Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU USage 100% after a few minutes Flash Player Stops


  • Please log in to reply
11 replies to this topic

#1 Elizabeth123

Elizabeth123

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:04:08 PM

Posted 29 August 2012 - 08:38 AM

Hello, I am running Windows Xp on my Toshiba Tecra Dual Core Laptop. Running external Monitor Keyboard and mouse. About 1 week ago or maybe a little longer, my computer started acting funny. After starting up it seems to run finme but maybe about 10 - 15 minutes into it, it suddenly slows to a crawl, many times I will be playing a game and flash player will stop working, CPU usage is at 100% and nothing really can get done until I restart and then I get another 1- - 15 minutes. I am using Malware Bytes and Microsoft Security Essentials both which come up clean. I have tried carious fixes on my own and nothing seems to work. Please help this is very frustrating.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 PM

Posted 29 August 2012 - 11:16 AM

Hello and welcome.. Lets take a look a some logs.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


Next run Superantisypware (SAS):

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:04:08 PM

Posted 30 August 2012 - 03:30 AM

Hello and thank you for such a prompt reply, I did the things you asked and am posting the results here. I thought I had no problems running any of the software you asked me to run, but upon looking for the results of the last task "Super Anti Spyware" it looks like it has never run even though I watched it running and find over 300 threats, no log report - so I am re-running - it takes over an hour and will post those results next but here are the others to start Here are the results:

Mini Toolbox Results:
____________________________________
MiniToolBox by Farbar Version: 23-07-2012
Ran by Robert Brennecke (administrator) on 29-08-2012 at 22:59:46
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/1000 PL Network Connection = Local Area Connection 4 (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)
MAC Bridge Miniport = Network Bridge (Connected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp

# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp

# Interface IP Configuration for "Network Bridge"

set address name="Network Bridge" source=dhcp
set dns name="Network Bridge" source=dhcp register=PRIMARY
set wins name="Network Bridge" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : acer-36d0bd61cf

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Wireless Network Connection 3:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-19-D2-39-48-73



Ethernet adapter Local Area Connection 4:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection

Physical Address. . . . . . . . . : 00-15-B7-C9-78-52

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.7

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

68.238.64.12

Lease Obtained. . . . . . . . . . : Wednesday, August 29, 2012 10:45:37 PM

Lease Expires . . . . . . . . . . : Thursday, August 30, 2012 10:45:37 PM



Ethernet adapter Network Bridge:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : MAC Bridge Miniport

Physical Address. . . . . . . . . : D2-7E-66-CA-0D-CB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.125.185

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.239.2, 74.125.239.7, 74.125.239.5, 74.125.239.4
74.125.239.9, 74.125.239.0, 74.125.239.1, 74.125.239.8, 74.125.239.3
74.125.239.14, 74.125.239.6



Pinging google.com [74.125.224.198] with 32 bytes of data:



Reply from 74.125.224.198: bytes=32 time=11ms TTL=252

Reply from 74.125.224.198: bytes=32 time=10ms TTL=252



Ping statistics for 74.125.224.198:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 10ms, Maximum = 11ms, Average = 10ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=115ms TTL=50

Reply from 98.138.253.109: bytes=32 time=106ms TTL=250



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 106ms, Maximum = 115ms, Average = 110ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d2 39 48 73 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 15 b7 c9 78 52 ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
0x4 ...d2 7e 66 ca 0d cb ...... MAC Bridge Miniport - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.7 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.125.185 169.254.125.185 20
169.254.0.0 255.255.0.0 192.168.1.7 192.168.1.7 20
169.254.125.185 255.255.255.255 127.0.0.1 127.0.0.1 10
169.254.255.255 255.255.255.255 169.254.125.185 169.254.125.185 10
192.168.1.0 255.255.255.0 192.168.1.7 192.168.1.7 20
192.168.1.7 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.7 192.168.1.7 20
224.0.0.0 240.0.0.0 169.254.125.185 169.254.125.185 10
224.0.0.0 240.0.0.0 192.168.1.7 192.168.1.7 20
255.255.255.255 255.255.255.255 169.254.125.185 169.254.125.185 1
255.255.255.255 255.255.255.255 192.168.1.7 192.168.1.7 1
255.255.255.255 255.255.255.255 192.168.1.7 2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 05 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/29/2012 00:07:17 AM) (Source: DragonSvc) (User: )
Description: Error: Failed to initiate execution of 'NatSpeak Periodic Data Collection' task

Error: (08/28/2012 03:00:18 AM) (Source: DragonSvc) (User: )
Description: Error: Failed to initiate execution of 'NatSpeak Periodic Language Model Optimization' task

Error: (08/27/2012 08:53:19 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8703.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/27/2012 08:44:56 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8703.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/27/2012 08:36:49 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8703.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/27/2012 08:20:08 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8703.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/27/2012 04:17:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3922

Error: (08/27/2012 04:17:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3922

Error: (08/27/2012 04:17:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/27/2012 04:17:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953


System errors:
=============
Error: (08/29/2012 10:45:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error: (08/29/2012 02:19:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error: (08/29/2012 06:46:25 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error: (08/29/2012 03:43:31 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error: (08/28/2012 08:54:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error: (08/28/2012 07:34:29 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error: (08/28/2012 06:43:44 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (08/28/2012 06:42:14 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (08/28/2012 03:28:34 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error: (08/28/2012 02:12:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
10 Talismans
123 DVD Clone
123 Flash Menu v4.2.0.1615 (Version: 4.2)
3Dice Casino
AC3Filter (remove only)
Acer eRecovery Management (Version: 4.00.3002)
Acer ScreenSaver (Version: 1.01.0110)
Acer VCM (Version: 4.00.3004)
Acrobat.com (Version: 0.0.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 Plugin (Version: 10.3.183.18)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Ancient Secrets - Mystery of the Vanishing Bride
Apple Software Update (Version: 2.1.1.116)
ArcadeCandy (Version: ac 1.16.335)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.30)
Audacity 1.2.6
AVG Security Toolbar (Version: 11.1.0.12)
Big Kahuna Reef
Bonjour (Version: 2.0.2.0)
Bonjour Print Services (Version: 2.0.2.0)
Build-a-lot 3: Passport to Europe
CCleaner (Version: 3.22)
CCScore (Version: 8.02.0000.0001)
CD & DVD Label Maker 1.2
CDBurnerXP (Version: 4.3.8.2474)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Defraggler (Version: 2.10)
Dell Driver Download Manager (Version: 2.1.0.0)
DivX Setup (Version: 2.3.0.20)
DVD-RAM Driver (Version: 5.0.2.5)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
Easy Button & Menu Maker 2.1 (Version: 2.1)
ESSBrwr (Version: 8.02.0000.0001)
ESSCDBK (Version: 8.02.0000.0001)
ESScore (Version: 8.02.0000.0001)
ESSgui (Version: 8.02.0000.0001)
ESSini (Version: 8.02.0000.0001)
ESSPCD (Version: 8.02.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 8.00.0000.0001)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
FeltStars (Version: 5.0)
File Type Assistant
Final Media Player 2011
FPSGUN Mouse (Version: 2.3)
Free Easy Burner V 5.0 (Version: 5.0.0.0)
Free File Viewer 2011
Free Ride Games Player
FrostWire 4.21.8 (Version: 4.21.8.0)
FrostWire 5.3.6 (Version: 5.3.6.0)
Google Chrome (Version: 21.0.1180.83)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
Inbox Toolbar (Version: 1.0.0)
Inkscape 0.48.2 (Version: 0.48.2)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software (Version: 10.50.0000)
Intel® Matrix Storage Manager
IrfanView (remove only) (Version: 4.28)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Jewel Quest Mysteries 2: Trail of the Midnight Heart
Joboshare DVD Creator (Version: 2.9.9.0219)
Junk Mail filter update (Version: 14.0.8117.416)
Kastor - All Video Downloader V 4.8.0 (Version: 4.8.0.0)
king.com (remove only)
Kodak EasyShare software
LAME v3.98.3 for Audacity
Magic Encyclopedia - Moon Light
magicJack (Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
mCore (Version: 7.05.0000)
mDrWiFi (Version: 7.05.0000)
mHelp (Version: 7.05.0000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WinUsb 1.0
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.70.1104.04)
Mind's Eye - Secrets of the Forgotten
mIWA (Version: 7.05.0000)
mLogView (Version: 7.05.0000)
mMHouse (Version: 7.05.0000)
Mozilla Firefox (3.6.20) (Version: 3.6.20 (en-US))
mPfMgr (Version: 7.05.0000)
mPfWiz (Version: 7.05.0000)
mProSafe (Version: 9.00.0000)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
mWlsSafe (Version: 7.05.0000)
mXML (Version: 7.05.0000)
Mysterious City - Vegas
mZConfig (Version: 7.05.0000)
netbrdg (Version: 7.01.0000.0001)
NVIDIA PureVideo Decoder (Version: 1.00.0000)
oDesk Team
OfotoXMI (Version: 8.02.1000.0001)
OpenOffice.org 3.3 (Version: 3.3.9567)
Pdf995
Photodex Presenter
Pogo Games (remove only)
ProShow Producer
PurePlay Poker (Version: 2.0.3104.0)
QuickTime (Version: 7.62.14.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.5)
Realtek High Definition Audio Driver (Version: 5.10.0.5767)
RealUpgrade 1.1 (Version: 1.1.0)
Redist (Version: 3.00.0000)
RummyRoyal.com (Version: 20.1)
S3D Web Player (Version: 1.8.1.0)
SeaMonkey (2.0.10) (Version: 2.0.10 (en-US))
Segoe UI (Version: 14.0.4327.805)
SFR (Version: 8.01.0000.0001)
SHASTA (Version: 7.01.0000.0001)
skin0001 (Version: 8.02.0000.0001)
SKINXSDK (Version: 8.02.0000.0001)
Skip-Net
Sothink Logo Maker (Version: 1.1)
SpiderMania Solitaire (Version: 2.2.0.98)
Spotify (Version: 0.5.2)
Spotify (Version: 0.8.3.222.g317ab79d)
staticcr (Version: 8.02.0000.0001)
SweetIM for Messenger 3.6 (Version: 3.6.0007)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 12.2.2.0)
The Mystery of the Crystal Portal
The Treasures of Montezuma
TOSHIBA Software Modem
Trinklit Supereme
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Word 2007 (KB974631)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Installer for WildTangent Games App
USB2.0 Card Reader Software (Version: 6.0.6000.75)
Usenet.nl
uTorrentControl2 Toolbar (Version: 6.9.0.16)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Verizon Help and Support Tool
Verizon Online Backup and Sharing (Version: 4.6.3480)
Verizon Toolbar (Version: 6.0.0.25)
Video Surgeon 1.1.1.3
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking (Version: 11.0.0)
Vitamin D Video 1.4.1
VPRINTOL (Version: 8.02.0000.0001)
Vz In Home Agent (Version: 8.03.25)
WebCam (Version: 5.8.33.005)
WebFldrs XP (Version: 9.50.7523)
WhiteSmokeTranslator (Version: 1.00.6033.12731)
WildTangent Games (Version: 1.0.3.0)
WildTangent Games App (Version: 4.0.5.36)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (Version: 10/09/2009 1.0.1)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live OneCare safety scanner
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR 4.00 beta 1 (32-bit) (Version: 4.00.1)
WIRELESS (Version: 8.02.0000.0001)
Xvid MPEG-4 Video Codec
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Your Uninstaller! 2010 (Version: 7.0)
YouWave for Android

