Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help


  • This topic is locked This topic is locked
22 replies to this topic

#1 martin108

martin108

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgrade
  • Local time:09:07 AM

Posted 17 October 2012 - 11:17 PM

hello, I made computer scan with kasperski online scaner and received this:
1.HEUR:Trojan.Win32.Generic
data0006
D:\System Volume Information\_restore{B3021689-CBA3-4CFC-8DC1-C85ECA9AAF86}\RP14\A0000609.exe/
2.HEUR:Trojan.Win32.Generic
data0006
D:\System Volume Information\_restore{B3021689-CBA3-4CFC-8DC1-C85ECA9AAF86}\RP14\A0000612.exe/
3.UDS:DangerousObject.Multi.Generic
cokolxunquju.exe
C:\Documents and Settings\Zoran
4.HEUR:Exploit.Script.Generic
index.htm
D:\works\tekstovi\pesme\high hopes\sting - fragile chords @ TabCrawler_Com_files

..so, what should I do?
Thanks in advance

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:07 AM

Posted 18 October 2012 - 04:54 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 martin108

martin108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgrade
  • Local time:09:07 AM

Posted 18 October 2012 - 11:23 PM

Hello Gringo,
I've done everything according your instruction and here are feedback
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 27.3.2007 19:16:11
System Uptime: 19.10.2012 5:24:32 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | A8N-E
Processor: AMD Athlon™ 64 Processor 3000+ | Socket 939 | 1809/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 12,516 GiB free.
D: is FIXED (NTFS) - 76 GiB total, 5,5 GiB free.
E: is FIXED (NTFS) - 37 GiB total, 2,46 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_812A1043&REV_A2\3&2411E6FE&0&20
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_10DE&DEV_0059&SUBSYS_812A1043&REV_A2\3&2411E6FE&0&20
Service:
.
==== System Restore Points ===================
.
RP1013: 28.9.2012 0:07:38 - System Checkpoint
RP1014: 29.9.2012 8:18:50 - System Checkpoint
RP1015: 30.9.2012 17:54:54 - System Checkpoint
RP1016: 1.10.2012 18:22:19 - System Checkpoint
RP1017: 3.10.2012 20:09:42 - System Checkpoint
RP1018: 6.10.2012 18:58:24 - System Checkpoint
RP1019: 8.10.2012 22:26:58 - System Checkpoint
RP1020: 11.10.2012 21:30:16 - System Checkpoint
RP1021: 12.10.2012 7:12:15 - avast! Free Antivirus Instalacija
RP1022: 12.10.2012 7:23:48 - Removed ESET NOD32 Antivirus
RP1023: 13.10.2012 0:43:50 - avast! Free Antivirus Instalacija
RP1024: 13.10.2012 1:47:45 - Instalirano AVG 2013
RP1025: 13.10.2012 1:48:09 - Instalirano AVG 2013
RP1026: 13.10.2012 2:53:47 - Uklonjeno AVG 2013
RP1027: 13.10.2012 2:56:24 - Uklonjeno AVG 2013
RP1028: 14.10.2012 23:33:21 - avast! Free Antivirus Instalacija
RP1029: 14.10.2012 23:50:09 - avast! Free Antivirus Instalacija
RP1030: 14.10.2012 23:57:32 - Instalirano AVG 2013
RP1031: 14.10.2012 23:57:55 - Instalirano AVG 2013
RP1032: 15.10.2012 20:50:39 - Uklonjeno AVG 2013
RP1033: 15.10.2012 20:52:12 - Uklonjeno AVG 2013
RP1034: 15.10.2012 21:17:30 - Installed ESET NOD32 Antivirus
RP1035: 15.10.2012 21:34:12 - Installed ESET NOD32 Antivirus
RP1036: 15.10.2012 22:01:24 - avast! Free Antivirus Instalacija
RP1037: 16.10.2012 19:03:40 - avast! Free Antivirus Instalacija
RP1038: 16.10.2012 20:42:22 - Installed ESET NOD32 Antivirus
RP1039: 17.10.2012 20:26:36 - Removed Java™ 6 Update 21
RP1040: 17.10.2012 20:46:18 - Installed ESET NOD32 Antivirus
RP1041: 17.10.2012 21:26:37 - Installed ESET NOD32 Antivirus
RP1042: 17.10.2012 21:45:26 - Installed Kaspersky Security Scan.
RP1043: 18.10.2012 6:26:23 - PC Decrapifier Restore Point
RP1044: 18.10.2012 6:31:18 - Removed Kaspersky Security Scan.
.
==== Installed Programs ======================
.
ACDSee 6.0 Standard Trial
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
AP Guitar Tuner
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Atmosphere
AXIS Media Control Embedded
BFD
BFD Windows Setup 2
BS Player Toolbar
BS.Player PRO
CDXtract 4 r4
CSA
EarMaster Pro 5
Facebook Video Calling 1.2.0.159
Freecorder Toolbar
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
K-Lite Codec Pack 3.2.9 Full *BETA*
Kiran's Typing Tutor 1.0
Korg Legacy Collection v1.0.0.2
L&H TTS3000 British English
Lernout & Hauspie TruVoice American English TTS Engine
LUMIX Simple Viewer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
nCleaner second 2.3.4.0
Nero 6 Ultra Edition
NVIDIA Drivers
Passware Kit 5.3
PowerDVD
QuickTime
SAGEM F@st 800-840
Samsung ML-2010 Series
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sony Sound Forge 8.0
Steinberg Cubase SX 3
Steinberg Cubase SX v3.0.2.623
Steinberg Groove Agent
Steinberg The Grand
Stylus
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
TeamViewer 7
Total Commander (Remove or Repair)
Trilogy
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp
Winamp Toolbar
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Detect
YTD Toolbar v6.3
YTD YouTube Downloader & Converter 3.7
.
==== Event Viewer Messages From Past Week ========
.
17.10.2012 20:50:18, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Scope Tcpip
15.10.2012 20:48:16, error: Service Control Manager [7024] - The AVG zaštitni zid service terminated with service-specific error 3758162007 (0xE0010057).
15.10.2012 20:11:14, error: Service Control Manager [7024] - The AVG zaštitni zid service terminated with service-specific error 3758162007 (0xE0010057).
15.10.2012 0:14:07, error: Service Control Manager [7024] - The AVG zaštitni zid service terminated with service-specific error 3758162007 (0xE0010057).
15.10.2012 0:04:54, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver SASDIFSV SASKUTIL
15.10.2012 0:04:54, error: Service Control Manager [7024] - The AVG zaštitni zid service terminated with service-specific error 3758162007 (0xE0010057).
14.10.2012 22:58:40, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL Scope Tcpip
14.10.2012 22:58:40, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
14.10.2012 22:58:40, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
14.10.2012 22:58:40, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14.10.2012 22:58:40, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
14.10.2012 22:58:40, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14.10.2012 22:57:41, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
14.10.2012 22:57:35, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
14.10.2012 22:21:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
14.10.2012 22:12:05, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: A device attached to the system is not functioning.
14.10.2012 22:12:03, error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: A device attached to the system is not functioning.
13.10.2012 2:45:30, error: Service Control Manager [7024] - The AVG zaštitni zid service terminated with service-specific error 3758162007 (0xE0010057).
13.10.2012 2:26:01, error: Service Control Manager [7024] - The AVG zaštitni zid service terminated with service-specific error 3758162007 (0xE0010057).
13.10.2012 2:11:34, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver
13.10.2012 2:11:34, error: Service Control Manager [7024] - The AVG zaštitni zid service terminated with service-specific error 3758162007 (0xE0010057).
13.10.2012 2:11:34, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
13.10.2012 2:11:34, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The system cannot find the file specified.
13.10.2012 2:11:34, error: Service Control Manager [7000] - The AVGIDSShim service failed to start due to the following error: A device attached to the system is not functioning.
13.10.2012 2:11:34, error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: A device attached to the system is not functioning.
13.10.2012 2:05:40, error: Service Control Manager [7001] - The AVGIDSDriver service depends on the AVGIDSShim service which failed to start because of the following error: A device attached to the system is not functioning.
13.10.2012 2:05:40, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The dependency service or group failed to start.
13.10.2012 2:05:40, error: Service Control Manager [7000] - The AVG AVI Loader Driver service failed to start due to the following error: A device attached to the system is not functioning.
13.10.2012 1:59:46, error: Service Control Manager [7024] - The AVG zaštitni zid service terminated with service-specific error 3758162007 (0xE0010057).
13.10.2012 1:49:38, error: Service Control Manager [7000] - The avgtp service failed to start due to the following error: A device attached to the system is not functioning.
13.10.2012 1:49:07, error: Service Control Manager [7000] - The AVG Mini-Filter Resident Anti-Virus Shield service failed to start due to the following error: A device attached to the system is not functioning.
13.10.2012 1:49:05, error: Service Control Manager [7000] - The AVG Anti-Rootkit Driver service failed to start due to the following error: A device attached to the system is not functioning.
13.10.2012 1:48:55, error: Service Control Manager [7000] - The AVG Logging Driver service failed to start due to the following error: A device attached to the system is not functioning.
13.10.2012 1:22:47, error: Service Control Manager [7000] - The ehdrv service failed to start due to the following error: A device attached to the system is not functioning.
13.10.2012 0:39:13, error: Service Control Manager [7001] - The avast! Antivirus service depends on the avast! Standard Shield Support service which failed to start because of the following error: A device attached to the system is not functioning.
13.10.2012 0:39:13, error: Service Control Manager [7000] - The avast! Standard Shield Support service failed to start due to the following error: A device attached to the system is not functioning.
13.10.2012 0:31:36, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: A device attached to the system is not functioning.
12.10.2012 7:36:26, error: Service Control Manager [7001] - The avast! Antivirus service depends on the aswMon2 service which failed to start because of the following error: A device attached to the system is not functioning.
12.10.2012 7:36:26, error: Service Control Manager [7000] - The aswMon2 service failed to start due to the following error: A device attached to the system is not functioning.
12.10.2012 7:15:10, error: Service Control Manager [7000] - The avast! Network Shield Support service failed to start due to the following error: A device attached to the system is not functioning.
12.10.2012 7:15:10, error: Service Control Manager [7000] - The avast! Asynchronous Virus Monitor service failed to start due to the following error: A device attached to the system is not functioning.
12.10.2012 7:15:10, error: Service Control Manager [7000] - The aswSP service failed to start due to the following error: A device attached to the system is not functioning.
12.10.2012 6:54:47, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv epfwtdir
12.10.2012 6:54:47, error: Service Control Manager [7000] - The epfwtdir service failed to start due to the following error: A device attached to the system is not functioning.
12.10.2012 6:54:47, error: Service Control Manager [7000] - The eamon service failed to start due to the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

c:\program files\Application Updater
2012-09-26 04:02:59 -------- d-----w- c:\program files\YTD Toolbar
2012-09-26 04:02:59 -------- d-----w- c:\program files\common files\Spigot
.
==================== Find3M ====================
.
2012-10-16 18:27:44 0 ----a-w- c:\windows\system32\w32apiw.dll
2012-10-08 19:24:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 19:24:36 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2009-12-04 12:44:32 8445952 -c--a-w- c:\program files\M30 Reverb.dll
2009-03-29 06:56:48 2931168 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2001-01-05 14:51:08 162304 -c--a-w- c:\program files\UNWISE.EXE
1999-11-29 00:43:00 1705216 ----a-w- c:\program files\MJAZSOLO.EXE
1999-11-12 10:07:06 3058 -c--a-w- c:\program files\JSTYPES.BIN
1999-11-10 00:43:00 57600 -c--a-w- c:\program files\MMPLAY.DLL
1999-03-23 08:12:24 19904 -c--a-w- c:\program files\_ISREG16.DLL
1997-11-08 13:37:16 320640 -c--a-w- c:\program files\ILDA16.DLL
1997-03-06 16:46:26 180279 -c--a-w- c:\program files\AL21LW.DLL
.
============= FINISH: 5:46:58,14 ===============

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
nCleaner second 2.3.4.0
Adobe Reader X (10.1.4)
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 05:41 on 19/10/2012 (Zoran)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read 467b7c58a0dc5196.sys


-=E.O.F=-

Sorry if I sent something double, and for information this computer works but it was faster before and I can't install any antivirus program. It was nod32 when it found virus.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:07 AM

Posted 19 October 2012 - 07:46 AM

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 martin108

martin108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgrade
  • Local time:09:07 AM

Posted 19 October 2012 - 11:39 AM

Hello Gringo, thank you for your prompt answer, here are the feedback

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
nCleaner second 2.3.4.0
Adobe Reader X (10.1.4)
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

# AdwCleaner v2.005 - Logfile created 10/19/2012 at 18:17:49
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Zoran - STUDIO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Zoran\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
Folder Deleted : C:\Documents and Settings\Zoran\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Zoran\Application Data\facemoods.com
Folder Deleted : C:\Documents and Settings\Zoran\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Zoran\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Zoran\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Zoran\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\Zoran\Local Settings\Application Data\BS_Player
Folder Deleted : C:\Documents and Settings\Zoran\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Zoran\Local Settings\Application Data\Freecorder
Folder Deleted : C:\Documents and Settings\Zoran\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Zoran\Local Settings\Application Data\Winamp Toolbar
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\BS_Player
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Freecorder
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\Winamp Toolbar

