Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing trojan


  • Please log in to reply
22 replies to this topic

#1 Splattman2004

Splattman2004

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 21 October 2012 - 01:28 PM

Hello. I am new to this site and to trying to remove anything from my computer.I just traded a friend for this netbook and it is eat up with trojans and other malware. I have read some of the other topics and see where the first thing that you guys want us to do is download and run TDSSkiller. I can download it but not run it. What do I do from here? Any help would be greatly appreciated. Thanks in advance.

I am having the exact same problem that is in the post a few down frommine about Windows XP with Recycler virus. I did get the ESET Online Scanner to run and it is currently running, I will post results as soon as it completes.


C:\Documents and Settings\steven\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\steven\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\steven\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\steven\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\steven\Application Data\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\steven\Application Data\Sun\Java\Deployment\cache\6.0\49\70cfdbb1-50681a79 multiple threats deleted - quarantined
C:\Documents and Settings\steven\Local Settings\Temp\TGQPQH multiple threats deleted - quarantined
C:\RECYCLER\S-1-5-21-2951540493-2796713857-643571872-1005\Dc14.js JS/SecurityDisabler.A.Gen application cleaned by deleting - quarantined

Edited by Splattman2004, 21 October 2012 - 04:06 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:14 PM

Posted 21 October 2012 - 05:43 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 21 October 2012 - 11:48 PM.


#3 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 21 October 2012 - 07:54 PM

Narenxp,
Thanks for the reply. Root Repeal worked great. Here is the log from TDSSkiller, the rest will follow as soon as I run them. Thanks again!


