Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I still infected with the newest Java "virus" exploit?


  • Please log in to reply
3 replies to this topic

#1 A-placid

A-placid

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 31 August 2012 - 11:02 AM

Hello!

So I thought that I haven't scanned my PC for quite a while, I thought that I should do it now. So yeah.. started the ESET Smart Security scanning, and then went outside. Came back after like 6 hours, and it showed that it had been scanning for nearly 5 hours. I guess it took that much, because I've got 1.2 TB of data to scan. So what did ESET find? Well, something called Java/Agent.DS trojan:
C:\Documents and Settings\Hello\Application Data\Sun\Java\Deployment\cache\6.0\15\3c6410cf-4695b762 » ZIP » support/IO.class - Java/Agent.DS trojan - was a part of the deleted object
C:\Documents and Settings\Hello\Application Data\Sun\Java\Deployment\cache\6.0\15\3c6410cf-4695b762 » ZIP » support/Pipe.class - Java/Agent.DS trojan - was a part of the deleted object
C:\Documents and Settings\Hello\Application Data\Sun\Java\Deployment\cache\6.0\15\3c6410cf-4695b762 » ZIP » support/Socket.class - Java/Agent.DS trojan - was a part of the deleted object

So I thought, what the hell, great. ESET found some trojans in Java, fine let it clean it up, and everything's gonna be alright. But then I read the news:
http://research.zscaler.com/2012/08/are-you-vulnerable-to-latest-java-0-day.html
http://reviews.cnet.com/8301-13727_7-57503787-263/oracle-patches-java-7-vulnerability/

So I immediately disabled Java in Firefox, just in case. Then I installed the latest update for Java. This is said to be fix the exploit. But after the update, the website still says that I'm vulnerable to the exploit:
http://zulu.zscaler.com/research/java_version.html
Java version(s) installed: 1.6.0_24, 1.7.0_07
Are you vulnerable to the latest 0-day exploit: Yes

I have no idea why I have to Javas installed. So I guess I should still disable Java just in case. I thought I might ask if there is a way to make sure if this new exploit did something or not? CNET's website says the following:
"this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet."

I (and no-one else in my family) remembers visiting any "rogue" sites. So.. I'm not sure. Computer hasn't slowed down, and I haven't seen any strange or abnormal things. Now after posting this thread I'll start scanning with MBAM, SuperAntiSpyware and Spybot S&D.
To tell you the truth, I've been a bit lazy when it comes to computer scanning. I've been told that I shouldn't be on PC while anti-virus program is scanning, and that I shouldn't have the Internet connection while scanning - are these arguments true or not, don't really know. And these have been the reasons I've been lazy to scan my computer. And I actually thought that since I'm usually visiting websites that are thought-to-be-safe, and I'm usually visiting websites that I know. And I'm not installing toolbars, and I'm not hitting none of the ads I see on the Internet. So I thought I'm safe. But today I actually read that even if you do visit the websites you are absolutely sure that they're clean, then there's still a risk of getting infected. A computer that has either Java, Flash or PDF reader installed have a risk of getting infected.
Now I'm wondering, since I haven't scanned my PC for quite a while, would it be a smart move to just format my PC and start over? Though I really don't want to do it, since it takes awful lot of time to configure the programs and etc. But then again, I really don't have much data on my OS-drive (300 GB). So it wouldn't take much time to back it up. But I've got another drive as well (1 TB). So if I actually format my OS-drive, could I still then be infected? Maybe some of the viruses have spreaded to this drive.


A lot of questions... And all of this might be a bit confusing. But the main thing is mentioned in the topic title, and that's the most I care about at the moment. And if anyone has some spare time, they could answer my other questions as well.
Now off to scan with the programs.

Cheers!
A-placid

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 31 August 2012 - 11:10 AM

Hello,I moved this from XP to Am I Infected.

Lets lokk at these..

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 A-placid

A-placid
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 31 August 2012 - 07:36 PM

Hello, thanks for replying. And sorry for posting this under the wrong category. I was in the rush..

So after I posted the thread, I rebooted and went to Safe Mode - I've heard that it's good to scan for viruses/malware there. But before I went to Safe Mode, I of course updated the definitions of the programs.

First was MBAM - choosed the Full Scan, and it took 4 hours. It found three false positives. After that I made the quick scan, just to be sure, and this one took 10 minutes. And it was all the same. You wrote that I should've renamed the setup file, but since I didn't read your reply before starting the scanners, I didn't do it. But it seems that it scanned just fine.

Then it was SuperAntiSpyware's turn. Picked the Complete Scan, and this one took 2,5 hours. This one found 145 tracking cookies (which I deleted), and two false positives. Then I made the quick scan, and this one took 25 minutes. And it didn't find nothing but the two false positives.

Next in line was Spybot S&D. I took the 1.6.2 version, since the 2.0 version is RC, and I wanted the stable version. Scanned for 20 minutes and found absolutely nothing. Then I used the in-built Immunizer, which is supposed to protect my browsers.

Then I restarted my PC and went from Safe Mode to Normal Mode, to see if someone has answered my thread.
So, here's my MiniToolBox result:

Result.txt
MiniToolBox by Farbar  Version: 23-07-2012
Ran by Hello (administrator) on 01-09-2012 at 02:41:52
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
ProxyServer: http=localhost:8118

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 

"network.proxy.http", "178.63.26.42"
"network.proxy.http_port", 443
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com

There are 15260 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection 2 (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)


# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp 
set dns name="Local Area Connection 2" source=static addr=8.8.8.8 register=PRIMARY
add dns name="Local Area Connection 2" addr=8.8.4.4 index=2
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "VirtualBox Host-Only Network"

set address name="VirtualBox Host-Only Network" source=static addr=192.168.56.1 mask=255.255.255.0
set dns name="VirtualBox Host-Only Network" source=static addr=none register=PRIMARY
set wins name="VirtualBox Host-Only Network" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : hello-3caab1

        Primary Dns Suffix  . . . . . . . : 

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : Yes

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : lan

                                            lan



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : lan

        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-1F-1F-5F-B2-5F

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.65

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : 1. september 2012. a. 2:21:20

        Lease Expires . . . . . . . . . . : 2. september 2012. a. 2:21:20



Ethernet adapter Local Area Connection 2:



        Connection-specific DNS Suffix  . : lan

        Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC

        Physical Address. . . . . . . . . : 00-1D-7D-D0-14-8F

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.67

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 8.8.8.8

                                            8.8.4.4

        Lease Obtained. . . . . . . . . . : 1. september 2012. a. 2:21:20

        Lease Expires . . . . . . . . . . : 2. september 2012. a. 2:21:20



Ethernet adapter VirtualBox Host-Only Network:



        Connection-specific DNS Suffix  . : 

        Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter

        Physical Address. . . . . . . . . : 08-00-27-00-4C-30

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : 192.168.56.1

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  173.194.65.100, 173.194.65.101, 173.194.65.138, 173.194.65.113
	  173.194.65.139, 173.194.65.102



Pinging google.com [74.125.132.101] with 32 bytes of data:



Reply from 74.125.132.101: bytes=32 time=48ms TTL=49

Reply from 74.125.132.101: bytes=32 time=48ms TTL=49



Ping statistics for 74.125.132.101:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 48ms, Maximum = 48ms, Average = 48ms

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=309ms TTL=47

Reply from 98.139.183.24: bytes=32 time=245ms TTL=47



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 245ms, Maximum = 309ms, Average = 277ms

Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    bleepingcomputer.com
Address:  208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f 1f 5f b2 5f ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 1d 7d d0 14 8f ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
0x4 ...08 00 27 00 4c 30 ...... VirtualBox Host-Only Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.65	  20
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.67	  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1	  1
      192.168.1.0    255.255.255.0     192.168.1.65    192.168.1.65	  20
      192.168.1.0    255.255.255.0     192.168.1.67    192.168.1.67	  20
     192.168.1.65  255.255.255.255        127.0.0.1       127.0.0.1	  20
     192.168.1.67  255.255.255.255        127.0.0.1       127.0.0.1	  20
    192.168.1.255  255.255.255.255     192.168.1.65    192.168.1.65	  20
    192.168.1.255  255.255.255.255     192.168.1.67    192.168.1.67	  20
     192.168.56.0    255.255.255.0     192.168.56.1    192.168.56.1	  20
     192.168.56.1  255.255.255.255        127.0.0.1       127.0.0.1	  20
   192.168.56.255  255.255.255.255     192.168.56.1    192.168.56.1	  20
        224.0.0.0        240.0.0.0     192.168.1.65    192.168.1.65	  20
        224.0.0.0        240.0.0.0     192.168.1.67    192.168.1.67	  20
        224.0.0.0        240.0.0.0     192.168.56.1    192.168.56.1	  20
  255.255.255.255  255.255.255.255     192.168.1.65    192.168.1.65	  1
  255.255.255.255  255.255.255.255     192.168.1.67    192.168.1.67	  1
  255.255.255.255  255.255.255.255     192.168.56.1    192.168.56.1	  1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/28/2012 04:04:56 AM) (Source: Application Error) (User: )
Description: Faulting application asd.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.
Processing media-specific event for [asd.exe!ws!]

Error: (08/28/2012 04:03:28 AM) (Source: Application Error) (User: )
Description: Faulting application asd.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.
Processing media-specific event for [asd.exe!ws!]

Error: (08/28/2012 04:02:39 AM) (Source: Application Error) (User: )
Description: Faulting application asd.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00032a16.
Processing media-specific event for [asd.exe!ws!]

Error: (08/26/2012 11:26:26 PM) (Source: Application Error) (User: )
Description: Faulting application sonicgenerations.exe, version 1.0.0.1, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000ff56.
Processing media-specific event for [sonicgenerations.exe!ws!]

Error: (08/23/2012 00:49:28 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/23/2012 00:49:28 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/15/2012 07:16:44 PM) (Source: Application Hang) (User: )
Description: Hanging application SopCast.exe, version 3.2.9.329, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/03/2012 02:02:09 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 bbcplayer.exe, P2 1.0.0.0, P3 4ebfa64b, P4 system.windows.forms, P5 2.0.0.0, P6 4f681deb, P7 199c, P8 2, P9 clr20r30, P10 clr20r31.

Error: (08/01/2012 05:59:00 PM) (Source: Application Error) (User: )
Description: Faulting application winamp.exe, version 5.5.2.1800, faulting module in_vorbis.dll, version 0.0.0.0, fault address 0x000017a2.
Processing media-specific event for [winamp.exe!ws!]

Error: (07/30/2012 00:05:01 AM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [FlashPlayerUpdateService.exe!ws!]


System errors:
=============
Error: (09/01/2012 02:37:22 AM) (Source: SCardSvr) (User: )
Description: Smart Card Reader 'Generic Usb Smart Card Reader 0' rejected IOCTL 0x313520: Incorrect function.

Error: (09/01/2012 02:36:17 AM) (Source: SCardSvr) (User: )
Description: Smart Card Reader 'Generic Usb Smart Card Reader 0' rejected IOCTL 0x313520: Incorrect function.

Error: (09/01/2012 02:28:32 AM) (Source: SCardSvr) (User: )
Description: Smart Card Reader 'Generic Usb Smart Card Reader 0' rejected IOCTL 0x313520: Incorrect function.

Error: (09/01/2012 02:22:50 AM) (Source: ipnathlp) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.1.65,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Error: (09/01/2012 02:19:29 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/01/2012 02:18:42 AM) (Source: DCOM) (User: HELLO-3CAAB1)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/01/2012 02:17:33 AM) (Source: DCOM) (User: HELLO-3CAAB1)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/01/2012 02:17:31 AM) (Source: DCOM) (User: HELLO-3CAAB1)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/01/2012 02:16:15 AM) (Source: DCOM) (User: HELLO-3CAAB1)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/01/2012 02:08:09 AM) (Source: DCOM) (User: HELLO-3CAAB1)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