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1527.11 MB
Available physical RAM: 644.74 MB
Total Pagefile: 5473.43 MB
Available Pagefile: 4706.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.09 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:143.04 GB) (Free:7.74 GB) NTFS

========================= Users: ========================================

User accounts for \\ACER-36D0BD61CF

Administrator Guest HelpAssistant
Robert Brennecke SUPPORT_388945a0


**** End of log ****

RKILL Results
Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/29/2012 11:04:56 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\system32\DVDRAMSV.exe (PID: 460) [WD-HEUR]
* C:\WINDOWS\system32\FpsGunTray.exe (PID: 2744) [WD-HEUR]
* C:\WINDOWS\system32\RAMASST.exe (PID: 1076) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@"was reset to comfile!


Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/29/2012 11:05:33 PM
Execution time: 0 hours(s), 0 minute(s), and 37 seconds(s)


TDS Results
23:06:17.0531 1168 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:06:17.0890 1168 ============================================================
23:06:17.0890 1168 Current date / time: 2012/08/29 23:06:17.0890
23:06:17.0890 1168 SystemInfo:
23:06:17.0890 1168
23:06:17.0890 1168 OS Version: 5.1.2600 ServicePack: 3.0
23:06:17.0890 1168 Product type: Workstation
23:06:17.0890 1168 ComputerName: ACER-36D0BD61CF
23:06:17.0890 1168 UserName: Robert Brennecke
23:06:17.0890 1168 Windows directory: C:\WINDOWS
23:06:17.0890 1168 System windows directory: C:\WINDOWS
23:06:17.0890 1168 Processor architecture: Intel x86
23:06:17.0890 1168 Number of processors: 2
23:06:17.0890 1168 Page size: 0x1000
23:06:17.0890 1168 Boot type: Normal boot
23:06:17.0890 1168 ============================================================
23:06:19.0656 1168 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:06:19.0671 1168 ============================================================
23:06:19.0671 1168 \Device\Harddisk0\DR0:
23:06:19.0671 1168 MBR partitions:
23:06:19.0671 1168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC03000, BlocksNum 0x11E16000
23:06:19.0671 1168 ============================================================
23:06:19.0703 1168 C: <-> \Device\Harddisk0\DR0\Partition1
23:06:19.0703 1168 ============================================================
23:06:19.0703 1168 Initialize success
23:06:19.0703 1168 ============================================================
23:07:42.0906 3624 ============================================================
23:07:42.0906 3624 Scan started
23:07:42.0906 3624 Mode: Manual; TDLFS;
23:07:42.0906 3624 ============================================================
23:07:43.0828 3624 ================ Scan system memory ========================
23:07:45.0687 3624 System memory - ok
23:07:45.0687 3624 ================ Scan services =============================
23:07:45.0796 3624 Abiosdsk - ok
23:07:45.0828 3624 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:07:45.0843 3624 abp480n5 - ok
23:07:45.0953 3624 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:07:45.0953 3624 ACDaemon - ok
23:07:45.0984 3624 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:07:45.0984 3624 ACPI - ok
23:07:46.0000 3624 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:07:46.0000 3624 ACPIEC - ok
23:07:46.0031 3624 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:07:46.0031 3624 adpu160m - ok
23:07:46.0062 3624 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:07:46.0062 3624 aec - ok
23:07:46.0109 3624 [ 15E655BAA989444F56787EF558823643 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:07:46.0109 3624 AegisP - ok
23:07:46.0140 3624 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:07:46.0140 3624 AFD - ok
23:07:46.0171 3624 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
23:07:46.0203 3624 AgereModemAudio - ok
23:07:46.0312 3624 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23:07:46.0343 3624 AgereSoftModem - ok
23:07:46.0375 3624 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
23:07:46.0375 3624 agp440 - ok
23:07:46.0390 3624 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:07:46.0390 3624 agpCPQ - ok
23:07:46.0406 3624 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:07:46.0406 3624 Aha154x - ok
23:07:46.0406 3624 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:07:46.0421 3624 aic78u2 - ok
23:07:46.0421 3624 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:07:46.0421 3624 aic78xx - ok
23:07:46.0453 3624 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:07:46.0453 3624 Alerter - ok
23:07:46.0484 3624 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:07:46.0484 3624 ALG - ok
23:07:46.0484 3624 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
23:07:46.0484 3624 AliIde - ok
23:07:46.0500 3624 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:07:46.0500 3624 alim1541 - ok
23:07:46.0500 3624 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:07:46.0515 3624 amdagp - ok
23:07:46.0515 3624 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
23:07:46.0515 3624 amsint - ok
23:07:46.0562 3624 [ EFA78DCA6DE1B9E5DFA1834AD9DD6B20 ] anvsnddrv C:\WINDOWS\system32\drivers\anvsnddrv.sys
23:07:46.0562 3624 anvsnddrv - ok
23:07:46.0578 3624 AppMgmt - ok
23:07:46.0671 3624 [ 2774B0607ACDAD6E76F577AC85FA077D ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
23:07:46.0703 3624 AR5416 - ok
23:07:46.0734 3624 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:07:46.0734 3624 Arp1394 - ok
23:07:46.0750 3624 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
23:07:46.0750 3624 asc - ok
23:07:46.0765 3624 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:07:46.0765 3624 asc3350p - ok
23:07:46.0765 3624 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:07:46.0781 3624 asc3550 - ok
23:07:46.0843 3624 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:07:46.0875 3624 aspnet_state - ok
23:07:46.0906 3624 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:07:46.0906 3624 AsyncMac - ok
23:07:46.0921 3624 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:07:46.0921 3624 atapi - ok
23:07:46.0921 3624 Atdisk - ok
23:07:46.0953 3624 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:07:46.0953 3624 Atmarpc - ok
23:07:47.0000 3624 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:07:47.0000 3624 AudioSrv - ok
23:07:47.0031 3624 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:07:47.0031 3624 audstub - ok
23:07:47.0031 3624 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:07:47.0031 3624 Beep - ok
23:07:47.0078 3624 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:07:47.0234 3624 BITS - ok
23:07:47.0296 3624 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:07:47.0296 3624 Bonjour Service - ok
23:07:47.0312 3624 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
23:07:47.0312 3624 Bridge - ok
23:07:47.0312 3624 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
23:07:47.0312 3624 BridgeMP - ok
23:07:47.0375 3624 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:07:47.0375 3624 Browser - ok
23:07:47.0406 3624 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
23:07:47.0421 3624 BthEnum - ok
23:07:47.0437 3624 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
23:07:47.0437 3624 BTHMODEM - ok
23:07:47.0453 3624 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
23:07:47.0468 3624 BthPan - ok
23:07:47.0515 3624 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
23:07:47.0515 3624 BTHPORT - ok
23:07:47.0546 3624 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
23:07:47.0546 3624 BthServ - ok
23:07:47.0609 3624 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
23:07:47.0609 3624 BTHUSB - ok
23:07:47.0609 3624 catchme - ok
23:07:47.0671 3624 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:07:47.0671 3624 cbidf - ok
23:07:47.0671 3624 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:07:47.0671 3624 cbidf2k - ok
23:07:47.0703 3624 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:07:47.0703 3624 CCDECODE - ok
23:07:47.0718 3624 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:07:47.0734 3624 cd20xrnt - ok
23:07:47.0750 3624 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:07:47.0750 3624 Cdaudio - ok
23:07:47.0781 3624 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:07:47.0781 3624 Cdfs - ok
23:07:47.0812 3624 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:07:47.0812 3624 Cdrom - ok
23:07:47.0828 3624 Changer - ok
23:07:47.0859 3624 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:07:47.0859 3624 CiSvc - ok
23:07:47.0875 3624 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:07:47.0875 3624 ClipSrv - ok
23:07:47.0906 3624 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:07:47.0953 3624 clr_optimization_v2.0.50727_32 - ok
23:07:47.0968 3624 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:07:47.0968 3624 CmBatt - ok
23:07:47.0984 3624 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:07:47.0984 3624 CmdIde - ok
23:07:47.0984 3624 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:07:47.0984 3624 Compbatt - ok
23:07:48.0000 3624 COMSysApp - ok
23:07:48.0015 3624 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:07:48.0015 3624 Cpqarray - ok
23:07:48.0046 3624 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:07:48.0046 3624 CryptSvc - ok
23:07:48.0093 3624 [ FFD072E73C62D2731AB89E695DCED22E ] CyUsb C:\WINDOWS\system32\Drivers\CyUsb.sys
23:07:48.0093 3624 CyUsb - ok
23:07:48.0109 3624 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:07:48.0109 3624 dac2w2k - ok
23:07:48.0125 3624 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:07:48.0125 3624 dac960nt - ok
23:07:48.0171 3624 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:07:48.0171 3624 DcomLaunch - ok
23:07:48.0203 3624 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:07:48.0203 3624 Dhcp - ok
23:07:48.0218 3624 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:07:48.0218 3624 Disk - ok
23:07:48.0218 3624 dmadmin - ok