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1\applic~1\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\BS_Player
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Freecorder
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5AD83B9-A77A-4BFF-9048-1948BC99F60F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D0042C4-0254-4EBC-93B4-002336D2CA17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CA3F7EC-708D-4826-A9CF-381F3739DDB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5AD83B9-A77A-4BFF-9048-1948BC99F60F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BS_Player
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D0042C4-0254-4EBC-93B4-002336D2CA17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CA3F7EC-708D-4826-A9CF-381F3739DDB9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5AD83B9-A77A-4BFF-9048-1948BC99F60F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BS_Player Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5D0042C4-0254-4EBC-93B4-002336D2CA17}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9CA3F7EC-708D-4826-A9CF-381F3739DDB9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Winamp Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Zoran\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [18486 octets] - [19/10/2012 18:17:49]

########## EOF - C:\AdwCleaner[S1].txt - [18547 octets] ##########

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Zoran [Admin rights]
Mode : Scan -- Date : 10/19/2012 18:29:47

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[Services][LOCK] HKLM\[...]\ControlSet001\Services\467b7c58a0dc5196 (467b7c58a0dc5196.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet002\Services\467b7c58a0dc5196 (467b7c58a0dc5196.sys) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6L080M0 +++++
--- User ---
[MBR] c1ca1c920fb0d3b6c394fcdbe170da83
[BSP] 060a196fa5fcab905eb0537f9deffcac : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 81915435 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor 6L080M0 +++++
--- User ---
[MBR] f89c5d97a7e7e4c707f057011c1f27d8
[BSP] a78c2aca13bb611b62624f7adbcdd6b8 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78159 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Zoran [Admin rights]
Mode : Remove -- Date : 10/19/2012 18:31:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[Services][LOCK] HKLM\[...]\ControlSet001\Services\467b7c58a0dc5196 -> DELETED
[Services][LOCK] HKLM\[...]\ControlSet002\Services\467b7c58a0dc5196 -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6L080M0 +++++
--- User ---
[MBR] c1ca1c920fb0d3b6c394fcdbe170da83
[BSP] 060a196fa5fcab905eb0537f9deffcac : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 81915435 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor 6L080M0 +++++
--- User ---
[MBR] f89c5d97a7e7e4c707f057011c1f27d8
[BSP] a78c2aca13bb611b62624f7adbcdd6b8 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78159 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



Regards, Martin

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:07 AM

Posted 19 October 2012 - 12:01 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 martin108

martin108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgrade
  • Local time:09:07 AM

Posted 20 October 2012 - 02:43 AM

Hello Gringo, now Iam answering from notebook because my sick computer is dead. It try to start up but it stop and go to sleep mode. It is posible to start up in safe mode and I can enter in recovery console from cd. I don't have idea what now?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:07 AM

Posted 20 October 2012 - 03:36 AM

run combofix in safe mode then



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 martin108

martin108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgrade
  • Local time:09:07 AM

Posted 20 October 2012 - 03:45 AM

I forgot to say I run up combofix and when it finished it wasn't posibly to start up win exept safe mode.I tryed to make up sistem recovery to last good point but it was not successful and the combofix log is probably gone.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:07 AM

Posted 20 October 2012 - 04:00 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 martin108

martin108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgrade
  • Local time:09:07 AM

Posted 20 October 2012 - 04:12 AM

ComboFix 12-10-19.01 - Zoran 20.10.2012 11:03:14.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1274 [GMT 2:00]
Running from: c:\documents and settings\Zoran\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Zoran\Application Data\facemoods.com
c:\documents and settings\Zoran\Application Data\PriceGong
c:\documents and settings\Zoran\Application Data\Toolbar4
c:\documents and settings\Zoran\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\TbHelper2.exe
c:\documents and settings\Zoran\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\uninstall.exe
c:\documents and settings\Zoran\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\update.exe
c:\documents and settings\Zoran\WINDOWS
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-1644491937-1482476501-682003330-1003(2)\INFO2
c:\windows\iun6002.exe
c:\windows\picn1020.dll
c:\windows\picn1120.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system\Pncrt.dll
c:\windows\system32\SOCKETX.DLL
c:\windows\system32\SOCKETX.OCX
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\w32apiw.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-20 to 2012-10-20 )))))))))))))))))))))))))))))))
.
.
2012-10-20 08:56 . 2012-10-20 08:56 -------- d-----w- c:\windows\LastGood
2012-10-20 05:53 . 2012-10-20 05:53 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-20 05:47 . 2012-10-20 05:47 -------- d-----w- c:\program files\ESET
2012-10-20 05:46 . 2012-10-20 05:46 -------- d-----w- c:\program files\AVG
2012-10-20 05:46 . 2012-10-20 05:46 -------- d-----w- c:\documents and settings\Zoran\Local Settings\Application Data\Eset
2012-10-20 05:46 . 2012-10-20 05:46 -------- d-----w- c:\program files\Java
2012-10-20 05:45 . 2012-10-20 05:45 -------- d-----w- c:\program files\Common Files\Java
2012-10-19 20:56 . 2012-10-20 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET(2)
2012-10-17 18:20 . 2012-10-20 05:46 -------- d-s---w- c:\documents and settings\Administrator
2012-10-16 15:44 . 2012-10-16 15:45 -------- d-----w- c:\documents and settings\Zoran\Application Data\QuickScan
2012-10-15 20:06 . 2012-10-15 20:06 -------- d-----w- c:\documents and settings\Zoran\Application Data\RoboForm
2012-10-15 20:04 . 2012-10-15 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2012-10-12 23:43 . 2012-10-12 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2012-09-26 04:04 . 2012-09-26 04:04 -------- d-----w- c:\documents and settings\Zoran\Application Data\YTD
2012-09-26 04:02 . 2012-09-26 04:03 -------- d-----w- c:\program files\YTD Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 20:24 . 2012-04-02 19:54 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 20:24 . 2011-05-19 20:03 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-12-04 12:44 . 2009-12-04 12:44 8445952 -c--a-w- c:\program files\M30 Reverb.dll
2009-03-29 06:56 . 2009-03-29 06:56 2931168 -c--a-w- c:\program files\FLV PlayerFCSetup.exe
2001-01-05 14:51 . 2007-05-11 22:21 162304 -c--a-w- c:\program files\UNWISE.EXE
1999-11-29 00:43 . 2008-12-25 12:37 1705216 ----a-w- c:\program files\MJAZSOLO.EXE
1999-11-12 10:07 . 2008-12-25 12:37 3058 -c--a-w- c:\program files\JSTYPES.BIN
1999-11-10 00:43 . 2008-12-25 12:37 57600 -c--a-w- c:\program files\MMPLAY.DLL
1999-03-23 08:12 . 2008-12-25 12:37 19904 -c--a-w- c:\program files\_ISREG16.DLL
1997-11-08 13:37 . 2008-12-25 12:37 320640 -c--a-w- c:\program files\ILDA16.DLL
1997-03-06 16:46 . 2008-12-25 12:37 180279 -c--a-w- c:\program files\AL21LW.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2011-03-11 1373512]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\BS_Player\prxtbBS_0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Zoran\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"ChromeFrameHelper"="c:\documents and settings\Zoran\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\chrome_frame_helper.exe" [2012-08-30 81432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-12 32768]
"InitPulsar"="c:\scope\App\Bin\SFP.exe" [2004-03-09 20480]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2004-08-03 208896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-23 413696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-5-13 32768]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-4-1 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\sPlan70\\sPlan70.exe"=
"c:\\Documents and Settings\\Zoran\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [28.3.2007 18:02 33792]
S1 Scope;WDM Driver for Scope;c:\windows\system32\drivers\scope.sys [27.3.2007 21:10 110048]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19.9.2012 16:21 795072]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [24.7.2012 19:56 2673064]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 21:54 250288]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:24]
.
2012-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-10-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1644491937-1482476501-682003330-1003Core.job
- c:\documents and settings\Zoran\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-04 03:42]
.
2012-10-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1644491937-1482476501-682003330-1003UA.job
- c:\documents and settings\Zoran\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-04 03:42]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 06:21]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 06:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://93.87.16.19/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-20 11:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61A3D62A-E669-8B2B-95B7C505631D6590}\{1D71893B-0DD3-8FF9-31AA9E7B284EB027}\{CF9E2073-5E5A-1B13-96346A906352FBBE}*]
"GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75C78964-9FAD-014A-8CC7FBADED2C52DF}\{536ADE09-4683-F194-E6EBF180967FA049}\{3462E639-3971-056E-531C3527F72CD4AF}*]
"GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{905039D8-D3A1-70A8-DABF0692B94E6EF4}\{2661643E-85BA-F5BF-30DE18451E945353}\{906FFE4B-845A-CA7B-85F7467A0D70268A}*]
"GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43,
a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\ac3filter.acm
.
Completion time: 2012-10-20 11:07:49
ComboFix-quarantined-files.txt 2012-10-20 09:07
ComboFix2.txt 2012-10-19 18:33
.
Pre-Run: 10.546.495.488 bytes free
Post-Run: 10.533.408.768 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5A0DC5BDDE33FBC33AFD139EB674F5A9

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:07 AM

Posted 20 October 2012 - 01:02 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 martin108

martin108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgrade
  • Local time:09:07 AM

