Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue.Agent, Trojan.FakeAV Found


  • Please log in to reply
14 replies to this topic

#1 chicktabu

chicktabu

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 30 August 2012 - 12:30 AM

Hello,
Last week HitmanPro and RogueKiller found a few viruses that my Kaspersky missed. Also SuperAntiSpyware says it found 35 file threats. I'm afraid I got a little desperate and downloaded a tool Im now reading that I shouldn't have ..sry. Also, when I attempt to open cleaning utilities a few image errors pop up & my pc is running slower then usual. I would really appreciate take a look to see if my pc is still infected?

Windows XP Professional (5.1, Build 2600) Service Pack 3

TYVM!

Edited by chicktabu, 30 August 2012 - 12:32 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 30 August 2012 - 05:41 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 chicktabu

chicktabu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 30 August 2012 - 09:02 AM

Good morn'n Narenxp,
And tyvm for responding back! When the 'signature database' download started for the ESET online scanner, all these windows from my Kaspersky popped up attempting to block the driver, and then the software, even after I approved it. I ticked 'paused protection' in Kaspersky before running ESET again ..but an "unexpected error 2002" came up in the ESET window. Dont know if Kaspersky was the culprit but I thought maybe I should have used CCleaner to make a clean un-install, then re-install before running ESET a second time(?) Then concluded it would be wiser to await your instructions.

note: Below the logs will be a MBR.dat that popped up on my desktop after running aswMBR. Idk if its important? It's filled w/ strange fonts but also states my operating system is missing :huh:


TDSSKILLER
23:55:31.0109 0988 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:55:31.0718 0988 ============================================================
23:55:31.0718 0988 Current date / time: 2012/08/29 23:55:31.0718
23:55:31.0718 0988 SystemInfo:
23:55:31.0718 0988
23:55:31.0718 0988 OS Version: 5.1.2600 ServicePack: 3.0
23:55:31.0718 0988 Product type: Workstation
23:55:31.0718 0988 ComputerName: OAK01-03
23:55:31.0718 0988 UserName: csr
23:55:31.0718 0988 Windows directory: C:\WINDOWS
23:55:31.0718 0988 System windows directory: C:\WINDOWS
23:55:31.0718 0988 Processor architecture: Intel x86
23:55:31.0718 0988 Number of processors: 2
23:55:31.0718 0988 Page size: 0x1000
23:55:31.0718 0988 Boot type: Normal boot
23:55:31.0718 0988 ============================================================
23:55:32.0734 0988 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:55:32.0734 0988 ============================================================
23:55:32.0734 0988 \Device\Harddisk0\DR0:
23:55:32.0750 0988 MBR partitions:
23:55:32.0750 0988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
23:55:32.0750 0988 ============================================================
23:55:32.0812 0988 C: <-> \Device\Harddisk0\DR0\Partition1
23:55:32.0812 0988 ============================================================
23:55:32.0812 0988 Initialize success
23:55:32.0812 0988 ============================================================
23:55:36.0812 0772 ============================================================
23:55:36.0812 0772 Scan started
23:55:36.0812 0772 Mode: Manual;
23:55:36.0812 0772 ============================================================
23:55:37.0218 0772 ================ Scan system memory ========================
23:55:37.0234 0772 System memory - ok
23:55:37.0234 0772 ================ Scan services =============================
23:55:37.0718 0772 Abiosdsk - ok
23:55:37.0734 0772 abp480n5 - ok
23:55:37.0796 0772 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:55:37.0859 0772 ACPI - ok
23:55:37.0890 0772 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:55:37.0906 0772 ACPIEC - ok
23:55:37.0906 0772 adfs - ok
23:55:37.0953 0772 [ 0F0A69496989912351284BB1BAA2CE57 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
23:55:37.0968 0772 ADIHdAudAddService - ok
23:55:38.0203 0772 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:55:38.0375 0772 AdobeFlashPlayerUpdateSvc - ok
23:55:38.0375 0772 adpu160m - ok
23:55:38.0640 0772 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
23:55:39.0156 0772 AdvancedSystemCareService5 - ok
23:55:39.0187 0772 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:55:39.0187 0772 aec - ok
23:55:39.0234 0772 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:55:39.0250 0772 AFD - ok
23:55:39.0250 0772 Aha154x - ok
23:55:39.0265 0772 aic78u2 - ok
23:55:39.0281 0772 aic78xx - ok
23:55:39.0312 0772 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:55:39.0328 0772 Alerter - ok
23:55:39.0375 0772 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:55:39.0390 0772 ALG - ok
23:55:39.0406 0772 AliIde - ok
23:55:39.0421 0772 amsint - ok
23:55:39.0468 0772 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:55:39.0484 0772 AppMgmt - ok
23:55:39.0500 0772 asc - ok
23:55:39.0515 0772 asc3350p - ok
23:55:39.0515 0772 asc3550 - ok
23:55:39.0625 0772 [ D8F57A9AE012E04AEA4488408A6E3682 ] ASFAgent C:\Program Files\Intel\ASF Agent\ASFAgent.exe
23:55:39.0640 0772 ASFAgent - ok
23:55:39.0656 0772 [ C139FA963DBB9BD6560F404F509D1196 ] AsfAlrt C:\WINDOWS\system32\Drivers\AsfAlrt.sys
23:55:39.0656 0772 AsfAlrt - ok
23:55:39.0718 0772 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
23:55:39.0765 0772 Aspi32 - ok
23:55:39.0953 0772 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:55:40.0015 0772 aspnet_state - ok
23:55:40.0062 0772 [ 0C83FC56707BF68DB04947052A8188B1 ] astcc C:\WINDOWS\SYSTEM32\astsrv.exe
23:55:40.0062 0772 astcc - ok
23:55:40.0109 0772 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:55:40.0109 0772 AsyncMac - ok
23:55:40.0140 0772 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:55:40.0140 0772 atapi - ok
23:55:40.0187 0772 [ EECC1D40AA10F85126708796ABA1E7D5 ] atchksrv C:\Program Files\Intel\AMT\atchksrv.exe
23:55:40.0234 0772 atchksrv - ok
23:55:40.0250 0772 Atdisk - ok
23:55:40.0265 0772 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:55:40.0296 0772 Atmarpc - ok
23:55:40.0328 0772 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:55:40.0343 0772 AudioSrv - ok
23:55:40.0390 0772 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:55:40.0406 0772 audstub - ok
23:55:40.0531 0772 [ 2718DC27571BD1E37813F5759D2DC118 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
23:55:40.0546 0772 AVP - ok
23:55:40.0625 0772 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:55:40.0625 0772 Beep - ok
23:55:40.0734 0772 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:55:40.0828 0772 BITS - ok
23:55:40.0890 0772 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:55:40.0890 0772 Browser - ok
23:55:40.0937 0772 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:55:41.0015 0772 cbidf2k - ok
23:55:41.0015 0772 cd20xrnt - ok
23:55:41.0062 0772 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:55:41.0078 0772 Cdaudio - ok
23:55:41.0125 0772 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:55:41.0140 0772 Cdfs - ok
23:55:41.0156 0772 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:55:41.0187 0772 Cdrom - ok
23:55:41.0218 0772 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
23:55:41.0218 0772 cercsr6 - ok
23:55:41.0218 0772 Changer - ok
23:55:41.0250 0772 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:55:41.0265 0772 CiSvc - ok
23:55:41.0296 0772 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:55:41.0328 0772 ClipSrv - ok
23:55:41.0359 0772 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:55:41.0359 0772 clr_optimization_v2.0.50727_32 - ok
23:55:41.0437 0772 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:55:41.0453 0772 clr_optimization_v4.0.30319_32 - ok
23:55:41.0468 0772 CmdIde - ok
23:55:41.0468 0772 COMSysApp - ok
23:55:41.0484 0772 Cpqarray - ok
23:55:41.0546 0772 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:55:41.0546 0772 CryptSvc - ok
23:55:41.0562 0772 dac2w2k - ok
23:55:41.0562 0772 dac960nt - ok
23:55:41.0625 0772 [ 0DECA86DA5DE29DE4BBD37991019138C ] DataPipeService c:\program files\datapipe\datapipe.exe
23:55:41.0640 0772 DataPipeService - ok
23:55:41.0687 0772 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:55:41.0703 0772 DcomLaunch - ok
23:55:41.0750 0772 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:55:41.0750 0772 Dhcp - ok
23:55:41.0812 0772 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:55:41.0843 0772 Disk - ok
23:55:41.0859 0772 dmadmin - ok
23:55:41.0890 0772 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:55:41.0921 0772 dmboot - ok
23:55:41.0921 0772 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:55:41.0968 0772 dmio - ok
23:55:42.0000 0772 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:55:42.0015 0772 dmload - ok
23:55:42.0062 0772 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:55:42.0062 0772 dmserver - ok
23:55:42.0093 0772 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:55:42.0125 0772 DMusic - ok
23:55:42.0156 0772 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:55:42.0156 0772 Dnscache - ok
23:55:42.0203 0772 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:55:42.0203 0772 Dot3svc - ok
23:55:42.0218 0772 dpti2o - ok
23:55:42.0218 0772 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:55:42.0250 0772 drmkaud - ok
23:55:42.0328 0772 [ 33DC2A5B6298633F4DD8E4D407CDF8B4 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
23:55:42.0406 0772 e1express - ok
23:55:42.0437 0772 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:55:42.0453 0772 EapHost - ok
23:55:42.0468 0772 efavdrv - ok
23:55:42.0531 0772 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:55:42.0546 0772 ERSvc - ok
23:55:42.0609 0772 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:55:42.0609 0772 Eventlog - ok
23:55:42.0671 0772 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:55:42.0671 0772 EventSystem - ok
23:55:42.0718 0772 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:55:42.0734 0772 Fastfat - ok
23:55:42.0781 0772 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:55:42.0781 0772 FastUserSwitchingCompatibility - ok
23:55:42.0796 0772 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:55:42.0828 0772 Fdc - ok
23:55:42.0843 0772 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:55:42.0843 0772 Fips - ok
23:55:42.0859 0772 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:55:42.0875 0772 Flpydisk - ok
23:55:42.0921 0772 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:55:42.0953 0772 FltMgr - ok
23:55:43.0046 0772 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:55:43.0046 0772 FontCache3.0.0.0 - ok
23:55:43.0062 0772 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:55:43.0078 0772 Fs_Rec - ok
23:55:43.0093 0772 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:55:43.0093 0772 Ftdisk - ok
23:55:43.0125 0772 [ 20F6C49E2C410FCD32D781F521579BF5 ] GIDv2 C:\WINDOWS\system32\drivers\GIDv2.sys
23:55:43.0140 0772 GIDv2 - ok
23:55:43.0203 0772 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:55:43.0203 0772 Gpc - ok
23:55:43.0265 0772 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:43.0265 0772 gupdate - ok
23:55:43.0281 0772 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:43.0281 0772 gupdatem - ok
23:55:43.0328 0772 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:55:43.0375 0772 gusvc - ok
23:55:43.0406 0772 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:55:43.0468 0772 HDAudBus - ok
23:55:43.0531 0772 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
23:55:43.0531 0772 HECI - ok
23:55:43.0625 0772 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:55:43.0625 0772 helpsvc - ok
23:55:43.0687 0772 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:55:43.0703 0772 HidServ - ok
23:55:43.0750 0772 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:55:43.0781 0772 hidusb - ok
23:55:43.0843 0772 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:55:43.0875 0772 hkmsvc - ok
23:55:43.0875 0772 hpn - ok
23:55:43.0906 0772 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:55:43.0953 0772 HPZid412 - ok
23:55:43.0984 0772 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:55:43.0984 0772 HPZipr12 - ok
23:55:44.0015 0772 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:55:44.0015 0772 HPZius12 - ok
23:55:44.0062 0772 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:55:44.0078 0772 HTTP - ok
23:55:44.0109 0772 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:55:44.0125 0772 HTTPFilter - ok
23:55:44.0140 0772 i2omgmt - ok
23:55:44.0140 0772 i2omp - ok
23:55:44.0156 0772 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
23:55:44.0171 0772 i8042prt - ok
23:55:44.0234 0772 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
23:55:44.0250 0772 IAANTMON - ok
23:55:44.0359 0772 [ BD9462E346229F37FD5B95FBCB6D3D34 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:55:44.0515 0772 ialm - ok
23:55:44.0546 0772 [ E5A0034847537EAEE3C00349D5C34C5F ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:55:44.0546 0772 iastor - ok
23:55:44.0640 0772 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:55:44.0687 0772 idsvc - ok
23:55:44.0734 0772 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:55:44.0765 0772 Imapi - ok
23:55:44.0812 0772 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:55:44.0843 0772 ImapiService - ok
23:55:44.0859 0772 ini910u - ok
23:55:44.0859 0772 IntelIde - ok
23:55:44.0906 0772 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:55:44.0937 0772 intelppm - ok
23:55:44.0968 0772 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:55:45.0000 0772 Ip6Fw - ok
23:55:45.0046 0772 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:55:45.0062 0772 IpFilterDriver - ok
23:55:45.0093 0772 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:55:45.0093 0772 IpInIp - ok
23:55:45.0125 0772 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:55:45.0171 0772 IpNat - ok
23:55:45.0187 0772 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:55:45.0187 0772 IPSec - ok
23:55:45.0234 0772 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:55:45.0234 0772 IRENUM - ok
23:55:45.0265 0772 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:55:45.0265 0772 isapnp - ok
23:55:45.0406 0772 [ 9A337AE3DB478034A7839E753BBFF1AB ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:55:45.0437 0772 JavaQuickStarterService - ok
23:55:45.0453 0772 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:55:45.0453 0772 Kbdclass - ok
23:55:45.0468 0772 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:55:45.0468 0772 kbdhid - ok
23:55:45.0500 0772 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
23:55:45.0515 0772 KL1 - ok
23:55:45.0531 0772 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
23:55:45.0546 0772 kl2 - ok
23:55:45.0593 0772 [ 5D92A03045A6A98708975B3D77B39A36 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
23:55:45.0625 0772 KLIF - ok
23:55:45.0640 0772 [ 96A7EC308A93DA26DFE481308BAAC2A2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
23:55:45.0640 0772 klim5 - ok
23:55:45.0656 0772 [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
23:55:45.0671 0772 klmouflt - ok
23:55:45.0718 0772 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:55:45.0734 0772 kmixer - ok
23:55:45.0765 0772 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:55:45.0796 0772 KSecDD - ok
23:55:45.0843 0772 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:55:45.0859 0772 lanmanserver - ok
23:55:45.0906 0772 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:55:45.0937 0772 lanmanworkstation - ok
23:55:45.0953 0772 lbrtfdc - ok
23:55:46.0000 0772 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:55:46.0000 0772 LmHosts - ok
23:55:46.0046 0772 [ C518D248041C259FCFA7175C866915C3 ] LMS C:\Program Files\Intel\AMT\LMS.exe
23:55:46.0062 0772 LMS - ok
23:55:46.0109 0772 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
23:55:46.0125 0772 MBAMProtector - ok
23:55:46.0171 0772 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:55:46.0250 0772 MBAMService - ok
23:55:46.0281 0772 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
23:55:46.0281 0772 MBAMSwissArmy - ok
23:55:46.0328 0772 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:55:46.0343 0772 Messenger - ok
23:55:46.0390 0772 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:55:46.0406 0772 mnmdd - ok
23:55:46.0421 0772 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:55:46.0437 0772 mnmsrvc - ok
23:55:46.0468 0772 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:55:46.0484 0772 Modem - ok
23:55:46.0546 0772 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:55:46.0546 0772 Mouclass - ok
23:55:46.0562 0772 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:55:46.0578 0772 mouhid - ok
23:55:46.0625 0772 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:55:46.0640 0772 MountMgr - ok
23:55:46.0656 0772 mraid35x - ok