20:47:30.0953 0712 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:47:32.0187 0712 ============================================================
20:47:32.0187 0712 Current date / time: 2012/10/21 20:47:32.0187
20:47:32.0187 0712 SystemInfo:
20:47:32.0187 0712
20:47:32.0187 0712 OS Version: 5.1.2600 ServicePack: 3.0
20:47:32.0187 0712 Product type: Workstation
20:47:32.0203 0712 ComputerName: USER1
20:47:32.0203 0712 UserName: steven
20:47:32.0203 0712 Windows directory: C:\WINDOWS
20:47:32.0203 0712 System windows directory: C:\WINDOWS
20:47:32.0203 0712 Processor architecture: Intel x86
20:47:32.0203 0712 Number of processors: 2
20:47:32.0203 0712 Page size: 0x1000
20:47:32.0203 0712 Boot type: Normal boot
20:47:32.0203 0712 ============================================================
20:47:33.0906 0712 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:47:33.0921 0712 ============================================================
20:47:33.0921 0712 \Device\Harddisk0\DR0:
20:47:33.0921 0712 MBR partitions:
20:47:33.0921 0712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE01000, BlocksNum 0x11C18000
20:47:33.0921 0712 ============================================================
20:47:33.0953 0712 C: <-> \Device\Harddisk0\DR0\Partition1
20:47:33.0953 0712 ============================================================
20:47:33.0953 0712 Initialize success
20:47:33.0953 0712 ============================================================
20:47:55.0000 3160 ============================================================
20:47:55.0000 3160 Scan started
20:47:55.0000 3160 Mode: Manual; TDLFS;
20:47:55.0000 3160 ============================================================
20:47:56.0515 3160 ================ Scan system memory ========================
20:47:56.0515 3160 System memory - ok
20:47:56.0515 3160 ================ Scan services =============================
20:47:56.0921 3160 5762 - ok
20:47:57.0250 3160 Abiosdsk - ok
20:47:57.0281 3160 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:47:57.0312 3160 abp480n5 - ok
20:47:57.0390 3160 [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:47:57.0453 3160 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17
20:47:57.0453 3160 ACPI ( Virus.Win32.Rloader.a ) - infected
20:47:57.0453 3160 ACPI - detected Virus.Win32.Rloader.a (0)
20:47:57.0484 3160 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:47:57.0515 3160 ACPIEC - ok
20:47:57.0562 3160 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:47:57.0593 3160 adpu160m - ok
20:47:57.0671 3160 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:47:57.0718 3160 aec - ok
20:47:57.0765 3160 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:47:57.0781 3160 AFD - ok
20:47:57.0812 3160 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
20:47:57.0859 3160 agp440 - ok
20:47:57.0890 3160 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:47:57.0906 3160 agpCPQ - ok
20:47:57.0921 3160 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:47:57.0937 3160 Aha154x - ok
20:47:58.0046 3160 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:47:58.0125 3160 aic78u2 - ok
20:47:58.0203 3160 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:47:58.0218 3160 aic78xx - ok
20:47:58.0296 3160 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:47:58.0296 3160 Alerter - ok
20:47:58.0343 3160 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:47:58.0343 3160 ALG - ok
20:47:58.0390 3160 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
20:47:58.0406 3160 AliIde - ok
20:47:58.0453 3160 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:47:58.0515 3160 alim1541 - ok
20:47:58.0671 3160 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
20:47:58.0781 3160 Ambfilt - ok
20:47:58.0843 3160 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:47:58.0906 3160 amdagp - ok
20:47:58.0953 3160 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
20:47:58.0984 3160 amsint - ok
20:47:59.0015 3160 [ E94E2EA7FAAA05C776A711EDB198B9FD ] androidusb C:\WINDOWS\system32\Drivers\androidusb.sys
20:47:59.0062 3160 androidusb - ok
20:47:59.0093 3160 AppMgmt - ok
20:47:59.0218 3160 [ 2B7B6A3305FC34A543D34013C14D02A2 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
20:47:59.0312 3160 AR5416 - ok
20:47:59.0375 3160 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
20:47:59.0437 3160 asc - ok
20:47:59.0468 3160 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:47:59.0500 3160 asc3350p - ok
20:47:59.0546 3160 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:47:59.0562 3160 asc3550 - ok
20:47:59.0687 3160 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:47:59.0703 3160 aspnet_state - ok
20:47:59.0750 3160 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:47:59.0765 3160 AsyncMac - ok
20:47:59.0796 3160 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:47:59.0812 3160 atapi - ok
20:47:59.0828 3160 Atdisk - ok
20:47:59.0890 3160 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:47:59.0890 3160 Atmarpc - ok
20:47:59.0937 3160 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:47:59.0953 3160 AudioSrv - ok
20:47:59.0984 3160 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:47:59.0984 3160 audstub - ok
20:48:00.0265 3160 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
20:48:00.0531 3160 AVGIDSAgent - ok
20:48:00.0578 3160 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
20:48:00.0593 3160 AVGIDSDriver - ok
20:48:00.0625 3160 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
20:48:00.0625 3160 AVGIDSHX - ok
20:48:00.0640 3160 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
20:48:00.0656 3160 AVGIDSShim - ok
20:48:00.0687 3160 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:48:00.0687 3160 Avgldx86 - ok
20:48:00.0718 3160 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
20:48:00.0718 3160 Avglogx - ok
20:48:00.0750 3160 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:48:00.0765 3160 Avgmfx86 - ok
20:48:00.0781 3160 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:48:00.0796 3160 Avgrkx86 - ok
20:48:00.0828 3160 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:48:00.0843 3160 Avgtdix - ok
20:48:00.0890 3160 [ 3001E24F340D400BFF85935E5777FC5B ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
20:48:00.0906 3160 avgtp - ok
20:48:00.0953 3160 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
20:48:00.0968 3160 avgwd - ok
20:48:01.0015 3160 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:48:01.0015 3160 Beep - ok
20:48:01.0046 3160 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:48:01.0109 3160 BITS - ok
20:48:01.0187 3160 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:48:01.0203 3160 Bonjour Service - ok
20:48:01.0250 3160 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:48:01.0250 3160 Browser - ok
20:48:01.0265 3160 BTCFilterService - ok
20:48:01.0281 3160 catchme - ok
20:48:01.0343 3160 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:48:01.0343 3160 cbidf - ok
20:48:01.0375 3160 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:48:01.0375 3160 cbidf2k - ok
20:48:01.0406 3160 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:48:01.0406 3160 CCDECODE - ok
20:48:01.0453 3160 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:48:01.0468 3160 cd20xrnt - ok
20:48:01.0546 3160 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:48:01.0546 3160 Cdaudio - ok
20:48:01.0593 3160 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:48:01.0593 3160 Cdfs - ok
20:48:01.0640 3160 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:48:01.0640 3160 Cdrom - ok
20:48:01.0656 3160 Changer - ok
20:48:01.0703 3160 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:48:01.0703 3160 CiSvc - ok
20:48:01.0734 3160 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:48:01.0734 3160 ClipSrv - ok
20:48:01.0781 3160 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:48:01.0890 3160 clr_optimization_v2.0.50727_32 - ok
20:48:01.0937 3160 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:48:01.0953 3160 CmBatt - ok
20:48:01.0984 3160 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:48:01.0984 3160 CmdIde - ok
20:48:02.0031 3160 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:48:02.0031 3160 Compbatt - ok
20:48:02.0046 3160 COMSysApp - ok
20:48:02.0125 3160 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:48:02.0125 3160 Cpqarray - ok
20:48:02.0171 3160 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:48:02.0171 3160 CryptSvc - ok
20:48:02.0218 3160 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:48:02.0218 3160 dac2w2k - ok
20:48:02.0265 3160 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:48:02.0265 3160 dac960nt - ok
20:48:02.0312 3160 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:48:02.0328 3160 DcomLaunch - ok
20:48:02.0375 3160 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:48:02.0390 3160 Dhcp - ok
20:48:02.0437 3160 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:48:02.0437 3160 Disk - ok
20:48:02.0500 3160 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
20:48:02.0515 3160 DKbFltr - ok
20:48:02.0531 3160 dmadmin - ok
20:48:02.0625 3160 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:48:02.0640 3160 dmboot - ok
20:48:02.0687 3160 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:48:02.0703 3160 dmio - ok
20:48:02.0734 3160 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:48:02.0734 3160 dmload - ok
20:48:02.0781 3160 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:48:02.0781 3160 dmserver - ok
20:48:02.0843 3160 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:48:02.0859 3160 DMusic - ok
20:48:02.0890 3160 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:48:02.0906 3160 Dnscache - ok
20:48:02.0937 3160 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:48:02.0937 3160 Dot3svc - ok
20:48:02.0968 3160 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:48:02.0968 3160 dpti2o - ok
20:48:03.0046 3160 [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys
20:48:03.0062 3160 DritekPortIO - ok
20:48:03.0109 3160 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:48:03.0109 3160 drmkaud - ok
20:48:03.0156 3160 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:48:03.0156 3160 EapHost - ok
20:48:03.0187 3160 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:48:03.0203 3160 ERSvc - ok
20:48:03.0250 3160 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:48:03.0265 3160 Eventlog - ok
20:48:03.0328 3160 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:48:03.0343 3160 EventSystem - ok
20:48:03.0390 3160 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:48:03.0406 3160 Fastfat - ok
20:48:03.0453 3160 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:48:03.0468 3160 FastUserSwitchingCompatibility - ok
20:48:03.0531 3160 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
20:48:03.0531 3160 Fax - ok
20:48:03.0546 3160 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:48:03.0562 3160 Fdc - ok
20:48:03.0578 3160 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:48:03.0578 3160 Fips - ok
20:48:03.0593 3160 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:48:03.0609 3160 Flpydisk - ok
20:48:03.0656 3160 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:48:03.0671 3160 FltMgr - ok
20:48:03.0734 3160 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:48:03.0750 3160 FontCache3.0.0.0 - ok
20:48:03.0796 3160 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:48:03.0796 3160 Fs_Rec - ok
20:48:03.0843 3160 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:48:03.0843 3160 Ftdisk - ok
20:48:03.0875 3160 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:48:03.0890 3160 Gpc - ok
20:48:03.0906 3160 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:48:03.0921 3160 HDAudBus - ok
20:48:04.0000 3160 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:48:04.0000 3160 helpsvc - ok
20:48:04.0031 3160 HidServ - ok
20:48:04.0078 3160 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:48:04.0093 3160 HidUsb - ok
20:48:04.0156 3160 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:48:04.0156 3160 hkmsvc - ok