3DVIA player 5.0 (Version: 5.0.0.15)
7-Zip 9.20
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
AIDA64 Extreme Edition v1.85 (Version: 1.85)
Alpha Galaxy Screensaver
AnalogX NetStat Live
Angry Birds Space (Version: 1.1.0)
AnyDVD
Apple Application Support (Version: 1.5.0)
µTorrent (Version: 2.2.1)
Audacity 1.2.6
Audacity 1.3.14 (Unicode)
Ballistik Free Trial
Bamboo (Version: 5.2.4-6)
Bricks Of Atlantis Free Trial
Bricks of Egypt 2 Free Trial
Bricks Of Egypt Free Trial
Canon MP550 series MP Drivers
CCleaner (Version: 3.05)
CD & DVD Label Maker 1.2
Charm Tale
CodeBlocks (Version: 10.05)
Content Transfer (Version: 1.3.0.23190)
Corel Graphics - Windows Shell Extension (Version: 15.2.0.686)
Corel Graphics - Windows Shell Extension (Version: 15.2.686)
CPUID CPU-Z 1.60.1
CursorFX
CursorFX (Version: 2.10.022)
DAEMON Tools (Version: 3.47.0)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ESET Smart Security (Version: 4.2.71.2)
EVEREST Ultimate Edition v5.01 (Version: 5.01)
Family Feud 2 Free Trial
FileZilla Client 3.5.0 (Version: 3.5.0)
FlashGet 3.5 (Version: 3.5.0.1126)
Flip Words 2 Free Trial
Flip Words Free Trial
Foxit Reader (Version: 4.3.0.1110)
GameHouse Games Collection: Magic Ball
GameHouse Games Collection: Maui Wowee
GameHouse Games Collection: Ricochet
GameHouse Games Collection: Ricochet Lost Worlds
GameHouse Games Collection: Ricochet Lost Worlds - Recharged
GameHouse Games Collection: Tumblebugs
GamersFirst LIVE!
Geora 5.0 (eemaldamine ainult)
GIMP 2.6.11 (Version: 2.6.11)
GOM Player (Version: 2.1.28.5039)
Google Chrome (Version: 21.0.1180.83)
HandBrake 0.9.6 (Version: 0.9.6)
Icon Restore 1.0
IrfanView (remove only) (Version: 4.28)
iTunes (Version: 10.2.1.1)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java SE Development Kit 7 Update 7 (Version: 1.7.0.70)
Java(TM) 6 Update 24 (Version: 6.0.240)
JavaFX 2.1.0 (Version: 2.1.0)
LAME v3.98.3 for Audacity
Last.fm 1.5.4.27091
League of Legends (Version: 1.02.0000)
LibUSB-Win32-0.1.12.1 (Version: 0.1.12.1)
Magic Ball 3 Free Trial
Magic ISO Maker v5.3 (build 0229)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MediaInfo 0.7.43 (Version: 0.7.43)
Medieval CUE Splitter (Version: 1.2.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 6.01 (Version: 6.01.250.0)
Microsoft IntelliType Pro 6.01 (Version: 6.01.250.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft WinUsb 2.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MKVToolNix 5.2.1 [20111203-387] (Version: 5.2.1)
MozBackup 1.5.1
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Maintenance Service (Version: 15.0)
MotioninJoy ds3 driver version 0.6.0005 (Version: 0.6.00005)
Mp3tag v2.48 (Version: v2.48)
MPEG Video Wizard DVD 4.0.4 (12/2007) (Version: 4.0.4 (12/2007))
MPEG2 Codec(libmpeg2/mad)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MTP Porting Kit (Version: 12.0.0)
Need For Speed™ World (Version: 1.0.0.936)
Nero 7 Ultra Edition (Version: 7.02.9888)
neroxml (Version: 1.0.0)
NetWorx 5.2.4
nLite 1.4.9.1 (Version: 1.4.9.1)
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
Nokia Suite (Version: 3.4.49.0)
Not so deep
Notepad++ (Version: 6.1.5)
NVIDIA Control Panel 266.58 (Version: 266.58)
NVIDIA Drivers (Version: 1.10)
NVIDIA Graphics Driver 266.58 (Version: 266.58)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA nView 135.50 (Version: 135.50)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550)
NVIDIA Performance (Version: 6.5)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA System Monitor (Version: 6.5)
Octoshape Streaming Services
Oracle VM VirtualBox 4.1.20 (Version: 4.1.20)
Pando Media Booster (Version: 2.6.0.1)
Parallel Port Joystick
PC Connectivity Solution (Version: 12.0.17.0)
PCSX2 - Playstation 2 Emulator
PDF Settings CS5 (Version: 10.0)
PunkBuster Services (Version: 0.993)
Puzzle Inlay Free Trial
QT Lite 4.1.0 (Version: 4.1.0)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.13.0000)
REALTEK GbE & FE Ethernet PCI NIC Driver (Version: 1.05.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5485)
Replay Media Catcher 4 (Version: 4.1.1)
Revo Uninstaller Pro 2.4.3 (Version: 2.4.3)
SimpleTV 0.4.6 r
SixaxisDriver 0.91
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
SkySat media player 1.0.4 (Version: 1.0.4)
SmartFTP Client (Version: 2.5.1006.10)
Snail Mail Free Trial
Sonic Generations (Version: 1.0)
SopCast 3.2.9 (Version: 3.2.9)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
SpyroDriver (Version: 1.07.0000)
SpyroPortalDriver (Version: 1.0.1)
Streamripper (Remove only)
StreamTransport version: 1.0.2.2171
Subtitle Workshop 2.51
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)
SUPERAntiSpyware (Version: 5.5.1012)
System Requirements Lab CYRI (Version: 4.4.26.0)
Taskbar Shuffle version 2.5 (Version: 2.5)
TeamSpeak 3 Client
TeamViewer 7 (Version: 7.0.12313)
Time Adjuster STANDARD 3.1
Tropix Free Trial
TuneUp Utilities 2011 (Version: 10.0.3010.11)
TuneUp Utilities Language Pack (en-US) (Version: 10.0.3010.11)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WebM VP8 Decoder 0.9.5.0
WebTablet IE Plugin (Version: 1.1.0.7)
WebTablet Netscape Plugin (Version: 1.1.0.5)
Veetle TV 0.9.18 (Version: 0.9.18)
Winamp (Version: 5.52 )
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Messenger (Version: 8.1.0178.00)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Updates Downloader (Version: 2.50 Build 1002)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR archiver
WinSetupFromUSB
Virtual Villagers - New Believers 1.0 (Version: 1.0)
VirtuaWin v4.3
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69)
Visual Basic for Applications (R) Core (Version: 6.4.99.69)
VLC media player 1.1.8 (Version: 1.1.8)
WorldWinner Games (Version: 1.10.0.25)
XChat 2 (remove only)
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 17%
Total physical RAM: 3582.42 MB
Available physical RAM: 2968.73 MB
Total Pagefile: 5464.73 MB
Available Pagefile: 5072.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.72 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:178.02 GB) NTFS
4 Drive e: (WD1001FALS) (Fixed) (Total:931.51 GB) (Free:6.55 GB) NTFS

========================= Users: ========================================

User accounts for \\HELLO-3CAAB1

Administrator            ASPNET                   Guest                    
HelpAssistant            Hello                 SUPPORT_388945a0         


**** End of log ****


TDSSKiller didn't detect anything. But you asked for the log, so here you go:

TDSSKiller.2.8.8.0_01.09.2012_02.54.18_log.txt

02:54:18.0328 2248  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
02:54:18.0468 2248  ============================================================
02:54:18.0468 2248  Current date / time: 2012/09/01 02:54:18.0468
02:54:18.0468 2248  SystemInfo:
02:54:18.0468 2248  
02:54:18.0468 2248  OS Version: 5.1.2600 ServicePack: 3.0
02:54:18.0468 2248  Product type: Workstation
02:54:18.0468 2248  ComputerName: HELLO-3CAAB1
02:54:18.0468 2248  UserName: Hello
02:54:18.0468 2248  Windows directory: C:\WINDOWS
02:54:18.0468 2248  System windows directory: C:\WINDOWS
02:54:18.0468 2248  Processor architecture: Intel x86
02:54:18.0468 2248  Number of processors: 4
02:54:18.0468 2248  Page size: 0x1000
02:54:18.0468 2248  Boot type: Normal boot
02:54:18.0468 2248  ============================================================
02:54:20.0062 2248  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:54:20.0078 2248  Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:54:20.0093 2248  ============================================================
02:54:20.0093 2248  \Device\Harddisk0\DR0:
02:54:20.0093 2248  MBR partitions:
02:54:20.0093 2248  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
02:54:20.0093 2248  \Device\Harddisk1\DR1:
02:54:20.0093 2248  MBR partitions:
02:54:20.0093 2248  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
02:54:20.0093 2248  ============================================================
02:54:20.0125 2248  C: <-> \Device\Harddisk1\DR1\Partition1
02:54:20.0156 2248  E: <-> \Device\Harddisk0\DR0\Partition1
02:54:20.0156 2248  ============================================================
02:54:20.0156 2248  Initialize success
02:54:20.0156 2248  ============================================================
02:54:41.0875 3528  ============================================================
02:54:41.0875 3528  Scan started
02:54:41.0875 3528  Mode: Manual; TDLFS; 
02:54:41.0875 3528  ============================================================
02:54:42.0187 3528  ================ Scan system memory ========================
02:54:42.0187 3528  System memory - ok
02:54:42.0187 3528  ================ Scan services =============================
02:54:42.0234 3528  [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
02:54:42.0250 3528  !SASCORE - ok
02:54:42.0296 3528  Abiosdsk - ok
02:54:42.0296 3528  abp480n5 - ok
02:54:42.0343 3528  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:54:42.0343 3528  ACPI - ok
02:54:42.0406 3528  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
02:54:42.0421 3528  ACPIEC - ok
02:54:42.0421 3528  adpu160m - ok
02:54:42.0468 3528  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
02:54:42.0484 3528  aec - ok
02:54:42.0546 3528  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
02:54:42.0546 3528  AFD - ok
02:54:42.0546 3528  Aha154x - ok
02:54:42.0546 3528  aic78u2 - ok
02:54:42.0546 3528  aic78xx - ok
02:54:42.0593 3528  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
02:54:42.0593 3528  Alerter - ok
02:54:42.0625 3528  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
02:54:42.0640 3528  ALG - ok
02:54:42.0640 3528  AliIde - ok
02:54:42.0640 3528  amsint - ok
02:54:42.0687 3528  [ C6A45FEE274FB31DAF3DE1E12D53A191 ] AnyDVD          C:\WINDOWS\system32\Drivers\AnyDVD.sys
02:54:42.0703 3528  AnyDVD - ok
02:54:42.0718 3528  [ 05EDA44C080EBAF758F8A318488FFD75 ] appliand        C:\WINDOWS\system32\DRIVERS\appliand.sys
02:54:42.0734 3528  appliand - ok
02:54:42.0734 3528  [ 05EDA44C080EBAF758F8A318488FFD75 ] appliandMP      C:\WINDOWS\system32\DRIVERS\appliand.sys
02:54:42.0734 3528  appliandMP - ok
02:54:42.0750 3528  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
02:54:42.0765 3528  AppMgmt - ok
02:54:42.0765 3528  asc - ok
02:54:42.0765 3528  asc3350p - ok
02:54:42.0765 3528  asc3550 - ok
02:54:42.0906 3528  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:54:42.0906 3528  aspnet_state - ok
02:54:42.0968 3528  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:54:42.0984 3528  AsyncMac - ok
02:54:43.0000 3528  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
02:54:43.0000 3528  atapi - ok
02:54:43.0015 3528  Atdisk - ok
02:54:43.0015 3528  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:54:43.0031 3528  Atmarpc - ok
02:54:43.0109 3528  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
02:54:43.0125 3528  AudioSrv - ok
02:54:43.0140 3528  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
02:54:43.0140 3528  audstub - ok
02:54:43.0171 3528  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
02:54:43.0187 3528  Beep - ok
02:54:43.0234 3528  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
02:54:43.0234 3528  BITS - ok
02:54:43.0296 3528  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
02:54:43.0296 3528  Browser - ok
02:54:43.0296 3528  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
02:54:43.0312 3528  cbidf2k - ok
02:54:43.0328 3528  cd20xrnt - ok
02:54:43.0328 3528  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
02:54:43.0343 3528  Cdaudio - ok
02:54:43.0359 3528  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
02:54:43.0375 3528  Cdfs - ok
02:54:43.0375 3528  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:54:43.0390 3528  Cdrom - ok
02:54:43.0390 3528  Changer - ok
02:54:43.0437 3528  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
02:54:43.0437 3528  CiSvc - ok
02:54:43.0468 3528  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
02:54:43.0468 3528  ClipSrv - ok
02:54:43.0500 3528  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:54:43.0500 3528  clr_optimization_v2.0.50727_32 - ok
02:54:43.0562 3528  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:54:43.0562 3528  clr_optimization_v4.0.30319_32 - ok
02:54:43.0578 3528  CmdIde - ok
02:54:43.0578 3528  COMSysApp - ok
02:54:43.0578 3528  Cpqarray - ok
02:54:43.0593 3528  [ 26CE59F9FC8639FD7FED53CE3B785015 ] cpuz135         C:\WINDOWS\system32\drivers\cpuz135_x32.sys
02:54:43.0609 3528  cpuz135 - ok
02:54:43.0640 3528  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
02:54:43.0640 3528  CryptSvc - ok
02:54:43.0656 3528  [ 5776322F93CDB91086111F5FFBFDA2A0 ] d347bus         C:\WINDOWS\system32\DRIVERS\d347bus.sys
02:54:43.0671 3528  d347bus - ok
02:54:43.0671 3528  [ B49F79ACE459763F4E0380071BE9CB45 ] d347prt         C:\WINDOWS\system32\Drivers\d347prt.sys
02:54:43.0687 3528  d347prt - ok
02:54:43.0687 3528  dac2w2k - ok
02:54:43.0687 3528  dac960nt - ok
02:54:43.0750 3528  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
02:54:43.0750 3528  DcomLaunch - ok
02:54:43.0765 3528  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
02:54:43.0765 3528  Dhcp - ok
02:54:43.0796 3528  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
02:54:43.0812 3528  Disk - ok
02:54:43.0812 3528  dmadmin - ok
02:54:43.0828 3528  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
02:54:43.0859 3528  dmboot - ok
02:54:43.0859 3528  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
02:54:43.0875 3528  dmio - ok
02:54:43.0890 3528  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
02:54:43.0906 3528  dmload - ok
02:54:43.0937 3528  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
02:54:43.0937 3528  dmserver - ok
02:54:43.0968 3528  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
02:54:43.0968 3528  DMusic - ok
02:54:44.0031 3528  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
02:54:44.0031 3528  Dnscache - ok
02:54:44.0046 3528  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
02:54:44.0046 3528  Dot3svc - ok
02:54:44.0062 3528  dpti2o - ok
02:54:44.0062 3528  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