Posted 20 October 2012 - 01:27 PM

Here are feedback from safe mode

19:57:31.0781 0932 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:57:32.0031 0932 ============================================================
19:57:32.0031 0932 Current date / time: 2012/10/20 19:57:32.0031
19:57:32.0031 0932 SystemInfo:
19:57:32.0031 0932
19:57:32.0031 0932 OS Version: 5.1.2600 ServicePack: 2.0
19:57:32.0031 0932 Product type: Workstation
19:57:32.0031 0932 ComputerName: STUDIO
19:57:32.0031 0932 UserName: Zoran
19:57:32.0031 0932 Windows directory: C:\WINDOWS
19:57:32.0031 0932 System windows directory: C:\WINDOWS
19:57:32.0031 0932 Processor architecture: Intel x86
19:57:32.0031 0932 Number of processors: 1
19:57:32.0031 0932 Page size: 0x1000
19:57:32.0031 0932 Boot type: Safe boot with network
19:57:32.0031 0932 ============================================================
19:57:35.0390 0932 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:57:35.0421 0932 Drive \Device\Harddisk1\DR1 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:57:35.0421 0932 ============================================================
19:57:35.0421 0932 \Device\Harddisk0\DR0:
19:57:35.0421 0932 MBR partitions:
19:57:35.0421 0932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
19:57:35.0437 0932 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x4A852C1
19:57:35.0437 0932 \Device\Harddisk1\DR1:
19:57:35.0437 0932 MBR partitions:
19:57:35.0437 0932 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A7FAD
19:57:35.0437 0932 ============================================================
19:57:35.0500 0932 D: <-> \Device\Harddisk1\DR1\Partition1
19:57:35.0515 0932 C: <-> \Device\Harddisk0\DR0\Partition1
19:57:35.0531 0932 E: <-> \Device\Harddisk0\DR0\Partition2
19:57:35.0718 0932 ============================================================
19:57:35.0718 0932 Initialize success
19:57:35.0718 0932 ============================================================
19:57:42.0875 0964 ============================================================
19:57:42.0875 0964 Scan started
19:57:42.0875 0964 Mode: Manual;
19:57:42.0875 0964 ============================================================
19:57:44.0593 0964 ================ Scan system memory ========================
19:57:44.0609 0964 System memory - ok
19:57:44.0609 0964 ================ Scan services =============================
19:57:44.0703 0964 Abiosdsk - ok
19:57:44.0718 0964 abp480n5 - ok
19:57:44.0750 0964 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:57:44.0765 0964 ACPI - ok
19:57:44.0796 0964 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:57:44.0796 0964 ACPIEC - ok
19:57:44.0812 0964 ADILOADER - ok
19:57:44.0828 0964 adiusbaw - ok
19:57:44.0906 0964 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:44.0906 0964 AdobeFlashPlayerUpdateSvc - ok
19:57:44.0921 0964 adpu160m - ok
19:57:44.0968 0964 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
19:57:44.0984 0964 aec - ok
19:57:45.0031 0964 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:57:45.0046 0964 AFD - ok
19:57:45.0062 0964 Aha154x - ok
19:57:45.0062 0964 aic78u2 - ok
19:57:45.0078 0964 aic78xx - ok
19:57:45.0109 0964 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:57:45.0109 0964 Alerter - ok
19:57:45.0140 0964 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
19:57:45.0140 0964 ALG - ok
19:57:45.0156 0964 AliIde - ok
19:57:45.0156 0964 amsint - ok
19:57:45.0250 0964 [ 367592EFCA7FF8B4CE11AB6B0744E1E2 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
19:57:45.0281 0964 Apple Mobile Device - ok
19:57:45.0390 0964 [ 52AD9ED5BD05E7801AF5EFD99652C74F ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
19:57:45.0437 0964 Application Updater - ok
19:57:45.0484 0964 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:57:45.0500 0964 AppMgmt - ok
19:57:45.0500 0964 asc - ok
19:57:45.0515 0964 asc3350p - ok
19:57:45.0531 0964 asc3550 - ok
19:57:45.0640 0964 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:57:45.0656 0964 aspnet_state - ok
19:57:45.0671 0964 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:57:45.0671 0964 AsyncMac - ok
19:57:45.0718 0964 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:57:45.0718 0964 atapi - ok
19:57:45.0734 0964 Atdisk - ok
19:57:45.0750 0964 [ 725BBF8C2D631505CF6375A9D603A112 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:57:45.0765 0964 Ati HotKey Poller - ok
19:57:45.0796 0964 [ 74D37389F951CA6A2786D3010C4FA706 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
19:57:45.0812 0964 ATI Smart - ok
19:57:45.0875 0964 [ F48FE6D69F7A224A2157D052E3B1A0FC ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:57:45.0906 0964 ati2mtag - ok
19:57:45.0968 0964 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:57:45.0968 0964 Atmarpc - ok
19:57:46.0000 0964 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:57:46.0000 0964 AudioSrv - ok
19:57:46.0046 0964 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:57:46.0046 0964 audstub - ok
19:57:46.0078 0964 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:57:46.0078 0964 Beep - ok
19:57:46.0125 0964 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
19:57:46.0234 0964 BITS - ok
19:57:46.0250 0964 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
19:57:46.0250 0964 Browser - ok
19:57:46.0359 0964 catchme - ok
19:57:46.0375 0964 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:57:46.0390 0964 cbidf2k - ok
19:57:46.0421 0964 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:57:46.0421 0964 CCDECODE - ok
19:57:46.0437 0964 cd20xrnt - ok
19:57:46.0453 0964 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:57:46.0453 0964 Cdaudio - ok
19:57:46.0484 0964 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:57:46.0484 0964 Cdfs - ok
19:57:46.0531 0964 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:57:46.0531 0964 Cdrom - ok
19:57:46.0531 0964 Changer - ok
19:57:46.0546 0964 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:57:46.0546 0964 CiSvc - ok
19:57:46.0609 0964 [ B53F9635457B56DCFFEF750E18AEC6CB ] CLEDX C:\WINDOWS\system32\DRIVERS\cledx.sys
19:57:46.0609 0964 CLEDX - ok
19:57:46.0640 0964 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:57:46.0640 0964 ClipSrv - ok
19:57:46.0671 0964 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:46.0718 0964 clr_optimization_v2.0.50727_32 - ok
19:57:46.0734 0964 CmdIde - ok
19:57:46.0750 0964 COMSysApp - ok
19:57:46.0765 0964 Cpqarray - ok
19:57:46.0796 0964 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:57:46.0796 0964 CryptSvc - ok
19:57:46.0812 0964 dac2w2k - ok
19:57:46.0812 0964 dac960nt - ok
19:57:46.0875 0964 [ CE94A2BD25E3E9F4D46A7373FF455C6D ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:57:46.0890 0964 DcomLaunch - ok
19:57:46.0953 0964 [ A5034F77B278F07E224FE07CF98A8B76 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
19:57:46.0953 0964 DgiVecp - ok
19:57:47.0000 0964 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:57:47.0000 0964 Dhcp - ok
19:57:47.0046 0964 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:57:47.0046 0964 Disk - ok
19:57:47.0046 0964 dmadmin - ok
19:57:47.0109 0964 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:57:47.0125 0964 dmboot - ok
19:57:47.0140 0964 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:57:47.0140 0964 dmio - ok
19:57:47.0156 0964 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:57:47.0156 0964 dmload - ok
19:57:47.0187 0964 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
19:57:47.0187 0964 dmserver - ok
19:57:47.0234 0964 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:57:47.0234 0964 DMusic - ok
19:57:47.0250 0964 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:57:47.0250 0964 Dnscache - ok
19:57:47.0250 0964 dpti2o - ok
19:57:47.0265 0964 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:57:47.0265 0964 drmkaud - ok
19:57:47.0312 0964 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:57:47.0312 0964 ERSvc - ok
19:57:47.0343 0964 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
19:57:47.0343 0964 Eventlog - ok
19:57:47.0437 0964 [ 34BBD9ACC1538818F2C878898C64E793 ] EventSystem C:\WINDOWS\system32\es.dll
19:57:47.0468 0964 EventSystem - ok
19:57:47.0500 0964 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:57:47.0515 0964 Fastfat - ok
19:57:47.0546 0964 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:57:47.0562 0964 FastUserSwitchingCompatibility - ok
19:57:47.0593 0964 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:57:47.0593 0964 Fdc - ok
19:57:47.0625 0964 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:57:47.0625 0964 Fips - ok
19:57:47.0640 0964 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:57:47.0640 0964 Flpydisk - ok
19:57:47.0687 0964 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:57:47.0687 0964 FltMgr - ok
19:57:47.0703 0964 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:57:47.0703 0964 Fs_Rec - ok
19:57:47.0718 0964 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:57:47.0718 0964 Ftdisk - ok
19:57:47.0750 0964 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:57:47.0750 0964 gameenum - ok
19:57:47.0765 0964 GMSIPCI - ok
19:57:47.0796 0964 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:57:47.0796 0964 Gpc - ok
19:57:47.0875 0964 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:57:47.0875 0964 gupdate - ok
19:57:47.0921 0964 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:57:47.0921 0964 gupdatem - ok
19:57:47.0968 0964 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:57:47.0984 0964 gusvc - ok
19:57:48.0046 0964 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:57:48.0046 0964 helpsvc - ok
19:57:48.0078 0964 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:57:48.0078 0964 HidServ - ok
19:57:48.0125 0964 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:57:48.0125 0964 HidUsb - ok
19:57:48.0140 0964 hpn - ok
19:57:48.0171 0964 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:57:48.0187 0964 HTTP - ok
19:57:48.0234 0964 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:57:48.0234 0964 HTTPFilter - ok
19:57:48.0250 0964 i2omgmt - ok
19:57:48.0250 0964 i2omp - ok
19:57:48.0281 0964 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:57:48.0281 0964 i8042prt - ok
19:57:48.0312 0964 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:57:48.0312 0964 Imapi - ok
19:57:48.0359 0964 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:57:48.0406 0964 ImapiService - ok
19:57:48.0421 0964 ini910u - ok
19:57:48.0437 0964 IntelIde - ok
19:57:48.0515 0964 [ CB5C2935491F0F998F1B62BFFA258464 ] Intels51 C:\WINDOWS\system32\DRIVERS\Intels51.sys
19:57:48.0546 0964 Intels51 - ok
19:57:48.0593 0964 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:57:48.0593 0964 Ip6Fw - ok
19:57:48.0625 0964 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:57:48.0625 0964 IpFilterDriver - ok
19:57:48.0640 0964 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:57:48.0640 0964 IpInIp - ok
19:57:48.0687 0964 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:57:48.0703 0964 IpNat - ok
19:57:48.0718 0964 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:57:48.0718 0964 IPSec - ok
19:57:48.0765 0964 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:57:48.0765 0964 IRENUM - ok
19:57:48.0781 0964 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:57:48.0781 0964 isapnp - ok
19:57:48.0890 0964 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:57:48.0906 0964 JavaQuickStarterService - ok
19:57:48.0953 0964 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:57:48.0953 0964 Kbdclass - ok
19:57:48.0984 0964 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:57:48.0984 0964 kbdhid - ok
19:57:49.0031 0964 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:57:49.0031 0964 kmixer - ok
19:57:49.0078 0964 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:57:49.0078 0964 KSecDD - ok
19:57:49.0109 0964 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:57:49.0109 0964 lanmanserver - ok
19:57:49.0156 0964 [ 3CD291A2C4909088B3D1E98DED73D4B2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:57:49.0171 0964 lanmanworkstation - ok
19:57:49.0187 0964 lbrtfdc - ok
19:57:49.0203 0964 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:57:49.0218 0964 LmHosts - ok
19:57:49.0265 0964 [ 5BB01B9F582259D1FB7653C5C1DA3653 ] MCSTRM C:\WINDOWS\system32\drivers\MCSTRM.sys
19:57:49.0265 0964 MCSTRM - ok
19:57:49.0343 0964 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
19:57:49.0359 0964 MDM - ok
19:57:49.0406 0964 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:57:49.0406 0964 Messenger - ok
19:57:49.0437 0964 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:57:49.0453 0964 mnmdd - ok
19:57:49.0484 0964 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:57:49.0484 0964 mnmsrvc - ok
19:57:49.0515 0964 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:57:49.0515 0964 Modem - ok
19:57:49.0531 0964 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:57:49.0546 0964 MODEMCSA - ok
19:57:49.0546 0964 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:57:49.0546 0964 Mouclass - ok
19:57:49.0578 0964 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:57:49.0578 0964 MountMgr - ok
19:57:49.0578 0964 mraid35x - ok
19:57:49.0609 0964 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:57:49.0609 0964 MRxDAV - ok
19:57:49.0656 0964 [ 025AF03CE51645C62F3B6907A7E2BE5E ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:57:49.0671 0964 MRxSmb - ok
19:57:49.0703 0964 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:57:49.0703 0964 MSDTC - ok
19:57:49.0734 0964 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:57:49.0734 0964 Msfs - ok
19:57:49.0734 0964 MSICPL - ok
19:57:49.0750 0964 MSIServer - ok
19:57:49.0781 0964 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:57:49.0781 0964 MSKSSRV - ok
19:57:49.0796 0964 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:57:49.0796 0964 MSPCLOCK - ok
19:57:49.0812 0964 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:57:49.0812 0964 MSPQM - ok
19:57:49.0843 0964 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:57:49.0843 0964 mssmbios - ok
19:57:49.0890 0964 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:57:49.0890 0964 MSTEE - ok
19:57:49.0921 0964 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
19:57:49.0921 0964 ms_mpu401 - ok
19:57:49.0953 0964 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:57:49.0953 0964 MTsensor - ok
19:57:50.0000 0964 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:57:50.0000 0964 Mup - ok
19:57:50.0046 0964 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:57:50.0046 0964 NABTSFEC - ok
19:57:50.0062 0964 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:57:50.0078 0964 NDIS - ok
19:57:50.0109 0964 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:57:50.0109 0964 NdisIP - ok