20:48:04.0203 3160 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
20:48:04.0234 3160 hpn - ok
20:48:04.0296 3160 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:48:04.0296 3160 HTTP - ok
20:48:04.0343 3160 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:48:04.0359 3160 HTTPFilter - ok
20:48:04.0390 3160 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:48:04.0406 3160 i2omgmt - ok
20:48:04.0437 3160 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:48:04.0437 3160 i2omp - ok
20:48:04.0484 3160 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:48:04.0484 3160 i8042prt - ok
20:48:04.0562 3160 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:48:04.0593 3160 IAANTMON - ok
20:48:04.0843 3160 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:48:05.0031 3160 ialm - ok
20:48:05.0078 3160 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
20:48:05.0093 3160 iaStor - ok
20:48:05.0203 3160 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:48:05.0234 3160 idsvc - ok
20:48:05.0281 3160 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:48:05.0296 3160 Imapi - ok
20:48:05.0359 3160 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:48:05.0375 3160 ImapiService - ok
20:48:05.0406 3160 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:48:05.0421 3160 ini910u - ok
20:48:05.0468 3160 int15.sys - ok
20:48:05.0703 3160 [ CB1113029FAE50C685198EABD9885161 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:48:05.0781 3160 IntcAzAudAddService - ok
20:48:05.0859 3160 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:48:05.0875 3160 IntelIde - ok
20:48:05.0906 3160 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:48:05.0906 3160 intelppm - ok
20:48:05.0953 3160 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:48:05.0953 3160 Ip6Fw - ok
20:48:05.0984 3160 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:48:05.0984 3160 IpFilterDriver - ok
20:48:06.0000 3160 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:48:06.0015 3160 IpInIp - ok
20:48:06.0046 3160 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:48:06.0062 3160 IpNat - ok
20:48:06.0093 3160 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:48:06.0109 3160 IPSec - ok
20:48:06.0156 3160 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:48:06.0156 3160 IRENUM - ok
20:48:06.0218 3160 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:48:06.0234 3160 isapnp - ok
20:48:06.0281 3160 [ 09417134F248DFCEEA15C72BCC87F592 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:48:06.0328 3160 JavaQuickStarterService - ok
20:48:06.0343 3160 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:48:06.0359 3160 Kbdclass - ok
20:48:06.0421 3160 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:48:06.0421 3160 kmixer - ok
20:48:06.0468 3160 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:48:06.0468 3160 KSecDD - ok
20:48:06.0531 3160 [ 6C8658587E91EA25B0FD2E71781AD228 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
20:48:06.0531 3160 L1c - ok
20:48:06.0578 3160 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
20:48:06.0593 3160 LanmanServer - ok
20:48:06.0671 3160 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:48:06.0671 3160 lanmanworkstation - ok
20:48:06.0687 3160 lbrtfdc - ok
20:48:06.0750 3160 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:48:06.0750 3160 LmHosts - ok
20:48:06.0812 3160 [ B47DA7EB985A6676623F378642E417B6 ] M3000Srv C:\WINDOWS\system32\Drivers\M3000KNT.sys
20:48:06.0828 3160 M3000Srv - ok
20:48:06.0890 3160 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:48:06.0890 3160 MBAMProtector - ok
20:48:06.0953 3160 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:48:06.0968 3160 MBAMScheduler - ok
20:48:07.0015 3160 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:48:07.0046 3160 MBAMService - ok
20:48:07.0078 3160 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:48:07.0093 3160 Messenger - ok
20:48:07.0156 3160 [ B77E959E1C50D3E3A9D9EF423BE62E09 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
20:48:07.0156 3160 mfeapfk - ok
20:48:07.0250 3160 [ E7ECF7872BF8F2897AE5A696D908C2F7 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
20:48:07.0265 3160 mfehidk - ok
20:48:07.0359 3160 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:48:07.0359 3160 mnmdd - ok
20:48:07.0421 3160 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:48:07.0453 3160 mnmsrvc - ok
20:48:07.0484 3160 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:48:07.0546 3160 Modem - ok
20:48:07.0656 3160 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
20:48:07.0875 3160 Monfilt - ok
20:48:07.0937 3160 motccgp - ok
20:48:07.0984 3160 motccgpfl - ok
20:48:08.0000 3160 MotDev - ok
20:48:08.0015 3160 motmodem - ok
20:48:08.0062 3160 MotoSwitchService - ok
20:48:08.0140 3160 Motousbnet - ok
20:48:08.0171 3160 motusbdevice - ok
20:48:08.0265 3160 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:48:08.0281 3160 Mouclass - ok
20:48:08.0328 3160 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:48:08.0359 3160 mouhid - ok
20:48:08.0390 3160 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:48:08.0437 3160 MountMgr - ok
20:48:08.0468 3160 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:48:08.0531 3160 mraid35x - ok
20:48:08.0562 3160 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:48:08.0578 3160 MRxDAV - ok
20:48:08.0640 3160 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:48:08.0656 3160 MRxSmb - ok
20:48:08.0703 3160 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:48:08.0718 3160 MSDTC - ok
20:48:08.0734 3160 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:48:08.0750 3160 Msfs - ok
20:48:08.0765 3160 MSIServer - ok
20:48:08.0812 3160 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:48:08.0812 3160 MSKSSRV - ok
20:48:08.0843 3160 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:48:08.0843 3160 MSPCLOCK - ok
20:48:08.0859 3160 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:48:08.0859 3160 MSPQM - ok
20:48:08.0906 3160 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:48:08.0906 3160 mssmbios - ok
20:48:08.0953 3160 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:48:08.0953 3160 MSTEE - ok
20:48:09.0000 3160 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:48:09.0015 3160 Mup - ok
20:48:09.0046 3160 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:48:09.0062 3160 NABTSFEC - ok
20:48:09.0109 3160 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:48:09.0125 3160 napagent - ok
20:48:09.0218 3160 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:48:09.0218 3160 NDIS - ok
20:48:09.0281 3160 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:48:09.0281 3160 NdisIP - ok
20:48:09.0328 3160 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:48:09.0328 3160 NdisTapi - ok
20:48:09.0359 3160 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:48:09.0421 3160 Ndisuio - ok
20:48:09.0437 3160 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:48:09.0453 3160 NdisWan - ok
20:48:09.0500 3160 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:48:09.0500 3160 NDProxy - ok
20:48:09.0671 3160 [ 0FF3C6AA3E0FE0EB316DF5449B569463 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:48:09.0718 3160 Nero BackItUp Scheduler 4.0 - ok
20:48:09.0796 3160 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:48:09.0796 3160 NetBIOS - ok
20:48:09.0828 3160 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:48:09.0843 3160 NetBT - ok
20:48:09.0890 3160 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:48:09.0890 3160 NetDDE - ok
20:48:09.0906 3160 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:48:09.0921 3160 NetDDEdsdm - ok
20:48:09.0953 3160 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:48:09.0968 3160 Netlogon - ok
20:48:10.0015 3160 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:48:10.0031 3160 Netman - ok
20:48:10.0093 3160 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:48:10.0093 3160 NetTcpPortSharing - ok
20:48:10.0187 3160 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:48:10.0203 3160 Nla - ok
20:48:10.0265 3160 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:48:10.0281 3160 Npfs - ok
20:48:10.0359 3160 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:48:10.0390 3160 Ntfs - ok
20:48:10.0421 3160 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:48:10.0421 3160 NtLmSsp - ok
20:48:10.0468 3160 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:48:10.0484 3160 NtmsSvc - ok
20:48:10.0546 3160 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:48:10.0546 3160 Null - ok
20:48:10.0578 3160 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:48:10.0578 3160 NwlnkFlt - ok
20:48:10.0609 3160 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:48:10.0609 3160 NwlnkFwd - ok
20:48:10.0718 3160 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:48:10.0734 3160 odserv - ok
20:48:10.0781 3160 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:48:10.0781 3160 ose - ok
20:48:10.0828 3160 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:48:10.0843 3160 Parport - ok
20:48:10.0890 3160 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:48:10.0890 3160 PartMgr - ok
20:48:10.0921 3160 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:48:10.0921 3160 ParVdm - ok
20:48:10.0953 3160 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:48:10.0953 3160 PCI - ok
20:48:10.0984 3160 PCIDump - ok
20:48:11.0000 3160 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:48:11.0000 3160 PCIIde - ok
20:48:11.0046 3160 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:48:11.0046 3160 Pcmcia - ok
20:48:11.0078 3160 PDCOMP - ok
20:48:11.0093 3160 PDFRAME - ok
20:48:11.0109 3160 PDRELI - ok
20:48:11.0140 3160 PDRFRAME - ok
20:48:11.0171 3160 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
20:48:11.0187 3160 perc2 - ok
20:48:11.0218 3160 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:48:11.0265 3160 perc2hib - ok
20:48:11.0359 3160 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:48:11.0359 3160 PlugPlay - ok
20:48:11.0421 3160 [ F31DFC4872DE0FCF8687E6B308F4ABB1 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys
20:48:11.0437 3160 pneteth - ok
20:48:11.0453 3160 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:48:11.0453 3160 PolicyAgent - ok
20:48:11.0500 3160 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:48:11.0500 3160 PptpMiniport - ok
20:48:11.0546 3160 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:48:11.0546 3160 ProtectedStorage - ok
20:48:11.0562 3160 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:48:11.0578 3160 PSched - ok
20:48:11.0609 3160 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:48:11.0609 3160 Ptilink - ok
20:48:11.0640 3160 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:48:11.0640 3160 ql1080 - ok
20:48:11.0671 3160 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:48:11.0671 3160 Ql10wnt - ok
20:48:11.0703 3160 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:48:11.0703 3160 ql12160 - ok
20:48:11.0734 3160 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:48:11.0750 3160 ql1240 - ok
20:48:11.0796 3160 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:48:11.0796 3160 ql1280 - ok
20:48:11.0828 3160 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:48:11.0843 3160 RasAcd - ok
20:48:11.0890 3160 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:48:11.0890 3160 RasAuto - ok
20:48:11.0937 3160 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:48:11.0937 3160 Rasl2tp - ok
20:48:11.0968 3160 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:48:11.0984 3160 RasMan - ok
20:48:12.0000 3160 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:48:12.0015 3160 RasPppoe - ok
20:48:12.0046 3160 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:48:12.0046 3160 Raspti - ok
20:48:12.0093 3160 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:48:12.0125 3160 Rdbss - ok
20:48:12.0203 3160 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:48:12.0203 3160 rdpdr - ok
20:48:12.0281 3160 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:48:12.0296 3160 RDPWD - ok