23:55:46.0671 0772 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:55:46.0859 0772 MRxDAV - ok
23:55:46.0906 0772 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:55:46.0953 0772 MRxSmb - ok
23:55:46.0984 0772 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:55:47.0000 0772 MSDTC - ok
23:55:47.0015 0772 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:55:47.0031 0772 Msfs - ok
23:55:47.0046 0772 MSIServer - ok
23:55:47.0078 0772 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:55:47.0109 0772 MSKSSRV - ok
23:55:47.0125 0772 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:55:47.0140 0772 MSPCLOCK - ok
23:55:47.0171 0772 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:55:47.0187 0772 MSPQM - ok
23:55:47.0218 0772 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:55:47.0234 0772 mssmbios - ok
23:55:47.0281 0772 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:55:47.0281 0772 Mup - ok
23:55:47.0328 0772 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:55:47.0375 0772 napagent - ok
23:55:47.0375 0772 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:55:47.0406 0772 NDIS - ok
23:55:47.0468 0772 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:55:47.0484 0772 NdisTapi - ok
23:55:47.0546 0772 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:55:47.0546 0772 Ndisuio - ok
23:55:47.0562 0772 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:55:47.0593 0772 NdisWan - ok
23:55:47.0640 0772 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:55:47.0640 0772 NDProxy - ok
23:55:47.0656 0772 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:55:47.0687 0772 NetBIOS - ok
23:55:47.0703 0772 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:55:47.0703 0772 NetBT - ok
23:55:47.0765 0772 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:55:47.0765 0772 NetDDE - ok
23:55:47.0781 0772 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:55:47.0781 0772 NetDDEdsdm - ok
23:55:47.0828 0772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:55:47.0828 0772 Netlogon - ok
23:55:47.0890 0772 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:55:47.0890 0772 Netman - ok
23:55:47.0953 0772 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:55:47.0953 0772 NetTcpPortSharing - ok
23:55:48.0015 0772 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:55:48.0015 0772 Nla - ok
23:55:48.0078 0772 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:55:48.0078 0772 Npfs - ok
23:55:48.0125 0772 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:55:48.0156 0772 Ntfs - ok
23:55:48.0171 0772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:55:48.0171 0772 NtLmSsp - ok
23:55:48.0203 0772 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:55:48.0218 0772 NtmsSvc - ok
23:55:48.0234 0772 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:55:48.0234 0772 Null - ok
23:55:48.0281 0772 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:55:48.0281 0772 NwlnkFlt - ok
23:55:48.0296 0772 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:55:48.0312 0772 NwlnkFwd - ok
23:55:48.0421 0772 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:55:48.0437 0772 ose - ok
23:55:48.0468 0772 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:55:48.0500 0772 Parport - ok
23:55:48.0546 0772 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:55:48.0578 0772 PartMgr - ok
23:55:48.0640 0772 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:55:48.0640 0772 ParVdm - ok
23:55:48.0656 0772 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:55:48.0656 0772 PCI - ok
23:55:48.0671 0772 PCIDump - ok
23:55:48.0671 0772 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:55:48.0687 0772 PCIIde - ok
23:55:48.0718 0772 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:55:48.0750 0772 Pcmcia - ok
23:55:48.0765 0772 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
23:55:48.0781 0772 pcouffin - ok
23:55:48.0781 0772 PDCOMP - ok
23:55:48.0796 0772 PDFRAME - ok
23:55:48.0796 0772 PDRELI - ok
23:55:48.0812 0772 PDRFRAME - ok
23:55:48.0812 0772 perc2 - ok
23:55:48.0828 0772 perc2hib - ok
23:55:48.0875 0772 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:55:48.0890 0772 PlugPlay - ok
23:55:48.0937 0772 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
23:55:48.0953 0772 Pml Driver HPZ12 - ok
23:55:48.0953 0772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:55:48.0953 0772 PolicyAgent - ok
23:55:49.0015 0772 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:55:49.0031 0772 PptpMiniport - ok
23:55:49.0078 0772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:55:49.0078 0772 ProtectedStorage - ok
23:55:49.0078 0772 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:55:49.0093 0772 PSched - ok
23:55:49.0093 0772 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:55:49.0109 0772 Ptilink - ok
23:55:49.0109 0772 ql1080 - ok
23:55:49.0125 0772 Ql10wnt - ok
23:55:49.0125 0772 ql12160 - ok
23:55:49.0140 0772 ql1240 - ok
23:55:49.0140 0772 ql1280 - ok
23:55:49.0156 0772 RapportIaso - ok
23:55:49.0203 0772 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:55:49.0203 0772 RasAcd - ok
23:55:49.0234 0772 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:55:49.0265 0772 RasAuto - ok
23:55:49.0281 0772 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:55:49.0296 0772 Rasl2tp - ok
23:55:49.0359 0772 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:55:49.0375 0772 RasMan - ok
23:55:49.0390 0772 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:55:49.0421 0772 RasPppoe - ok
23:55:49.0421 0772 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:55:49.0437 0772 Raspti - ok
23:55:49.0453 0772 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:55:49.0468 0772 Rdbss - ok
23:55:49.0500 0772 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:55:49.0515 0772 RDPCDD - ok
23:55:49.0531 0772 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:55:49.0546 0772 rdpdr - ok
23:55:49.0593 0772 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:55:49.0640 0772 RDPWD - ok
23:55:49.0671 0772 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:55:49.0703 0772 RDSessMgr - ok
23:55:49.0750 0772 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:55:49.0750 0772 redbook - ok
23:55:49.0796 0772 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:55:49.0812 0772 RemoteAccess - ok
23:55:49.0859 0772 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:55:49.0859 0772 RemoteRegistry - ok
23:55:49.0890 0772 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:55:49.0906 0772 RpcLocator - ok
23:55:49.0953 0772 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:55:49.0953 0772 RpcSs - ok
23:55:50.0015 0772 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:55:50.0031 0772 RSVP - ok
23:55:50.0062 0772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:55:50.0062 0772 SamSs - ok
23:55:50.0109 0772 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:55:50.0125 0772 SCardSvr - ok
23:55:50.0171 0772 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:55:50.0203 0772 Schedule - ok
23:55:50.0250 0772 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:55:50.0281 0772 Secdrv - ok
23:55:50.0328 0772 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:55:50.0343 0772 seclogon - ok
23:55:50.0406 0772 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
23:55:50.0421 0772 SenFiltService - ok
23:55:50.0437 0772 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:55:50.0468 0772 SENS - ok
23:55:50.0515 0772 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:55:50.0546 0772 serenum - ok
23:55:50.0562 0772 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:55:50.0578 0772 Serial - ok
23:55:50.0609 0772 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:55:50.0625 0772 Sfloppy - ok
23:55:50.0687 0772 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:55:50.0703 0772 SharedAccess - ok
23:55:50.0718 0772 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:55:50.0718 0772 ShellHWDetection - ok
23:55:50.0734 0772 Simbad - ok
23:55:50.0734 0772 Sparrow - ok
23:55:50.0781 0772 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:55:50.0796 0772 splitter - ok
23:55:50.0843 0772 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:55:50.0843 0772 Spooler - ok
23:55:50.0875 0772 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:55:50.0906 0772 sr - ok
23:55:50.0953 0772 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:55:50.0968 0772 srservice - ok
23:55:51.0000 0772 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:55:51.0046 0772 Srv - ok
23:55:51.0078 0772 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:55:51.0093 0772 SSDPSRV - ok
23:55:51.0140 0772 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:55:51.0234 0772 stisvc - ok
23:55:51.0250 0772 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:55:51.0265 0772 swenum - ok
23:55:51.0312 0772 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:55:51.0343 0772 swmidi - ok
23:55:51.0343 0772 SwPrv - ok
23:55:51.0359 0772 symc810 - ok
23:55:51.0375 0772 symc8xx - ok
23:55:51.0375 0772 sym_hi - ok
23:55:51.0390 0772 sym_u3 - ok
23:55:51.0406 0772 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:55:51.0406 0772 sysaudio - ok
23:55:51.0468 0772 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:55:51.0500 0772 SysmonLog - ok
23:55:51.0531 0772 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:55:51.0531 0772 TapiSrv - ok
23:55:51.0593 0772 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:55:51.0609 0772 Tcpip - ok
23:55:51.0640 0772 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:55:51.0671 0772 TDPIPE - ok
23:55:51.0687 0772 [ 7900778E50ABF594B7B2C79A59E0BE34 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:55:51.0687 0772 TDTCP - ok
23:55:51.0718 0772 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:55:51.0750 0772 TermDD - ok
23:55:51.0812 0772 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:55:51.0812 0772 TermService - ok
23:55:51.0843 0772 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:55:51.0843 0772 Themes - ok
23:55:51.0875 0772 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:55:51.0906 0772 TlntSvr - ok
23:55:51.0906 0772 TosIde - ok
23:55:51.0953 0772 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:55:51.0953 0772 TrkWks - ok
23:55:51.0984 0772 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:55:51.0984 0772 Udfs - ok
23:55:52.0000 0772 ultra - ok
23:55:52.0109 0772 [ 0558985BD646203DF5F36BF0FBD241A3 ] UNS C:\Program Files\Intel\AMT\UNS.exe
23:55:52.0265 0772 UNS - ok
23:55:52.0328 0772 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:55:52.0328 0772 Update - ok
23:55:52.0375 0772 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:55:52.0375 0772 upnphost - ok
23:55:52.0390 0772 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:55:52.0406 0772 UPS - ok
23:55:52.0453 0772 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:55:52.0484 0772 usbccgp - ok
23:55:52.0515 0772 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:55:52.0546 0772 usbehci - ok
23:55:52.0609 0772 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:55:52.0609 0772 usbhub - ok
23:55:52.0640 0772 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:55:52.0656 0772 usbprint - ok
23:55:52.0687 0772 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:55:52.0687 0772 usbscan - ok
23:55:52.0703 0772 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:55:52.0734 0772 USBSTOR - ok
23:55:52.0750 0772 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:55:52.0765 0772 usbuhci - ok
23:55:52.0796 0772 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:55:52.0828 0772 usb_rndisx - ok
23:55:52.0859 0772 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:55:52.0890 0772 VgaSave - ok
23:55:52.0890 0772 ViaIde - ok
23:55:52.0937 0772 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:55:53.0000 0772 VolSnap - ok
23:55:53.0046 0772 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:55:53.0078 0772 VSS - ok
23:55:53.0140 0772 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:55:53.0140 0772 W32Time - ok
23:55:53.0156 0772 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:55:53.0156 0772 Wanarp - ok
23:55:53.0171 0772 WDICA - ok
23:55:53.0187 0772 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:55:53.0203 0772 wdmaud - ok
23:55:53.0265 0772 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:55:53.0281 0772 WebClient - ok
23:55:53.0390 0772 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:55:53.0421 0772 winmgmt - ok
23:55:53.0484 0772 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
23:55:53.0546 0772 WinRM - ok
23:55:53.0593 0772 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:55:53.0625 0772 WmdmPmSN - ok
23:55:53.0671 0772 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:55:53.0703 0772 Wmi - ok
23:55:53.0750 0772 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:55:53.0781 0772 WmiApSrv - ok
23:55:53.0875 0772 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:55:53.0953 0772 WMPNetworkSvc - ok
23:55:54.0015 0772 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:55:54.0062 0772 WPFFontCache_v0400 - ok
23:55:54.0125 0772 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:55:54.0125 0772 WS2IFSL - ok
23:55:54.0171 0772 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:55:54.0171 0772 wscsvc - ok
23:55:54.0187 0772 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:55:54.0203 0772 wuauserv - ok
23:55:54.0234 0772 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:55:54.0265 0772 WudfPf - ok
23:55:54.0281 0772 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:55:54.0281 0772 WudfRd - ok
23:55:54.0312 0772 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:55:54.0328 0772 WudfSvc - ok
23:55:54.0375 0772 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:55:54.0390 0772 WZCSVC - ok
23:55:54.0421 0772 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:55:54.0437 0772 xmlprov - ok
23:55:54.0437 0772 ================ Scan global ===============================
23:55:54.0468 0772 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:55:54.0515 0772 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:55:54.0562 0772 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:55:54.0578 0772 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:55:54.0578 0772 [Global] - ok
23:55:54.0593 0772 ================ Scan MBR ==================================
23:55:54.0609 0772 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:55:54.0781 0772 \Device\Harddisk0\DR0 - ok
23:55:54.0796 0772 ================ Scan VBR ==================================
23:55:54.0796 0772 [ 6D4CB573E7FD71161852F72A6DE684B5 ] \Device\Harddisk0\DR0\Partition1
23:55:54.0812 0772 \Device\Harddisk0\DR0\Partition1 - ok
23:55:54.0812 0772 ============================================================
23:55:54.0812 0772 Scan finished
23:55:54.0812 0772 ============================================================
23:55:54.0812 0844 Detected object count: 0
23:55:54.0812 0844 Actual detected object count: 0
23:57:31.0328 2788 ============================================================
23:57:31.0328 2788 Scan started
23:57:31.0328 2788 Mode: Manual; SigCheck; TDLFS;