02:54:44.0078 3528  drmkaud - ok
02:54:44.0078 3528  EagleXNt - ok
02:54:44.0078 3528  [ D42DD9021ACD47683B33ADF21BCA49AA ] eamon           C:\WINDOWS\system32\DRIVERS\eamon.sys
02:54:44.0093 3528  eamon - ok
02:54:44.0109 3528  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
02:54:44.0109 3528  EapHost - ok
02:54:44.0140 3528  [ FE7824239D132AD9EBD8645FE1199B30 ] ehdrv           C:\WINDOWS\system32\DRIVERS\ehdrv.sys
02:54:44.0156 3528  ehdrv - ok
02:54:44.0250 3528  [ 68D91A34CE51CF15C45DD68F7F1257E8 ] EhttpSrv        C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
02:54:44.0265 3528  EhttpSrv - ok
02:54:44.0296 3528  [ 191D8ECCC40F05B52FAC0513F35BA01D ] ekrn            C:\Program Files\ESET\ESET Smart Security\ekrn.exe
02:54:44.0296 3528  ekrn - ok
02:54:44.0328 3528  [ 309AC30471A0F1C3A89DEE1C81230576 ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
02:54:44.0343 3528  ElbyCDIO - ok
02:54:44.0375 3528  [ 19D61BB8773DAC8F006C64DAC3804ACF ] EMVSCARD        C:\WINDOWS\system32\Drivers\EMVSCARD.sys
02:54:44.0390 3528  EMVSCARD - ok
02:54:44.0390 3528  [ 73411C14A8C6062BB6A510772CF2F38C ] epfw            C:\WINDOWS\system32\DRIVERS\epfw.sys
02:54:44.0390 3528  epfw - ok
02:54:44.0390 3528  [ 490329BF80F333E788DF9596A752A915 ] Epfwndis        C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
02:54:44.0421 3528  Epfwndis - ok
02:54:44.0421 3528  [ BDDE7DD8FCDB1DE7E879BB320B0605C0 ] epfwtdi         C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
02:54:44.0437 3528  epfwtdi - ok
02:54:44.0453 3528  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
02:54:44.0453 3528  ERSvc - ok
02:54:44.0515 3528  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
02:54:44.0515 3528  Eventlog - ok
02:54:44.0578 3528  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
02:54:44.0578 3528  EventSystem - ok
02:54:44.0593 3528  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
02:54:44.0593 3528  Fastfat - ok
02:54:44.0640 3528  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:54:44.0656 3528  FastUserSwitchingCompatibility - ok
02:54:44.0656 3528  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
02:54:44.0671 3528  Fdc - ok
02:54:44.0671 3528  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
02:54:44.0687 3528  Fips - ok
02:54:44.0687 3528  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:54:44.0703 3528  Flpydisk - ok
02:54:44.0734 3528  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
02:54:44.0750 3528  FltMgr - ok
02:54:44.0843 3528  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:54:44.0843 3528  FontCache3.0.0.0 - ok
02:54:44.0859 3528  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:54:44.0875 3528  Fs_Rec - ok
02:54:44.0875 3528  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:54:44.0890 3528  Ftdisk - ok
02:54:44.0890 3528  [ B6BFEC7542730E9A376BF2408423D493 ] gdrv            C:\WINDOWS\gdrv.sys
02:54:45.0468 3528  gdrv - ok
02:54:45.0515 3528  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
02:54:45.0515 3528  GEARAspiWDM - ok
02:54:45.0562 3528  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\WINDOWS\system32\giveio.sys
02:54:45.0562 3528  giveio - ok
02:54:45.0609 3528  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:54:45.0625 3528  Gpc - ok
02:54:45.0796 3528  GPU-Z - ok
02:54:45.0812 3528  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:54:45.0812 3528  HDAudBus - ok
02:54:45.0890 3528  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:54:45.0906 3528  helpsvc - ok
02:54:45.0953 3528  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
02:54:45.0953 3528  HidServ - ok
02:54:45.0953 3528  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:54:45.0968 3528  hidusb - ok
02:54:46.0000 3528  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
02:54:46.0000 3528  hkmsvc - ok
02:54:46.0000 3528  HPKBCCID - ok
02:54:46.0000 3528  hpn - ok
02:54:46.0031 3528  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
02:54:46.0031 3528  HTTP - ok
02:54:46.0078 3528  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
02:54:46.0078 3528  HTTPFilter - ok
02:54:46.0078 3528  i2omgmt - ok
02:54:46.0078 3528  i2omp - ok
02:54:46.0109 3528  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:54:46.0140 3528  i8042prt - ok
02:54:46.0218 3528  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:54:46.0234 3528  idsvc - ok
02:54:46.0234 3528  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
02:54:46.0250 3528  Imapi - ok
02:54:46.0296 3528  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
02:54:46.0296 3528  ImapiService - ok
02:54:46.0296 3528  ini910u - ok
02:54:46.0468 3528  [ C282875880DF189C64C465FC54A0150A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:54:46.0484 3528  IntcAzAudAddService - ok
02:54:46.0484 3528  IntelIde - ok
02:54:46.0562 3528  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:54:46.0562 3528  intelppm - ok
02:54:46.0562 3528  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
02:54:46.0593 3528  Ip6Fw - ok
02:54:46.0609 3528  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:54:46.0640 3528  IpFilterDriver - ok
02:54:46.0640 3528  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:54:46.0656 3528  IpInIp - ok
02:54:46.0656 3528  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:54:46.0687 3528  IpNat - ok
02:54:46.0734 3528  [ 9033D67B7112D23EDED6789BACDED128 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
02:54:46.0750 3528  iPod Service - ok
02:54:46.0750 3528  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:54:46.0765 3528  IPSec - ok
02:54:46.0796 3528  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
02:54:46.0812 3528  IRENUM - ok
02:54:46.0843 3528  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:54:46.0859 3528  isapnp - ok
02:54:47.0015 3528  [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
02:54:47.0015 3528  JavaQuickStarterService - ok
02:54:47.0062 3528  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:54:47.0078 3528  Kbdclass - ok
02:54:47.0093 3528  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:54:47.0109 3528  kbdhid - ok
02:54:47.0140 3528  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
02:54:47.0156 3528  kmixer - ok
02:54:47.0187 3528  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
02:54:47.0187 3528  KSecDD - ok
02:54:47.0218 3528  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
02:54:47.0218 3528  lanmanserver - ok
02:54:47.0281 3528  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:54:47.0281 3528  lanmanworkstation - ok
02:54:47.0281 3528  lbrtfdc - ok
02:54:47.0343 3528  [ 34D6730E198A5B0FCE0790A6B4769EF2 ] libusb0         C:\WINDOWS\system32\drivers\libusb0.sys
02:54:47.0359 3528  libusb0 - ok
02:54:47.0375 3528  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
02:54:47.0375 3528  LmHosts - ok
02:54:47.0406 3528  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
02:54:47.0421 3528  MBAMProtector - ok
02:54:47.0484 3528  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
02:54:47.0500 3528  MBAMService - ok
02:54:47.0515 3528  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
02:54:47.0515 3528  Messenger - ok
02:54:47.0562 3528  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
02:54:47.0578 3528  mnmdd - ok
02:54:47.0609 3528  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
02:54:47.0609 3528  mnmsrvc - ok
02:54:47.0640 3528  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
02:54:47.0656 3528  Modem - ok
02:54:47.0687 3528  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:54:47.0703 3528  Mouclass - ok
02:54:47.0750 3528  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:54:47.0765 3528  mouhid - ok