19:57:50.0125 0964 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:57:50.0125 0964 NdisTapi - ok
19:57:50.0156 0964 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:57:50.0156 0964 Ndisuio - ok
19:57:50.0171 0964 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:57:50.0171 0964 NdisWan - ok
19:57:50.0187 0964 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:57:50.0187 0964 NDProxy - ok
19:57:50.0218 0964 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:57:50.0218 0964 NetBIOS - ok
19:57:50.0234 0964 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:57:50.0250 0964 NetBT - ok
19:57:50.0281 0964 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:57:50.0281 0964 NetDDE - ok
19:57:50.0296 0964 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:57:50.0296 0964 NetDDEdsdm - ok
19:57:50.0343 0964 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:57:50.0343 0964 Netlogon - ok
19:57:50.0406 0964 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll
19:57:50.0406 0964 Netman - ok
19:57:50.0453 0964 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
19:57:50.0468 0964 Nla - ok
19:57:50.0484 0964 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:57:50.0484 0964 Npfs - ok
19:57:50.0531 0964 [ 4B4A21E158C039EE0888741BFE1D24E0 ] Nsynas32 C:\WINDOWS\system32\drivers\Nsynas32.sys
19:57:50.0531 0964 Nsynas32 - ok
19:57:50.0531 0964 NTACCESS - ok
19:57:50.0593 0964 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:57:50.0609 0964 Ntfs - ok
19:57:50.0609 0964 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:57:50.0609 0964 NtLmSsp - ok
19:57:50.0671 0964 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:57:50.0687 0964 NtmsSvc - ok
19:57:50.0703 0964 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:57:50.0703 0964 Null - ok
19:57:50.0734 0964 [ 720CC533EECB65553BD86B139CA04433 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:57:50.0734 0964 NVENETFD - ok
19:57:50.0750 0964 [ 5F9F545CC5904DD8765F84EE1D056406 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:57:50.0750 0964 nvnetbus - ok
19:57:50.0796 0964 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:57:50.0796 0964 NwlnkFlt - ok
19:57:50.0812 0964 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:57:50.0812 0964 NwlnkFwd - ok
19:57:50.0906 0964 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:57:50.0937 0964 odserv - ok
19:57:51.0000 0964 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:57:51.0000 0964 ose - ok
19:57:51.0031 0964 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:57:51.0031 0964 Parport - ok
19:57:51.0046 0964 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:57:51.0046 0964 PartMgr - ok
19:57:51.0093 0964 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:57:51.0093 0964 ParVdm - ok
19:57:51.0125 0964 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:57:51.0125 0964 PCI - ok
19:57:51.0140 0964 PCIDump - ok
19:57:51.0171 0964 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:57:51.0171 0964 PCIIde - ok
19:57:51.0234 0964 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:57:51.0265 0964 Pcmcia - ok
19:57:51.0265 0964 PDCOMP - ok
19:57:51.0281 0964 PDFRAME - ok
19:57:51.0296 0964 PDRELI - ok
19:57:51.0296 0964 PDRFRAME - ok
19:57:51.0312 0964 perc2 - ok
19:57:51.0328 0964 perc2hib - ok
19:57:51.0375 0964 [ 5903FA75200807AD739286BBF40C4904 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
19:57:51.0375 0964 pfc - ok
19:57:51.0406 0964 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
19:57:51.0406 0964 PlugPlay - ok
19:57:51.0421 0964 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:57:51.0421 0964 PolicyAgent - ok
19:57:51.0437 0964 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:57:51.0437 0964 PptpMiniport - ok
19:57:51.0468 0964 [ 0D97D88720A4087EC93AF7DBB303B30A ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:57:51.0468 0964 Processor - ok
19:57:51.0468 0964 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:57:51.0468 0964 ProtectedStorage - ok
19:57:51.0484 0964 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:57:51.0484 0964 PSched - ok
19:57:51.0500 0964 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:57:51.0500 0964 Ptilink - ok
19:57:51.0546 0964 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:57:51.0546 0964 PxHelp20 - ok
19:57:51.0546 0964 ql1080 - ok
19:57:51.0562 0964 Ql10wnt - ok
19:57:51.0578 0964 ql12160 - ok
19:57:51.0578 0964 ql1240 - ok
19:57:51.0593 0964 ql1280 - ok
19:57:51.0609 0964 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:57:51.0609 0964 RasAcd - ok
19:57:51.0640 0964 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:57:51.0656 0964 RasAuto - ok
19:57:51.0671 0964 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:57:51.0671 0964 Rasl2tp - ok
19:57:51.0718 0964 [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan C:\WINDOWS\System32\rasmans.dll
19:57:51.0734 0964 RasMan - ok
19:57:51.0750 0964 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:57:51.0750 0964 RasPppoe - ok
19:57:51.0750 0964 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:57:51.0750 0964 Raspti - ok
19:57:51.0781 0964 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:57:51.0781 0964 Rdbss - ok
19:57:51.0812 0964 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:57:51.0812 0964 RDPCDD - ok
19:57:51.0859 0964 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:57:51.0859 0964 rdpdr - ok
19:57:51.0890 0964 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:57:51.0921 0964 RDPWD - ok
19:57:51.0937 0964 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:57:51.0953 0964 RDSessMgr - ok
19:57:52.0000 0964 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:57:52.0000 0964 redbook - ok
19:57:52.0078 0964 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:57:52.0078 0964 RemoteAccess - ok
19:57:52.0093 0964 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:57:52.0093 0964 RemoteRegistry - ok
19:57:52.0140 0964 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
19:57:52.0140 0964 RpcLocator - ok
19:57:52.0171 0964 [ CE94A2BD25E3E9F4D46A7373FF455C6D ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:57:52.0171 0964 RpcSs - ok
19:57:52.0218 0964 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:57:52.0218 0964 RSVP - ok
19:57:52.0250 0964 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
19:57:52.0250 0964 SamSs - ok
19:57:52.0281 0964 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:57:52.0296 0964 SCardSvr - ok
19:57:52.0343 0964 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:57:52.0359 0964 Schedule - ok
19:57:52.0437 0964 [ 282B49EDCA987C4C5B19DE910F6356B7 ] Scope C:\WINDOWS\system32\drivers\scope.sys
19:57:52.0453 0964 Scope - ok
19:57:52.0484 0964 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:57:52.0484 0964 Secdrv - ok
19:57:52.0515 0964 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
19:57:52.0515 0964 seclogon - ok
19:57:52.0531 0964 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
19:57:52.0531 0964 SENS - ok
19:57:52.0546 0964 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:57:52.0546 0964 serenum - ok
19:57:52.0562 0964 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:57:52.0562 0964 Serial - ok
19:57:52.0562 0964 SetupNTGLM7X - ok
19:57:52.0578 0964 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:57:52.0578 0964 Sfloppy - ok
19:57:52.0625 0964 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:57:52.0640 0964 SharedAccess - ok
19:57:52.0671 0964 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:57:52.0671 0964 ShellHWDetection - ok
19:57:52.0671 0964 Simbad - ok
19:57:52.0703 0964 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:57:52.0703 0964 SLIP - ok
19:57:52.0718 0964 Sparrow - ok
19:57:52.0750 0964 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:57:52.0750 0964 splitter - ok
19:57:52.0781 0964 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:57:52.0781 0964 Spooler - ok
19:57:52.0828 0964 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:57:52.0828 0964 sr - ok
19:57:52.0859 0964 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
19:57:52.0859 0964 srservice - ok
19:57:52.0906 0964 [ EA554A3FFC3F536FE8320EB38F5E4843 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:57:52.0921 0964 Srv - ok
19:57:52.0953 0964 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:57:52.0953 0964 SSDPSRV - ok
19:57:52.0984 0964 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:57:53.0000 0964 stisvc - ok
19:57:53.0046 0964 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:57:53.0046 0964 streamip - ok
19:57:53.0062 0964 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:57:53.0078 0964 swenum - ok
19:57:53.0109 0964 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:57:53.0109 0964 swmidi - ok
19:57:53.0125 0964 SwPrv - ok
19:57:53.0125 0964 symc810 - ok
19:57:53.0140 0964 symc8xx - ok
19:57:53.0156 0964 sym_hi - ok
19:57:53.0156 0964 sym_u3 - ok
19:57:53.0171 0964 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:57:53.0187 0964 sysaudio - ok
19:57:53.0218 0964 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:57:53.0218 0964 SysmonLog - ok
19:57:53.0265 0964 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:57:53.0281 0964 TapiSrv - ok
19:57:53.0328 0964 [ 90CAFF4B094573449A0872A0F919B178 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:57:53.0375 0964 Tcpip - ok
19:57:53.0453 0964 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:57:53.0453 0964 TDPIPE - ok
19:57:53.0468 0964 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:57:53.0468 0964 TDTCP - ok
19:57:53.0625 0964 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:57:53.0703 0964 TeamViewer7 - ok
19:57:53.0718 0964 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:57:53.0718 0964 TermDD - ok
19:57:53.0781 0964 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
19:57:53.0796 0964 TermService - ok
19:57:53.0828 0964 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:57:53.0828 0964 Themes - ok
19:57:53.0859 0964 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:57:53.0875 0964 TlntSvr - ok
19:57:53.0875 0964 TosIde - ok
19:57:53.0906 0964 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:57:53.0906 0964 TrkWks - ok
19:57:53.0937 0964 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:57:53.0937 0964 Udfs - ok
19:57:53.0937 0964 ultra - ok
19:57:53.0968 0964 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:57:53.0984 0964 Update - ok
19:57:54.0015 0964 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:57:54.0031 0964 upnphost - ok
19:57:54.0046 0964 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
19:57:54.0062 0964 UPS - ok
19:57:54.0093 0964 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:57:54.0093 0964 usbaudio - ok
19:57:54.0140 0964 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:57:54.0140 0964 usbccgp - ok
19:57:54.0171 0964 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:57:54.0171 0964 usbehci - ok
19:57:54.0187 0964 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:57:54.0187 0964 usbhub - ok
19:57:54.0203 0964 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:57:54.0203 0964 usbohci - ok
19:57:54.0234 0964 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:57:54.0234 0964 usbprint - ok
19:57:54.0296 0964 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:57:54.0296 0964 usbscan - ok
19:57:54.0359 0964 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:57:54.0359 0964 USBSTOR - ok
19:57:54.0437 0964 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
19:57:54.0437 0964 usbvideo - ok
19:57:54.0437 0964 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:57:54.0437 0964 VgaSave - ok
19:57:54.0453 0964 ViaIde - ok
19:57:54.0484 0964 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:57:54.0484 0964 VolSnap - ok
19:57:54.0531 0964 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
19:57:54.0546 0964 VSS - ok
19:57:54.0593 0964 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
19:57:54.0593 0964 W32Time - ok
19:57:54.0625 0964 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:57:54.0625 0964 Wanarp - ok
19:57:54.0625 0964 WDICA - ok
19:57:54.0640 0964 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:57:54.0640 0964 wdmaud - ok
19:57:54.0687 0964 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
19:57:54.0687 0964 WebClient - ok
19:57:54.0765 0964 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:57:54.0781 0964 winmgmt - ok
19:57:54.0828 0964 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:57:54.0828 0964 WmdmPmSN - ok
19:57:54.0875 0964 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
19:57:54.0890 0964 Wmi - ok
19:57:54.0937 0964 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:57:54.0937 0964 WmiApSrv - ok
19:57:54.0968 0964 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:57:54.0968 0964 WS2IFSL - ok
19:57:55.0015 0964 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:57:55.0031 0964 wscsvc - ok
19:57:55.0062 0964 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:57:55.0062 0964 WSTCODEC - ok
19:57:55.0093 0964 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:57:55.0093 0964 wuauserv - ok
19:57:55.0156 0964 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:57:55.0156 0964 WudfPf - ok
19:57:55.0187 0964 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:57:55.0187 0964 WudfRd - ok
19:57:55.0250 0964 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:57:55.0250 0964 WudfSvc - ok
19:57:55.0296 0964 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:57:55.0312 0964 WZCSVC - ok
19:57:55.0390 0964 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:57:55.0421 0964 xmlprov - ok
19:57:55.0437 0964 ================ Scan global ===============================
19:57:55.0484 0964 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
19:57:55.0531 0964 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
19:57:55.0562 0964 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
19:57:55.0578 0964 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
19:57:55.0578 0964 [Global] - ok
19:57:55.0593 0964 ================ Scan MBR ==================================
19:57:55.0609 0964 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:57:55.0718 0964 \Device\Harddisk0\DR0 - ok
19:57:55.0734 0964 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:57:55.0734 0964 \Device\Harddisk1\DR1 - ok
19:57:55.0750 0964 ================ Scan VBR ==================================
19:57:55.0750 0964 [ 56830F42E51D19B05D9E1B81C70B223A ] \Device\Harddisk0\DR0\Partition1
19:57:55.0765 0964 \Device\Harddisk0\DR0\Partition1 - ok
19:57:55.0781 0964 [ 84355BE98D290BE4C0B39E2FAA79C616 ] \Device\Harddisk0\DR0\Partition2
19:57:55.0781 0964 \Device\Harddisk0\DR0\Partition2 - ok