23:57:31.0328 2788 ============================================================
23:57:31.0421 2788 ================ Scan system memory ========================
23:57:31.0421 2788 System memory - ok
23:57:31.0421 2788 ================ Scan services =============================
23:57:31.0515 2788 Abiosdsk - ok
23:57:31.0531 2788 abp480n5 - ok
23:57:31.0578 2788 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:57:33.0031 2788 ACPI - ok
23:57:33.0062 2788 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:57:33.0234 2788 ACPIEC - ok
23:57:33.0234 2788 adfs - ok
23:57:33.0281 2788 [ 0F0A69496989912351284BB1BAA2CE57 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
23:57:33.0359 2788 ADIHdAudAddService - ok
23:57:33.0437 2788 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:57:33.0468 2788 AdobeFlashPlayerUpdateSvc - ok
23:57:33.0468 2788 adpu160m - ok
23:57:33.0609 2788 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
23:57:33.0671 2788 AdvancedSystemCareService5 - ok
23:57:33.0734 2788 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:57:33.0906 2788 aec - ok
23:57:33.0937 2788 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:57:34.0031 2788 AFD - ok
23:57:34.0046 2788 Aha154x - ok
23:57:34.0046 2788 aic78u2 - ok
23:57:34.0046 2788 aic78xx - ok
23:57:34.0078 2788 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:57:34.0234 2788 Alerter - ok
23:57:34.0265 2788 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
23:57:34.0359 2788 ALG - ok
23:57:34.0375 2788 AliIde - ok
23:57:34.0375 2788 amsint - ok
23:57:34.0406 2788 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:57:34.0484 2788 AppMgmt - ok
23:57:34.0484 2788 asc - ok
23:57:34.0484 2788 asc3350p - ok
23:57:34.0500 2788 asc3550 - ok
23:57:34.0593 2788 [ D8F57A9AE012E04AEA4488408A6E3682 ] ASFAgent C:\Program Files\Intel\ASF Agent\ASFAgent.exe
23:57:34.0640 2788 ASFAgent ( UnsignedFile.Multi.Generic ) - warning
23:57:34.0640 2788 ASFAgent - detected UnsignedFile.Multi.Generic (1)
23:57:34.0656 2788 [ C139FA963DBB9BD6560F404F509D1196 ] AsfAlrt C:\WINDOWS\system32\Drivers\AsfAlrt.sys
23:57:34.0687 2788 AsfAlrt - ok
23:57:34.0765 2788 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
23:57:34.0796 2788 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
23:57:34.0796 2788 Aspi32 - detected UnsignedFile.Multi.Generic (1)
23:57:34.0906 2788 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:57:34.0937 2788 aspnet_state - ok
23:57:34.0937 2788 [ 0C83FC56707BF68DB04947052A8188B1 ] astcc C:\WINDOWS\SYSTEM32\astsrv.exe
23:57:34.0984 2788 astcc ( UnsignedFile.Multi.Generic ) - warning
23:57:34.0984 2788 astcc - detected UnsignedFile.Multi.Generic (1)
23:57:35.0000 2788 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:57:35.0140 2788 AsyncMac - ok
23:57:35.0156 2788 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:57:35.0296 2788 atapi - ok
23:57:35.0359 2788 [ EECC1D40AA10F85126708796ABA1E7D5 ] atchksrv C:\Program Files\Intel\AMT\atchksrv.exe
23:57:35.0390 2788 atchksrv - ok
23:57:35.0390 2788 Atdisk - ok
23:57:35.0406 2788 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:57:35.0562 2788 Atmarpc - ok
23:57:35.0593 2788 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:57:35.0718 2788 AudioSrv - ok
23:57:35.0765 2788 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:57:35.0921 2788 audstub - ok
23:57:36.0000 2788 [ 2718DC27571BD1E37813F5759D2DC118 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
23:57:36.0031 2788 AVP - ok
23:57:36.0078 2788 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:57:36.0203 2788 Beep - ok
23:57:36.0250 2788 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:57:36.0406 2788 BITS - ok
23:57:36.0437 2788 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
23:57:36.0484 2788 Browser - ok
23:57:36.0515 2788 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:57:36.0656 2788 cbidf2k - ok
23:57:36.0656 2788 cd20xrnt - ok
23:57:36.0703 2788 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:57:36.0843 2788 Cdaudio - ok
23:57:36.0890 2788 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:57:37.0031 2788 Cdfs - ok
23:57:37.0062 2788 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:57:37.0218 2788 Cdrom - ok
23:57:37.0250 2788 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
23:57:37.0250 2788 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
23:57:37.0250 2788 cercsr6 - detected UnsignedFile.Multi.Generic (1)
23:57:37.0250 2788 Changer - ok
23:57:37.0281 2788 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:57:37.0421 2788 CiSvc - ok
23:57:37.0437 2788 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:57:37.0609 2788 ClipSrv - ok
23:57:37.0625 2788 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:57:37.0640 2788 clr_optimization_v2.0.50727_32 - ok
23:57:37.0734 2788 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:57:37.0750 2788 clr_optimization_v4.0.30319_32 - ok
23:57:37.0765 2788 CmdIde - ok
23:57:37.0765 2788 COMSysApp - ok
23:57:37.0781 2788 Cpqarray - ok
23:57:37.0796 2788 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:57:37.0984 2788 CryptSvc - ok
23:57:37.0984 2788 dac2w2k - ok
23:57:37.0984 2788 dac960nt - ok
23:57:38.0046 2788 [ 0DECA86DA5DE29DE4BBD37991019138C ] DataPipeService c:\program files\datapipe\datapipe.exe
23:57:38.0078 2788 DataPipeService ( UnsignedFile.Multi.Generic ) - warning
23:57:38.0078 2788 DataPipeService - detected UnsignedFile.Multi.Generic (1)
23:57:38.0125 2788 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:57:38.0203 2788 DcomLaunch - ok
23:57:38.0250 2788 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:57:38.0390 2788 Dhcp - ok
23:57:38.0421 2788 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:57:38.0562 2788 Disk - ok
23:57:38.0562 2788 dmadmin - ok
23:57:38.0593 2788 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:57:38.0750 2788 dmboot - ok
23:57:38.0765 2788 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:57:38.0921 2788 dmio - ok
23:57:38.0937 2788 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:57:39.0093 2788 dmload - ok
23:57:39.0140 2788 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:57:39.0281 2788 dmserver - ok
23:57:39.0312 2788 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:57:39.0453 2788 DMusic - ok
23:57:39.0484 2788 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:57:39.0656 2788 Dnscache - ok
23:57:39.0671 2788 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:57:39.0828 2788 Dot3svc - ok
23:57:39.0828 2788 dpti2o - ok
23:57:39.0859 2788 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:57:39.0984 2788 drmkaud - ok
23:57:40.0015 2788 [ 33DC2A5B6298633F4DD8E4D407CDF8B4 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
23:57:40.0046 2788 e1express - ok
23:57:40.0078 2788 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:57:40.0203 2788 EapHost - ok
23:57:40.0203 2788 efavdrv - ok
23:57:40.0250 2788 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:57:40.0406 2788 ERSvc - ok
23:57:40.0437 2788 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:57:40.0484 2788 Eventlog - ok
23:57:40.0546 2788 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
23:57:40.0593 2788 EventSystem - ok
23:57:40.0625 2788 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:57:40.0750 2788 Fastfat - ok
23:57:40.0796 2788 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:57:40.0875 2788 FastUserSwitchingCompatibility - ok
23:57:40.0890 2788 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:57:41.0046 2788 Fdc - ok
23:57:41.0078 2788 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:57:41.0234 2788 Fips - ok
23:57:41.0234 2788 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:57:41.0359 2788 Flpydisk - ok
23:57:41.0406 2788 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:57:41.0531 2788 FltMgr - ok
23:57:41.0609 2788 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:57:41.0640 2788 FontCache3.0.0.0 - ok
23:57:41.0640 2788 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:57:41.0796 2788 Fs_Rec - ok
23:57:41.0812 2788 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:57:41.0953 2788 Ftdisk - ok
23:57:42.0000 2788 [ 20F6C49E2C410FCD32D781F521579BF5 ] GIDv2 C:\WINDOWS\system32\drivers\GIDv2.sys
23:57:42.0015 2788 GIDv2 - ok
23:57:42.0078 2788 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:57:42.0218 2788 Gpc - ok
23:57:42.0296 2788 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:57:42.0328 2788 gupdate - ok
23:57:42.0328 2788 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:57:42.0359 2788 gupdatem - ok
23:57:42.0390 2788 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:57:42.0421 2788 gusvc - ok
23:57:42.0453 2788 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:57:42.0593 2788 HDAudBus - ok
23:57:42.0640 2788 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
23:57:42.0687 2788 HECI - ok
23:57:42.0765 2788 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:57:42.0921 2788 helpsvc - ok
23:57:42.0953 2788 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:57:43.0109 2788 HidServ - ok
23:57:43.0140 2788 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:57:43.0281 2788 hidusb - ok
23:57:43.0312 2788 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:57:43.0437 2788 hkmsvc - ok
23:57:43.0453 2788 hpn - ok
23:57:43.0484 2788 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:57:43.0593 2788 HPZid412 - ok
23:57:43.0687 2788 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:57:43.0843 2788 HPZipr12 - ok
23:57:43.0859 2788 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:57:43.0968 2788 HPZius12 - ok
23:57:44.0015 2788 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:57:44.0093 2788 HTTP - ok
23:57:44.0125 2788 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:57:44.0281 2788 HTTPFilter - ok
23:57:44.0281 2788 i2omgmt - ok
23:57:44.0281 2788 i2omp - ok
23:57:44.0312 2788 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
23:57:44.0484 2788 i8042prt - ok
23:57:44.0546 2788 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
23:57:44.0593 2788 IAANTMON - ok
23:57:44.0687 2788 [ BD9462E346229F37FD5B95FBCB6D3D34 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:57:44.0890 2788 ialm - ok
23:57:44.0921 2788 [ E5A0034847537EAEE3C00349D5C34C5F ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:57:44.0953 2788 iastor - ok
23:57:45.0390 2788 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:57:45.0453 2788 idsvc - ok
23:57:45.0531 2788 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:57:45.0703 2788 Imapi - ok
23:57:45.0734 2788 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:57:45.0890 2788 ImapiService - ok
23:57:45.0906 2788 ini910u - ok
23:57:45.0906 2788 IntelIde - ok
23:57:45.0953 2788 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:57:46.0078 2788 intelppm - ok
23:57:46.0093 2788 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:57:46.0250 2788 Ip6Fw - ok
23:57:46.0281 2788 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:57:46.0437 2788 IpFilterDriver - ok
23:57:46.0437 2788 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:57:46.0578 2788 IpInIp - ok
23:57:46.0609 2788 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:57:46.0765 2788 IpNat - ok
23:57:46.0781 2788 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:57:46.0937 2788 IPSec - ok
23:57:46.0968 2788 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:57:47.0062 2788 IRENUM - ok
23:57:47.0093 2788 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:57:47.0250 2788 isapnp - ok
23:57:47.0375 2788 [ 9A337AE3DB478034A7839E753BBFF1AB ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:57:47.0406 2788 JavaQuickStarterService - ok
23:57:47.0437 2788 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:57:47.0625 2788 Kbdclass - ok
23:57:47.0640 2788 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:57:47.0812 2788 kbdhid - ok
23:57:47.0859 2788 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
23:57:47.0890 2788 KL1 - ok
23:57:47.0890 2788 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
23:57:47.0921 2788 kl2 - ok
23:57:47.0953 2788 [ 5D92A03045A6A98708975B3D77B39A36 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
23:57:47.0984 2788 KLIF - ok
23:57:48.0000 2788 [ 96A7EC308A93DA26DFE481308BAAC2A2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
23:57:48.0031 2788 klim5 - ok
23:57:48.0062 2788 [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
23:57:48.0078 2788 klmouflt - ok
23:57:48.0140 2788 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:57:48.0296 2788 kmixer - ok
23:57:48.0359 2788 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:57:48.0437 2788 KSecDD - ok
23:57:48.0468 2788 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:57:48.0546 2788 lanmanserver - ok
23:57:48.0593 2788 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:57:48.0656 2788 lanmanworkstation - ok
23:57:48.0656 2788 lbrtfdc - ok
23:57:48.0703 2788 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:57:48.0843 2788 LmHosts - ok
23:57:48.0875 2788 [ C518D248041C259FCFA7175C866915C3 ] LMS C:\Program Files\Intel\AMT\LMS.exe
23:57:48.0906 2788 LMS - ok
23:57:48.0937 2788 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
23:57:48.0968 2788 MBAMProtector - ok
23:57:49.0000 2788 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:57:49.0046 2788 MBAMService - ok
23:57:49.0078 2788 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
23:57:49.0093 2788 MBAMSwissArmy - ok
23:57:49.0140 2788 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:57:49.0281 2788 Messenger - ok
23:57:49.0328 2788 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:57:49.0468 2788 mnmdd - ok
23:57:49.0515 2788 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:57:49.0640 2788 mnmsrvc - ok
23:57:49.0656 2788 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:57:49.0781 2788 Modem - ok
23:57:49.0812 2788 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:57:49.0968 2788 Mouclass - ok
23:57:49.0984 2788 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:57:50.0140 2788 mouhid - ok
23:57:50.0171 2788 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:57:50.0312 2788 MountMgr - ok
23:57:50.0312 2788 mraid35x - ok
23:57:50.0343 2788 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:57:50.0500 2788 MRxDAV - ok
23:57:50.0531 2788 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:57:50.0609 2788 MRxSmb - ok
23:57:50.0640 2788 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:57:50.0765 2788 MSDTC - ok
23:57:50.0765 2788 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:57:50.0921 2788 Msfs - ok
23:57:50.0921 2788 MSIServer - ok
23:57:50.0937 2788 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:57:51.0062 2788 MSKSSRV - ok
23:57:51.0078 2788 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:57:51.0203 2788 MSPCLOCK - ok
23:57:51.0234 2788 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:57:51.0359 2788 MSPQM - ok
23:57:51.0390 2788 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:57:51.0531 2788 mssmbios - ok
23:57:51.0593 2788 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:57:51.0656 2788 Mup - ok
23:57:51.0703 2788 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:57:51.0843 2788 napagent - ok