02:54:47.0781 3528  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
02:54:47.0796 3528  MountMgr - ok
02:54:47.0843 3528  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:54:47.0843 3528  MozillaMaintenance - ok
02:54:47.0843 3528  mraid35x - ok
02:54:47.0859 3528  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:54:47.0890 3528  MRxDAV - ok
02:54:47.0906 3528  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:54:47.0921 3528  MRxSmb - ok
02:54:47.0968 3528  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
02:54:47.0968 3528  MSDTC - ok
02:54:47.0984 3528  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
02:54:48.0000 3528  Msfs - ok
02:54:48.0015 3528  MSIServer - ok
02:54:48.0031 3528  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:54:48.0046 3528  MSKSSRV - ok
02:54:48.0078 3528  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:54:48.0093 3528  MSPCLOCK - ok
02:54:48.0125 3528  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
02:54:48.0140 3528  MSPQM - ok
02:54:48.0171 3528  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:54:48.0171 3528  mssmbios - ok
02:54:48.0203 3528  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
02:54:48.0203 3528  Mup - ok
02:54:48.0234 3528  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
02:54:48.0234 3528  napagent - ok
02:54:48.0250 3528  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
02:54:48.0250 3528  NDIS - ok
02:54:48.0265 3528  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:54:48.0265 3528  NdisTapi - ok
02:54:48.0296 3528  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:54:48.0312 3528  Ndisuio - ok
02:54:48.0312 3528  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:54:48.0328 3528  NdisWan - ok
02:54:48.0359 3528  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
02:54:48.0359 3528  NDProxy - ok
02:54:48.0359 3528  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
02:54:48.0375 3528  NetBIOS - ok
02:54:48.0406 3528  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
02:54:48.0421 3528  NetBT - ok
02:54:48.0468 3528  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
02:54:48.0468 3528  NetDDE - ok
02:54:48.0468 3528  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
02:54:48.0468 3528  NetDDEdsdm - ok
02:54:48.0484 3528  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
02:54:48.0484 3528  Netlogon - ok
02:54:48.0500 3528  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
02:54:48.0500 3528  Netman - ok
02:54:48.0531 3528  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:54:48.0531 3528  NetTcpPortSharing - ok
02:54:48.0562 3528  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
02:54:48.0562 3528  Nla - ok
02:54:48.0703 3528  [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
02:54:48.0703 3528  NMIndexingService - ok
02:54:48.0765 3528  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
02:54:48.0781 3528  nmwcd - ok
02:54:48.0812 3528  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
02:54:48.0812 3528  nmwcdc - ok
02:54:48.0843 3528  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\WINDOWS\system32\drivers\npf.sys
02:54:48.0859 3528  NPF - ok
02:54:48.0859 3528  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
02:54:48.0875 3528  Npfs - ok
02:54:48.0890 3528  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
02:54:48.0921 3528  Ntfs - ok
02:54:48.0921 3528  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
02:54:48.0921 3528  NtLmSsp - ok
02:54:48.0953 3528  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
02:54:48.0968 3528  NtmsSvc - ok
02:54:49.0046 3528  nTuneService - ok
02:54:49.0093 3528  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
02:54:49.0109 3528  NuidFltr - ok
02:54:49.0125 3528  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
02:54:49.0140 3528  Null - ok
02:54:49.0359 3528  [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:54:49.0625 3528  nv - ok
02:54:49.0656 3528  [ 96C5900331BD17344F338D006888BAE5 ] nvoclock        C:\WINDOWS\system32\DRIVERS\nvoclock.sys
02:54:49.0671 3528  nvoclock - ok
02:54:49.0687 3528  [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
02:54:49.0703 3528  nvsvc - ok
02:54:49.0750 3528  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:54:49.0765 3528  NwlnkFlt - ok
02:54:49.0765 3528  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:54:49.0781 3528  NwlnkFwd - ok
02:54:49.0906 3528  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:54:49.0906 3528  odserv - ok
02:54:49.0906 3528  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:54:49.0921 3528  ose - ok
02:54:49.0921 3528  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
02:54:49.0937 3528  Parport - ok
02:54:49.0953 3528  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
02:54:49.0968 3528  PartMgr - ok
02:54:50.0000 3528  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
02:54:50.0015 3528  ParVdm - ok
02:54:50.0062 3528  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
02:54:50.0062 3528  pccsmcfd - ok
02:54:50.0078 3528  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
02:54:50.0093 3528  PCI - ok
02:54:50.0093 3528  PCIDump - ok
02:54:50.0093 3528  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
02:54:50.0109 3528  PCIIde - ok
02:54:50.0109 3528  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
02:54:50.0140 3528  Pcmcia - ok
02:54:50.0156 3528  PDCOMP - ok
02:54:50.0156 3528  PDFRAME - ok
02:54:50.0156 3528  PDRELI - ok
02:54:50.0156 3528  PDRFRAME - ok
02:54:50.0156 3528  perc2 - ok
02:54:50.0156 3528  perc2hib - ok
02:54:50.0203 3528  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
02:54:50.0203 3528  PlugPlay - ok
02:54:50.0250 3528  [ 3A2E85F7D90D15460C337CE80C2E3B29 ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
02:54:50.0265 3528  PnkBstrA - ok
02:54:50.0312 3528  [ 5C71F7CDD1B4BA5F00B87CA05E414AEA ] Point32         C:\WINDOWS\system32\DRIVERS\point32.sys
02:54:50.0312 3528  Point32 - ok
02:54:50.0328 3528  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
02:54:50.0328 3528  PolicyAgent - ok
02:54:50.0375 3528  [ 89045B00BD36CFE3910E3CB6762C2DB0 ] PPJoyBus        C:\WINDOWS\system32\drivers\PPJoyBus.sys
02:54:50.0390 3528  PPJoyBus - ok
02:54:50.0406 3528  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:54:50.0421 3528  PptpMiniport - ok
02:54:50.0421 3528  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:54:50.0421 3528  ProtectedStorage - ok
02:54:50.0453 3528  [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
02:54:50.0468 3528  ProtexisLicensing - ok
02:54:50.0468 3528  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
02:54:50.0500 3528  PSched - ok
02:54:50.0515 3528  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
02:54:50.0531 3528  PSI_SVC_2 - ok
02:54:50.0531 3528  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:54:50.0546 3528  Ptilink - ok
02:54:50.0546 3528  ql1080 - ok
02:54:50.0546 3528  Ql10wnt - ok
02:54:50.0546 3528  ql12160 - ok
02:54:50.0562 3528  ql1240 - ok
02:54:50.0562 3528  ql1280 - ok
02:54:50.0578 3528  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:54:50.0593 3528  RasAcd - ok
02:54:50.0640 3528  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
02:54:50.0656 3528  RasAuto - ok
02:54:50.0656 3528  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:54:50.0671 3528  Rasl2tp - ok
02:54:50.0734 3528  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
02:54:50.0734 3528  RasMan - ok
02:54:50.0734 3528  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:54:50.0750 3528  RasPppoe - ok
02:54:50.0750 3528  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
02:54:50.0765 3528  Raspti - ok