19:57:55.0796 0964 [ 6BB316CB2CF88CF77AC56D0EA6097777 ] \Device\Harddisk1\DR1\Partition1
19:57:55.0796 0964 \Device\Harddisk1\DR1\Partition1 - ok
19:57:55.0796 0964 ============================================================
19:57:55.0796 0964 Scan finished
19:57:55.0796 0964 ============================================================
19:57:55.0812 0956 Detected object count: 0
19:57:55.0812 0956 Actual detected object count: 0
19:58:05.0328 1016 ============================================================
19:58:05.0328 1016 Scan started
19:58:05.0328 1016 Mode: Manual;
19:58:05.0328 1016 ============================================================
19:58:05.0593 1016 ================ Scan system memory ========================
19:58:05.0593 1016 System memory - ok
19:58:05.0593 1016 ================ Scan services =============================
19:58:05.0671 1016 Abiosdsk - ok
19:58:05.0671 1016 abp480n5 - ok
19:58:05.0718 1016 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:58:05.0718 1016 ACPI - ok
19:58:05.0765 1016 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:58:05.0765 1016 ACPIEC - ok
19:58:05.0765 1016 ADILOADER - ok
19:58:05.0781 1016 adiusbaw - ok
19:58:05.0828 1016 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:58:05.0828 1016 AdobeFlashPlayerUpdateSvc - ok
19:58:05.0843 1016 adpu160m - ok
19:58:05.0890 1016 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
19:58:05.0890 1016 aec - ok
19:58:05.0906 1016 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:58:05.0906 1016 AFD - ok
19:58:05.0921 1016 Aha154x - ok
19:58:05.0921 1016 aic78u2 - ok
19:58:05.0937 1016 aic78xx - ok
19:58:05.0968 1016 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:58:05.0968 1016 Alerter - ok
19:58:05.0984 1016 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
19:58:05.0984 1016 ALG - ok
19:58:06.0000 1016 AliIde - ok
19:58:06.0015 1016 amsint - ok
19:58:06.0093 1016 [ 367592EFCA7FF8B4CE11AB6B0744E1E2 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
19:58:06.0093 1016 Apple Mobile Device - ok
19:58:06.0156 1016 [ 52AD9ED5BD05E7801AF5EFD99652C74F ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
19:58:06.0156 1016 Application Updater - ok
19:58:06.0203 1016 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:58:06.0203 1016 AppMgmt - ok
19:58:06.0203 1016 asc - ok
19:58:06.0218 1016 asc3350p - ok
19:58:06.0234 1016 asc3550 - ok
19:58:06.0359 1016 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:58:06.0359 1016 aspnet_state - ok
19:58:06.0375 1016 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:58:06.0375 1016 AsyncMac - ok
19:58:06.0421 1016 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:58:06.0421 1016 atapi - ok
19:58:06.0421 1016 Atdisk - ok
19:58:06.0453 1016 [ 725BBF8C2D631505CF6375A9D603A112 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:58:06.0453 1016 Ati HotKey Poller - ok
19:58:06.0484 1016 [ 74D37389F951CA6A2786D3010C4FA706 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
19:58:06.0484 1016 ATI Smart - ok
19:58:06.0531 1016 [ F48FE6D69F7A224A2157D052E3B1A0FC ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:58:06.0531 1016 ati2mtag - ok
19:58:06.0578 1016 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:58:06.0578 1016 Atmarpc - ok
19:58:06.0625 1016 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:58:06.0625 1016 AudioSrv - ok
19:58:06.0656 1016 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:58:06.0656 1016 audstub - ok
19:58:06.0671 1016 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:58:06.0671 1016 Beep - ok
19:58:06.0718 1016 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
19:58:06.0718 1016 BITS - ok
19:58:06.0750 1016 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
19:58:06.0750 1016 Browser - ok
19:58:06.0843 1016 catchme - ok
19:58:06.0859 1016 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:58:06.0859 1016 cbidf2k - ok
19:58:06.0906 1016 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:58:06.0906 1016 CCDECODE - ok
19:58:06.0921 1016 cd20xrnt - ok
19:58:06.0937 1016 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:58:06.0937 1016 Cdaudio - ok
19:58:06.0968 1016 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:58:06.0968 1016 Cdfs - ok
19:58:07.0000 1016 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:58:07.0000 1016 Cdrom - ok
19:58:07.0015 1016 Changer - ok
19:58:07.0046 1016 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:58:07.0046 1016 CiSvc - ok
19:58:07.0078 1016 [ B53F9635457B56DCFFEF750E18AEC6CB ] CLEDX C:\WINDOWS\system32\DRIVERS\cledx.sys
19:58:07.0078 1016 CLEDX - ok
19:58:07.0109 1016 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:58:07.0109 1016 ClipSrv - ok
19:58:07.0140 1016 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:58:07.0140 1016 clr_optimization_v2.0.50727_32 - ok
19:58:07.0156 1016 CmdIde - ok
19:58:07.0156 1016 COMSysApp - ok
19:58:07.0187 1016 Cpqarray - ok
19:58:07.0218 1016 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:58:07.0218 1016 CryptSvc - ok
19:58:07.0234 1016 dac2w2k - ok
19:58:07.0234 1016 dac960nt - ok
19:58:07.0281 1016 [ CE94A2BD25E3E9F4D46A7373FF455C6D ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:58:07.0296 1016 DcomLaunch - ok
19:58:07.0328 1016 [ A5034F77B278F07E224FE07CF98A8B76 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
19:58:07.0328 1016 DgiVecp - ok
19:58:07.0359 1016 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:58:07.0359 1016 Dhcp - ok
19:58:07.0406 1016 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:58:07.0406 1016 Disk - ok
19:58:07.0406 1016 dmadmin - ok
19:58:07.0453 1016 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:58:07.0453 1016 dmboot - ok
19:58:07.0468 1016 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:58:07.0468 1016 dmio - ok
19:58:07.0484 1016 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:58:07.0484 1016 dmload - ok
19:58:07.0500 1016 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
19:58:07.0500 1016 dmserver - ok
19:58:07.0531 1016 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:58:07.0531 1016 DMusic - ok
19:58:07.0546 1016 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:58:07.0546 1016 Dnscache - ok
19:58:07.0562 1016 dpti2o - ok
19:58:07.0593 1016 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:58:07.0593 1016 drmkaud - ok
19:58:07.0625 1016 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:58:07.0625 1016 ERSvc - ok
19:58:07.0640 1016 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
19:58:07.0656 1016 Eventlog - ok
19:58:07.0687 1016 [ 34BBD9ACC1538818F2C878898C64E793 ] EventSystem C:\WINDOWS\system32\es.dll
19:58:07.0687 1016 EventSystem - ok
19:58:07.0703 1016 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:58:07.0703 1016 Fastfat - ok
19:58:07.0734 1016 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:58:07.0750 1016 FastUserSwitchingCompatibility - ok
19:58:07.0765 1016 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:58:07.0765 1016 Fdc - ok
19:58:07.0796 1016 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:58:07.0796 1016 Fips - ok
19:58:07.0812 1016 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:58:07.0812 1016 Flpydisk - ok
19:58:07.0843 1016 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:58:07.0843 1016 FltMgr - ok
19:58:07.0859 1016 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:58:07.0859 1016 Fs_Rec - ok
19:58:07.0875 1016 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:58:07.0875 1016 Ftdisk - ok
19:58:07.0906 1016 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:58:07.0906 1016 gameenum - ok
19:58:07.0906 1016 GMSIPCI - ok
19:58:07.0937 1016 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:58:07.0937 1016 Gpc - ok
19:58:08.0031 1016 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:58:08.0031 1016 gupdate - ok
19:58:08.0046 1016 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:58:08.0046 1016 gupdatem - ok
19:58:08.0093 1016 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:58:08.0093 1016 gusvc - ok
19:58:08.0156 1016 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:58:08.0156 1016 helpsvc - ok
19:58:08.0187 1016 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:58:08.0187 1016 HidServ - ok
19:58:08.0234 1016 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:58:08.0234 1016 HidUsb - ok
19:58:08.0234 1016 hpn - ok
19:58:08.0281 1016 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:58:08.0281 1016 HTTP - ok
19:58:08.0312 1016 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:58:08.0312 1016 HTTPFilter - ok
19:58:08.0328 1016 i2omgmt - ok
19:58:08.0343 1016 i2omp - ok
19:58:08.0359 1016 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:58:08.0359 1016 i8042prt - ok
19:58:08.0406 1016 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:58:08.0406 1016 Imapi - ok
19:58:08.0468 1016 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:58:08.0468 1016 ImapiService - ok
19:58:08.0484 1016 ini910u - ok
19:58:08.0500 1016 IntelIde - ok
19:58:08.0546 1016 [ CB5C2935491F0F998F1B62BFFA258464 ] Intels51 C:\WINDOWS\system32\DRIVERS\Intels51.sys
19:58:08.0546 1016 Intels51 - ok
19:58:08.0578 1016 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:58:08.0578 1016 Ip6Fw - ok
19:58:08.0609 1016 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:58:08.0609 1016 IpFilterDriver - ok
19:58:08.0640 1016 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:58:08.0640 1016 IpInIp - ok
19:58:08.0671 1016 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:58:08.0671 1016 IpNat - ok
19:58:08.0703 1016 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:58:08.0703 1016 IPSec - ok
19:58:08.0734 1016 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:58:08.0734 1016 IRENUM - ok
19:58:08.0765 1016 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:58:08.0765 1016 isapnp - ok
19:58:08.0859 1016 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:58:08.0859 1016 JavaQuickStarterService - ok
19:58:08.0890 1016 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:58:08.0890 1016 Kbdclass - ok
19:58:08.0906 1016 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:58:08.0906 1016 kbdhid - ok
19:58:08.0937 1016 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:58:08.0953 1016 kmixer - ok
19:58:08.0968 1016 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:58:08.0968 1016 KSecDD - ok
19:58:09.0000 1016 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:58:09.0000 1016 lanmanserver - ok
19:58:09.0046 1016 [ 3CD291A2C4909088B3D1E98DED73D4B2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:58:09.0046 1016 lanmanworkstation - ok
19:58:09.0046 1016 lbrtfdc - ok
19:58:09.0078 1016 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:58:09.0093 1016 LmHosts - ok
19:58:09.0125 1016 [ 5BB01B9F582259D1FB7653C5C1DA3653 ] MCSTRM C:\WINDOWS\system32\drivers\MCSTRM.sys
19:58:09.0125 1016 MCSTRM - ok
19:58:09.0171 1016 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
19:58:09.0171 1016 MDM - ok
19:58:09.0218 1016 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:58:09.0218 1016 Messenger - ok
19:58:09.0250 1016 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:58:09.0250 1016 mnmdd - ok
19:58:09.0281 1016 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:58:09.0281 1016 mnmsrvc - ok
19:58:09.0312 1016 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:58:09.0312 1016 Modem - ok
19:58:09.0343 1016 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:58:09.0343 1016 MODEMCSA - ok
19:58:09.0343 1016 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:58:09.0343 1016 Mouclass - ok
19:58:09.0375 1016 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:58:09.0375 1016 MountMgr - ok
19:58:09.0390 1016 mraid35x - ok
19:58:09.0406 1016 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:58:09.0406 1016 MRxDAV - ok
19:58:09.0453 1016 [ 025AF03CE51645C62F3B6907A7E2BE5E ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:58:09.0453 1016 MRxSmb - ok
19:58:09.0484 1016 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:58:09.0484 1016 MSDTC - ok
19:58:09.0500 1016 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:58:09.0500 1016 Msfs - ok
19:58:09.0515 1016 MSICPL - ok
19:58:09.0531 1016 MSIServer - ok
19:58:09.0546 1016 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:58:09.0546 1016 MSKSSRV - ok
19:58:09.0562 1016 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:58:09.0562 1016 MSPCLOCK - ok
19:58:09.0578 1016 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:58:09.0578 1016 MSPQM - ok
19:58:09.0625 1016 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:58:09.0625 1016 mssmbios - ok
19:58:09.0656 1016 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:58:09.0656 1016 MSTEE - ok
19:58:09.0687 1016 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
19:58:09.0687 1016 ms_mpu401 - ok
19:58:09.0718 1016 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:58:09.0718 1016 MTsensor - ok
19:58:09.0750 1016 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:58:09.0750 1016 Mup - ok
19:58:09.0765 1016 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:58:09.0765 1016 NABTSFEC - ok
19:58:09.0781 1016 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:58:09.0796 1016 NDIS - ok
19:58:09.0812 1016 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:58:09.0812 1016 NdisIP - ok
19:58:09.0843 1016 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:58:09.0843 1016 NdisTapi - ok
19:58:09.0875 1016 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:58:09.0875 1016 Ndisuio - ok
19:58:09.0890 1016 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:58:09.0890 1016 NdisWan - ok
19:58:09.0906 1016 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:58:09.0906 1016 NDProxy - ok
19:58:09.0921 1016 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:58:09.0937 1016 NetBIOS - ok
19:58:09.0953 1016 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:58:09.0953 1016 NetBT - ok
19:58:10.0000 1016 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:58:10.0000 1016 NetDDE - ok
19:58:10.0015 1016 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:58:10.0015 1016 NetDDEdsdm - ok
19:58:10.0031 1016 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:58:10.0031 1016 Netlogon - ok
19:58:10.0078 1016 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll
19:58:10.0078 1016 Netman - ok
19:58:10.0125 1016 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
19:58:10.0140 1016 Nla - ok
19:58:10.0140 1016 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:58:10.0140 1016 Npfs - ok
19:58:10.0187 1016 [ 4B4A21E158C039EE0888741BFE1D24E0 ] Nsynas32 C:\WINDOWS\system32\drivers\Nsynas32.sys
19:58:10.0187 1016 Nsynas32 - ok
19:58:10.0187 1016 NTACCESS - ok
19:58:10.0250 1016 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:58:10.0250 1016 Ntfs - ok