23:57:51.0875 2788 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:57:52.0015 2788 NDIS - ok
23:57:52.0062 2788 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:57:52.0140 2788 NdisTapi - ok
23:57:52.0187 2788 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:57:52.0328 2788 Ndisuio - ok
23:57:52.0328 2788 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:57:52.0484 2788 NdisWan - ok
23:57:52.0531 2788 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:57:52.0593 2788 NDProxy - ok
23:57:52.0609 2788 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:57:52.0750 2788 NetBIOS - ok
23:57:52.0796 2788 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:57:52.0937 2788 NetBT - ok
23:57:52.0984 2788 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
23:57:53.0109 2788 NetDDE - ok
23:57:53.0109 2788 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:57:53.0234 2788 NetDDEdsdm - ok
23:57:53.0296 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:57:53.0437 2788 Netlogon - ok
23:57:53.0453 2788 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
23:57:53.0578 2788 Netman - ok
23:57:53.0625 2788 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:57:53.0640 2788 NetTcpPortSharing - ok
23:57:53.0687 2788 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:57:53.0750 2788 Nla - ok
23:57:53.0781 2788 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:57:53.0921 2788 Npfs - ok
23:57:53.0968 2788 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:57:54.0109 2788 Ntfs - ok
23:57:54.0125 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:57:54.0250 2788 NtLmSsp - ok
23:57:54.0296 2788 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:57:54.0468 2788 NtmsSvc - ok
23:57:54.0500 2788 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:57:54.0640 2788 Null - ok
23:57:54.0671 2788 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:57:54.0812 2788 NwlnkFlt - ok
23:57:54.0828 2788 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:57:54.0953 2788 NwlnkFwd - ok
23:57:55.0062 2788 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:57:55.0078 2788 ose - ok
23:57:55.0109 2788 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:57:55.0250 2788 Parport - ok
23:57:55.0281 2788 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:57:55.0437 2788 PartMgr - ok
23:57:55.0468 2788 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:57:55.0609 2788 ParVdm - ok
23:57:55.0609 2788 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:57:55.0734 2788 PCI - ok
23:57:55.0734 2788 PCIDump - ok
23:57:55.0750 2788 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:57:55.0859 2788 PCIIde - ok
23:57:55.0890 2788 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:57:56.0031 2788 Pcmcia - ok
23:57:56.0046 2788 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
23:57:56.0062 2788 pcouffin ( UnsignedFile.Multi.Generic ) - warning
23:57:56.0062 2788 pcouffin - detected UnsignedFile.Multi.Generic (1)
23:57:56.0062 2788 PDCOMP - ok
23:57:56.0078 2788 PDFRAME - ok
23:57:56.0078 2788 PDRELI - ok
23:57:56.0078 2788 PDRFRAME - ok
23:57:56.0093 2788 perc2 - ok
23:57:56.0093 2788 perc2hib - ok
23:57:56.0140 2788 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:57:56.0171 2788 PlugPlay - ok
23:57:56.0218 2788 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
23:57:56.0296 2788 Pml Driver HPZ12 - ok
23:57:56.0296 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:57:56.0421 2788 PolicyAgent - ok
23:57:56.0453 2788 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:57:56.0593 2788 PptpMiniport - ok
23:57:56.0609 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:57:56.0734 2788 ProtectedStorage - ok
23:57:56.0750 2788 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:57:56.0890 2788 PSched - ok
23:57:56.0906 2788 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:57:57.0046 2788 Ptilink - ok
23:57:57.0062 2788 ql1080 - ok
23:57:57.0062 2788 Ql10wnt - ok
23:57:57.0062 2788 ql12160 - ok
23:57:57.0078 2788 ql1240 - ok
23:57:57.0078 2788 ql1280 - ok
23:57:57.0078 2788 RapportIaso - ok
23:57:57.0109 2788 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:57:57.0265 2788 RasAcd - ok
23:57:57.0296 2788 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:57:57.0406 2788 RasAuto - ok
23:57:57.0437 2788 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:57:57.0578 2788 Rasl2tp - ok
23:57:57.0656 2788 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:57:57.0781 2788 RasMan - ok
23:57:57.0796 2788 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:57:57.0937 2788 RasPppoe - ok
23:57:57.0968 2788 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:57:58.0109 2788 Raspti - ok
23:57:58.0140 2788 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:57:58.0281 2788 Rdbss - ok
23:57:58.0312 2788 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:57:58.0437 2788 RDPCDD - ok
23:57:58.0468 2788 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:57:58.0609 2788 rdpdr - ok
23:57:58.0640 2788 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:57:58.0703 2788 RDPWD - ok
23:57:58.0734 2788 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:57:58.0875 2788 RDSessMgr - ok
23:57:58.0906 2788 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:57:59.0046 2788 redbook - ok
23:57:59.0062 2788 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:57:59.0203 2788 RemoteAccess - ok
23:57:59.0250 2788 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:57:59.0390 2788 RemoteRegistry - ok
23:57:59.0406 2788 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
23:57:59.0546 2788 RpcLocator - ok
23:57:59.0578 2788 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:57:59.0640 2788 RpcSs - ok
23:57:59.0687 2788 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:57:59.0828 2788 RSVP - ok
23:57:59.0843 2788 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:57:59.0968 2788 SamSs - ok
23:58:00.0015 2788 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:58:00.0156 2788 SCardSvr - ok
23:58:00.0203 2788 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:58:00.0359 2788 Schedule - ok
23:58:00.0390 2788 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:58:00.0468 2788 Secdrv - ok
23:58:00.0484 2788 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:58:00.0640 2788 seclogon - ok
23:58:00.0671 2788 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
23:58:00.0750 2788 SenFiltService - ok
23:58:00.0765 2788 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
23:58:00.0906 2788 SENS - ok
23:58:00.0937 2788 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:58:01.0062 2788 serenum - ok
23:58:01.0078 2788 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:58:01.0203 2788 Serial - ok
23:58:01.0234 2788 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:58:01.0375 2788 Sfloppy - ok
23:58:01.0421 2788 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:58:01.0562 2788 SharedAccess - ok
23:58:01.0593 2788 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:58:01.0625 2788 ShellHWDetection - ok
23:58:01.0625 2788 Simbad - ok
23:58:01.0640 2788 Sparrow - ok
23:58:01.0671 2788 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:58:01.0812 2788 splitter - ok
23:58:01.0843 2788 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:58:01.0921 2788 Spooler - ok
23:58:01.0937 2788 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:58:02.0031 2788 sr - ok
23:58:02.0078 2788 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:58:02.0140 2788 srservice - ok
23:58:02.0171 2788 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:58:02.0265 2788 Srv - ok
23:58:02.0312 2788 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:58:02.0375 2788 SSDPSRV - ok
23:58:02.0406 2788 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:58:02.0546 2788 stisvc - ok
23:58:02.0578 2788 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:58:02.0687 2788 swenum - ok
23:58:02.0734 2788 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:58:02.0890 2788 swmidi - ok
23:58:02.0890 2788 SwPrv - ok
23:58:02.0906 2788 symc810 - ok
23:58:02.0906 2788 symc8xx - ok
23:58:02.0906 2788 sym_hi - ok
23:58:02.0921 2788 sym_u3 - ok
23:58:02.0953 2788 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:58:03.0078 2788 sysaudio - ok
23:58:03.0109 2788 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:58:03.0281 2788 SysmonLog - ok
23:58:03.0296 2788 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:58:03.0421 2788 TapiSrv - ok
23:58:03.0468 2788 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:58:03.0500 2788 Tcpip - ok
23:58:03.0546 2788 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:58:03.0656 2788 TDPIPE - ok
23:58:03.0671 2788 [ 7900778E50ABF594B7B2C79A59E0BE34 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:58:03.0703 2788 TDTCP ( UnsignedFile.Multi.Generic ) - warning
23:58:03.0703 2788 TDTCP - detected UnsignedFile.Multi.Generic (1)
23:58:03.0750 2788 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:58:03.0890 2788 TermDD - ok
23:58:03.0937 2788 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
23:58:04.0078 2788 TermService - ok
23:58:04.0109 2788 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
23:58:04.0125 2788 Themes - ok
23:58:04.0156 2788 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:58:04.0234 2788 TlntSvr - ok
23:58:04.0234 2788 TosIde - ok
23:58:04.0281 2788 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:58:04.0437 2788 TrkWks - ok
23:58:04.0453 2788 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:58:04.0562 2788 Udfs - ok
23:58:04.0578 2788 ultra - ok
23:58:04.0671 2788 [ 0558985BD646203DF5F36BF0FBD241A3 ] UNS C:\Program Files\Intel\AMT\UNS.exe
23:58:04.0765 2788 UNS - ok
23:58:04.0828 2788 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:58:04.0968 2788 Update - ok
23:58:05.0000 2788 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:58:05.0078 2788 upnphost - ok
23:58:05.0109 2788 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
23:58:05.0234 2788 UPS - ok
23:58:05.0265 2788 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:58:05.0421 2788 usbccgp - ok
23:58:05.0453 2788 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:58:05.0593 2788 usbehci - ok
23:58:05.0625 2788 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:58:05.0750 2788 usbhub - ok
23:58:05.0781 2788 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:58:05.0906 2788 usbprint - ok
23:58:05.0921 2788 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:58:06.0062 2788 usbscan - ok
23:58:06.0093 2788 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:58:06.0218 2788 USBSTOR - ok
23:58:06.0250 2788 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:58:06.0390 2788 usbuhci - ok
23:58:06.0421 2788 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:58:06.0562 2788 usb_rndisx - ok
23:58:06.0578 2788 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:58:06.0703 2788 VgaSave - ok
23:58:06.0703 2788 ViaIde - ok
23:58:06.0750 2788 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:58:06.0875 2788 VolSnap - ok
23:58:06.0906 2788 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
23:58:06.0984 2788 VSS - ok
23:58:07.0031 2788 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
23:58:07.0156 2788 W32Time - ok
23:58:07.0187 2788 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:58:07.0328 2788 Wanarp - ok
23:58:07.0343 2788 WDICA - ok
23:58:07.0359 2788 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:58:07.0500 2788 wdmaud - ok
23:58:07.0546 2788 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:58:07.0687 2788 WebClient - ok
23:58:07.0781 2788 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:58:07.0906 2788 winmgmt - ok
23:58:07.0968 2788 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
23:58:08.0046 2788 WinRM - ok
23:58:08.0078 2788 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:58:08.0140 2788 WmdmPmSN - ok
23:58:08.0265 2788 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:58:08.0328 2788 Wmi - ok
23:58:08.0390 2788 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:58:08.0578 2788 WmiApSrv - ok
23:58:08.0671 2788 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:58:08.0718 2788 WMPNetworkSvc - ok
23:58:08.0796 2788 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:58:08.0843 2788 WPFFontCache_v0400 - ok
23:58:08.0890 2788 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:58:09.0031 2788 WS2IFSL - ok
23:58:09.0078 2788 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:58:09.0203 2788 wscsvc - ok
23:58:09.0234 2788 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:58:09.0375 2788 wuauserv - ok
23:58:09.0406 2788 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:58:09.0437 2788 WudfPf - ok
23:58:09.0468 2788 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:58:09.0484 2788 WudfRd - ok
23:58:09.0515 2788 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:58:09.0531 2788 WudfSvc - ok
23:58:09.0578 2788 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:58:09.0734 2788 WZCSVC - ok
23:58:09.0750 2788 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:58:09.0890 2788 xmlprov - ok
23:58:09.0890 2788 ================ Scan global ===============================
23:58:09.0921 2788 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:58:09.0968 2788 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:58:09.0984 2788 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:58:10.0000 2788 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:58:10.0000 2788 [Global] - ok
23:58:10.0000 2788 ================ Scan MBR ==================================
23:58:10.0031 2788 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:58:10.0281 2788 \Device\Harddisk0\DR0 - ok
23:58:10.0281 2788 ================ Scan VBR ==================================
23:58:10.0281 2788 [ 6D4CB573E7FD71161852F72A6DE684B5 ] \Device\Harddisk0\DR0\Partition1
23:58:10.0281 2788 \Device\Harddisk0\DR0\Partition1 - ok
23:58:10.0281 2788 ============================================================
23:58:10.0281 2788 Scan finished
23:58:10.0281 2788 ============================================================
23:58:10.0390 2892 Detected object count: 7
23:58:10.0390 2892 Actual detected object count: 7
00:00:08.0781 2892 ASFAgent ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:08.0781 2892 ASFAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:08.0781 2892 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:08.0781 2892 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:08.0781 2892 astcc ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:08.0781 2892 astcc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:08.0781 2892 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:08.0781 2892 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:08.0781 2892 DataPipeService ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:08.0781 2892 DataPipeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:08.0812 2892 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:08.0812 2892 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:08.0812 2892 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:08.0812 2892 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:23.0171 0484 Deinitialize success



aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 05:23:19
-----------------------------
05:23:19.781 OS Version: Windows 5.1.2600 Service Pack 3
05:23:19.781 Number of processors: 2 586 0xF0D
05:23:19.781 ComputerName: OAK01-03 UserName: csr
05:23:20.468 Initialize success
05:24:36.140 AVAST engine download error: 0
05:25:06.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:25:06.687 Disk 0 Vendor: Size: 0MB BusType: 0
05:25:06.703 Disk 0 MBR read successfully
05:25:06.703 Disk 0 MBR scan
05:25:06.703 Disk 0 Windows XP default MBR code
05:25:06.703 Disk 0 MBR hidden
05:25:06.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
05:25:06.750 Disk 0 scanning C:\WINDOWS\system32\drivers
05:25:13.468 Service scanning
05:25:19.421 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
05:25:19.531 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
05:25:19.609 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
05:25:19.609 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
05:25:25.375 Modules scanning
05:25:29.734 Disk 0 trace - called modules:
05:25:29.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
05:25:29.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86918ab8]
05:25:29.750 3 CLASSPNP.SYS[f7617fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86903030]
05:25:29.765 Scan finished successfully
05:26:25.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\csr\Desktop\MBR.dat"
05:26:25.515 The log file has been saved successfully to "C:\Documents and Settings\csr\Desktop\4BC-aswMBR.txt"