23:07:48.0281 3624 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:07:48.0281 3624 dmboot - ok
23:07:48.0296 3624 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:07:48.0296 3624 dmio - ok
23:07:48.0328 3624 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:07:48.0328 3624 dmload - ok
23:07:48.0375 3624 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:07:48.0375 3624 dmserver - ok
23:07:48.0406 3624 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:07:48.0406 3624 DMusic - ok
23:07:48.0437 3624 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:07:48.0437 3624 Dnscache - ok
23:07:48.0484 3624 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:07:48.0484 3624 Dot3svc - ok
23:07:48.0500 3624 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:07:48.0515 3624 dpti2o - ok
23:07:48.0562 3624 [ F7BDA38AFBDA04F0A89DEBA767EEDA79 ] DragonSvc C:\Program Files\Common Files\Nuance\dgnsvc.exe
23:07:48.0562 3624 DragonSvc - ok
23:07:48.0562 3624 DritekPortIO - ok
23:07:48.0578 3624 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:07:48.0578 3624 drmkaud - ok
23:07:48.0609 3624 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
23:07:48.0609 3624 DVD-RAM_Service - ok
23:07:48.0656 3624 [ E1FA10ED8F9F700C1BE1EAE05A80EF57 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
23:07:48.0656 3624 e1express - ok
23:07:48.0687 3624 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:07:48.0687 3624 EapHost - ok
23:07:48.0703 3624 eeCtrl - ok
23:07:48.0718 3624 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:07:48.0718 3624 ERSvc - ok
23:07:48.0750 3624 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:07:48.0750 3624 Eventlog - ok
23:07:48.0765 3624 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:07:48.0765 3624 EventSystem - ok
23:07:48.0859 3624 [ 6A197698A141FFE7651B962AE3172008 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
23:07:48.0859 3624 EvtEng - ok
23:07:48.0890 3624 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:07:48.0906 3624 Fastfat - ok
23:07:48.0921 3624 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:07:48.0921 3624 FastUserSwitchingCompatibility - ok
23:07:48.0953 3624 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
23:07:48.0953 3624 Fax - ok
23:07:48.0984 3624 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:07:48.0984 3624 Fdc - ok
23:07:49.0062 3624 [ 0172E415E3E6344EB43FDD434C8C7319 ] FilesystemWatcher C:\Program Files\Verizon\Online Backup and Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
23:07:49.0062 3624 FilesystemWatcher - ok
23:07:49.0078 3624 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:07:49.0078 3624 Fips - ok
23:07:49.0078 3624 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:07:49.0093 3624 Flpydisk - ok
23:07:49.0125 3624 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:07:49.0125 3624 FltMgr - ok
23:07:49.0187 3624 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:07:49.0187 3624 FontCache3.0.0.0 - ok
23:07:49.0234 3624 [ 8CD9E194153AB35D32EB995FEB3081FB ] FpsGunUSB C:\WINDOWS\system32\DRIVERS\FpsGunUSB.sys
23:07:49.0234 3624 FpsGunUSB - ok
23:07:49.0281 3624 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:07:49.0281 3624 fssfltr - ok
23:07:49.0453 3624 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:07:49.0468 3624 fsssvc - ok
23:07:49.0515 3624 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
23:07:49.0515 3624 FsUsbExDisk - ok
23:07:49.0546 3624 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:07:49.0546 3624 Fs_Rec - ok
23:07:49.0593 3624 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:07:49.0593 3624 Ftdisk - ok
23:07:49.0656 3624 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
23:07:49.0656 3624 GamesAppService - ok
23:07:49.0687 3624 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:07:49.0687 3624 Gpc - ok
23:07:49.0765 3624 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:07:49.0765 3624 gupdate - ok
23:07:49.0765 3624 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:07:49.0781 3624 gupdatem - ok
23:07:49.0812 3624 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:07:49.0812 3624 HDAudBus - ok
23:07:49.0890 3624 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:07:49.0890 3624 helpsvc - ok
23:07:49.0921 3624 [ 7BD2DE4C85EB4241EED57672B16A7D8D ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys
23:07:49.0921 3624 HidBth - ok
23:07:49.0953 3624 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:07:49.0953 3624 HidServ - ok
23:07:50.0015 3624 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:07:50.0015 3624 HidUsb - ok
23:07:50.0046 3624 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:07:50.0046 3624 hkmsvc - ok
23:07:50.0078 3624 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
23:07:50.0078 3624 hpn - ok
23:07:50.0109 3624 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:07:50.0109 3624 HTTP - ok
23:07:50.0140 3624 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:07:50.0140 3624 HTTPFilter - ok
23:07:50.0171 3624 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
23:07:50.0187 3624 i2omgmt - ok
23:07:50.0218 3624 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:07:50.0218 3624 i2omp - ok
23:07:50.0265 3624 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:07:50.0265 3624 i8042prt - ok
23:07:50.0312 3624 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
23:07:50.0328 3624 IAANTMON - ok
23:07:50.0484 3624 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:07:50.0625 3624 ialm - ok
23:07:50.0671 3624 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
23:07:50.0671 3624 iaStor - ok
23:07:50.0796 3624 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:07:50.0812 3624 idsvc - ok
23:07:50.0843 3624 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:07:50.0843 3624 Imapi - ok
23:07:50.0875 3624 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:07:50.0890 3624 ImapiService - ok
23:07:50.0921 3624 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:07:50.0921 3624 ini910u - ok
23:07:50.0937 3624 int15.sys - ok
23:07:51.0062 3624 [ 662B65EEB8D070BD1162A7B63859AFCF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:07:51.0187 3624 IntcAzAudAddService - ok
23:07:51.0203 3624 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:07:51.0203 3624 IntelIde - ok
23:07:51.0218 3624 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:07:51.0218 3624 intelppm - ok
23:07:51.0234 3624 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:07:51.0234 3624 Ip6Fw - ok
23:07:51.0265 3624 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:07:51.0265 3624 IpFilterDriver - ok
23:07:51.0281 3624 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:07:51.0281 3624 IpInIp - ok
23:07:51.0312 3624 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:07:51.0312 3624 IpNat - ok
23:07:51.0328 3624 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:07:51.0328 3624 IPSec - ok
23:07:51.0343 3624 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:07:51.0343 3624 IRENUM - ok
23:07:51.0390 3624 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:07:51.0390 3624 isapnp - ok
23:07:51.0421 3624 [ DE96BBF842059A67D876B692076D8875 ] ivusb C:\WINDOWS\system32\DRIVERS\ivusb.sys
23:07:51.0421 3624 ivusb - ok
23:07:51.0515 3624 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:07:51.0515 3624 JavaQuickStarterService - ok
23:07:51.0531 3624 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:07:51.0531 3624 Kbdclass - ok
23:07:51.0562 3624 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:07:51.0562 3624 kbdhid - ok
23:07:51.0578 3624 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:07:51.0578 3624 kmixer - ok
23:07:51.0609 3624 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:07:51.0625 3624 KSecDD - ok
23:07:51.0640 3624 [ FA46F5D09EDF93E0C71FE6500FE3F4AE ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
23:07:51.0640 3624 L1e - ok
23:07:51.0687 3624 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
23:07:51.0687 3624 LanmanServer - ok
23:07:51.0734 3624 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:07:51.0750 3624 lanmanworkstation - ok
23:07:51.0750 3624 lbrtfdc - ok
23:07:51.0796 3624 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:07:51.0796 3624 LmHosts - ok
23:07:51.0828 3624 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
23:07:51.0828 3624 MBAMProtector - ok
23:07:51.0921 3624 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:07:51.0953 3624 MBAMService - ok
23:07:52.0000 3624 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
23:07:52.0000 3624 MBAMSwissArmy - ok
23:07:52.0062 3624 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
23:07:52.0078 3624 McciCMService - ok
23:07:52.0093 3624 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
23:07:52.0093 3624 meiudf - ok
23:07:52.0125 3624 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:07:52.0125 3624 Messenger - ok
23:07:52.0156 3624 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:07:52.0156 3624 mnmdd - ok
23:07:52.0187 3624 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:07:52.0203 3624 mnmsrvc - ok
23:07:52.0234 3624 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:07:52.0234 3624 Modem - ok
23:07:52.0296 3624 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:07:52.0296 3624 Mouclass - ok
23:07:52.0343 3624 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:07:52.0343 3624 mouhid - ok
23:07:52.0359 3624 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:07:52.0375 3624 MountMgr - ok
23:07:52.0406 3624 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:07:52.0406 3624 MpFilter - ok
23:07:52.0421 3624 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:07:52.0421 3624 mraid35x - ok
23:07:52.0453 3624 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:07:52.0453 3624 MREMP50 - ok
23:07:52.0453 3624 MREMPR5 - ok
23:07:52.0468 3624 MRENDIS5 - ok
23:07:52.0515 3624 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:07:52.0515 3624 MRESP50 - ok
23:07:52.0546 3624 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:07:52.0546 3624 MRxDAV - ok
