" "McAfee, Inc." "c:\program files\mcafee online backup\mobkshell.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 120.57 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "MOBK" "McAfee Online Backup Shell Extensions" "McAfee, Inc." "c:\program files\mcafee online backup\mobkshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
+ "MOBK" "McAfee Online Backup Shell Extensions" "McAfee, Inc." "c:\program files\mcafee online backup\mobkshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "MOBK" "McAfee Online Backup Shell Extensions" "McAfee, Inc." "c:\program files\mcafee online backup\mobkshell.dll"
+ "MOBK2" "McAfee Online Backup Shell Extensions" "McAfee, Inc." "c:\program files\mcafee online backup\mobkshell.dll"
+ "MOBK3" "McAfee Online Backup Shell Extensions" "McAfee, Inc." "c:\program files\mcafee online backup\mobkshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Avery Toolbar" "Ask Toolbar" "Ask" "c:\program files\ask.com\genericasktoolbar.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgssie.dll"
+ "Babylon toolbar helper" "" "" "File not found: C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.6\bh\BabylonToolbar.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\scriptsn.20120725231437.dll"
+ "Search Assistant BHO" "" "" "File not found: C:\Program Files\RadioPI_4e\bar\1.bin\4eSrcAs.dll"
+ "Toolbar BHO" "" "" "File not found: C:\PROGRA~1\RADIOP~2\bar\1.bin\4ebar.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Avery Toolbar" "Ask Toolbar" "Ask" "c:\program files\ask.com\genericasktoolbar.dll"
+ "Babylon Toolbar" "" "" "File not found: C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.6\BabylonToolbarTlbr.dll"
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "RadioPI" "" "" "File not found: C:\Program Files\RadioPI_4e\bar\1.bin\4ebar.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-602162358-1659004503-839522115-1003Core.job" "Google Installer" "Google Inc." "c:\documents and settings\millers\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-602162358-1659004503-839522115-1003UA.job" "Google Installer" "Google Inc." "c:\documents and settings\millers\local settings\application data\google\update\googleupdate.exe"
+ "Scheduled Update for Ask Toolbar.job" "" "" "c:\program files\ask.com\updatetask.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "LVPrcSrv" "Injector service" "Logitech Inc." "c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "McAfee SiteAdvisor Service" "McAfee SiteAdvisor Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McMPFSvc" "Helps protect your computer from intrusion and let's you manage your computer's trusted programs." "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "mcmscsvc" "McAfee Services" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNaiAnn" "McAfee VirusScan Announcer" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNASvc" "Allows McAfee applications to communicate securely on the local network." "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McODS" "McAfee Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcods.exe"
+ "McProxy" "McAfee Proxy Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McShield" "McAfee OnAccess Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mcshield.exe"
+ "mfefire" "Provides firewall services to McAfee products" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mfefire.exe"
+ "mfevtp" "Provides validation trust protection services" "McAfee, Inc." "c:\windows\system32\mfevtps.exe"
+ "MOBKbackup" "Backs up configured files to the McAfee Online Backup servers. Please do not stop or restart this service - it could corrupt your McAfee Online Backup installation." "McAfee, Inc." "c:\program files\mcafee online backup\mobkbackup.exe"
+ "MSK80Service" "This service filters e-mail messages on your computer" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "NitroDriverReadSpool2" "Nitro PDF Driver Read Spool 2" "Nitro PDF Software" "c:\program files\nitro pdf\professional 7\nitropdfdriverservice2.exe"
+ "NitroReaderDriverReadSpool2" "Nitro PDF Reader Driver Read Spool 2" "Nitro PDF Software" "c:\program files\nitro pdf\reader 2\nitropdfreaderdriverservice2.exe"
+ "nlsX86cc" "Nalpeiron Licensing Service" "Nalpeiron Ltd." "c:\windows\system32\nlssrv32.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "QuickBooksDB" "Quickbooks database service" "Intuit, Inc." "c:\program files\intuit\quickbooks 2006\qbdbmgrn.exe"
+ "RadioPI_4eService" "" "" "File not found: C:\PROGRA~1\RADIOP~2\bar\1.bin\4ebarsvc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "A2DDA" "Emsisoft Direct Disk Access Support Driver" "Emsi Software GmbH" "c:\documents and settings\millers\desktop\emsisoftemergencykit\run\a2ddax86.sys"
+ "AegisP" "AEGIS Protocol (IEEE 802.1x) v3.4.5.0" "Meetinghouse Data Communications" "c:\windows\system32\drivers\aegisp.sys"
+ "cfwids" "McAfee Personal Firewall IDS Plugin" "McAfee, Inc." "c:\windows\system32\drivers\cfwids.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "FilterService" "Logitech USB Video Class Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvcflt.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LVPr2Mon" "Logitech ProcMon Driver" "Logitech Inc." "c:\windows\system32\drivers\lvpr2mon.sys"
+ "LVRS" "Logitech Kernel Audio Improvement Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvrs.sys"
+ "LVUVC" "Logitech USB Video Class Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "McPvDrv" "McAfee AntiTheft Driver" "McAfee, Inc." "c:\windows\system32\drivers\mcpvdrv.sys"
+ "mfeapfk" "Access Protection Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeapfk.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfebopk" "Buffer Overflow Protection Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfebopk.sys"
+ "mfefirek" "McAfee Core Firewall Engine Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfefirek.sys"
+ "mfehidk" "McAfee Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mfendisk" "McAfee NDIS Intermediate Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfendisk.sys"
+ "mfendiskmp" "McAfee NDIS Intermediate Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfendisk.sys"
+ "mferkdet" "McAfee Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdet.sys"
+ "mfetdi2k" "Anti-Virus Mini-Firewall Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfetdi2k.sys"
+ "MOBKFilter" "McAfee Online Backup Change Monitor" "Mozy, Inc." "c:\windows\system32\drivers\mobk.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 177.79 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "rtl8185" "Realtek RTL8185 NDIS5.1 miniport driver" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8185.sys"
+ "RTLE8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtenicxp.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "UGURU" "uGuru.sys" "ABIT" "c:\windows\system32\drivers\uguru.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.FPS1" "Fraps" "Beepa P/L" "c:\windows\system32\frapsvid.dll"
+ "VIDC.I420" "Video Codec" "Logitech Inc." "c:\windows\system32\lvcodec2.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Canon BJ Language Monitor PIXMA iP3000" "BJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm61.dll"
+ "Nitro PDF Port Monitor" "Windows NT Nitro Print PDF Interface Driver" "Nitro PDF Software" "c:\windows\system32\nitrolocalmon2.dll"
+ "PrimoMon" "" "" "c:\windows\system32\primomonnt.dll"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 AM