MBR.dat
3Àм |ûPPü¾|¿PW¹åó¤Ë½¾±8n | uÅâôÍõÆIt8,tö µ´ð¬< tü» ´ÍëòNèF s*þF~ t ~ t ¶uÒFFV
è! s ¶ë¼>þ}Uªt ~ tÈ ·ë©üWõË¿ V ´Ír#Á$?˜ÞüC÷ãÑÖ±ÒîB÷â9V
w#r9Fs¸» |NV ÍsQOtN2äV ÍëäV `»ªU´AÍr6ûUªu0öÁt+a`j j ÿv
ÿvj h |jj´BôÍaasOt 2äV ÍëÖaùÃInvalid partition table Error loading operating system Missing operating system ,DcÎïÎï  þÿÿ? ~éO

Edited by chicktabu, 30 August 2012 - 09:05 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 30 August 2012 - 09:05 AM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

#5 chicktabu

chicktabu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 30 August 2012 - 09:57 AM

Narenxp,
FIXTDSS said "something" backdoor was not found on my computer. I dont see a log from it ..

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 30 August 2012 - 10:00 AM

Please run ESET online scanner from safemode with networking and post the results

#7 chicktabu

chicktabu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 30 August 2012 - 10:38 AM

Ok I will do that right now Narenxp! But I must tell you, last wk when it got real chaotic due to the fraud dept at my bank putting holds on my cards, etc (I shopped online not yet realizing my pc & browser was infected), I attempted to use Combofix from a link on download site. An error window came up " C:/32788R ~ 1not in expected location Inform sUBs now!!"

It also comes up when I try to uninstall Combofix w/ BleepingComputer's instructions so Idk if its removed?? Ok brb!

#8 chicktabu

chicktabu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 30 August 2012 - 11:26 AM

It ran the scan from it's website in safemode and didnt give an option for logs :blink: but it came back clean. I dont know about that though *sigh*

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 30 August 2012 - 12:49 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#10 chicktabu

chicktabu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 30 August 2012 - 08:25 PM

Ok..here ya go!



Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
csr :: OAK01-03 [limited]

Protection: Disabled

8/30/2012 4:51:59 PM
mbam-log-2012-08-30 (16-51-59).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232906
Time elapsed: 49 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox by Farbar Version: 23-07-2012
Ran by csr (administrator) on 30-08-2012 at 17:49:36
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationCould not flush the DNS Resolver Cache: Function failed during execution.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82566DM-2 Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : OAK01-03 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : hsd1.ca.comcast.net.Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : hsd1.ca.comcast.net. Description . . . . . . . . . . . : Intel® 82566DM-2 Gigabit Network Connection Physical Address. . . . . . . . . : 00-21-70-2A-4E-FC Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 71.198.76.207 Subnet Mask . . . . . . . . . . . : 255.255.248.0 Default Gateway . . . . . . . . . : 71.198.72.1 DHCP Server . . . . . . . . . . . : 69.252.97.69 DNS Servers . . . . . . . . . . . : 75.75.75.75 75.75.76.76 Lease Obtained. . . . . . . . . . : Thursday, August 30, 2012 12:48:50 PM Lease Expires . . . . . . . . . . : Sunday, September 02, 2012 6:15:26 PMServer: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.224.38, 74.125.224.32, 74.125.224.33, 74.125.224.37
74.125.224.46, 74.125.224.40, 74.125.224.41, 74.125.224.39, 74.125.224.36
74.125.224.34, 74.125.224.35

Pinging google.com [74.125.224.66] with 32 bytes of data:Reply from 74.125.224.66: bytes=32 time=13ms TTL=56Reply from 74.125.224.66: bytes=32 time=15ms TTL=56Ping statistics for 74.125.224.66: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 13ms, Maximum = 15ms, Average = 14msServer: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Destination host unreachable.Destination host unreachable.Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 70 2a 4e fc ...... Intel® 82566DM-2 Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 71.198.72.1 71.198.76.207 20
71.198.72.0 255.255.248.0 71.198.76.207 71.198.76.207 20
71.198.76.207 255.255.255.255 127.0.0.1 127.0.0.1 20
71.255.255.255 255.255.255.255 71.198.76.207 71.198.76.207 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 71.198.76.207 71.198.76.207 20
255.255.255.255 255.255.255.255 71.198.76.207 71.198.76.207 1
Default Gateway: 71.198.72.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/30/2012 00:49:05 PM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (08/30/2012 09:28:51 AM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (08/30/2012 07:28:06 AM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (08/30/2012 04:58:36 AM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (08/29/2012 11:17:30 PM) (Source: Intel® AMT) (User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (08/29/2012 11:17:21 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (svchost.exe!ld!)

Error: (08/29/2012 10:58:27 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01b6eba8.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/29/2012 10:55:53 PM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (08/29/2012 10:55:42 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01baeba8.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/29/2012 10:55:28 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01baeba8.
Processing media-specific event for [explorer.exe!ws!]


System errors:
=============
Error: (08/30/2012 00:49:05 PM) (Source: Service Control Manager) (User: )
Description: The ASF Agent service failed to start due to the following error:
%%5

Error: (08/30/2012 00:49:05 PM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (08/30/2012 09:28:53 AM) (Source: Service Control Manager) (User: )
Description: The ASF Agent service failed to start due to the following error:
%%5

Error: (08/30/2012 09:28:53 AM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (08/30/2012 09:27:35 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/30/2012 08:42:57 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
KLIF

Error: (08/30/2012 08:41:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/30/2012 07:28:16 AM) (Source: Service Control Manager) (User: )
Description: The ASF Agent service failed to start due to the following error:
%%5

Error: (08/30/2012 07:28:16 AM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (08/30/2012 04:59:08 AM) (Source: Service Control Manager) (User: )
Description: The ASF Agent service failed to start due to the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (08/30/2012 00:49:05 PM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (08/30/2012 09:28:51 AM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (08/30/2012 07:28:06 AM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (08/30/2012 04:58:36 AM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (08/29/2012 11:17:30 PM) (Source: Intel® AMT)(User: )
Description: [UNS] Failed to subscribe to local Intel® AMT.