23:07:52.0578 3624 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:07:52.0578 3624 MRxSmb - ok
23:07:52.0609 3624 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:07:52.0609 3624 MSDTC - ok
23:07:52.0609 3624 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:07:52.0609 3624 Msfs - ok
23:07:52.0625 3624 MSIServer - ok
23:07:52.0656 3624 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:07:52.0656 3624 MSKSSRV - ok
23:07:52.0718 3624 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:07:52.0718 3624 MsMpSvc - ok
23:07:52.0734 3624 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:07:52.0734 3624 MSPCLOCK - ok
23:07:52.0750 3624 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:07:52.0750 3624 MSPQM - ok
23:07:52.0765 3624 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:07:52.0765 3624 mssmbios - ok
23:07:52.0781 3624 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:07:52.0781 3624 MSTEE - ok
23:07:52.0812 3624 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:07:52.0812 3624 Mup - ok
23:07:52.0843 3624 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:07:52.0843 3624 NABTSFEC - ok
23:07:52.0890 3624 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:07:52.0890 3624 napagent - ok
23:07:52.0921 3624 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:07:52.0921 3624 NDIS - ok
23:07:52.0953 3624 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:07:52.0953 3624 NdisIP - ok
23:07:53.0000 3624 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:07:53.0000 3624 NdisTapi - ok
23:07:53.0015 3624 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:07:53.0015 3624 Ndisuio - ok
23:07:53.0031 3624 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:07:53.0031 3624 NdisWan - ok
23:07:53.0046 3624 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:07:53.0046 3624 NDProxy - ok
23:07:53.0062 3624 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:07:53.0062 3624 NetBIOS - ok
23:07:53.0078 3624 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:07:53.0078 3624 NetBT - ok
23:07:53.0109 3624 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:07:53.0109 3624 NetDDE - ok
23:07:53.0125 3624 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:07:53.0125 3624 NetDDEdsdm - ok
23:07:53.0156 3624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:07:53.0156 3624 Netlogon - ok
23:07:53.0171 3624 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:07:53.0171 3624 Netman - ok
23:07:53.0234 3624 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:07:53.0234 3624 NetTcpPortSharing - ok
23:07:53.0312 3624 [ 50F5DE54E1D1646C02078F3EDDC15A8E ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
23:07:53.0359 3624 NETw3x32 - ok
23:07:53.0406 3624 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:07:53.0406 3624 NIC1394 - ok
23:07:53.0421 3624 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:07:53.0421 3624 Nla - ok
23:07:53.0453 3624 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
23:07:53.0453 3624 NMSAccess - ok
23:07:53.0515 3624 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
23:07:53.0515 3624 NPF - ok
23:07:53.0546 3624 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:07:53.0546 3624 Npfs - ok
23:07:53.0593 3624 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:07:53.0593 3624 Ntfs - ok
23:07:53.0609 3624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:07:53.0609 3624 NtLmSsp - ok
23:07:53.0671 3624 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:07:53.0671 3624 NtmsSvc - ok
23:07:53.0687 3624 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:07:53.0687 3624 Null - ok
23:07:53.0718 3624 [ ADD596F11D3A23E55D960D4CCE6E9B3A ] nvport C:\WINDOWS\system32\Drivers\nvport.sys
23:07:53.0718 3624 nvport - ok
23:07:53.0734 3624 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:07:53.0734 3624 NwlnkFlt - ok
23:07:53.0765 3624 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:07:53.0765 3624 NwlnkFwd - ok
23:07:53.0890 3624 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:07:53.0890 3624 odserv - ok
23:07:53.0953 3624 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:07:53.0953 3624 ohci1394 - ok
23:07:54.0000 3624 [ D1EFE596C33E0481A30C31364C91886D ] OnlineBackupSchedulerService C:\Program Files\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.SchedulerService.exe
23:07:54.0000 3624 OnlineBackupSchedulerService - ok
23:07:54.0046 3624 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:07:54.0046 3624 ose - ok
23:07:54.0078 3624 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:07:54.0093 3624 Parport - ok
23:07:54.0125 3624 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:07:54.0125 3624 PartMgr - ok
23:07:54.0140 3624 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:07:54.0140 3624 ParVdm - ok
23:07:54.0171 3624 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:07:54.0171 3624 PCI - ok
23:07:54.0171 3624 PCIDump - ok
23:07:54.0203 3624 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:07:54.0203 3624 PCIIde - ok
23:07:54.0218 3624 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:07:54.0218 3624 Pcmcia - ok
23:07:54.0218 3624 PDCOMP - ok
23:07:54.0234 3624 PDFRAME - ok
23:07:54.0234 3624 PDRELI - ok
23:07:54.0250 3624 PDRFRAME - ok
23:07:54.0265 3624 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
23:07:54.0265 3624 perc2 - ok
23:07:54.0265 3624 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:07:54.0265 3624 perc2hib - ok
23:07:54.0296 3624 [ DA86016F0672ADA925F589EDE715F185 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
23:07:54.0312 3624 pfc - ok
23:07:54.0375 3624 [ 8BA0E6570112C4F27571A3C21B3A02A6 ] PGMTrusted C:\Program Files\Pogo Games\PGMTrusted.exe
23:07:54.0375 3624 PGMTrusted - ok
23:07:54.0421 3624 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:07:54.0437 3624 PlugPlay - ok
23:07:54.0453 3624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:07:54.0453 3624 PolicyAgent - ok
23:07:54.0484 3624 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:07:54.0484 3624 PptpMiniport - ok
23:07:54.0484 3624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:07:54.0500 3624 ProtectedStorage - ok
23:07:54.0531 3624 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:07:54.0531 3624 PSched - ok
23:07:54.0546 3624 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:07:54.0546 3624 Ptilink - ok
23:07:54.0546 3624 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:07:54.0562 3624 PxHelp20 - ok
23:07:54.0562 3624 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:07:54.0562 3624 ql1080 - ok
23:07:54.0562 3624 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:07:54.0578 3624 Ql10wnt - ok
23:07:54.0578 3624 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:07:54.0578 3624 ql12160 - ok
23:07:54.0578 3624 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:07:54.0593 3624 ql1240 - ok
23:07:54.0609 3624 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:07:54.0609 3624 ql1280 - ok
23:07:54.0625 3624 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:07:54.0625 3624 RasAcd - ok
23:07:54.0656 3624 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:07:54.0671 3624 RasAuto - ok
23:07:54.0687 3624 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:07:54.0687 3624 Rasl2tp - ok
23:07:54.0734 3624 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:07:54.0734 3624 RasMan - ok
23:07:54.0750 3624 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:07:54.0750 3624 RasPppoe - ok
23:07:54.0750 3624 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:07:54.0750 3624 Raspti - ok
23:07:54.0781 3624 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:07:54.0781 3624 Rdbss - ok
23:07:54.0796 3624 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:07:54.0796 3624 RDPCDD - ok
23:07:54.0812 3624 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:07:54.0828 3624 rdpdr - ok
23:07:54.0906 3624 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:07:54.0906 3624 RDPWD - ok
23:07:54.0937 3624 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:07:54.0953 3624 RDSessMgr - ok
23:07:54.0984 3624 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:07:54.0984 3624 redbook - ok
23:07:55.0015 3624 [ D8F61AAAE73A1FBDE6F538BECC891F2F ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
23:07:55.0031 3624 RegSrvc - ok
23:07:55.0046 3624 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:07:55.0046 3624 RemoteAccess - ok
23:07:55.0093 3624 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
23:07:55.0093 3624 RFCOMM - ok
23:07:55.0140 3624 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
23:07:55.0140 3624 ROOTMODEM - ok
23:07:55.0234 3624 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
23:07:55.0234 3624 rpcapd - ok
23:07:55.0281 3624 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:07:55.0281 3624 RpcLocator - ok
23:07:55.0312 3624 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:07:55.0312 3624 RpcSs - ok
23:07:55.0359 3624 [ 030442F08AEC1A5D7CF035CC514374B9 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RTS5121.sys
23:07:55.0359 3624 RSUSBSTOR - ok
23:07:55.0390 3624 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:07:55.0406 3624 RSVP - ok
23:07:55.0437 3624 [ 38494041F19F6CD005B711F5E08FAE08 ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
23:07:55.0437 3624 RS_Service - ok
23:07:55.0437 3624 Rts516xIR - ok
23:07:55.0500 3624 [ 25F697E3AFA7B337BBCADDBCE38E6934 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
23:07:55.0515 3624 S24EventMonitor - ok
23:07:55.0562 3624 [ 2862ADB14481AC28F98105FF33A99EB0 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
23:07:55.0562 3624 s24trans - ok
23:07:55.0562 3624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:07:55.0578 3624 SamSs - ok
23:07:55.0609 3624 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:07:55.0609 3624 SCardSvr - ok
23:07:55.0640 3624 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:07:55.0656 3624 Schedule - ok
23:07:55.0703 3624 [ 958E956E119EB7B9ABA142AFED1B5FF4 ] ScsiAccess C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
23:07:55.0703 3624 ScsiAccess - ok