Posted 18 August 2012 - 11:41 AM

That looks good

Reboot to normal mode

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 grtcrowd

grtcrowd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 18 August 2012 - 02:12 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.18.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Millers :: DESK [administrator]

Protection: Enabled

8/18/2012 9:54:09 AM
mbam-log-2012-08-18 (09-54-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384159
Time elapsed: 1 hour(s), 18 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 23-07-2012
Ran by Millers (administrator) on 18-08-2012 at 11:47:18
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection 3 (Disconnected)
1394 Net Adapter = 1394 Connection (Connected)
Realtek RTL8185 54M Wireless LAN Network Adapter = Wireless Network Connection 4 (Connected)
Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 4"

set address name="Wireless Network Connection 4" source=dhcp
set dns name="Wireless Network Connection 4" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : desk

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : westell.com

westell.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : westell.com

Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-50-8D-98-00-18

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.39

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Saturday, August 18, 2012 9:51:20 AM

Lease Expires . . . . . . . . . . : Sunday, August 19, 2012 9:51:20 AM



Ethernet adapter Wireless Network Connection 4:



Connection-specific DNS Suffix . : westell.com

Description . . . . . . . . . . . : Realtek RTL8185 54M Wireless LAN Network Adapter

Physical Address. . . . . . . . . : 00-08-54-8E-DD-90

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.36

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Saturday, August 18, 2012 9:51:37 AM

Lease Expires . . . . . . . . . . : Sunday, August 19, 2012 9:51:37 AM

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.33.7, 173.194.33.8, 173.194.33.9, 173.194.33.14
173.194.33.0, 173.194.33.1, 173.194.33.2, 173.194.33.3, 173.194.33.4
173.194.33.5, 173.194.33.6



Pinging google.com [173.194.33.6] with 32 bytes of data:



Reply from 173.194.33.6: bytes=32 time=22ms TTL=56

Reply from 173.194.33.6: bytes=32 time=23ms TTL=56



Ping statistics for 173.194.33.6:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 23ms, Average = 22ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=78ms TTL=50