Error: (08/29/2012 11:17:21 PM) (Source: Application Error)(User: )
Description: svchost.exe0.0.0.0unknown0.0.0.000000000

Error: (08/29/2012 10:58:27 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.001b6eba8

Error: (08/29/2012 10:55:53 PM) (Source: Application Error)(User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (08/29/2012 10:55:42 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.001baeba8

Error: (08/29/2012 10:55:28 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.001baeba8


=========================== Installed Programs ============================

Torrent (Version: 3.1.3)
6300 (Version: 71.0.215.000)
6300_Help (Version: 71.0.215.000)
6300Trb (Version: 71.0.215.000)
7-Zip 4.64
Adobe AIR (Version: 1.5.1.8210)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Advanced SystemCare 5 (Version: 5.4.0)
AiO_Scan_CDA (Version: 71.0.215.000)
AiOSoftwareNPI (Version: 71.0.215.000)
BufferChm (Version: 70.0.170.000)
CCleaner (Version: 3.21)
CP_CalendarTemplates1 (Version: 70.0.170.000)
cp_OnlineProjectsConfig (Version: 70.0.170.000)
CP_Package_Basic1 (Version: 70.0.170.000)
CP_Panorama1Config (Version: 70.0.170.000)
cp_PosterPrintConfig (Version: 70.0.170.000)
CueTour (Version: 70.0.170.000)
CustomerResearchQFolder (Version: 1.00.0000)
DataPipe (Version: 1.0.0)
Dell Resource CD (Version: 1.10.0000)
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DIGOpt (Version: 9.0.0917.2)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DocumentViewer (Version: 70.0.170.000)
DocumentViewerQFolder (Version: 1.00.0000)
eSupportQFolder (Version: 1.00.0000)
FastStone Image Viewer 4.6 (Version: 4.6)
Fax_CDA (Version: 71.0.215.000)
Foxit Reader 5.1 (Version: 5.1.0.1021)
FullDPAppQFolder (Version: 1.00.0000)
Glary Utilities Pro 2.48.0.1568 (Version: 2.48.0.1568)
Google Chrome (Version: 21.0.1180.83)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.115)
GuardedID (Version: 0.03.1038)
HiJackThis (Version: 1.0.0)
HitmanPro 3.6 (Version: 3.6.1.164)
HP Product Assistant (Version: 100.000.001.000)
HP Update (Version: 4.000.012.001)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
InstantShareDevices (Version: 70.0.170.000)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intel® Network Connections 13.3.46.0 (Version: 13.3.46.0)
Intel® PRO Alerting Agent (Version: 12.0.2)
Intel Active Management Technology
Intel Management Engine Interface
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
JDiskReport 1.4.0 (Version: 1.4.0 (2012-01-20 11:38:43))
K-Lite Codec Pack 7.1.0 (Full) (Version: 7.1.0)
Kaspersky Internet Security 2012 (Version: 12.0.0.374)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 70.0.170.000)
Media Player Classic - Home Cinema v1.5.0.2827 (Version: 1.5.0.2827)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft ActiveSync (Version: 4.5.5096.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Converter Pack (Version: 11.0.0.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office PowerPoint 2003 Template Pack 3 (Version: 11.0.5614.0)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Sounds (Version: 1.0.0.0)
Microsoft OpenType Font File Properties Extension (Version: 2.30.0000)
Microsoft Outlook Personal Folders Backup (Version: 1.10.0.0)
Microsoft Silverlight (Version: 5.1.10516.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
NewCopy_CDA (Version: 71.0.215.000)
OCR Software by I.R.I.S 7.0 (Version: 7.0)
Octoshape add-in for Adobe Flash Player
Opera 12.01 (Version: 12.01.1532)
PanoStandAlone (Version: 70.0.170.000)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PhotoGallery (Version: 70.0.170.000)
ProductContextNPI (Version: 71.0.215.000)
RandMap (Version: 70.0.170.000)
Readme (Version: 71.0.215.000)
Remove Hidden Data Tool (Version: 11.0.6361.0)
Revo Uninstaller 1.94 (Version: 1.94)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
SkinsHP1 (Version: 70.0.170.000)
SlideShow (Version: 70.0.170.000)
Software Informer 1.1
SolutionCenter (Version: 70.0.170.000)
Sonic_PrimoSDK (Version: 70.0.170.000)
SoundMAX (Version: 5.10.01.5491)
Status (Version: 70.0.170.000)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Unload (Version: 7.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
User State Migration Tools version 3.0.1 (Version: 3.0.1)
VLC media player 2.0.3 (Version: 2.0.3)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
WOT for Internet Explorer (Version: 12.8.2.0)

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 980.54 MB
Available physical RAM: 387.46 MB
Total Pagefile: 2348.8 MB
Available Pagefile: 1618.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.78 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.5 GB) (Free:45.96 GB) NTFS

========================= Users: ========================================

User accounts for \\OAK01-03

Administrator csr Guest


**** End of log ****



Farbar Service Scanner Version: 06-08-2012
Ran by csr (administrator) on 30-08-2012 at 17:59:08
Running from "C:\Documents and Settings\csr\Local Settings\Temporary Internet Files\Content.IE5\VP7WCKPG"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) kl2(12) NetBT(6) PSched(7) Tcpip(4)
0x0C0000000C0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B000000


**** End of log ****


AdwCleaner

# AdwCleaner v2.000 - Logfile created 08/30/2012 at 18:02:40
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : csr - OAK01-03
# Boot Mode : Normal
# Running from : C:\Documents and Settings\csr\Local Settings\Temporary Internet Files\Content.IE5\7RPY2O9W\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://isearch.glarysoft.com/?src=iesearch --> hxxp://www.google.com

-\\ Google Chrome v21.0.1180.83

File : C:\Documents and Settings\csr\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Documents and Settings\csr\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1672 octets] - [30/08/2012 18:02:40]

########## EOF - C:\AdwCleaner[S1].txt - [1732 octets] ##########

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 30 August 2012 - 08:52 PM

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Any current issues?

#12 chicktabu

chicktabu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 30 August 2012 - 10:44 PM

Sry for taking so long but I wanted to run a few scans & be sure before losing you :P Thank you sooo much! My pc seems to be BACK! Thx to you! And working faster then ever :) The 'image error' is now only coming up w/ Glary Utilities but Im uninstalling that. The KLIF thingie that kept coming up in logs, bugging me, is finally gone so I guess that was the culprit also? How are the logs looking from your perspective, Narenxp??


Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/30/2012 07:53:01 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\SYSTEM32\astsrv.exe (PID: 1136) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* DNS Client (Dnscache) is not Running.
Startup Type set to: Disabled

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\bthport.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys : 272,128 : 06/13/2008 00:52 AM : 956e7e86bb00e792c8ff3afb2f8e460d [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys : 272,128 : 06/13/2008 00:05 AM : 4c2427b64e19d4431cc0fc6d1a661215 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys : 272,128 : 06/13/2008 00:27 AM : 51d05d5a8a7d93ab0b1a8d6a38db3ca4 [Pos Repl]
+-> C:\WINDOWS\Driver Cache\i386\bthport.sys : 272,128 : 06/13/2008 00:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\bthport.sys : 273,024 : 04/13/2008 00:46 AM : 10b85171b90c449f8da71c2640b797e9 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\bthport.sys : 272,128 : 06/13/2008 00:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]

* C:\WINDOWS\System32\drivers\tdtcp.sys [NoSig]
+-> C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys : 21,896 : 04/13/2008 05:13 PM : 0eb0a02316859a310c1f670ea5b41c87 [Pos Repl]

* C:\WINDOWS\System32\ole32.dll [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB2624667\SP3QFE\ole32.dll : 1,289,216 : 11/01/2011 00:05 AM : 7d9dde1ab4b00ddb173f5a16e9206517 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll : 1,286,144 : 02/04/2011 00:52 AM : 7440d29f257b7e44329343f944f2142c [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll : 1,285,632 : 07/25/2005 09:20 PM : a2f755e237fa2cdd748a80bfbe6657f3 [Pos Repl]
+-> C:\WINDOWS\$hf_mig$\KB979687\SP3QFE\ole32.dll : 1,289,216 : 07/16/2010 09:04 AM : 8d51fb47062f2a1a9efeccef338a4c46 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\ole32.dll : 1,287,168 : 04/13/2008 05:12 PM : ecce74bc6168375016450a86a164d976 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\ole32.dll : 1,288,704 : 11/01/2011 05:07 AM : 6bad1bed9872e62049e487fb91ae2f3a [Pos Repl]

Program finished at: 08/30/2012 07:53:55 PM
Execution time: 0 hours(s), 0 minute(s), and 54 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 30 August 2012 - 11:08 PM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 chicktabu

chicktabu
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 31 August 2012 - 12:08 AM

Ok I will my friend!! I was just reading some of the interesting stuff here in the Start Up List! I didnt realize klif.sys comes from Kaspersky Internet Security Suite ..oopsie! lol So much information on this site..amazing.

Again TYVM..your help & patience was heaven-sent! :thumbsup:

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 31 August 2012 - 12:11 AM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users