23:07:55.0734 3624 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:07:55.0734 3624 sdbus - ok
23:07:55.0765 3624 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:07:55.0765 3624 Secdrv - ok
23:07:55.0812 3624 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:07:55.0812 3624 seclogon - ok
23:07:55.0859 3624 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:07:55.0859 3624 SENS - ok
23:07:55.0875 3624 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:07:55.0875 3624 Serenum - ok
23:07:55.0875 3624 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:07:55.0890 3624 Serial - ok
23:07:55.0921 3624 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
23:07:55.0921 3624 sffdisk - ok
23:07:55.0953 3624 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
23:07:55.0968 3624 sffp_sd - ok
23:07:56.0078 3624 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:07:56.0078 3624 Sfloppy - ok
23:07:56.0125 3624 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:07:56.0218 3624 SharedAccess - ok
23:07:56.0328 3624 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:07:56.0328 3624 ShellHWDetection - ok
23:07:56.0328 3624 Simbad - ok
23:07:56.0390 3624 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:07:56.0390 3624 sisagp - ok
23:07:56.0421 3624 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:07:56.0421 3624 SLIP - ok
23:07:56.0890 3624 [ 0302BC619D4A723317E7F8EB0C362BD3 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
23:07:57.0031 3624 SNP2UVC - ok
23:07:57.0156 3624 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:07:57.0187 3624 Sparrow - ok
23:07:57.0265 3624 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:07:57.0265 3624 splitter - ok
23:07:57.0406 3624 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:07:57.0406 3624 Spooler - ok
23:07:57.0484 3624 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:07:57.0484 3624 sr - ok
23:07:57.0546 3624 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:07:57.0546 3624 srservice - ok
23:07:57.0625 3624 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:07:57.0625 3624 Srv - ok
23:07:57.0640 3624 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:07:57.0640 3624 SSDPSRV - ok
23:07:57.0687 3624 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
23:07:57.0687 3624 StarOpen - ok
23:07:57.0734 3624 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:07:57.0750 3624 stisvc - ok
23:07:57.0781 3624 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:07:57.0781 3624 streamip - ok
23:07:57.0796 3624 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:07:57.0796 3624 swenum - ok
23:07:57.0812 3624 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:07:57.0812 3624 swmidi - ok
23:07:57.0828 3624 SwPrv - ok
23:07:57.0843 3624 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
23:07:57.0843 3624 symc810 - ok
23:07:57.0859 3624 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:07:57.0859 3624 symc8xx - ok
23:07:57.0859 3624 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:07:57.0859 3624 sym_hi - ok
23:07:57.0875 3624 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:07:57.0875 3624 sym_u3 - ok
23:07:57.0921 3624 [ 5C3E900F41426A372DE60675AFC8AA07 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:07:57.0921 3624 SynTP - ok
23:07:57.0937 3624 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:07:57.0937 3624 sysaudio - ok
23:07:57.0953 3624 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:07:57.0953 3624 SysmonLog - ok
23:07:57.0984 3624 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:07:58.0000 3624 TapiSrv - ok
23:07:58.0031 3624 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:07:58.0031 3624 Tcpip - ok
23:07:58.0062 3624 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:07:58.0062 3624 TDPIPE - ok
23:07:58.0109 3624 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:07:58.0109 3624 TDTCP - ok
23:07:58.0140 3624 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:07:58.0140 3624 TermDD - ok
23:07:58.0140 3624 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:07:58.0156 3624 TermService - ok
23:07:58.0156 3624 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:07:58.0156 3624 Themes - ok
23:07:58.0203 3624 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
23:07:58.0203 3624 TosIde - ok
23:07:58.0218 3624 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:07:58.0218 3624 TrkWks - ok
23:07:58.0250 3624 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:07:58.0250 3624 Udfs - ok
23:07:58.0265 3624 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
23:07:58.0265 3624 ultra - ok
23:07:58.0312 3624 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:07:58.0312 3624 Update - ok
23:07:58.0359 3624 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:07:58.0359 3624 upnphost - ok
23:07:58.0375 3624 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:07:58.0375 3624 UPS - ok
23:07:58.0406 3624 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:07:58.0406 3624 usbaudio - ok
23:07:58.0437 3624 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:07:58.0453 3624 usbccgp - ok
23:07:58.0453 3624 USBCCID - ok
23:07:58.0468 3624 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:07:58.0468 3624 usbehci - ok
23:07:58.0500 3624 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:07:58.0500 3624 usbhub - ok
23:07:58.0546 3624 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:07:58.0546 3624 usbprint - ok
23:07:58.0578 3624 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:07:58.0578 3624 usbscan - ok
23:07:58.0625 3624 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:07:58.0625 3624 USBSTOR - ok
23:07:58.0640 3624 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:07:58.0656 3624 usbuhci - ok
23:07:58.0687 3624 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
23:07:58.0687 3624 usbvideo - ok
23:07:58.0703 3624 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:07:58.0703 3624 VgaSave - ok
23:07:58.0765 3624 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:07:58.0765 3624 viaagp - ok
23:07:58.0781 3624 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
23:07:58.0781 3624 ViaIde - ok
23:07:58.0812 3624 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:07:58.0812 3624 VolSnap - ok
23:07:58.0859 3624 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:07:58.0875 3624 VSS - ok
23:07:58.0984 3624 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
23:07:59.0015 3624 vToolbarUpdater11.2.0 - ok
23:07:59.0046 3624 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:07:59.0046 3624 W32Time - ok
23:07:59.0093 3624 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:07:59.0093 3624 Wanarp - ok
23:07:59.0140 3624 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
23:07:59.0156 3624 Wdf01000 - ok
23:07:59.0156 3624 WDICA - ok
23:07:59.0203 3624 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:07:59.0203 3624 wdmaud - ok
23:07:59.0234 3624 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:07:59.0234 3624 WebClient - ok
23:07:59.0312 3624 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:07:59.0312 3624 winmgmt - ok
23:07:59.0359 3624 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:07:59.0359 3624 WmdmPmSN - ok
23:07:59.0359 3624 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:07:59.0359 3624 WmiAcpi - ok
23:07:59.0406 3624 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:07:59.0406 3624 WmiApSrv - ok
23:07:59.0500 3624 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:07:59.0531 3624 WMPNetworkSvc - ok
23:07:59.0578 3624 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:07:59.0578 3624 WS2IFSL - ok
23:07:59.0609 3624 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:07:59.0609 3624 wscsvc - ok
23:07:59.0625 3624 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:07:59.0625 3624 WSTCODEC - ok
23:07:59.0656 3624 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:07:59.0656 3624 wuauserv - ok
23:07:59.0703 3624 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:07:59.0703 3624 WudfPf - ok
23:07:59.0734 3624 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:07:59.0734 3624 WudfRd - ok
23:07:59.0781 3624 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:07:59.0859 3624 WudfSvc - ok
23:07:59.0906 3624 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:07:59.0906 3624 WZCSVC - ok
23:07:59.0953 3624 [ 13CF1854FECC1B4D7490983B03CDBCD2 ] X4HSEx C:\Program Files\Free Ride Games\X4HSEx.Sys
23:07:59.0953 3624 X4HSEx - ok
23:07:59.0968 3624 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:08:00.0000 3624 xmlprov - ok
23:08:00.0109 3624 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:08:00.0125 3624 YahooAUService - ok
23:08:00.0187 3624 ================ Scan global ===============================
23:08:00.0218 3624 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:08:00.0265 3624 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:08:00.0296 3624 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:08:00.0328 3624 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:08:00.0328 3624 [Global] - ok
23:08:00.0328 3624 ================ Scan MBR ==================================
23:08:00.0343 3624 [ 7C733682F68536C7604CC415181AD466 ] \Device\Harddisk0\DR0
23:08:03.0343 3624 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:08:03.0343 3624 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:08:03.0343 3624 ================ Scan VBR ==================================
23:08:03.0343 3624 [ ECED1E386F945B20B6F48628979B3F75 ] \Device\Harddisk0\DR0\Partition1
23:08:03.0343 3624 \Device\Harddisk0\DR0\Partition1 - ok
23:08:03.0359 3624 ============================================================
23:08:03.0359 3624 Scan finished
23:08:03.0359 3624 ============================================================
23:08:03.0359 2664 Detected object count: 1
23:08:03.0359 2664 Actual detected object count: 1
23:08:16.0796 2664 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:08:16.0796 2664 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
23:08:42.0375 2748 Deinitialize success