Reply from 98.138.253.109: bytes=32 time=78ms TTL=50



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 78ms, Maximum = 78ms, Average = 78ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 8d 98 00 18 ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - McAfee Core NDIS Intermediate Filter Miniport
0x3 ...00 08 54 8e dd 90 ...... Realtek RTL8185 54M Wireless LAN Network Adapter - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.36 25
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.39 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.36 192.168.1.36 25
192.168.1.0 255.255.255.0 192.168.1.39 192.168.1.39 20
192.168.1.36 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.39 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.36 192.168.1.36 25
192.168.1.255 255.255.255.255 192.168.1.39 192.168.1.39 20
224.0.0.0 240.0.0.0 192.168.1.36 192.168.1.36 25
224.0.0.0 240.0.0.0 192.168.1.39 192.168.1.39 20
255.255.255.255 255.255.255.255 192.168.1.36 192.168.1.36 1
255.255.255.255 255.255.255.255 192.168.1.39 192.168.1.39 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/18/2012 11:46:52 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.87, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/18/2012 10:21:18 AM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3288 (0xcd8)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\System Volume Information\_restore{1AB2DFAD-B8DC-4F1C-B2BB-5DB47DB62030}\RP428\A0058328.properties
by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/18/2012 09:49:42 AM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2948 (0xb84)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.pif
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/18/2012 09:05:27 AM) (Source: MsiInstaller) (User: DESK)DESK
Description: Product: QuickBooks -- Error 1328.Error applying patch to file C:\Config.Msi\PT19.tmp. It has probably been updated by other means, and can no longer be modified by this patch. For more information contact your patch vendor. System Error: -1072807676

Error: (08/15/2012 07:36:58 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3028 (0xbd4)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NVIDIA Corporation\NVIDIA PhysX Properties.lnk
by C:\WINDOWS\Explorer.EXE
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/14/2012 04:57:38 AM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3908 (0xf44)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MSK\mskmisp.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/13/2012 06:16:11 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2116 (0x844)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSC\Updates\Installs\1\msk\McInst.exe
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/13/2012 06:12:38 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 1864 (0x748)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MPF\MpfEvt.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/13/2012 06:10:46 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2836 (0xb14)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MSC\mcmscsub.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/13/2012 06:07:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.


System errors:
=============
Error: (08/18/2012 10:21:23 AM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/18/2012 09:52:50 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/18/2012 09:52:50 AM) (Source: Service Control Manager) (User: )
Description: The RadioPIService service failed to start due to the following error:
%%2

Error: (08/18/2012 09:52:50 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the following nonexistent service: AVGIDSDriver

Error: (08/18/2012 09:49:42 AM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/18/2012 09:45:34 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/18/2012 09:45:34 AM) (Source: Service Control Manager) (User: )
Description: The RadioPIService service failed to start due to the following error:
%%2

Error: (08/18/2012 09:45:34 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the following nonexistent service: AVGIDSDriver

Error: (08/18/2012 09:43:03 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/18/2012 09:28:40 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service McNaiAnn with arguments ""
in order to run the server:
{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}


Microsoft Office Sessions:
=========================
Error: (08/18/2012 11:46:52 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.87hungapp0.0.0.000000000

Error: (08/18/2012 10:21:18 AM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003288 (0xcd8)0x7C90E514
Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\System Volume Information\_restore{1AB2DFAD-B8DC-4F1C-B2BB-5DB47DB62030}\RP428\A0058328.properties
by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/18/2012 09:49:42 AM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900002948 (0xb84)0x7C90E514
Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.pif
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/18/2012 09:05:27 AM) (Source: MsiInstaller)(User: DESK)DESK
Description: Product: QuickBooks -- Error 1328.Error applying patch to file C:\Config.Msi\PT19.tmp. It has probably been updated by other means, and can no longer be modified by this patch. For more information contact your patch vendor. System Error: -1072807676(NULL)(NULL)(NULL)

Error: (08/15/2012 07:36:58 PM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003028 (0xbd4)0x7C90E514
Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\NVIDIA Corporation\NVIDIA PhysX Properties.lnk
by C:\WINDOWS\Explorer.EXE
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/14/2012 04:57:38 AM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003908 (0xf44)0x7C90E514
Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MSK\mskmisp.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/13/2012 06:16:11 PM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900002116 (0x844)0x7C90E514
Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSC\Updates\Installs\1\msk\McInst.exe
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/13/2012 06:12:38 PM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900001864 (0x748)0x7C90E514
Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MPF\MpfEvt.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/13/2012 06:10:46 PM) (Source: McLogEvent)(User: NT AUTHORITY)NT AUTHORITY
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900002836 (0xb14)0x7C90E514
Build VSCORE.14.4.0.387 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\MSC\mcmscsub.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/13/2012 06:07:11 PM) (Source: VSS)(User: )
Description:


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
AnswerWorks Runtime
Ask Toolbar (Version: 1.9.1.0)
AutoCAD 2000i (Version: 15.0.5.090)
AutoCAD 2000i Migration Assistance
Avery Wizard 4.0 (Version: 4.0.4)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 2012.0.1913)
Canon PIXMA iP3000
EPSON Copy Utility
EPSON Photo Print
EPSON TWAIN 5 (Version: 5.71.0000)
ESET Online Scanner v3
EVGA Precision 1.3.1
Google Earth (Version: 6.1.0.5001)
Google Talk Plugin (Version: 3.4.2.8800)
Google Update Helper (Version: 1.3.21.115)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Logitech Vid HD (Version: 7.2 (7259))
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee Online Backup
McAfee Online Backup (Version: 1.16.4.0)
McAfee Total Protection (Version: 11.0.678)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nitro PDF Reader 2 (Version: 2.0.0.29)
Nitro Pro 7 (Version: 7.3.1.1)
NVIDIA Drivers
NVIDIA PhysX v8.07.18 (Version: 8.07.18)
Picasa 3 (Version: 3.8)
QuickBooks Pro 2006 (Version: )
RadioPI
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.16.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5591)
REALTEK RTL8185 Wireless LAN Driver and Utility (Version: 3.50)
TurboCAD30
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Watchtower Library 2009 - English (Version: 11.0)
WebFldrs XP (Version: 9.50.6513)
Windows Driver Package - ABIT (UGURU) System (3.0.2005.531 ) (Version: 3.0.2005.531 )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 3326.42 MB
Available physical RAM: 2533.23 MB
Total Pagefile: 5210.11 MB
Available Pagefile: 4337.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.74 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:447.06 GB) NTFS

========================= Users: ========================================

User accounts for \\DESK

Administrator ASPNET Guest
HelpAssistant Millers QBDataServiceUser
SUPPORT_388945a0


**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by Millers (administrator) on 18-08-2012 at 11:51:05
Running from "C:\Documents and Settings\Millers\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(15) Bridge(12) BridgeMP(11) Gpc(3) IPSec(5) mfetdi2k(16) NetBT(6) PSched(7) Tcpip(4)
0x13000000050000000100000002000000030000000400000010000000110000001200000013000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F000000
IpSec Tag value is correct.

**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 AM

Posted 18 August 2012 - 02:22 PM

Adware cleaner log?

#9 grtcrowd

grtcrowd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 18 August 2012 - 02:25 PM

I copied and saved, pasted, the system rebooted on its' own and I lost the log.

I did note that it cleaned a bunch of stuff, including another USER:js.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 AM

Posted 18 August 2012 - 02:34 PM

Download

Sharedaccess
wscsvc

launch them,click YES

Restart the PC,post the new FSS log

#11 grtcrowd

grtcrowd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 18 August 2012 - 02:39 PM

Farbar Service Scanner Version: 06-08-2012
Ran by Millers (administrator) on 18-08-2012 at 12:38:43
Running from "C:\Documents and Settings\Millers\Desktop\Bug Zappers"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(15) Bridge(12) BridgeMP(11) Gpc(3) IPSec(5) mfetdi2k(16) NetBT(6) PSched(7) Tcpip(4)
0x13000000050000000100000002000000030000000400000010000000110000001200000013000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F000000
IpSec Tag value is correct.

**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 AM

Posted 18 August 2012 - 02:44 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 grtcrowd

grtcrowd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 19 August 2012 - 08:04 PM

Thanks.

This seems to have done the trick.

:clapping: :thumbsup:

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:43 AM

Posted 19 August 2012 - 09:57 PM

You're welcome :thumbsup:

#15 grtcrowd

grtcrowd
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 10 September 2012 - 11:50 AM

Unfortunately, this nasty little beast is back.....The problem now is that I cannot start in safemode. Obviously, it evolves each time it attacks. Have you any additional suggestions for ridding this creature?

Thanks! <_<




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users