19:58:10.0265 1016 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:58:10.0265 1016 NtLmSsp - ok
19:58:10.0312 1016 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:58:10.0312 1016 NtmsSvc - ok
19:58:10.0343 1016 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:58:10.0343 1016 Null - ok
19:58:10.0375 1016 [ 720CC533EECB65553BD86B139CA04433 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:58:10.0375 1016 NVENETFD - ok
19:58:10.0390 1016 [ 5F9F545CC5904DD8765F84EE1D056406 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:58:10.0390 1016 nvnetbus - ok
19:58:10.0421 1016 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:58:10.0421 1016 NwlnkFlt - ok
19:58:10.0437 1016 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:58:10.0437 1016 NwlnkFwd - ok
19:58:10.0500 1016 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:58:10.0515 1016 odserv - ok
19:58:10.0546 1016 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:58:10.0546 1016 ose - ok
19:58:10.0578 1016 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:58:10.0578 1016 Parport - ok
19:58:10.0593 1016 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:58:10.0593 1016 PartMgr - ok
19:58:10.0625 1016 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:58:10.0625 1016 ParVdm - ok
19:58:10.0656 1016 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:58:10.0656 1016 PCI - ok
19:58:10.0656 1016 PCIDump - ok
19:58:10.0671 1016 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:58:10.0671 1016 PCIIde - ok
19:58:10.0718 1016 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:58:10.0718 1016 Pcmcia - ok
19:58:10.0718 1016 PDCOMP - ok
19:58:10.0734 1016 PDFRAME - ok
19:58:10.0734 1016 PDRELI - ok
19:58:10.0750 1016 PDRFRAME - ok
19:58:10.0765 1016 perc2 - ok
19:58:10.0765 1016 perc2hib - ok
19:58:10.0828 1016 [ 5903FA75200807AD739286BBF40C4904 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
19:58:10.0828 1016 pfc - ok
19:58:10.0843 1016 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
19:58:10.0843 1016 PlugPlay - ok
19:58:10.0859 1016 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:58:10.0859 1016 PolicyAgent - ok
19:58:10.0875 1016 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:58:10.0875 1016 PptpMiniport - ok
19:58:10.0890 1016 [ 0D97D88720A4087EC93AF7DBB303B30A ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:58:10.0890 1016 Processor - ok
19:58:10.0906 1016 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:58:10.0906 1016 ProtectedStorage - ok
19:58:10.0921 1016 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:58:10.0921 1016 PSched - ok
19:58:10.0953 1016 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:58:10.0953 1016 Ptilink - ok
19:58:11.0000 1016 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:58:11.0000 1016 PxHelp20 - ok
19:58:11.0000 1016 ql1080 - ok
19:58:11.0015 1016 Ql10wnt - ok
19:58:11.0031 1016 ql12160 - ok
19:58:11.0031 1016 ql1240 - ok
19:58:11.0046 1016 ql1280 - ok
19:58:11.0062 1016 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:58:11.0062 1016 RasAcd - ok
19:58:11.0078 1016 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:58:11.0078 1016 RasAuto - ok
19:58:11.0093 1016 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:58:11.0093 1016 Rasl2tp - ok
19:58:11.0125 1016 [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan C:\WINDOWS\System32\rasmans.dll
19:58:11.0140 1016 RasMan - ok
19:58:11.0156 1016 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:58:11.0156 1016 RasPppoe - ok
19:58:11.0187 1016 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:58:11.0187 1016 Raspti - ok
19:58:11.0203 1016 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:58:11.0203 1016 Rdbss - ok
19:58:11.0234 1016 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:58:11.0234 1016 RDPCDD - ok
19:58:11.0265 1016 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:58:11.0265 1016 rdpdr - ok
19:58:11.0296 1016 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:58:11.0296 1016 RDPWD - ok
19:58:11.0343 1016 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:58:11.0343 1016 RDSessMgr - ok
19:58:11.0375 1016 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:58:11.0375 1016 redbook - ok
19:58:11.0406 1016 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:58:11.0406 1016 RemoteAccess - ok
19:58:11.0437 1016 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:58:11.0437 1016 RemoteRegistry - ok
19:58:11.0468 1016 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
19:58:11.0468 1016 RpcLocator - ok
19:58:11.0500 1016 [ CE94A2BD25E3E9F4D46A7373FF455C6D ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:58:11.0500 1016 RpcSs - ok
19:58:11.0546 1016 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:58:11.0546 1016 RSVP - ok
19:58:11.0562 1016 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
19:58:11.0578 1016 SamSs - ok
19:58:11.0609 1016 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:58:11.0609 1016 SCardSvr - ok
19:58:11.0671 1016 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:58:11.0671 1016 Schedule - ok
19:58:11.0703 1016 [ 282B49EDCA987C4C5B19DE910F6356B7 ] Scope C:\WINDOWS\system32\drivers\scope.sys
19:58:11.0703 1016 Scope - ok
19:58:11.0734 1016 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:58:11.0734 1016 Secdrv - ok
19:58:11.0765 1016 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
19:58:11.0781 1016 seclogon - ok
19:58:11.0796 1016 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
19:58:11.0796 1016 SENS - ok
19:58:11.0812 1016 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:58:11.0812 1016 serenum - ok
19:58:11.0828 1016 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:58:11.0828 1016 Serial - ok
19:58:11.0828 1016 SetupNTGLM7X - ok
19:58:11.0843 1016 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:58:11.0843 1016 Sfloppy - ok
19:58:11.0875 1016 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:58:11.0875 1016 SharedAccess - ok
19:58:11.0906 1016 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:58:11.0906 1016 ShellHWDetection - ok
19:58:11.0921 1016 Simbad - ok
19:58:11.0953 1016 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:58:11.0953 1016 SLIP - ok
19:58:11.0953 1016 Sparrow - ok
19:58:11.0984 1016 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:58:11.0984 1016 splitter - ok
19:58:12.0015 1016 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:58:12.0015 1016 Spooler - ok
19:58:12.0062 1016 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:58:12.0062 1016 sr - ok
19:58:12.0093 1016 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
19:58:12.0093 1016 srservice - ok
19:58:12.0109 1016 [ EA554A3FFC3F536FE8320EB38F5E4843 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:58:12.0125 1016 Srv - ok
19:58:12.0156 1016 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:58:12.0156 1016 SSDPSRV - ok
19:58:12.0187 1016 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:58:12.0187 1016 stisvc - ok
19:58:12.0218 1016 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:58:12.0218 1016 streamip - ok
19:58:12.0250 1016 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:58:12.0250 1016 swenum - ok
19:58:12.0265 1016 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:58:12.0265 1016 swmidi - ok
19:58:12.0281 1016 SwPrv - ok
19:58:12.0296 1016 symc810 - ok
19:58:12.0296 1016 symc8xx - ok
19:58:12.0312 1016 sym_hi - ok
19:58:12.0328 1016 sym_u3 - ok
19:58:12.0359 1016 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:58:12.0359 1016 sysaudio - ok
19:58:12.0390 1016 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:58:12.0390 1016 SysmonLog - ok
19:58:12.0437 1016 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:58:12.0437 1016 TapiSrv - ok
19:58:12.0484 1016 [ 90CAFF4B094573449A0872A0F919B178 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:58:12.0484 1016 Tcpip - ok
19:58:12.0515 1016 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:58:12.0515 1016 TDPIPE - ok
19:58:12.0546 1016 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:58:12.0546 1016 TDTCP - ok
19:58:12.0671 1016 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:58:12.0687 1016 TeamViewer7 - ok
19:58:12.0703 1016 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:58:12.0703 1016 TermDD - ok
19:58:12.0734 1016 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
19:58:12.0734 1016 TermService - ok
19:58:12.0765 1016 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:58:12.0765 1016 Themes - ok
19:58:12.0796 1016 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:58:12.0796 1016 TlntSvr - ok
19:58:12.0812 1016 TosIde - ok
19:58:12.0843 1016 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:58:12.0843 1016 TrkWks - ok
19:58:12.0875 1016 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:58:12.0875 1016 Udfs - ok
19:58:12.0890 1016 ultra - ok
19:58:12.0906 1016 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:58:12.0921 1016 Update - ok
19:58:12.0953 1016 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:58:12.0968 1016 upnphost - ok
19:58:12.0984 1016 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
19:58:12.0984 1016 UPS - ok
19:58:13.0031 1016 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:58:13.0031 1016 usbaudio - ok
19:58:13.0046 1016 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:58:13.0046 1016 usbccgp - ok
19:58:13.0078 1016 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:58:13.0078 1016 usbehci - ok
19:58:13.0093 1016 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:58:13.0093 1016 usbhub - ok
19:58:13.0109 1016 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:58:13.0109 1016 usbohci - ok
19:58:13.0156 1016 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:58:13.0156 1016 usbprint - ok
19:58:13.0187 1016 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:58:13.0187 1016 usbscan - ok
19:58:13.0218 1016 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:58:13.0218 1016 USBSTOR - ok
19:58:13.0250 1016 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
19:58:13.0265 1016 usbvideo - ok
19:58:13.0265 1016 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:58:13.0265 1016 VgaSave - ok
19:58:13.0281 1016 ViaIde - ok
19:58:13.0296 1016 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:58:13.0296 1016 VolSnap - ok
19:58:13.0343 1016 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
19:58:13.0343 1016 VSS - ok
19:58:13.0390 1016 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
19:58:13.0390 1016 W32Time - ok
19:58:13.0437 1016 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:58:13.0437 1016 Wanarp - ok
19:58:13.0453 1016 WDICA - ok
19:58:13.0468 1016 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:58:13.0468 1016 wdmaud - ok
19:58:13.0500 1016 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
19:58:13.0500 1016 WebClient - ok
19:58:13.0562 1016 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:58:13.0562 1016 winmgmt - ok
19:58:13.0609 1016 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:58:13.0609 1016 WmdmPmSN - ok
19:58:13.0656 1016 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
19:58:13.0656 1016 Wmi - ok
19:58:13.0687 1016 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:58:13.0687 1016 WmiApSrv - ok
19:58:13.0734 1016 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:58:13.0734 1016 WS2IFSL - ok
19:58:13.0765 1016 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:58:13.0765 1016 wscsvc - ok
19:58:13.0812 1016 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:58:13.0812 1016 WSTCODEC - ok
19:58:13.0843 1016 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:58:13.0843 1016 wuauserv - ok
19:58:13.0875 1016 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:58:13.0875 1016 WudfPf - ok
19:58:13.0906 1016 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:58:13.0906 1016 WudfRd - ok
19:58:13.0921 1016 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:58:13.0937 1016 WudfSvc - ok
19:58:13.0953 1016 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:58:13.0968 1016 WZCSVC - ok
19:58:14.0000 1016 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:58:14.0000 1016 xmlprov - ok
19:58:14.0015 1016 ================ Scan global ===============================
19:58:14.0046 1016 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
19:58:14.0078 1016 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
19:58:14.0109 1016 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
19:58:14.0140 1016 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
19:58:14.0140 1016 [Global] - ok
19:58:14.0140 1016 ================ Scan MBR ==================================
19:58:14.0156 1016 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:58:14.0281 1016 \Device\Harddisk0\DR0 - ok
19:58:14.0281 1016 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:58:14.0296 1016 \Device\Harddisk1\DR1 - ok
19:58:14.0296 1016 ================ Scan VBR ==================================
19:58:14.0312 1016 [ 56830F42E51D19B05D9E1B81C70B223A ] \Device\Harddisk0\DR0\Partition1
19:58:14.0312 1016 \Device\Harddisk0\DR0\Partition1 - ok
19:58:14.0328 1016 [ 84355BE98D290BE4C0B39E2FAA79C616 ] \Device\Harddisk0\DR0\Partition2
19:58:14.0328 1016 \Device\Harddisk0\DR0\Partition2 - ok
19:58:14.0343 1016 [ 6BB316CB2CF88CF77AC56D0EA6097777 ] \Device\Harddisk1\DR1\Partition1
19:58:14.0343 1016 \Device\Harddisk1\DR1\Partition1 - ok
19:58:14.0359 1016 ============================================================
19:58:14.0359 1016 Scan finished
19:58:14.0359 1016 ============================================================
19:58:14.0375 0976 Detected object count: 0
19:58:14.0375 0976 Actual detected object count: 0
19:59:03.0875 1036 ============================================================
19:59:03.0875 1036 Scan started
19:59:03.0875 1036 Mode: Manual;
19:59:03.0875 1036 ============================================================
19:59:04.0015 1036 ================ Scan system memory ========================
19:59:04.0015 1036 System memory - ok
19:59:04.0015 1036 ================ Scan services =============================
19:59:04.0093 1036 Abiosdsk - ok
19:59:04.0109 1036 abp480n5 - ok
19:59:04.0140 1036 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:59:04.0140 1036 ACPI - ok
19:59:04.0171 1036 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:59:04.0187 1036 ACPIEC - ok
19:59:04.0187 1036 ADILOADER - ok
19:59:04.0203 1036 adiusbaw - ok
19:59:04.0281 1036 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:59:04.0281 1036 AdobeFlashPlayerUpdateSvc - ok
19:59:04.0281 1036 adpu160m - ok
19:59:04.0328 1036 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
19:59:04.0328 1036 aec - ok
19:59:04.0343 1036 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:59:04.0343 1036 AFD - ok
19:59:04.0359 1036 Aha154x - ok