20:48:12.0343 3160 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:48:12.0359 3160 RDSessMgr - ok
20:48:12.0421 3160 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:48:12.0421 3160 redbook - ok
20:48:12.0468 3160 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:48:12.0468 3160 RemoteAccess - ok
20:48:12.0531 3160 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:48:12.0531 3160 RpcLocator - ok
20:48:12.0625 3160 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:48:12.0625 3160 RpcSs - ok
20:48:12.0687 3160 [ 7FFA9821B1C5E0E0667E0A2685CFB89F ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys
20:48:12.0687 3160 RSUSBSTOR - ok
20:48:12.0734 3160 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:48:12.0765 3160 RSVP - ok
20:48:12.0843 3160 [ 8E250687E5F020CD337CC9D8252C0B56 ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
20:48:12.0859 3160 RS_Service - ok
20:48:12.0875 3160 Rts516xIR - ok
20:48:12.0937 3160 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:48:12.0953 3160 SamSs - ok
20:48:12.0984 3160 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:48:13.0000 3160 SCardSvr - ok
20:48:13.0031 3160 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:48:13.0046 3160 Schedule - ok
20:48:13.0125 3160 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:48:13.0140 3160 Secdrv - ok
20:48:13.0187 3160 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:48:13.0187 3160 seclogon - ok
20:48:13.0234 3160 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:48:13.0234 3160 SENS - ok
20:48:13.0281 3160 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:48:13.0281 3160 Serial - ok
20:48:13.0359 3160 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:48:13.0375 3160 Sfloppy - ok
20:48:13.0421 3160 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:48:13.0437 3160 SharedAccess - ok
20:48:13.0500 3160 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:48:13.0500 3160 ShellHWDetection - ok
20:48:13.0546 3160 Simbad - ok
20:48:13.0578 3160 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:48:13.0593 3160 sisagp - ok
20:48:13.0640 3160 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:48:13.0656 3160 SLIP - ok
20:48:13.0703 3160 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:48:13.0703 3160 Sparrow - ok
20:48:13.0734 3160 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:48:13.0750 3160 splitter - ok
20:48:13.0812 3160 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:48:13.0812 3160 Spooler - ok
20:48:13.0875 3160 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:48:13.0890 3160 sr - ok
20:48:13.0937 3160 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:48:13.0953 3160 srservice - ok
20:48:14.0015 3160 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:48:14.0046 3160 Srv - ok
20:48:14.0125 3160 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:48:14.0125 3160 SSDPSRV - ok
20:48:14.0187 3160 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:48:14.0203 3160 stisvc - ok
20:48:14.0234 3160 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:48:14.0234 3160 streamip - ok
20:48:14.0265 3160 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:48:14.0281 3160 swenum - ok
20:48:14.0359 3160 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:48:14.0359 3160 swmidi - ok
20:48:14.0375 3160 SwPrv - ok
20:48:14.0406 3160 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
20:48:14.0406 3160 symc810 - ok
20:48:14.0468 3160 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:48:14.0468 3160 symc8xx - ok
20:48:14.0515 3160 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:48:14.0515 3160 sym_hi - ok
20:48:14.0546 3160 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:48:14.0546 3160 sym_u3 - ok
20:48:14.0593 3160 [ 5C3E900F41426A372DE60675AFC8AA07 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:48:14.0625 3160 SynTP - ok
20:48:14.0671 3160 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:48:14.0671 3160 sysaudio - ok
20:48:14.0718 3160 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:48:14.0718 3160 SysmonLog - ok
20:48:14.0765 3160 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:48:14.0796 3160 TapiSrv - ok
20:48:14.0859 3160 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:48:14.0875 3160 Tcpip - ok
20:48:14.0937 3160 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:48:14.0953 3160 TDPIPE - ok
20:48:14.0984 3160 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:48:14.0984 3160 TDTCP - ok
20:48:15.0015 3160 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:48:15.0031 3160 TermDD - ok
20:48:15.0078 3160 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:48:15.0093 3160 TermService - ok
20:48:15.0156 3160 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:48:15.0171 3160 Themes - ok
20:48:15.0218 3160 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
20:48:15.0218 3160 TosIde - ok
20:48:15.0265 3160 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:48:15.0265 3160 TrkWks - ok
20:48:15.0406 3160 [ 9DF6AD6FC51A802808621CBFB2A88453 ] TuneUp.UtilitiesSvc C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
20:48:15.0437 3160 TuneUp.UtilitiesSvc - ok
20:48:15.0453 3160 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys
20:48:15.0468 3160 TuneUpUtilitiesDrv - ok
20:48:15.0515 3160 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:48:15.0531 3160 Udfs - ok
20:48:15.0578 3160 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
20:48:15.0578 3160 ultra - ok
20:48:15.0625 3160 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:48:15.0640 3160 Update - ok
20:48:15.0703 3160 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:48:15.0718 3160 upnphost - ok
20:48:15.0750 3160 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:48:15.0765 3160 UPS - ok
20:48:15.0796 3160 USBAAPL - ok
20:48:15.0843 3160 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:48:15.0843 3160 usbaudio - ok
20:48:15.0875 3160 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:48:15.0890 3160 usbccgp - ok
20:48:15.0906 3160 USBCCID - ok
20:48:15.0953 3160 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:48:15.0953 3160 usbehci - ok
20:48:15.0984 3160 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:48:15.0984 3160 usbhub - ok
20:48:16.0046 3160 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:48:16.0062 3160 usbprint - ok
20:48:16.0109 3160 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:48:16.0125 3160 usbscan - ok
20:48:16.0187 3160 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:48:16.0203 3160 USBSTOR - ok
20:48:16.0265 3160 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:48:16.0281 3160 usbuhci - ok
20:48:16.0312 3160 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:48:16.0328 3160 usbvideo - ok
20:48:16.0359 3160 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:48:16.0359 3160 VgaSave - ok
20:48:16.0406 3160 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:48:16.0421 3160 viaagp - ok
20:48:16.0453 3160 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:48:16.0468 3160 ViaIde - ok
20:48:16.0515 3160 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:48:16.0531 3160 VolSnap - ok
20:48:16.0593 3160 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:48:16.0609 3160 VSS - ok
20:48:16.0703 3160 [ 40DBA03782BCC10685A8C200C5EBDCD0 ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
20:48:16.0734 3160 vToolbarUpdater12.2.6 - ok
20:48:16.0781 3160 [ FC290AB75E568F06929E1C681E194EAD ] W32Serv C:\WINDOWS\msisear.exe
20:48:17.0906 3160 W32Serv - ok
20:48:17.0984 3160 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:48:18.0000 3160 W32Time - ok
20:48:18.0093 3160 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:48:18.0093 3160 Wanarp - ok
20:48:18.0187 3160 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:48:18.0203 3160 Wdf01000 - ok
20:48:18.0218 3160 WDICA - ok
20:48:18.0281 3160 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:48:18.0296 3160 wdmaud - ok
20:48:18.0390 3160 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:48:18.0406 3160 WebClient - ok
20:48:18.0500 3160 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:48:18.0500 3160 winmgmt - ok
20:48:18.0578 3160 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
20:48:18.0609 3160 WinUSB - ok
20:48:18.0703 3160 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:48:18.0703 3160 WmdmPmSN - ok
20:48:18.0750 3160 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:48:18.0750 3160 WmiAcpi - ok
20:48:18.0796 3160 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:48:18.0812 3160 WmiApSrv - ok
20:48:18.0921 3160 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:48:18.0953 3160 WMPNetworkSvc - ok
20:48:19.0000 3160 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:48:19.0000 3160 WS2IFSL - ok
20:48:19.0046 3160 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:48:19.0046 3160 wscsvc - ok
20:48:19.0078 3160 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:48:19.0078 3160 WSTCODEC - ok
20:48:19.0109 3160 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:48:19.0109 3160 wuauserv - ok
20:48:19.0156 3160 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:48:19.0171 3160 WudfPf - ok
20:48:19.0187 3160 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:48:19.0203 3160 WudfRd - ok
20:48:19.0250 3160 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:48:19.0281 3160 WudfSvc - ok
20:48:19.0312 3160 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:48:19.0328 3160 WZCSVC - ok
20:48:19.0390 3160 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:48:19.0421 3160 xmlprov - ok
20:48:19.0468 3160 ================ Scan global ===============================
20:48:19.0500 3160 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:48:19.0546 3160 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:48:19.0578 3160 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:48:19.0640 3160 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:48:19.0656 3160 [Global] - ok
20:48:19.0656 3160 ================ Scan MBR ==================================
20:48:19.0687 3160 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:48:19.0687 3160 Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:48:19.0718 3160 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
20:48:19.0718 3160 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
20:48:19.0718 3160 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:48:19.0718 3160 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:48:19.0718 3160 ================ Scan VBR ==================================
20:48:19.0750 3160 [ B8813E3E5A370224661CC600A232537E ] \Device\Harddisk0\DR0\Partition1
20:48:19.0765 3160 \Device\Harddisk0\DR0\Partition1 - ok
20:48:19.0765 3160 ============================================================
20:48:19.0765 3160 Scan finished
20:48:19.0765 3160 ============================================================
20:48:19.0796 1100 Detected object count: 3
20:48:19.0796 1100 Actual detected object count: 3
20:49:06.0859 1100 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
20:49:06.0859 1100 ACPI ( Virus.Win32.Rloader.a ) - User select action: Quarantine
20:49:08.0906 1100 \Device\Harddisk0\DR0\# - copied to quarantine
20:49:08.0906 1100 \Device\Harddisk0\DR0 - copied to quarantine
20:49:08.0968 1100 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:49:09.0000 1100 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
20:49:09.0046 1100 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
20:49:09.0062 1100 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
20:49:09.0078 1100 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
20:49:09.0078 1100 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Quarantine
20:49:09.0093 1100 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:49:09.0109 1100 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
20:49:09.0125 1100 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
20:49:09.0156 1100 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
20:49:09.0156 1100 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
20:49:09.0187 1100 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine

#4 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 21 October 2012 - 08:31 PM

I was running aswMBR and my system crashed. Tried to get it to run in safe mode with networking and it wouldn't run. Restarted computer and tried several times to run it with no luck. Patiently waiting for your instructions.

#5 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 21 October 2012 - 09:16 PM

Finally got it to run, here are the results:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-21 22:01:12
-----------------------------
22:01:12.671 OS Version: Windows 5.1.2600 Service Pack 3
22:01:12.671 Number of processors: 2 586 0x1C02
22:01:12.671 ComputerName: USER1 UserName:
22:01:14.671 Initialize success
22:01:43.875 AVAST engine defs: 12102101
22:01:46.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:01:46.265 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
22:01:46.296 Disk 0 MBR read successfully
22:01:46.312 Disk 0 MBR scan
22:01:46.359 Disk 0 Windows VISTA default MBR code
22:01:46.375 Disk 0 Partition 1 00 12 Compaq diag NTFS 7169 MB offset 63
22:01:46.390 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145456 MB offset 14684160
22:01:46.421 Disk 0 scanning sectors +312578048
22:01:46.546 Disk 0 scanning C:\WINDOWS\system32\drivers
22:01:58.937 Service scanning
22:02:30.750 Modules scanning
22:02:36.750 Disk 0 trace - called modules:
22:02:36.812 ntoskrnl.exe CLASSPNP.SYS disk.sys tsk8.tmp hal.dll iaStor.sys
22:02:36.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f336c8]
22:02:36.859 3 CLASSPNP.SYS[f77fdfd7] -> nt!IofCallDriver -> \Device\0000006f[0x86f51428]
22:02:36.906 5 tsk8.tmp[f7746620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x869f7030]
22:02:37.609 AVAST engine scan C:\WINDOWS
22:02:53.359 AVAST engine scan C:\WINDOWS\system32
22:06:10.484 AVAST engine scan C:\WINDOWS\system32\drivers
22:06:30.203 AVAST engine scan C:\Documents and Settings\steven
22:09:45.312 AVAST engine scan C:\Documents and Settings\All Users
22:10:26.046 Scan finished successfully
22:10:49.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\steven\My Documents\MBR.dat"
22:10:49.296 The log file has been saved successfully to "C:\Documents and Settings\steven\My Documents\aswMBR.txt"

#6 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 21 October 2012 - 11:32 PM

C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC\Desktop.ini.vir Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP3\A0000697.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP3\A0000698.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP3\A0000729.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.10

#7 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 21 October 2012 - 11:34 PM