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 PM

Posted 30 August 2012 - 01:22 PM

Hello, Your hard drive looks pretty full. This will bring on slowness.

Please rerun TDSS and change the option on these 2 to Cure or Delete
23:08:16.0796 2664 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:08:16.0796 2664 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



Go into Control Panel,Add Remove Programs. remove these
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)

Reboot.


If SAS only finds cookies then we do not need the log.


We should run 2 more ,one quick and the other an hour or more.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

Edited by boopme, 31 August 2012 - 09:45 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:04:08 PM

Posted 31 August 2012 - 08:53 PM

Finally finished the superantispyware and mostly cookies and it comes up clean now so i will not post the results. I will do the other things you asked me to now.

Here is the first report - will start the long one before going to bed tonight and post report in morning - but I thought you should know, it appears that we have fixed my previous issue. Will use computer more tonight and know for sure.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-31 19:11:06
-----------------------------
19:11:06.890 OS Version: Windows 5.1.2600 Service Pack 3
19:11:06.890 Number of processors: 2 586 0xF06
19:11:06.890 ComputerName: ACER-36D0BD61CF UserName:
19:11:12.500 Initialize success
19:11:49.125 AVAST engine defs: 12083102
19:11:57.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:11:57.734 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3
19:11:57.781 Disk 0 MBR read successfully
19:11:57.781 Disk 0 MBR scan
19:11:57.921 Disk 0 unknown MBR code
19:11:57.921 Disk 0 Partition 1 00 12 Compaq diag NTFS 6149 MB offset 63
19:11:58.015 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146476 MB offset 12595200
19:11:58.062 Disk 0 scanning sectors +312578048
19:11:58.296 Disk 0 scanning C:\WINDOWS\system32\drivers
19:12:16.234 Service scanning
19:12:37.453 Modules scanning
19:12:43.937 Disk 0 trace - called modules:
19:12:43.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:12:43.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b462030]
19:12:43.968 3 CLASSPNP.SYS[f76b7fd7] -> nt!IofCallDriver -> \Device\000000b8[0x8b5362e8]
19:12:43.968 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b465940]
19:12:45.453 AVAST engine scan C:\WINDOWS
19:12:57.437 AVAST engine scan C:\WINDOWS\system32
19:16:19.453 AVAST engine scan C:\WINDOWS\system32\drivers
19:16:51.062 AVAST engine scan C:\Documents and Settings\Robert Brennecke
19:23:17.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robert Brennecke\Desktop\MBR.dat"
19:23:17.750 The log file has been saved successfully to "C:\Documents and Settings\Robert Brennecke\Desktop\aswMBR.txt"

Edited by Elizabeth123, 31 August 2012 - 10:27 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 PM

Posted 31 August 2012 - 09:45 PM

Thanks
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:04:08 PM

Posted 10 September 2012 - 05:15 PM

I am unable to run ESET completely, it gets to about 38% AND FREEZES, I have tried several times, any suggestions?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 PM

Posted 10 September 2012 - 07:32 PM

Sorry, had a family emergency.