19:59:04.0375 1036 aic78u2 - ok
19:59:04.0390 1036 aic78xx - ok
19:59:04.0421 1036 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:59:04.0421 1036 Alerter - ok
19:59:04.0437 1036 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
19:59:04.0437 1036 ALG - ok
19:59:04.0453 1036 AliIde - ok
19:59:04.0468 1036 amsint - ok
19:59:04.0562 1036 [ 367592EFCA7FF8B4CE11AB6B0744E1E2 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
19:59:04.0562 1036 Apple Mobile Device - ok
19:59:04.0609 1036 [ 52AD9ED5BD05E7801AF5EFD99652C74F ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
19:59:04.0625 1036 Application Updater - ok
19:59:04.0671 1036 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:59:04.0671 1036 AppMgmt - ok
19:59:04.0671 1036 asc - ok
19:59:04.0687 1036 asc3350p - ok
19:59:04.0703 1036 asc3550 - ok
19:59:04.0812 1036 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:59:04.0812 1036 aspnet_state - ok
19:59:04.0843 1036 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:59:04.0843 1036 AsyncMac - ok
19:59:04.0875 1036 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:59:04.0875 1036 atapi - ok
19:59:04.0890 1036 Atdisk - ok
19:59:04.0921 1036 [ 725BBF8C2D631505CF6375A9D603A112 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:59:04.0921 1036 Ati HotKey Poller - ok
19:59:04.0953 1036 [ 74D37389F951CA6A2786D3010C4FA706 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
19:59:04.0953 1036 ATI Smart - ok
19:59:05.0000 1036 [ F48FE6D69F7A224A2157D052E3B1A0FC ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:59:05.0015 1036 ati2mtag - ok
19:59:05.0046 1036 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:59:05.0046 1036 Atmarpc - ok
19:59:05.0078 1036 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:59:05.0078 1036 AudioSrv - ok
19:59:05.0125 1036 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:59:05.0125 1036 audstub - ok
19:59:05.0156 1036 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:59:05.0156 1036 Beep - ok
19:59:05.0187 1036 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
19:59:05.0187 1036 BITS - ok
19:59:05.0218 1036 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
19:59:05.0218 1036 Browser - ok
19:59:05.0296 1036 catchme - ok
19:59:05.0328 1036 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:59:05.0328 1036 cbidf2k - ok
19:59:05.0359 1036 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:59:05.0359 1036 CCDECODE - ok
19:59:05.0359 1036 cd20xrnt - ok
19:59:05.0390 1036 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:59:05.0390 1036 Cdaudio - ok
19:59:05.0421 1036 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:59:05.0421 1036 Cdfs - ok
19:59:05.0468 1036 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:59:05.0468 1036 Cdrom - ok
19:59:05.0468 1036 Changer - ok
19:59:05.0484 1036 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:59:05.0484 1036 CiSvc - ok
19:59:05.0531 1036 [ B53F9635457B56DCFFEF750E18AEC6CB ] CLEDX C:\WINDOWS\system32\DRIVERS\cledx.sys
19:59:05.0531 1036 CLEDX - ok
19:59:05.0546 1036 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:59:05.0546 1036 ClipSrv - ok
19:59:05.0593 1036 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:59:05.0593 1036 clr_optimization_v2.0.50727_32 - ok
19:59:05.0593 1036 CmdIde - ok
19:59:05.0609 1036 COMSysApp - ok
19:59:05.0625 1036 Cpqarray - ok
19:59:05.0671 1036 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:59:05.0671 1036 CryptSvc - ok
19:59:05.0687 1036 dac2w2k - ok
19:59:05.0687 1036 dac960nt - ok
19:59:05.0750 1036 [ CE94A2BD25E3E9F4D46A7373FF455C6D ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:59:05.0750 1036 DcomLaunch - ok
19:59:05.0781 1036 [ A5034F77B278F07E224FE07CF98A8B76 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
19:59:05.0781 1036 DgiVecp - ok
19:59:05.0828 1036 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:59:05.0828 1036 Dhcp - ok
19:59:05.0859 1036 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:59:05.0859 1036 Disk - ok
19:59:05.0875 1036 dmadmin - ok
19:59:05.0921 1036 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:59:05.0937 1036 dmboot - ok
19:59:05.0937 1036 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:59:05.0937 1036 dmio - ok
19:59:05.0968 1036 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:59:05.0968 1036 dmload - ok
19:59:05.0984 1036 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
19:59:05.0984 1036 dmserver - ok
19:59:06.0015 1036 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:59:06.0031 1036 DMusic - ok
19:59:06.0031 1036 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:59:06.0046 1036 Dnscache - ok
19:59:06.0046 1036 dpti2o - ok
19:59:06.0062 1036 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:59:06.0062 1036 drmkaud - ok
19:59:06.0093 1036 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:59:06.0093 1036 ERSvc - ok
19:59:06.0125 1036 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
19:59:06.0125 1036 Eventlog - ok
19:59:06.0156 1036 [ 34BBD9ACC1538818F2C878898C64E793 ] EventSystem C:\WINDOWS\system32\es.dll
19:59:06.0171 1036 EventSystem - ok
19:59:06.0187 1036 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:59:06.0187 1036 Fastfat - ok
19:59:06.0234 1036 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:59:06.0234 1036 FastUserSwitchingCompatibility - ok
19:59:06.0250 1036 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:59:06.0250 1036 Fdc - ok
19:59:06.0281 1036 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:59:06.0281 1036 Fips - ok
19:59:06.0296 1036 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:59:06.0296 1036 Flpydisk - ok
19:59:06.0359 1036 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:59:06.0359 1036 FltMgr - ok
19:59:06.0375 1036 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:59:06.0375 1036 Fs_Rec - ok
19:59:06.0375 1036 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:59:06.0375 1036 Ftdisk - ok
19:59:06.0406 1036 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:59:06.0406 1036 gameenum - ok
19:59:06.0421 1036 GMSIPCI - ok
19:59:06.0453 1036 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:59:06.0453 1036 Gpc - ok
19:59:06.0531 1036 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:59:06.0531 1036 gupdate - ok
19:59:06.0546 1036 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:59:06.0562 1036 gupdatem - ok
19:59:06.0593 1036 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:59:06.0593 1036 gusvc - ok
19:59:06.0656 1036 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:59:06.0656 1036 helpsvc - ok
19:59:06.0687 1036 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:59:06.0687 1036 HidServ - ok
19:59:06.0718 1036 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:59:06.0718 1036 HidUsb - ok
19:59:06.0734 1036 hpn - ok
19:59:06.0781 1036 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:59:06.0781 1036 HTTP - ok
19:59:06.0812 1036 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:59:06.0812 1036 HTTPFilter - ok
19:59:06.0828 1036 i2omgmt - ok
19:59:06.0828 1036 i2omp - ok
19:59:06.0859 1036 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:59:06.0859 1036 i8042prt - ok
19:59:06.0890 1036 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:59:06.0906 1036 Imapi - ok
19:59:06.0937 1036 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:59:06.0937 1036 ImapiService - ok
19:59:06.0953 1036 ini910u - ok
19:59:06.0968 1036 IntelIde - ok
19:59:07.0031 1036 [ CB5C2935491F0F998F1B62BFFA258464 ] Intels51 C:\WINDOWS\system32\DRIVERS\Intels51.sys
19:59:07.0031 1036 Intels51 - ok
19:59:07.0062 1036 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:59:07.0062 1036 Ip6Fw - ok
19:59:07.0093 1036 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:59:07.0093 1036 IpFilterDriver - ok
19:59:07.0109 1036 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:59:07.0109 1036 IpInIp - ok
19:59:07.0140 1036 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:59:07.0140 1036 IpNat - ok
19:59:07.0171 1036 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:59:07.0171 1036 IPSec - ok
19:59:07.0203 1036 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:59:07.0203 1036 IRENUM - ok
19:59:07.0234 1036 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:59:07.0234 1036 isapnp - ok
19:59:07.0343 1036 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:59:07.0343 1036 JavaQuickStarterService - ok
19:59:07.0375 1036 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:59:07.0375 1036 Kbdclass - ok
19:59:07.0406 1036 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:59:07.0406 1036 kbdhid - ok
19:59:07.0437 1036 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:59:07.0437 1036 kmixer - ok
19:59:07.0453 1036 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:59:07.0453 1036 KSecDD - ok
19:59:07.0484 1036 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:59:07.0484 1036 lanmanserver - ok
19:59:07.0515 1036 [ 3CD291A2C4909088B3D1E98DED73D4B2 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:59:07.0515 1036 lanmanworkstation - ok
19:59:07.0531 1036 lbrtfdc - ok
19:59:07.0562 1036 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:59:07.0562 1036 LmHosts - ok
19:59:07.0593 1036 [ 5BB01B9F582259D1FB7653C5C1DA3653 ] MCSTRM C:\WINDOWS\system32\drivers\MCSTRM.sys
19:59:07.0593 1036 MCSTRM - ok
19:59:07.0656 1036 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
19:59:07.0656 1036 MDM - ok
19:59:07.0671 1036 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:59:07.0671 1036 Messenger - ok
19:59:07.0718 1036 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:59:07.0718 1036 mnmdd - ok
19:59:07.0750 1036 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:59:07.0750 1036 mnmsrvc - ok
19:59:07.0781 1036 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:59:07.0781 1036 Modem - ok
19:59:07.0812 1036 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:59:07.0812 1036 MODEMCSA - ok
19:59:07.0828 1036 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:59:07.0828 1036 Mouclass - ok
19:59:07.0843 1036 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:59:07.0843 1036 MountMgr - ok
19:59:07.0859 1036 mraid35x - ok
19:59:07.0875 1036 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:59:07.0890 1036 MRxDAV - ok
19:59:07.0921 1036 [ 025AF03CE51645C62F3B6907A7E2BE5E ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:59:07.0921 1036 MRxSmb - ok
19:59:07.0953 1036 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:59:07.0953 1036 MSDTC - ok
19:59:07.0984 1036 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:59:07.0984 1036 Msfs - ok
19:59:08.0000 1036 MSICPL - ok
19:59:08.0015 1036 MSIServer - ok
19:59:08.0031 1036 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:59:08.0031 1036 MSKSSRV - ok
19:59:08.0046 1036 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:59:08.0046 1036 MSPCLOCK - ok
19:59:08.0062 1036 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:59:08.0062 1036 MSPQM - ok
19:59:08.0093 1036 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:59:08.0093 1036 mssmbios - ok
19:59:08.0125 1036 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:59:08.0125 1036 MSTEE - ok
19:59:08.0156 1036 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
19:59:08.0156 1036 ms_mpu401 - ok
19:59:08.0187 1036 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:59:08.0187 1036 MTsensor - ok
19:59:08.0218 1036 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:59:08.0218 1036 Mup - ok
19:59:08.0234 1036 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:59:08.0250 1036 NABTSFEC - ok
19:59:08.0250 1036 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:59:08.0265 1036 NDIS - ok
19:59:08.0281 1036 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:59:08.0281 1036 NdisIP - ok
19:59:08.0312 1036 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:59:08.0312 1036 NdisTapi - ok
19:59:08.0359 1036 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:59:08.0359 1036 Ndisuio - ok
19:59:08.0375 1036 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:59:08.0375 1036 NdisWan - ok
19:59:08.0390 1036 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:59:08.0390 1036 NDProxy - ok
19:59:08.0421 1036 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:59:08.0421 1036 NetBIOS - ok
19:59:08.0437 1036 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:59:08.0437 1036 NetBT - ok
19:59:08.0484 1036 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
19:59:08.0484 1036 NetDDE - ok
19:59:08.0500 1036 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:59:08.0500 1036 NetDDEdsdm - ok
19:59:08.0531 1036 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:59:08.0531 1036 Netlogon - ok
19:59:08.0562 1036 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll
19:59:08.0562 1036 Netman - ok
19:59:08.0609 1036 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
19:59:08.0609 1036 Nla - ok
19:59:08.0625 1036 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:59:08.0625 1036 Npfs - ok
19:59:08.0671 1036 [ 4B4A21E158C039EE0888741BFE1D24E0 ] Nsynas32 C:\WINDOWS\system32\drivers\Nsynas32.sys
19:59:08.0671 1036 Nsynas32 - ok
19:59:08.0687 1036 NTACCESS - ok
19:59:08.0734 1036 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:59:08.0734 1036 Ntfs - ok
19:59:08.0750 1036 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:59:08.0765 1036 NtLmSsp - ok
19:59:08.0812 1036 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:59:08.0812 1036 NtmsSvc - ok
19:59:08.0828 1036 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:59:08.0828 1036 Null - ok
19:59:08.0875 1036 [ 720CC533EECB65553BD86B139CA04433 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:59:08.0875 1036 NVENETFD - ok
19:59:08.0875 1036 [ 5F9F545CC5904DD8765F84EE1D056406 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:59:08.0875 1036 nvnetbus - ok
19:59:08.0906 1036 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:59:08.0906 1036 NwlnkFlt - ok
19:59:08.0921 1036 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:59:08.0921 1036 NwlnkFwd - ok
19:59:09.0015 1036 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:59:09.0015 1036 odserv - ok
19:59:09.0062 1036 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:59:09.0062 1036 ose - ok
19:59:09.0093 1036 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:59:09.0093 1036 Parport - ok
19:59:09.0109 1036 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:59:09.0109 1036 PartMgr - ok
19:59:09.0140 1036 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:59:09.0140 1036 ParVdm - ok
19:59:09.0171 1036 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:59:09.0171 1036 PCI - ok
19:59:09.0187 1036 PCIDump - ok
19:59:09.0203 1036 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:59:09.0203 1036 PCIIde - ok