02:54:50.0781 3528  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:54:50.0843 3528  Rdbss - ok
02:54:50.0859 3528  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:54:50.0875 3528  RDPCDD - ok
02:54:50.0875 3528  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:54:50.0890 3528  rdpdr - ok
02:54:50.0921 3528  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
02:54:50.0937 3528  RDPWD - ok
02:54:50.0953 3528  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
02:54:50.0953 3528  RDSessMgr - ok
02:54:50.0968 3528  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
02:54:50.0984 3528  redbook - ok
02:54:51.0000 3528  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
02:54:51.0015 3528  RemoteAccess - ok
02:54:51.0046 3528  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
02:54:51.0046 3528  RemoteRegistry - ok
02:54:51.0078 3528  [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt         C:\WINDOWS\system32\DRIVERS\revoflt.sys
02:54:51.0078 3528  Revoflt - ok
02:54:51.0093 3528  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
02:54:51.0093 3528  rpcapd - ok
02:54:51.0093 3528  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
02:54:51.0109 3528  RpcLocator - ok
02:54:51.0140 3528  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
02:54:51.0140 3528  RpcSs - ok
02:54:51.0171 3528  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
02:54:51.0171 3528  RSVP - ok
02:54:51.0203 3528  [ 1E11171C0B9989E1BDAA59E96B2E81C4 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
02:54:51.0218 3528  RTL8023xp - ok
02:54:51.0250 3528  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
02:54:51.0265 3528  rtl8139 - ok
02:54:51.0265 3528  [ 36ADA62330C31AD314E4A26B815FC485 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
02:54:51.0296 3528  RTLE8023xp - ok
02:54:51.0296 3528  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
02:54:51.0296 3528  SamSs - ok
02:54:51.0312 3528  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:54:51.0328 3528  SASDIFSV - ok
02:54:51.0343 3528  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:54:51.0359 3528  SASKUTIL - ok
02:54:51.0390 3528  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
02:54:51.0390 3528  SCardSvr - ok
02:54:51.0437 3528  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
02:54:51.0453 3528  Schedule - ok
02:54:51.0453 3528  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:54:51.0468 3528  Secdrv - ok
02:54:51.0484 3528  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
02:54:51.0484 3528  seclogon - ok
02:54:51.0515 3528  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
02:54:51.0515 3528  SENS - ok
02:54:51.0531 3528  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
02:54:51.0546 3528  serenum - ok
02:54:51.0546 3528  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
02:54:51.0578 3528  Serial - ok
02:54:51.0671 3528  [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
02:54:51.0687 3528  ServiceLayer - ok
02:54:51.0750 3528  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
02:54:51.0765 3528  Sfloppy - ok
02:54:51.0812 3528  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
02:54:51.0812 3528  SharedAccess - ok
02:54:51.0828 3528  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:54:51.0828 3528  ShellHWDetection - ok
02:54:51.0843 3528  Simbad - ok
02:54:51.0906 3528  [ A71C23EE4ECA580F8662392FC3005CDF ] SmartCardRemoval C:\Program Files\Estonian ID Card\SmartCardRemoval.exe
02:54:51.0906 3528  SmartCardRemoval - ok
02:54:51.0921 3528  Sparrow - ok
02:54:51.0937 3528  [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan        C:\WINDOWS\system32\speedfan.sys
02:54:51.0953 3528  speedfan - ok
02:54:51.0968 3528  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
02:54:51.0984 3528  splitter - ok
02:54:52.0015 3528  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
02:54:52.0015 3528  Spooler - ok
02:54:52.0062 3528  [ BFAE719594989D1F02B9E9CD86DB293E ] SpyroService    C:\Program Files\FS\Spyro Portal\FlashPortal.exe
02:54:52.0062 3528  SpyroService - ok
02:54:52.0078 3528  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
02:54:52.0093 3528  sr - ok
02:54:52.0125 3528  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
02:54:52.0125 3528  srservice - ok
02:54:52.0187 3528  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
02:54:52.0187 3528  Srv - ok
02:54:52.0203 3528  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
02:54:52.0203 3528  SSDPSRV - ok
02:54:52.0203 3528  STCFUx32 - ok
02:54:52.0250 3528  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
02:54:52.0250 3528  stisvc - ok
02:54:52.0281 3528  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
02:54:52.0296 3528  swenum - ok
02:54:52.0437 3528  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:54:52.0437 3528  SwitchBoard - ok
02:54:52.0468 3528  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
02:54:52.0500 3528  swmidi - ok
02:54:52.0500 3528  SwPrv - ok
02:54:52.0500 3528  symc810 - ok
02:54:52.0500 3528  symc8xx - ok
02:54:52.0500 3528  sym_hi - ok
02:54:52.0500 3528  sym_u3 - ok
02:54:52.0515 3528  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
02:54:52.0515 3528  sysaudio - ok
02:54:52.0531 3528  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
02:54:52.0546 3528  SysmonLog - ok
02:54:52.0750 3528  [ C9D5FA17200768EF92538F1F95735A2E ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
02:54:52.0859 3528  TabletServicePen - ok
02:54:52.0890 3528  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\WINDOWS\system32\DRIVERS\taphss.sys
02:54:52.0890 3528  taphss - ok
02:54:52.0906 3528  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
02:54:52.0906 3528  TapiSrv - ok
02:54:52.0953 3528  [ 4AFB3B0919649F95C1964AA1FAD27D73 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:54:52.0953 3528  Tcpip - ok
02:54:52.0984 3528  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
02:54:53.0000 3528  TDPIPE - ok
02:54:53.0015 3528  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
02:54:53.0031 3528  TDTCP - ok
02:54:53.0062 3528  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
02:54:53.0093 3528  TermDD - ok
02:54:53.0125 3528  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
02:54:53.0125 3528  TermService - ok
02:54:53.0156 3528  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
02:54:53.0156 3528  Themes - ok
02:54:53.0218 3528  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
02:54:53.0218 3528  TlntSvr - ok
02:54:53.0218 3528  TosIde - ok
02:54:53.0281 3528  [ 8D83C60DE67C2DB212452D8EBE7CA196 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
02:54:53.0281 3528  TouchServicePen - ok
02:54:53.0312 3528  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
02:54:53.0312 3528  TrkWks - ok
02:54:53.0453 3528  [ 1E3CD5486782D86A0F8AA08070172E10 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
02:54:53.0468 3528  TuneUp.UtilitiesSvc - ok
02:54:53.0500 3528  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
02:54:53.0500 3528  TuneUpUtilitiesDrv - ok
02:54:53.0531 3528  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
02:54:53.0546 3528  Udfs - ok
02:54:53.0546 3528  ultra - ok
02:54:53.0562 3528  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
02:54:53.0593 3528  Update - ok
02:54:53.0625 3528  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
02:54:53.0625 3528  upnphost - ok
02:54:53.0671 3528  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
02:54:53.0671 3528  upperdev - ok
02:54:53.0703 3528  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
02:54:53.0703 3528  UPS - ok
02:54:53.0718 3528  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:54:53.0734 3528  usbccgp - ok