C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC\Desktop.ini.vir Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP3\A0000697.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP3\A0000698.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP3\A0000729.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.10.2012_20.47.32\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.10.2012_20.47.32\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\21.10.2012_20.47.32\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.10.2012_21.58.07\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.10.2012_21.58.07\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan deleted - quarantined

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:14 PM

Posted 21 October 2012 - 11:49 PM

Please run TDSSkiller once again and post the new log

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 22 October 2012 - 06:10 AM

C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC\Desktop.ini.vir Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP3\A0000697.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP3\A0000698.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP3\A0000729.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.10.2012_20.47.32\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.10.2012_20.47.32\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\21.10.2012_20.47.32\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.10.2012_21.58.07\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\21.10.2012_21.58.07\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan deleted - quarantined

#10 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 22 October 2012 - 06:13 AM

07:11:38.0609 3308 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
07:11:39.0312 3308 ============================================================
07:11:39.0312 3308 Current date / time: 2012/10/22 07:11:39.0312
07:11:39.0312 3308 SystemInfo:
07:11:39.0312 3308
07:11:39.0328 3308 OS Version: 5.1.2600 ServicePack: 3.0
07:11:39.0328 3308 Product type: Workstation
07:11:39.0328 3308 ComputerName: USER1
07:11:39.0328 3308 UserName: steven
07:11:39.0328 3308 Windows directory: C:\WINDOWS
07:11:39.0328 3308 System windows directory: C:\WINDOWS
07:11:39.0328 3308 Processor architecture: Intel x86
07:11:39.0328 3308 Number of processors: 2
07:11:39.0328 3308 Page size: 0x1000
07:11:39.0328 3308 Boot type: Normal boot
07:11:39.0328 3308 ============================================================
07:11:40.0203 3308 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:11:40.0218 3308 ============================================================
07:11:40.0218 3308 \Device\Harddisk0\DR0:
07:11:40.0218 3308 MBR partitions:
07:11:40.0218 3308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE01000, BlocksNum 0x11C18000
07:11:40.0218 3308 ============================================================
07:11:40.0265 3308 C: <-> \Device\Harddisk0\DR0\Partition1
07:11:40.0265 3308 ============================================================
07:11:40.0265 3308 Initialize success
07:11:40.0265 3308 ============================================================
07:11:51.0859 3908 ============================================================
07:11:51.0859 3908 Scan started
07:11:51.0859 3908 Mode: Manual; TDLFS;
07:11:51.0859 3908 ============================================================
07:11:52.0718 3908 ================ Scan system memory ========================
07:11:52.0734 3908 System memory - ok
07:11:52.0734 3908 ================ Scan services =============================
07:11:52.0906 3908 5762 - ok
07:11:53.0093 3908 Abiosdsk - ok
07:11:53.0156 3908 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:11:53.0156 3908 abp480n5 - ok
07:11:53.0218 3908 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:11:53.0234 3908 ACPI - ok
07:11:53.0265 3908 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:11:53.0265 3908 ACPIEC - ok
07:11:53.0328 3908 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:11:53.0328 3908 adpu160m - ok
07:11:53.0375 3908 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:11:53.0375 3908 aec - ok
07:11:53.0437 3908 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:11:53.0453 3908 AFD - ok
07:11:53.0484 3908 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
07:11:53.0484 3908 agp440 - ok
07:11:53.0515 3908 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:11:53.0515 3908 agpCPQ - ok
07:11:53.0562 3908 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:11:53.0562 3908 Aha154x - ok
07:11:53.0609 3908 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:11:53.0609 3908 aic78u2 - ok
07:11:53.0640 3908 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:11:53.0640 3908 aic78xx - ok
07:11:53.0687 3908 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:11:53.0687 3908 Alerter - ok
07:11:53.0703 3908 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
07:11:53.0718 3908 ALG - ok
07:11:53.0750 3908 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
07:11:53.0750 3908 AliIde - ok
07:11:53.0796 3908 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:11:53.0796 3908 alim1541 - ok
07:11:53.0906 3908 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
07:11:54.0015 3908 Ambfilt - ok
07:11:54.0046 3908 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:11:54.0062 3908 amdagp - ok
07:11:54.0093 3908 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
07:11:54.0093 3908 amsint - ok
07:11:54.0140 3908 [ E94E2EA7FAAA05C776A711EDB198B9FD ] androidusb C:\WINDOWS\system32\Drivers\androidusb.sys
07:11:54.0140 3908 androidusb - ok
07:11:54.0156 3908 AppMgmt - ok
07:11:54.0265 3908 [ 2B7B6A3305FC34A543D34013C14D02A2 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
07:11:54.0312 3908 AR5416 - ok
07:11:54.0359 3908 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
07:11:54.0359 3908 asc - ok
07:11:54.0406 3908 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:11:54.0406 3908 asc3350p - ok
07:11:54.0437 3908 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:11:54.0437 3908 asc3550 - ok
07:11:54.0546 3908 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:11:54.0578 3908 aspnet_state - ok
07:11:54.0640 3908 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:11:54.0640 3908 AsyncMac - ok
07:11:54.0687 3908 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:11:54.0703 3908 atapi - ok
07:11:54.0718 3908 Atdisk - ok
07:11:54.0765 3908 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:11:54.0765 3908 Atmarpc - ok
07:11:54.0812 3908 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:11:54.0812 3908 AudioSrv - ok
07:11:54.0875 3908 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:11:54.0890 3908 audstub - ok
07:11:55.0187 3908 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
07:11:55.0406 3908 AVGIDSAgent - ok
07:11:55.0468 3908 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
07:11:55.0468 3908 AVGIDSDriver - ok
07:11:55.0500 3908 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
07:11:55.0500 3908 AVGIDSHX - ok
07:11:55.0515 3908 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
07:11:55.0515 3908 AVGIDSShim - ok
07:11:55.0562 3908 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
07:11:55.0562 3908 Avgldx86 - ok
07:11:55.0578 3908 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
07:11:55.0593 3908 Avglogx - ok
07:11:55.0609 3908 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
07:11:55.0609 3908 Avgmfx86 - ok
07:11:55.0625 3908 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
07:11:55.0625 3908 Avgrkx86 - ok
07:11:55.0656 3908 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
07:11:55.0671 3908 Avgtdix - ok
07:11:55.0718 3908 [ 3001E24F340D400BFF85935E5777FC5B ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
07:11:55.0718 3908 avgtp - ok
07:11:55.0765 3908 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
07:11:55.0765 3908 avgwd - ok
07:11:55.0812 3908 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:11:55.0812 3908 Beep - ok
07:11:55.0843 3908 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
07:11:55.0906 3908 BITS - ok
07:11:55.0968 3908 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:11:55.0984 3908 Bonjour Service - ok
07:11:56.0015 3908 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
07:11:56.0015 3908 Browser - ok
07:11:56.0031 3908 BTCFilterService - ok
07:11:56.0046 3908 catchme - ok
07:11:56.0093 3908 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:11:56.0093 3908 cbidf - ok
07:11:56.0109 3908 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:11:56.0109 3908 cbidf2k - ok
07:11:56.0156 3908 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:11:56.0156 3908 CCDECODE - ok
07:11:56.0171 3908 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:11:56.0187 3908 cd20xrnt - ok
07:11:56.0234 3908 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:11:56.0234 3908 Cdaudio - ok
07:11:56.0281 3908 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:11:56.0281 3908 Cdfs - ok
07:11:56.0312 3908 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:11:56.0312 3908 Cdrom - ok
07:11:56.0328 3908 Changer - ok
07:11:56.0359 3908 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:11:56.0359 3908 CiSvc - ok
07:11:56.0390 3908 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:11:56.0390 3908 ClipSrv - ok
07:11:56.0421 3908 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:11:56.0500 3908 clr_optimization_v2.0.50727_32 - ok
07:11:56.0515 3908 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:11:56.0531 3908 CmBatt - ok
07:11:56.0562 3908 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:11:56.0562 3908 CmdIde - ok
07:11:56.0609 3908 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:11:56.0609 3908 Compbatt - ok
07:11:56.0640 3908 COMSysApp - ok
07:11:56.0703 3908 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:11:56.0703 3908 Cpqarray - ok
07:11:56.0750 3908 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:11:56.0750 3908 CryptSvc - ok
07:11:56.0781 3908 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:11:56.0781 3908 dac2w2k - ok
07:11:56.0812 3908 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:11:56.0812 3908 dac960nt - ok
07:11:56.0859 3908 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:11:56.0890 3908 DcomLaunch - ok
07:11:56.0937 3908 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:11:56.0937 3908 Dhcp - ok
07:11:56.0984 3908 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:11:57.0000 3908 Disk - ok
07:11:57.0046 3908 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
07:11:57.0046 3908 DKbFltr - ok
07:11:57.0062 3908 dmadmin - ok
07:11:57.0156 3908 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:11:57.0187 3908 dmboot - ok
07:11:57.0218 3908 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:11:57.0234 3908 dmio - ok
07:11:57.0265 3908 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:11:57.0265 3908 dmload - ok
07:11:57.0296 3908 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:11:57.0312 3908 dmserver - ok
07:11:57.0343 3908 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:11:57.0359 3908 DMusic - ok
07:11:57.0406 3908 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:11:57.0406 3908 Dnscache - ok
07:11:57.0437 3908 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:11:57.0453 3908 Dot3svc - ok
07:11:57.0484 3908 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:11:57.0484 3908 dpti2o - ok
07:11:57.0562 3908 [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys
07:11:57.0562 3908 DritekPortIO - ok
07:11:57.0625 3908 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:11:57.0625 3908 drmkaud - ok
07:11:57.0671 3908 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:11:57.0671 3908 EapHost - ok
07:11:57.0718 3908 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:11:57.0718 3908 ERSvc - ok
07:11:57.0765 3908 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
07:11:57.0796 3908 Eventlog - ok
07:11:57.0843 3908 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
07:11:57.0859 3908 EventSystem - ok
07:11:57.0906 3908 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:11:57.0906 3908 Fastfat - ok
07:11:57.0968 3908 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:11:57.0984 3908 FastUserSwitchingCompatibility - ok
07:11:58.0031 3908 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
07:11:58.0046 3908 Fax - ok
07:11:58.0078 3908 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
07:11:58.0078 3908 Fdc - ok
07:11:58.0140 3908 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:11:58.0140 3908 Fips - ok
07:11:58.0156 3908 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
07:11:58.0156 3908 Flpydisk - ok
07:11:58.0187 3908 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:11:58.0203 3908 FltMgr - ok
07:11:58.0265 3908 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:11:58.0265 3908 FontCache3.0.0.0 - ok
07:11:58.0281 3908 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:11:58.0296 3908 Fs_Rec - ok
07:11:58.0328 3908 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:11:58.0328 3908 Ftdisk - ok
07:11:58.0375 3908 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:11:58.0375 3908 Gpc - ok
07:11:58.0421 3908 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:11:58.0421 3908 HDAudBus - ok
07:11:58.0515 3908 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:11:58.0531 3908 helpsvc - ok
07:11:58.0546 3908 HidServ - ok
07:11:58.0609 3908 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:11:58.0625 3908 HidUsb - ok
07:11:58.0671 3908 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:11:58.0671 3908 hkmsvc - ok
07:11:58.0718 3908 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
07:11:58.0718 3908 hpn - ok
07:11:58.0765 3908 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:11:58.0781 3908 HTTP - ok
07:11:58.0828 3908 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:11:58.0843 3908 HTTPFilter - ok
07:11:58.0890 3908 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
07:11:58.0890 3908 i2omgmt - ok
07:11:58.0921 3908 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:11:58.0937 3908 i2omp - ok
07:11:58.0984 3908 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:11:59.0000 3908 i8042prt - ok
07:11:59.0093 3908 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
07:11:59.0109 3908 IAANTMON - ok
07:11:59.0375 3908 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:11:59.0578 3908 ialm - ok
07:11:59.0656 3908 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
07:11:59.0671 3908 iaStor - ok
07:11:59.0750 3908 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:11:59.0828 3908 idsvc - ok
07:11:59.0875 3908 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:11:59.0875 3908 Imapi - ok
07:11:59.0937 3908 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:11:59.0953 3908 ImapiService - ok
07:11:59.0984 3908 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:12:00.0000 3908 ini910u - ok
07:12:00.0015 3908 int15.sys - ok
07:12:00.0265 3908 [ CB1113029FAE50C685198EABD9885161 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:12:00.0453 3908 IntcAzAudAddService - ok
07:12:00.0500 3908 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
07:12:00.0500 3908 IntelIde - ok
07:12:00.0531 3908 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:12:00.0531 3908 intelppm - ok
07:12:00.0578 3908 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:12:00.0578 3908 Ip6Fw - ok
07:12:00.0625 3908 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:12:00.0625 3908 IpFilterDriver - ok
07:12:00.0640 3908 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:12:00.0656 3908 IpInIp - ok
07:12:00.0671 3908 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:12:00.0687 3908 IpNat - ok
07:12:00.0718 3908 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:12:00.0718 3908 IPSec - ok
07:12:00.0765 3908 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:12:00.0765 3908 IRENUM - ok
07:12:00.0828 3908 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:12:00.0828 3908 isapnp - ok
07:12:00.0890 3908 [ 09417134F248DFCEEA15C72BCC87F592 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
07:12:00.0906 3908 JavaQuickStarterService - ok
07:12:00.0921 3908 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:12:00.0937 3908 Kbdclass - ok
07:12:00.0984 3908 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:12:01.0000 3908 kmixer - ok
07:12:01.0062 3908 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:12:01.0078 3908 KSecDD - ok
07:12:01.0125 3908 [ 6C8658587E91EA25B0FD2E71781AD228 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
07:12:01.0140 3908 L1c - ok
07:12:01.0187 3908 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
07:12:01.0187 3908 LanmanServer - ok
07:12:01.0234 3908 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:12:01.0250 3908 lanmanworkstation - ok
07:12:01.0265 3908 lbrtfdc - ok
07:12:01.0343 3908 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:12:01.0343 3908 LmHosts - ok
07:12:01.0406 3908 [ B47DA7EB985A6676623F378642E417B6 ] M3000Srv C:\WINDOWS\system32\Drivers\M3000KNT.sys
07:12:01.0406 3908 M3000Srv - ok
07:12:01.0468 3908 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
07:12:01.0468 3908 MBAMProtector - ok
07:12:01.0546 3908 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:12:01.0562 3908 MBAMScheduler - ok
07:12:01.0625 3908 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:12:01.0640 3908 MBAMService - ok
07:12:01.0703 3908 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:12:01.0703 3908 Messenger - ok
07:12:01.0765 3908 [ B77E959E1C50D3E3A9D9EF423BE62E09 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
07:12:01.0765 3908 mfeapfk - ok
07:12:01.0812 3908 [ E7ECF7872BF8F2897AE5A696D908C2F7 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
07:12:01.0828 3908 mfehidk - ok
07:12:01.0875 3908 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:12:01.0875 3908 mnmdd - ok
07:12:01.0921 3908 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:12:01.0921 3908 mnmsrvc - ok
07:12:01.0968 3908 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:12:01.0968 3908 Modem - ok
07:12:02.0062 3908 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
07:12:02.0109 3908 Monfilt - ok