Lets try another..

Please run the F-Secure Online Scanner
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:04:08 PM

Posted 11 September 2012 - 03:56 AM

10 September 2012 23:40:35 - 01:42:06

Computer name: ACER-36D0BD61CF
Scanning type: Full scan
Target: C:\ + system + rootkits

Result: 13 malware found

Dropped:Trojan.Generic.KDV.513542 (virus)
C:\Documents and Settings\My Documents\Usenet.nl\alt.binaries.comp\Sothink DHTML Menu v9 10 90218 WinALL Cracked BRD.rar\Sothink.DHTML.Menu.v9.10.90218.WinALL.Cracked-BRD\Patch.exe
Dropped:Trojan.Dropper.MSIL.C (virus)
C:\Documents and Settings\My Documents\Usenet.nl\alt.binaries.cd.image\Sothink.DHTML.Menu.v9.10.90218.WinALL.Cracked-BRD.rar\Setup.exe
C:\Documents and Settings\My Documents\Usenet.nl\alt.binaries.cd.image\Setup.exe Action: quarantined
Trojan.Generic.KDV.64394 (virus)
C:\Documents and Settings\My Documents\Usenet.nl\alt.binaries.warez\Sothink.DHTML.Menu.v9.50.938.Cracked-MESMERiZE.rar\Sothink.DHTML.Menu.v9.50.938.Cracked-MESMERiZE.exe\inst.exe
C:\Documents and Settings\My Documents\Usenet.nl\alt.binaries.warez\Sothink.DHTML.Menu.v9.50.938.Cracked-MESMERiZE.exe\inst.exe
Trojan.Generic.6541500 (virus)
C:\Documents and Settings\My Documents\Usenet.nl\alt.binaries.warez\Sothink.DHTML.Menu.v9.50.938.Cracked-MESMERiZE.rar\Sothink.DHTML.Menu.v9.50.938.Cracked-MESMERiZE.exe
C:\Documents and Settings\My Documents\Usenet.nl\alt.binaries.warez\Sothink.DHTML.Menu.v9.50.938.Cracked-MESMERiZE.exe Action: quarantined
Trojan.Generic.5056318 (virus)
C:\Documents and Settings\My Documents\DOWNLOADS\URSoft.Your.Uninstaller.v7.0.2010.28.Incl.Keygen.and.Patch-CiO\Crack\patch.rar\patch.exe
C:\Program Files\Your Uninstaller 2010\patch.exe Action: quarantined
Trojan.Generic.6830517 (virus)
C:\Documents and Settings\My Documents\DOWNLOADS\LIVE ANDROID\YouWave.for.Android.v2.0.0.WinALL.Cracked-BRD\brywa20.rar\Crack\Patch.exe
C:\Documents and Settings\My Documents\DOWNLOADS\LIVE ANDROID\YouWave.for.Android.v2.0.0.WinALL.Cracked-BRD\brywa20k.zip\brywa20.rar\Crack\Patch.exe
Gen:Variant.Graftor.7158 (virus)
C:\Documents and Settings\My Documents\DOWNLOADS\LIVE ANDROID\YouWave for Android 2.3.1\patch-RES.rar\patch-RES\Youwave.Android.v2.x.x.Generic.patch-RES.exe
Trojan.Generic.4093559 (virus)
C:\Documents and Settings\My Documents\DOWNLOADS\kl\Extra.DVD.to.DVD.Clone.v5.7.WinALL.Keygen.Only-YPOGEiOS\ypp0210a.zip\ypp0210.rar\ypogeios\ygs-keygen.exe
Statistics