19:59:09.0250 1036 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:59:09.0250 1036 Pcmcia - ok
19:59:09.0265 1036 PDCOMP - ok
19:59:09.0281 1036 PDFRAME - ok
19:59:09.0296 1036 PDRELI - ok
19:59:09.0296 1036 PDRFRAME - ok
19:59:09.0312 1036 perc2 - ok
19:59:09.0328 1036 perc2hib - ok
19:59:09.0375 1036 [ 5903FA75200807AD739286BBF40C4904 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
19:59:09.0375 1036 pfc - ok
19:59:09.0390 1036 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
19:59:09.0406 1036 PlugPlay - ok
19:59:09.0421 1036 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:59:09.0421 1036 PolicyAgent - ok
19:59:09.0437 1036 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:59:09.0437 1036 PptpMiniport - ok
19:59:09.0453 1036 [ 0D97D88720A4087EC93AF7DBB303B30A ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:59:09.0453 1036 Processor - ok
19:59:09.0468 1036 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:59:09.0468 1036 ProtectedStorage - ok
19:59:09.0484 1036 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:59:09.0484 1036 PSched - ok
19:59:09.0500 1036 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:59:09.0500 1036 Ptilink - ok
19:59:09.0531 1036 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:59:09.0531 1036 PxHelp20 - ok
19:59:09.0531 1036 ql1080 - ok
19:59:09.0546 1036 Ql10wnt - ok
19:59:09.0562 1036 ql12160 - ok
19:59:09.0562 1036 ql1240 - ok
19:59:09.0578 1036 ql1280 - ok
19:59:09.0593 1036 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:59:09.0593 1036 RasAcd - ok
19:59:09.0609 1036 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:59:09.0609 1036 RasAuto - ok
19:59:09.0625 1036 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:59:09.0625 1036 Rasl2tp - ok
19:59:09.0656 1036 [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan C:\WINDOWS\System32\rasmans.dll
19:59:09.0656 1036 RasMan - ok
19:59:09.0687 1036 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:59:09.0687 1036 RasPppoe - ok
19:59:09.0703 1036 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:59:09.0703 1036 Raspti - ok
19:59:09.0718 1036 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:59:09.0734 1036 Rdbss - ok
19:59:09.0750 1036 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:59:09.0750 1036 RDPCDD - ok
19:59:09.0781 1036 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:59:09.0781 1036 rdpdr - ok
19:59:09.0812 1036 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:59:09.0828 1036 RDPWD - ok
19:59:09.0843 1036 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:59:09.0843 1036 RDSessMgr - ok
19:59:09.0890 1036 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:59:09.0890 1036 redbook - ok
19:59:09.0921 1036 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:59:09.0937 1036 RemoteAccess - ok
19:59:09.0953 1036 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:59:09.0953 1036 RemoteRegistry - ok
19:59:09.0984 1036 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
19:59:09.0984 1036 RpcLocator - ok
19:59:10.0015 1036 [ CE94A2BD25E3E9F4D46A7373FF455C6D ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:59:10.0015 1036 RpcSs - ok
19:59:10.0062 1036 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:59:10.0062 1036 RSVP - ok
19:59:10.0078 1036 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
19:59:10.0078 1036 SamSs - ok
19:59:10.0109 1036 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:59:10.0125 1036 SCardSvr - ok
19:59:10.0171 1036 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:59:10.0171 1036 Schedule - ok
19:59:10.0203 1036 [ 282B49EDCA987C4C5B19DE910F6356B7 ] Scope C:\WINDOWS\system32\drivers\scope.sys
19:59:10.0203 1036 Scope - ok
19:59:10.0250 1036 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:59:10.0250 1036 Secdrv - ok
19:59:10.0281 1036 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
19:59:10.0281 1036 seclogon - ok
19:59:10.0296 1036 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
19:59:10.0296 1036 SENS - ok
19:59:10.0312 1036 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:59:10.0312 1036 serenum - ok
19:59:10.0343 1036 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:59:10.0343 1036 Serial - ok
19:59:10.0343 1036 SetupNTGLM7X - ok
19:59:10.0359 1036 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:59:10.0359 1036 Sfloppy - ok
19:59:10.0421 1036 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:59:10.0421 1036 SharedAccess - ok
19:59:10.0437 1036 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:59:10.0453 1036 ShellHWDetection - ok
19:59:10.0453 1036 Simbad - ok
19:59:10.0484 1036 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:59:10.0484 1036 SLIP - ok
19:59:10.0500 1036 Sparrow - ok
19:59:10.0531 1036 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:59:10.0531 1036 splitter - ok
19:59:10.0562 1036 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:59:10.0562 1036 Spooler - ok
19:59:10.0609 1036 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:59:10.0609 1036 sr - ok
19:59:10.0640 1036 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
19:59:10.0640 1036 srservice - ok
19:59:10.0656 1036 [ EA554A3FFC3F536FE8320EB38F5E4843 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:59:10.0671 1036 Srv - ok
19:59:10.0703 1036 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:59:10.0703 1036 SSDPSRV - ok
19:59:10.0718 1036 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:59:10.0734 1036 stisvc - ok
19:59:10.0765 1036 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:59:10.0765 1036 streamip - ok
19:59:10.0796 1036 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:59:10.0796 1036 swenum - ok
19:59:10.0812 1036 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:59:10.0812 1036 swmidi - ok
19:59:10.0828 1036 SwPrv - ok
19:59:10.0828 1036 symc810 - ok
19:59:10.0843 1036 symc8xx - ok
19:59:10.0859 1036 sym_hi - ok
19:59:10.0875 1036 sym_u3 - ok
19:59:10.0890 1036 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:59:10.0890 1036 sysaudio - ok
19:59:10.0937 1036 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:59:10.0953 1036 SysmonLog - ok
19:59:10.0984 1036 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:59:10.0984 1036 TapiSrv - ok
19:59:11.0031 1036 [ 90CAFF4B094573449A0872A0F919B178 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:59:11.0031 1036 Tcpip - ok
19:59:11.0078 1036 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:59:11.0078 1036 TDPIPE - ok
19:59:11.0093 1036 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:59:11.0093 1036 TDTCP - ok
19:59:11.0218 1036 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:59:11.0250 1036 TeamViewer7 - ok
19:59:11.0265 1036 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:59:11.0265 1036 TermDD - ok
19:59:11.0281 1036 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
19:59:11.0296 1036 TermService - ok
19:59:11.0312 1036 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:59:11.0328 1036 Themes - ok
19:59:11.0359 1036 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:59:11.0359 1036 TlntSvr - ok
19:59:11.0375 1036 TosIde - ok
19:59:11.0406 1036 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:59:11.0406 1036 TrkWks - ok
19:59:11.0437 1036 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:59:11.0437 1036 Udfs - ok
19:59:11.0453 1036 ultra - ok
19:59:11.0468 1036 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:59:11.0468 1036 Update - ok
19:59:11.0515 1036 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:59:11.0515 1036 upnphost - ok
19:59:11.0546 1036 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
19:59:11.0546 1036 UPS - ok
19:59:11.0578 1036 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:59:11.0578 1036 usbaudio - ok
19:59:11.0593 1036 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:59:11.0593 1036 usbccgp - ok
19:59:11.0625 1036 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:59:11.0625 1036 usbehci - ok
19:59:11.0640 1036 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:59:11.0640 1036 usbhub - ok
19:59:11.0656 1036 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:59:11.0656 1036 usbohci - ok
19:59:11.0687 1036 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:59:11.0703 1036 usbprint - ok
19:59:11.0734 1036 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:59:11.0734 1036 usbscan - ok
19:59:11.0765 1036 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:59:11.0765 1036 USBSTOR - ok
19:59:11.0796 1036 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
19:59:11.0796 1036 usbvideo - ok
19:59:11.0812 1036 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:59:11.0812 1036 VgaSave - ok
19:59:11.0828 1036 ViaIde - ok
19:59:11.0843 1036 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:59:11.0843 1036 VolSnap - ok
19:59:11.0890 1036 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
19:59:11.0890 1036 VSS - ok
19:59:11.0937 1036 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
19:59:11.0937 1036 W32Time - ok
19:59:11.0953 1036 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:59:11.0953 1036 Wanarp - ok
19:59:11.0968 1036 WDICA - ok
19:59:11.0984 1036 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:59:11.0984 1036 wdmaud - ok
19:59:12.0015 1036 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
19:59:12.0015 1036 WebClient - ok
19:59:12.0078 1036 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:59:12.0078 1036 winmgmt - ok
19:59:12.0125 1036 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:59:12.0125 1036 WmdmPmSN - ok
19:59:12.0171 1036 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
19:59:12.0187 1036 Wmi - ok
19:59:12.0203 1036 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:59:12.0203 1036 WmiApSrv - ok
19:59:12.0234 1036 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:59:12.0234 1036 WS2IFSL - ok
19:59:12.0281 1036 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:59:12.0281 1036 wscsvc - ok
19:59:12.0296 1036 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:59:12.0296 1036 WSTCODEC - ok
19:59:12.0328 1036 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:59:12.0343 1036 wuauserv - ok
19:59:12.0375 1036 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:59:12.0375 1036 WudfPf - ok
19:59:12.0390 1036 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:59:12.0406 1036 WudfRd - ok
19:59:12.0421 1036 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:59:12.0421 1036 WudfSvc - ok
19:59:12.0453 1036 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:59:12.0453 1036 WZCSVC - ok
19:59:12.0500 1036 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:59:12.0500 1036 xmlprov - ok
19:59:12.0515 1036 ================ Scan global ===============================
19:59:12.0546 1036 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
19:59:12.0578 1036 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
19:59:12.0609 1036 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
19:59:12.0625 1036 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
19:59:12.0625 1036 [Global] - ok
19:59:12.0640 1036 ================ Scan MBR ==================================
19:59:12.0656 1036 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:59:12.0765 1036 \Device\Harddisk0\DR0 - ok
19:59:12.0765 1036 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:59:12.0781 1036 \Device\Harddisk1\DR1 - ok
19:59:12.0781 1036 ================ Scan VBR ==================================
19:59:12.0796 1036 [ 56830F42E51D19B05D9E1B81C70B223A ] \Device\Harddisk0\DR0\Partition1
19:59:12.0796 1036 \Device\Harddisk0\DR0\Partition1 - ok
19:59:12.0812 1036 [ 84355BE98D290BE4C0B39E2FAA79C616 ] \Device\Harddisk0\DR0\Partition2
19:59:12.0828 1036 \Device\Harddisk0\DR0\Partition2 - ok
19:59:12.0828 1036 [ 6BB316CB2CF88CF77AC56D0EA6097777 ] \Device\Harddisk1\DR1\Partition1
19:59:12.0828 1036 \Device\Harddisk1\DR1\Partition1 - ok
19:59:12.0828 1036 ============================================================
19:59:12.0828 1036 Scan finished
19:59:12.0828 1036 ============================================================
19:59:12.0859 1028 Detected object count: 0
19:59:12.0859 1028 Actual detected object count: 0
19:59:15.0250 0928 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-20 20:05:20
-----------------------------
20:05:20.109 OS Version: Windows 5.1.2600 Service Pack 2
20:05:20.109 Number of processors: 1 586 0x2F02
20:05:20.109 ComputerName: STUDIO UserName: Zoran
20:05:20.562 Initialize success
20:08:29.828 AVAST engine defs: 12102000
20:08:56.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-9
20:08:56.656 Disk 0 Vendor: Maxtor_6L080M0 BANC1G10 Size: 78167MB BusType: 3
20:08:56.656 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-14
20:08:56.656 Disk 1 Vendor: Maxtor_6L080M0 BANC1G10 Size: 78167MB BusType: 3
20:08:56.687 Disk 0 MBR read successfully
20:08:56.687 Disk 0 MBR scan
20:08:56.734 Disk 0 Windows XP default MBR code
20:08:56.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
20:08:56.734 Disk 0 Partition - 00 0F Extended LBA 38154 MB offset 81915435
20:08:56.765 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 38154 MB offset 81915498
20:08:56.765 Disk 0 scanning sectors +160055595
20:08:56.843 Disk 0 scanning C:\WINDOWS\system32\drivers
20:09:05.828 Service scanning
20:09:23.890 Modules scanning
20:09:27.750 Disk 0 trace - called modules:
20:09:27.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:09:28.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x898b0ab8]
20:09:28.156 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\0000006b[0x898119e8]
20:09:28.296 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-9[0x89835d98]
20:09:28.640 AVAST engine scan C:\WINDOWS
20:09:33.390 AVAST engine scan C:\WINDOWS\system32
20:11:14.890 AVAST engine scan C:\WINDOWS\system32\drivers
20:11:23.156 AVAST engine scan C:\Documents and Settings\Zoran
20:13:22.140 AVAST engine scan C:\Documents and Settings\All Users
20:14:03.140 Scan finished successfully
20:25:33.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Zoran\Desktop\MBR.dat"
20:25:33.031 The log file has been saved successfully to "C:\Documents and Settings\Zoran\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:07 AM

Posted 20 October 2012 - 01:58 PM

Hello

are you still in safe mode?

have you tried to go into normal mode?


how is the computer at this time?




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 martin108

martin108
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgrade
  • Local time:09:07 AM

Posted 21 October 2012 - 12:48 AM

Hi Gringo, Yes, I'am still in safe mode and it is not posibly to open win in normal mode, it just passed wellcome screen and become black - screen shoes msssage - no signal going to sleep
Martin

Edited by martin108, 21 October 2012 - 08:29 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users