07:12:02.0140 3908 motccgp - ok
07:12:02.0156 3908 motccgpfl - ok
07:12:02.0187 3908 MotDev - ok
07:12:02.0203 3908 motmodem - ok
07:12:02.0234 3908 MotoSwitchService - ok
07:12:02.0250 3908 Motousbnet - ok
07:12:02.0265 3908 motusbdevice - ok
07:12:02.0312 3908 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:12:02.0312 3908 Mouclass - ok
07:12:02.0343 3908 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:12:02.0343 3908 mouhid - ok
07:12:02.0390 3908 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:12:02.0390 3908 MountMgr - ok
07:12:02.0421 3908 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:12:02.0421 3908 mraid35x - ok
07:12:02.0453 3908 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:12:02.0453 3908 MRxDAV - ok
07:12:02.0484 3908 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:12:02.0500 3908 MRxSmb - ok
07:12:02.0531 3908 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:12:02.0531 3908 MSDTC - ok
07:12:02.0562 3908 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:12:02.0562 3908 Msfs - ok
07:12:02.0578 3908 MSIServer - ok
07:12:02.0625 3908 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:12:02.0625 3908 MSKSSRV - ok
07:12:02.0656 3908 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:12:02.0656 3908 MSPCLOCK - ok
07:12:02.0687 3908 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:12:02.0687 3908 MSPQM - ok
07:12:02.0718 3908 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:12:02.0718 3908 mssmbios - ok
07:12:02.0765 3908 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
07:12:02.0765 3908 MSTEE - ok
07:12:02.0796 3908 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:12:02.0812 3908 Mup - ok
07:12:02.0843 3908 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:12:02.0843 3908 NABTSFEC - ok
07:12:02.0890 3908 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:12:02.0906 3908 napagent - ok
07:12:02.0937 3908 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:12:02.0953 3908 NDIS - ok
07:12:03.0000 3908 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:12:03.0000 3908 NdisIP - ok
07:12:03.0046 3908 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:12:03.0046 3908 NdisTapi - ok
07:12:03.0062 3908 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:12:03.0062 3908 Ndisuio - ok
07:12:03.0078 3908 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:12:03.0093 3908 NdisWan - ok
07:12:03.0140 3908 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:12:03.0140 3908 NDProxy - ok
07:12:03.0265 3908 [ 0FF3C6AA3E0FE0EB316DF5449B569463 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
07:12:03.0296 3908 Nero BackItUp Scheduler 4.0 - ok
07:12:03.0343 3908 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:12:03.0343 3908 NetBIOS - ok
07:12:03.0375 3908 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:12:03.0390 3908 NetBT - ok
07:12:03.0421 3908 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
07:12:03.0437 3908 NetDDE - ok
07:12:03.0453 3908 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:12:03.0468 3908 NetDDEdsdm - ok
07:12:03.0515 3908 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:12:03.0515 3908 Netlogon - ok
07:12:03.0578 3908 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
07:12:03.0578 3908 Netman - ok
07:12:03.0625 3908 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:12:03.0640 3908 NetTcpPortSharing - ok
07:12:03.0687 3908 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
07:12:03.0687 3908 Nla - ok
07:12:03.0734 3908 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:12:03.0734 3908 Npfs - ok
07:12:03.0812 3908 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:12:03.0828 3908 Ntfs - ok
07:12:03.0859 3908 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:12:03.0859 3908 NtLmSsp - ok
07:12:03.0921 3908 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:12:03.0937 3908 NtmsSvc - ok
07:12:03.0984 3908 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:12:03.0984 3908 Null - ok
07:12:04.0015 3908 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:12:04.0015 3908 NwlnkFlt - ok
07:12:04.0046 3908 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:12:04.0046 3908 NwlnkFwd - ok
07:12:04.0140 3908 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:12:04.0156 3908 odserv - ok
07:12:04.0218 3908 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:12:04.0218 3908 ose - ok
07:12:04.0265 3908 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
07:12:04.0281 3908 Parport - ok
07:12:04.0328 3908 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:12:04.0343 3908 PartMgr - ok
07:12:04.0375 3908 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:12:04.0375 3908 ParVdm - ok
07:12:04.0406 3908 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:12:04.0406 3908 PCI - ok
07:12:04.0421 3908 PCIDump - ok
07:12:04.0453 3908 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:12:04.0453 3908 PCIIde - ok
07:12:04.0484 3908 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:12:04.0500 3908 Pcmcia - ok
07:12:04.0500 3908 PDCOMP - ok
07:12:04.0515 3908 PDFRAME - ok
07:12:04.0531 3908 PDRELI - ok
07:12:04.0546 3908 PDRFRAME - ok
07:12:04.0593 3908 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
07:12:04.0593 3908 perc2 - ok
07:12:04.0625 3908 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:12:04.0625 3908 perc2hib - ok
07:12:04.0687 3908 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
07:12:04.0687 3908 PlugPlay - ok
07:12:04.0734 3908 [ F31DFC4872DE0FCF8687E6B308F4ABB1 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys
07:12:04.0734 3908 pneteth - ok
07:12:04.0750 3908 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:12:04.0750 3908 PolicyAgent - ok
07:12:04.0796 3908 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:12:04.0796 3908 PptpMiniport - ok
07:12:04.0812 3908 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:12:04.0812 3908 ProtectedStorage - ok
07:12:04.0828 3908 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:12:04.0828 3908 PSched - ok
07:12:04.0843 3908 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:12:04.0843 3908 Ptilink - ok
07:12:04.0875 3908 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:12:04.0890 3908 ql1080 - ok
07:12:04.0906 3908 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:12:04.0906 3908 Ql10wnt - ok
07:12:04.0921 3908 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:12:04.0937 3908 ql12160 - ok
07:12:04.0953 3908 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:12:04.0953 3908 ql1240 - ok
07:12:04.0968 3908 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:12:04.0968 3908 ql1280 - ok
07:12:05.0000 3908 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:12:05.0000 3908 RasAcd - ok
07:12:05.0031 3908 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:12:05.0046 3908 RasAuto - ok
07:12:05.0078 3908 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:12:05.0078 3908 Rasl2tp - ok
07:12:05.0109 3908 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:12:05.0125 3908 RasMan - ok
07:12:05.0125 3908 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:12:05.0140 3908 RasPppoe - ok
07:12:05.0171 3908 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:12:05.0187 3908 Raspti - ok
07:12:05.0218 3908 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:12:05.0218 3908 Rdbss - ok
07:12:05.0281 3908 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:12:05.0281 3908 rdpdr - ok
07:12:05.0328 3908 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:12:05.0328 3908 RDPWD - ok
07:12:05.0375 3908 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:12:05.0390 3908 RDSessMgr - ok
07:12:05.0421 3908 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:12:05.0437 3908 redbook - ok
07:12:05.0468 3908 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:12:05.0484 3908 RemoteAccess - ok
07:12:05.0515 3908 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
07:12:05.0515 3908 RpcLocator - ok
07:12:05.0562 3908 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
07:12:05.0578 3908 RpcSs - ok
07:12:05.0609 3908 [ 7FFA9821B1C5E0E0667E0A2685CFB89F ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys
07:12:05.0625 3908 RSUSBSTOR - ok
07:12:05.0671 3908 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:12:05.0687 3908 RSVP - ok
07:12:05.0750 3908 [ 8E250687E5F020CD337CC9D8252C0B56 ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
07:12:05.0765 3908 RS_Service - ok
07:12:05.0781 3908 Rts516xIR - ok
07:12:05.0828 3908 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
07:12:05.0828 3908 SamSs - ok
07:12:05.0859 3908 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:12:05.0875 3908 SCardSvr - ok
07:12:05.0906 3908 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:12:05.0921 3908 Schedule - ok
07:12:05.0968 3908 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:12:05.0984 3908 Secdrv - ok
07:12:06.0015 3908 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:12:06.0015 3908 seclogon - ok
07:12:06.0046 3908 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
07:12:06.0046 3908 SENS - ok
07:12:06.0078 3908 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
07:12:06.0093 3908 Serial - ok
07:12:06.0156 3908 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:12:06.0156 3908 Sfloppy - ok
07:12:06.0203 3908 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:12:06.0218 3908 SharedAccess - ok
07:12:06.0250 3908 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:12:06.0265 3908 ShellHWDetection - ok
07:12:06.0265 3908 Simbad - ok
07:12:06.0312 3908 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:12:06.0312 3908 sisagp - ok
07:12:06.0328 3908 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:12:06.0343 3908 SLIP - ok
07:12:06.0375 3908 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:12:06.0375 3908 Sparrow - ok
07:12:06.0406 3908 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:12:06.0406 3908 splitter - ok
07:12:06.0453 3908 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:12:06.0453 3908 Spooler - ok
07:12:06.0484 3908 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:12:06.0484 3908 sr - ok
07:12:06.0531 3908 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
07:12:06.0546 3908 srservice - ok
07:12:06.0578 3908 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:12:06.0593 3908 Srv - ok
07:12:06.0609 3908 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:12:06.0625 3908 SSDPSRV - ok
07:12:06.0671 3908 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:12:06.0687 3908 stisvc - ok
07:12:06.0718 3908 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:12:06.0718 3908 streamip - ok
07:12:06.0765 3908 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:12:06.0765 3908 swenum - ok
07:12:06.0812 3908 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:12:06.0812 3908 swmidi - ok
07:12:06.0828 3908 SwPrv - ok
07:12:06.0859 3908 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
07:12:06.0859 3908 symc810 - ok
07:12:06.0890 3908 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:12:06.0890 3908 symc8xx - ok
07:12:06.0906 3908 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:12:06.0921 3908 sym_hi - ok
07:12:06.0937 3908 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:12:06.0937 3908 sym_u3 - ok
07:12:06.0968 3908 [ 5C3E900F41426A372DE60675AFC8AA07 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
07:12:06.0968 3908 SynTP - ok
07:12:07.0000 3908 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:12:07.0000 3908 sysaudio - ok
07:12:07.0046 3908 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:12:07.0046 3908 SysmonLog - ok
07:12:07.0078 3908 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:12:07.0093 3908 TapiSrv - ok
07:12:07.0156 3908 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:12:07.0156 3908 Tcpip - ok
07:12:07.0203 3908 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:12:07.0203 3908 TDPIPE - ok
07:12:07.0234 3908 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:12:07.0234 3908 TDTCP - ok
07:12:07.0265 3908 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:12:07.0265 3908 TermDD - ok
07:12:07.0328 3908 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
07:12:07.0328 3908 TermService - ok
07:12:07.0359 3908 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
07:12:07.0375 3908 Themes - ok
07:12:07.0421 3908 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
07:12:07.0421 3908 TosIde - ok
07:12:07.0468 3908 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:12:07.0484 3908 TrkWks - ok
07:12:07.0531 3908 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:12:07.0531 3908 Udfs - ok
07:12:07.0578 3908 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
07:12:07.0578 3908 ultra - ok
07:12:07.0609 3908 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:12:07.0625 3908 Update - ok
07:12:07.0671 3908 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:12:07.0703 3908 upnphost - ok
07:12:07.0734 3908 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
07:12:07.0734 3908 UPS - ok
07:12:07.0765 3908 USBAAPL - ok
07:12:07.0796 3908 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
07:12:07.0796 3908 usbaudio - ok
07:12:07.0828 3908 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:12:07.0828 3908 usbccgp - ok
07:12:07.0843 3908 USBCCID - ok
07:12:07.0875 3908 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:12:07.0875 3908 usbehci - ok
07:12:07.0906 3908 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:12:07.0906 3908 usbhub - ok
07:12:07.0953 3908 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:12:07.0953 3908 usbprint - ok
07:12:07.0984 3908 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:12:07.0984 3908 usbscan - ok
07:12:08.0031 3908 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:12:08.0031 3908 USBSTOR - ok
07:12:08.0078 3908 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:12:08.0078 3908 usbuhci - ok
07:12:08.0125 3908 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
07:12:08.0125 3908 usbvideo - ok
07:12:08.0156 3908 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:12:08.0156 3908 VgaSave - ok
07:12:08.0187 3908 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:12:08.0187 3908 viaagp - ok
07:12:08.0218 3908 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
07:12:08.0218 3908 ViaIde - ok
07:12:08.0250 3908 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:12:08.0265 3908 VolSnap - ok
07:12:08.0312 3908 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
07:12:08.0312 3908 VSS - ok
07:12:08.0390 3908 [ 40DBA03782BCC10685A8C200C5EBDCD0 ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
07:12:08.0406 3908 vToolbarUpdater12.2.6 - ok
07:12:08.0453 3908 [ FC290AB75E568F06929E1C681E194EAD ] W32Serv C:\WINDOWS\msisear.exe
07:12:09.0140 3908 W32Serv - ok
07:12:09.0187 3908 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
07:12:09.0187 3908 W32Time - ok
07:12:09.0234 3908 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:12:09.0234 3908 Wanarp - ok
07:12:09.0296 3908 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
07:12:09.0312 3908 Wdf01000 - ok
07:12:09.0328 3908 WDICA - ok
07:12:09.0359 3908 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:12:09.0359 3908 wdmaud - ok
07:12:09.0406 3908 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:12:09.0421 3908 WebClient - ok
07:12:09.0515 3908 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:12:09.0515 3908 winmgmt - ok
07:12:09.0578 3908 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
07:12:09.0578 3908 WinUSB - ok
07:12:09.0640 3908 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:12:09.0640 3908 WmdmPmSN - ok
07:12:09.0671 3908 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:12:09.0671 3908 WmiAcpi - ok
07:12:09.0703 3908 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:12:09.0718 3908 WmiApSrv - ok
07:12:09.0828 3908 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:12:09.0843 3908 WMPNetworkSvc - ok
07:12:09.0875 3908 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:12:09.0875 3908 WS2IFSL - ok
07:12:09.0906 3908 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:12:09.0921 3908 wscsvc - ok
07:12:09.0937 3908 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:12:09.0937 3908 WSTCODEC - ok
07:12:09.0953 3908 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:12:09.0968 3908 wuauserv - ok
07:12:10.0000 3908 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:12:10.0000 3908 WudfPf - ok
07:12:10.0015 3908 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:12:10.0031 3908 WudfRd - ok
07:12:10.0046 3908 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:12:10.0046 3908 WudfSvc - ok
07:12:10.0093 3908 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:12:10.0109 3908 WZCSVC - ok
07:12:10.0156 3908 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:12:10.0171 3908 xmlprov - ok
07:12:10.0187 3908 ================ Scan global ===============================
07:12:10.0218 3908 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:12:10.0265 3908 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:12:10.0296 3908 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:12:10.0312 3908 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:12:10.0328 3908 [Global] - ok
07:12:10.0328 3908 ================ Scan MBR ==================================
07:12:10.0343 3908 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
07:12:11.0203 3908 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:12:11.0203 3908 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:12:11.0203 3908 ================ Scan VBR ==================================
07:12:11.0234 3908 [ B8813E3E5A370224661CC600A232537E ] \Device\Harddisk0\DR0\Partition1
07:12:11.0250 3908 \Device\Harddisk0\DR0\Partition1 - ok
07:12:11.0250 3908 ============================================================
07:12:11.0250 3908 Scan finished
07:12:11.0250 3908 ============================================================
07:12:11.0265 2656 Detected object count: 1
07:12:11.0265 2656 Actual detected object count: 1
07:12:21.0734 2656 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:12:21.0734 2656 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#11 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 22 October 2012 - 07:11 AM