02:54:53.0765 3528  [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID         C:\WINDOWS\system32\DRIVERS\usbccid.sys
02:54:53.0781 3528  USBCCID - ok
02:54:53.0812 3528  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:54:53.0828 3528  usbehci - ok
02:54:53.0859 3528  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:54:53.0875 3528  usbhub - ok
02:54:53.0921 3528  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:54:53.0937 3528  usbprint - ok
02:54:53.0968 3528  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:54:53.0984 3528  usbscan - ok
02:54:54.0015 3528  [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser          C:\WINDOWS\system32\drivers\usbser.sys
02:54:54.0031 3528  usbser - ok
02:54:54.0046 3528  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
02:54:54.0062 3528  UsbserFilt - ok
02:54:54.0062 3528  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:54:54.0078 3528  usbstor - ok
02:54:54.0078 3528  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:54:54.0093 3528  usbuhci - ok
02:54:54.0140 3528  [ C5B70A6AA947667CE0E5FC84A05EC8B6 ] usnjsvc         C:\Program Files\MSN Messenger\usnsvc.exe
02:54:54.0156 3528  usnjsvc - ok
02:54:54.0187 3528  [ 3F9BD6E212C6C6E1F3DC603308E5CA9F ] UxTuneUp        C:\WINDOWS\System32\uxtuneup.dll
02:54:54.0187 3528  UxTuneUp - ok
02:54:54.0234 3528  [ 75639B33F31F24F9A5484582330B768F ] VBoxDrv         C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
02:54:54.0234 3528  VBoxDrv - ok
02:54:54.0281 3528  [ 31B7C620454295214BD2173F89549B9F ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
02:54:54.0281 3528  VBoxNetAdp - ok
02:54:54.0312 3528  [ 5E4AB59B0C2277614EF29ACAAF65B8FC ] VBoxNetFlt      C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
02:54:54.0312 3528  VBoxNetFlt - ok
02:54:54.0359 3528  [ 46DE9B70AB91C949C004F7F9522CC73B ] VBoxUSBMon      C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
02:54:54.0359 3528  VBoxUSBMon - ok
02:54:54.0390 3528  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
02:54:54.0406 3528  VgaSave - ok
02:54:54.0406 3528  ViaIde - ok
02:54:54.0437 3528  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
02:54:54.0453 3528  VolSnap - ok
02:54:54.0453 3528  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
02:54:54.0453 3528  VSS - ok
02:54:54.0468 3528  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
02:54:54.0468 3528  W32Time - ok
02:54:54.0500 3528  [ F24EE97511FB901189E11CBBD51605BA ] wacmoumonitor   C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
02:54:54.0515 3528  wacmoumonitor - ok
02:54:54.0546 3528  [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
02:54:54.0562 3528  wacommousefilter - ok
02:54:54.0593 3528  [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid       C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
02:54:54.0593 3528  wacomvhid - ok
02:54:54.0593 3528  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:54:54.0609 3528  Wanarp - ok
02:54:54.0671 3528  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
02:54:54.0671 3528  Wdf01000 - ok
02:54:54.0671 3528  WDICA - ok
02:54:54.0703 3528  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
02:54:54.0718 3528  wdmaud - ok
02:54:54.0734 3528  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
02:54:54.0734 3528  WebClient - ok
02:54:54.0812 3528  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
02:54:54.0828 3528  winmgmt - ok
02:54:54.0859 3528  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
02:54:54.0875 3528  WinUSB - ok
02:54:54.0875 3528  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
02:54:54.0875 3528  WmdmPmSN - ok
02:54:54.0921 3528  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
02:54:54.0921 3528  Wmi - ok
02:54:54.0953 3528  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:54:54.0953 3528  WmiApSrv - ok
02:54:55.0046 3528  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
02:54:55.0046 3528  WMPNetworkSvc - ok
02:54:55.0078 3528  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:54:55.0078 3528  WpdUsb - ok
02:54:55.0187 3528  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:54:55.0203 3528  WPFFontCache_v0400 - ok
02:54:55.0250 3528  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:54:55.0265 3528  WS2IFSL - ok
02:54:55.0328 3528  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
02:54:55.0328 3528  wscsvc - ok
02:54:55.0375 3528  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
02:54:55.0375 3528  wuauserv - ok
02:54:55.0437 3528  [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:54:55.0437 3528  WudfPf - ok
02:54:55.0437 3528  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:54:55.0437 3528  WudfRd - ok
02:54:55.0500 3528  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
02:54:55.0500 3528  WudfSvc - ok
02:54:55.0531 3528  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
02:54:55.0531 3528  WZCSVC - ok
02:54:55.0578 3528  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
02:54:55.0578 3528  xmlprov - ok
02:54:55.0609 3528  [ 6AB0D2D28E2A984FBBA5295F2DD81878 ] XPADFL02        C:\WINDOWS\system32\DRIVERS\xpadfl02.sys
02:54:55.0625 3528  XPADFL02 - ok
02:54:55.0625 3528  ================ Scan global ===============================
02:54:55.0640 3528  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:54:55.0687 3528  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:54:55.0703 3528  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
02:54:55.0718 3528  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:54:55.0718 3528  [Global] - ok
02:54:55.0718 3528  ================ Scan MBR ==================================
02:54:55.0734 3528  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
02:54:55.0781 3528  \Device\Harddisk0\DR0 - ok
02:54:55.0796 3528  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
02:54:56.0078 3528  \Device\Harddisk1\DR1 - ok
02:54:56.0078 3528  ================ Scan VBR ==================================
02:54:56.0078 3528  [ B2FF6A905AB99EA2F35459985A19A7E2 ] \Device\Harddisk0\DR0\Partition1
02:54:56.0078 3528  \Device\Harddisk0\DR0\Partition1 - ok
02:54:56.0078 3528  [ 41CD1DD75EEED6C693FA0E7F88BAB127 ] \Device\Harddisk1\DR1\Partition1
02:54:56.0078 3528  \Device\Harddisk1\DR1\Partition1 - ok
02:54:56.0078 3528  ============================================================
02:54:56.0078 3528  Scan finished
02:54:56.0078 3528  ============================================================
02:54:56.0078 2284  Detected object count: 0
02:54:56.0078 2284  Actual detected object count: 0
02:55:41.0578 1932  Deinitialize success


What I forgot was to save the MBAM's log file. Under the normal mode I can't see any logs on the "Logs" tab. So if you need the log I'll just scan it again tomorrow. Or maybe the log is still there, in Safe Mode.

To sum it up, it actually seems that my PC is moving and acting quite a bit faster. No idea why, since it didn't really spot anything serious and big.. And cleaning these cookies actually helped Firefox to run faster on first startup. And overall it seems that programs are opening somewhat faster. Well yeah, I'm off to bed now.. it's late :)


A-placid

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:29 AM

Posted 31 August 2012 - 08:18 PM

Hello you look clean.
When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:

As older versions of Java are exploitable you need to remove this and reboot.
Java™ 6 Update 24 (Version: 6.0.240)


MiniToolbox flushed some items and that helped speed. We can clean more space and probably get a little more.

Using torrent downloads is very risky as too many of those files are infected.



Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users