Scanned:
Files: 164925
Not scanned: 141
Result:
Viruses: 13
Spyware: 0
Suspicious items: 0
Riskware: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Quarantined: 3
Failed: 0
Boot Sectors:
Scanned: 2
Infected: 0
Suspicious items: 0
Disinfected: 0
Files not scanned:
Cannot open file (click here for more info) C:\HIBERFIL.SYS
Cannot open file (click here for more info) C:\PAGEFILE.SYS
Cannot open file (click here for more info) C:\PROGRAM FILES\LAVASOFT\AD-AWARE\
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\MY DOCUMENTS\DOWNLOADS\ATTACHMENTS_2011_01_10.ZIP
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Utilities\Xilisoft DVD Ripper Ultimate 6.0.9 Build 0806\Patch\patch.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Utilities\NeuView Media Player Professional v6.0.8.0253\cure\Patch.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Applications\RealPlayer SP 1.1.5 Build 12.0.0.879\Activator.rar\Activator\activator.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Applications\NVIDIA PureVideo Platinum 1.02.223\Generator.rar\Generator\Gen.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Applications\Nvidia DVD Player v2.55\setup\NVIDIA_NVDVD_2.55_Trial_English.rar\NVIDIA_NVDVD_2.55_Trial_English.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Applications\Nvidia DVD Player v2.55\cure\patch.rar\patch.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Applications\Mirillis Splash PRO HD Player v1.3.2 ML\cure\Patch\Patch.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Applications\DivX Pack\DivX Play Plus 8.1.2\Keygens\DivX8 Keygen by Vovan666.rar\DivX8 Keygen by Vovan666.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Applications\DivX Pack\DivX Play Plus 8.1.2\Keygens\New Keygen8 - FFF.rar\New Keygen8 - FFF.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Applications\CyberLink PowerDVD 10 Mark II Ultra 3D Build 10.0.2325.51\Activator for PowerDVD 10 32bits and 64 bits\core activator\keygen_MarkII.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Applications\BS Player 2.x\BS Player Pro 2.57.1048\cure\Keygen-CORE.rar\dummy file name of encryted archive is encrypted
Cannot open a file in archive C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Applications\Mirillis Splash PRO HD Player v1.3.2 ML\Splash PRO v1.3.2.exe\splash_install.msi
Cannot open a file in archive C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Video Utillities\Applications\Mirillis Splash PRO HD Player v1.3.2 ML\Splash PRO v1.3.2.exe\vcredist_x86.exe
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Tweakers & Optimizators\TuneUp Utilities 2011 10.0.2011.65\Keygen\KG.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Tweakers & Optimizators\Ashampoo WinOptimizer 7.17\cure\KG & Patch\KG & Patch.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Tweakers & Optimizators\Advanced SystemCare Pro 3.7.0.722 + Iobit Security 360 Pro 1.40.20\Advanced SystemCare Pro 3.7.0.722\cure\Keygen & Patch.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Text Editors\Cool Color Text Generator v1.0\cure\Coolcolor.rar\Coolcolor.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Security Advisors\Perlovga Remover\PRT.rar\PRT.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Photo Software\Pixarra TwistedBrush Pro Studio v17.14\cure\Keygen.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Photo Software\Photodex ProShow Producer 4.5.2929\cure\Keygen.rar\Keygen\KG.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Photo Software\Panorado v4.0.1.31\cure\Patch\Patch.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Photo Software\Magic Photo Editor v5.74\cure\Keygen.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Photo Software\Magic Photo Editor v5.74\cure\Patch.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Photo Software\IntoCartoon Professional Edition v3.1\cure\patch.rar\patch\patch.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Photo Software\Advanced JPEG Compressor 2010.8.1.96\patch.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\XYplorer v9.60 Professional\cure.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\Total Commander 7.55a\cure\Keygen.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\RouterPassView 1.25\RouterPassView 1.25.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\RemoveWGA 1.2\RemoveWGA.rar\RemoveWGA.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\Office Genuine Advantage Remover\Generator.rar\Generator\New Keygen 2007.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\Office Genuine Advantage Remover\Generator.rar\Generator\Old Keygen 2007.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\Office Genuine Advantage Remover\Office 2007 Activation Crack v.2.0\Office 2007 Activation Crack 2.0.rar\Office 2007 Activation Crack 2.0.EXE is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\MS Win XP Key Viewers & Editors\Office XP Key Viewer Changer.rar\Office XP Key Viewer Changer\KeyChanger - For Office\Key.txt is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\MS Win XP Key Viewers & Editors\Office XP Key Viewer Changer.rar\Office XP Key Viewer Changer\KeyChanger - For Office\Setup.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\MS Win XP Key Viewers & Editors\Office XP Key Viewer Changer.rar\Office XP Key Viewer Changer\KeyChanger Windows\Key.txt is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\MS Win XP Key Viewers & Editors\Office XP Key Viewer Changer.rar\Office XP Key Viewer Changer\KeyChanger Windows\Setup.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\MS Win XP Key Viewers & Editors\Office XP Key Viewer Changer.rar\Office XP Key Viewer Changer\Keyfinder 2.0.1 - Magic JellyBean\keyfinder.cfg is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\MS Win XP Key Viewers & Editors\Office XP Key Viewer Changer.rar\Office XP Key Viewer Changer\Keyfinder 2.0.1 - Magic JellyBean\keyfinder.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\MS Win XP Key Viewers & Editors\Office XP Key Viewer Changer.rar\Office XP Key Viewer Changer\Keyfinder 2.0.1 - Magic JellyBean\license.txt is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\OS Forcers Unlockers Activators Decrypters\GetData Recover My Files Professional 4.6.6.830\cure\CRACK-FFF\FFF Crack.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/autorun.cdd is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Buttons/btn_Apply.btn is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Buttons/btn_Checkbox.btn is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Buttons/btn_Close.btn is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Buttons/btn_FF.btn is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Buttons/btn_Min.btn is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Buttons/btn_Restore.btn is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/01.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/01b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/02.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/02b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/03.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/03b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/04.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/04b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/05.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/05b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/06.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/06b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/07.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/07b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/08.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/08b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/09.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/09b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/10.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/10b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/11.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/11b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/12.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/12b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/13.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/13b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/14.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/14b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/15.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/15b.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Flash/login.swf is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Icons/Yahoo Messenger with Voice.ico is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Images/Custom.png is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Images/Frame.png is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Images/Mail.png is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Images/Mask.png is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Images/Yahoo Messenger with Voice.png is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\AutoPlay/Images/Yahoo! Messenger Tweaker.png is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\autorun.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Utilities\Yahoo! Messenger Tweaker 1.3.1.0\Yahoo! Messenger Tweaker 1.3.1.0.exe\Yahoo Messenger with Voice.ico is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Applications\mIRC v7.15\setup\mirc715.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Instant Messengers\Applications\mIRC v7.15\cure\mIRC.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Emulator Software\Daemon Tools 4.x\DAEMON Tools Pro Advanced 4.36.0309.0160\cure\Old Patch\Patch + Key.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Emulator Software\Alcohol 120% Retail v2.0.1.2031\Keygen & Loader & Patch\Patch\Patch.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Emulator Software\Alcohol 120% Retail v2.0.1.2031\Keygen & Loader & Patch\keymaker.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Emulator Software\Alcohol 120% Retail v2.0.1.2031\Keygen & Loader & Patch\RmK-Free Loaders.rar\RmK-Free Loaders\AutoLoader_AxLaUn.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Emulator Software\Alcohol 120% Retail v2.0.1.2031\Keygen & Loader & Patch\RmK-Free Loaders.rar\RmK-Free Loaders\loader RmK-FreE.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\CPU GPU RAM & System Detailers\Autoruns 10.06\Autoruns 10.06.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\CD DVD & Blu-Ray Burners\Nero 6.x 7.x 8.x 9.x 10.x\Nero 9.4.13.2 Ultra Lite [Fix Only]\Fix - Only if needed\Generator.rar\Generator\9.4.26.0 v5.55.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Browsers\Google Earth PRO Plus 6.0.0.1735\Patch\google.earth.plus.5.2.x-mpt.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Browsers\!Download Forcers Managers\Internet Download Manager 5.19.5\cure\Old Patch\Patch.rar\Patch\Patch-5.18.5.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Browsers\!Download Forcers Managers\Internet Download Manager 5.19.5\cure\!New Patch\New Patch.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Audio Software\Utilities\YoGen Recorder v3.5.1.1\Generator.rar\Generator\Gen.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Audio Software\Utilities\ImTOO WMA MP3 Converter 2.1.80 build 0311\cure\keygen.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Audio Software\Applications\Winamp PRO v5.60 Build 3080 Final\!winamp cure\Keygen\Generator.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Audio Software\Applications\DFX Audio Enhancer v9.303 Plus\cure\keygen.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\Archivators\PowerArchiver 2010 11.64.1\patch (only if needed)\powerarchiver.english.version-patch.rar\powerarchiver.english.version-patch.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\!Stuff\$Password Keepers\Folder Vault v2.0.24\cure.rar\cure\FolderVault.exe is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\!Driver Utilities - For Finding Proper Drivers\Driver Checker 2.7.4 Datecode 2010 September 28\sn\Keygen DriverChecker v2.7.4.rar\dummy file name of encryted archive is encrypted
File C:\Documents and Settings\My Documents\DOWNLOADS\DVD APPS\!Driver Utilities - For Finding Proper Drivers\Driver Genius 10.0.0.526 Professional\cure\Patch.rar\dummy file name of encryted archive is encrypted
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\Avance.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\ConvertDB.exe
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\Core.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\CoreApp.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\DE.exe
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\DrmHelper.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\MediaManager.xml
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\MediaPlayer.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\MM2.0-ELUA.rtf
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\Mp3Dest.ax
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\OpenGL3D.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\Register.bat
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\STBServer.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\tvcspotlight.swf
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\UnRegister.bat
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\User Guide.chm
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\VaultMediaClient.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\Verizon Media Manager.exe
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\VideoTranscoder.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\VideoUrlExtractor.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\VZVideoAgent.exe
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\WavBuffer.ax
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\WavDest.ax
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\WavParser.ax
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\WindowsMediaPlayer.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Release\zlib1.dll
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\DB\VZClientDB.dat
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\DB\VZClientLocalDB.dat
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\DB\VZClientServerURL.dat
Cannot open a file in archive C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Media Manager.installer\Upgrade\Core.cab\Image\allImages.VZClient
Options

Definitions version:
Viruses: 2012-09-11_03
Spyware: 2012-09-11_03
Scanning Engines:
F-Secure Aquarius: 11.00.01, 2012-09-11
F-Secure Hydra: 5.07.7855, 2012-09-11
F-Secure Online: 11.00.18240, 0-00-00
F-Secure Gemini: 3.02.110, 2012-09-06
F-Secure BlackLight: 2.04.1099, 2009-09-22
Scanning options:
Scan defined files: ANI ASP AX BAT BIN BOO CHM CMD COM CPL DLL DOC DOT DRV EML EXE HLP HTA HTM HTML HTT INF INI JOB JS JSE LNK LSP MDB MHT MPP MPT MSG MSO OCX PDF PHP PIF POT PPT RTF SCR SHS SWF SYS TD0 TMP VBE VBS VXD WBK WMA WMV WMF WSC WSF WSH WRI XLS XLT XML CLASS ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Scan inside archives
Actions:
Viruses: Ask after scan
Spyware: Ask after scan
Show suspicious items after a full scan

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 PM

Posted 11 September 2012 - 08:12 PM

It appears you are dowmloading illegal content from Utorrent, all these infections are from downloading the free or cracked software. Thats why it's free. Free for them to steal your personal information.

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Elizabeth123

Elizabeth123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:04:08 PM

Posted 12 September 2012 - 05:54 AM

Okay so what do i look for to remove these?
I am assuming it was done by my kids - ugh kids - anyway what am i looking for?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:08 PM

Posted 12 September 2012 - 01:22 PM

Just let them know that when they pick up a Virut or ransomeware infection the machine will need toi be wiped and reformatted.
Also that if credit card info is passed along a machine with these infections it was most likely taken.

I am not certain what is left..
This program was used to try to hide the torrent downloafds
WinALL.Cracked-BRD.rar


This infection was downloaded and it imported others.
Dropped:Trojan.Generic.1561399
...This relatively small executable is most probably just a part of a larger-scale malware attack. When run, it checks under HKLM\System\CurrentControlSet for the WinDefend service (belonging to Microsoft Windows Defender) and disables this service, leaving the user

these were Pirated
MESMERiZE
YouWave.for.Android


Lets see if we can see if there are others...
Please download CKScanner and save it to your Desktop. <-Important!!!
  • Double-click on CKScanner.exe and click Search For Files.
  • If using Vista, right-click on it and Run As Administrator.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A text file will be created on your desktop named ckfiles.txt.
  • Click OK at the file saved message box.
  • Double-click the ckfiles.txt icon on your desktop to open the log and copy/paste the contents in your next reply.

Edited by boopme, 12 September 2012 - 01:23 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users