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.22.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
steven :: USER1 [administrator]

Protection: Enabled

10/22/2012 7:24:31 AM
mbam-log-2012-10-22 (07-24-31).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223690
Time elapsed: 46 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5555 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Documents and Settings\All Users\Application Data\22728122 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\47325223 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\85126022 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Detected: 8
C:\RECYCLER\S-1-5-18\$8241972c27f32a34b0853faf1b0454f9\n (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$8241972c27f32a34b0853faf1b0454f9\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$8241972c27f32a34b0853faf1b0454f9\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$8241972c27f32a34b0853faf1b0454f9\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$8241972c27f32a34b0853faf1b0454f9\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$8241972c27f32a34b0853faf1b0454f9\U\80000032.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP13\A0002000.exe (Exploit.Drop.Obama) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP14\snapshot\MFEX-1.DAT (Trojan.Ransom) -> Quarantined and deleted successfully.

(end)

#12 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 22 October 2012 - 07:16 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by steven (administrator) on 22-10-2012 at 08:14:51
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 2

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8132 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : user1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller

Physical Address. . . . . . . . . : 00-23-5A-E0-8F-A6



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter

Physical Address. . . . . . . . . : 00-25-56-22-D6-1C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.129

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 24.178.162.3

66.189.0.100

24.217.201.67

Lease Obtained. . . . . . . . . . : Monday, October 22, 2012 8:13:38 AM

Lease Expires . . . . . . . . . . : Tuesday, October 23, 2012 8:13:38 AM

Server: vip01spbgsc.spbg.sc.charter.com
Address: 24.178.162.3

Name: google.com
Addresses: 74.125.137.102, 74.125.137.113, 74.125.137.100, 74.125.137.139
74.125.137.101, 74.125.137.138



Pinging google.com [74.125.140.100] with 32 bytes of data:



Reply from 74.125.140.100: bytes=32 time=16ms TTL=45

Reply from 74.125.140.100: bytes=32 time=16ms TTL=45



Ping statistics for 74.125.140.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 16ms, Average = 16ms

Server: vip01spbgsc.spbg.sc.charter.com
Address: 24.178.162.3

Name: yahoo.com
Addresses: 98.138.253.109, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=1313ms TTL=46

Reply from 72.30.38.140: bytes=32 time=545ms TTL=46



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 545ms, Maximum = 1313ms, Average = 929ms

Server: vip01spbgsc.spbg.sc.charter.com
Address: 24.178.162.3

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 23 5a e0 8f a6 ...... Atheros AR8132 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
0x3 ...00 25 56 22 d6 1c ...... Atheros AR5007EG Wireless Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.129 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.129 192.168.1.129 20
192.168.1.0 255.255.255.0 192.168.1.129 192.168.1.129 25
192.168.1.129 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.129 192.168.1.129 25
224.0.0.0 240.0.0.0 192.168.1.129 192.168.1.129 25
255.255.255.255 255.255.255.255 192.168.1.129 192.168.1.129 1
255.255.255.255 255.255.255.255 192.168.1.129 2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/21/2012 10:12:43 PM) (Source: Application Error) (User: )
Description: Faulting application tuneuputilitiesapp32.exe, version 12.0.4000.108, faulting module tuneuputilitiesapp32.exe, version 12.0.4000.108, fault address 0x00025df4.
Processing media-specific event for [tuneuputilitiesapp32.exe!ws!]

Error: (10/21/2012 09:55:15 PM) (Source: Application Error) (User: )
Description: Faulting application tuneuputilitiesapp32.exe, version 12.0.4000.108, faulting module tuneuputilitiesapp32.exe, version 12.0.4000.108, fault address 0x00025df2.
Processing media-specific event for [tuneuputilitiesapp32.exe!ws!]

Error: (10/21/2012 09:09:21 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (10/21/2012 08:46:01 PM) (Source: Application Error) (User: )
Description: Faulting application tuneuputilitiesapp32.exe, version 12.0.4000.108, faulting module tuneuputilitiesapp32.exe, version 12.0.4000.108, fault address 0x00025df4.
Processing media-specific event for [tuneuputilitiesapp32.exe!ws!]

Error: (10/21/2012 02:06:46 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (10/21/2012 02:01:19 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (10/21/2012 00:24:45 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam-setup-1.65.1.1000.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/21/2012 10:49:10 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (10/21/2012 10:44:42 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (10/21/2012 02:14:39 AM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.


System errors:
=============
Error: (10/22/2012 08:14:01 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/22/2012 08:14:01 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/22/2012 08:14:01 AM) (Source: Service Control Manager) (User: )
Description: The 5762 service failed to start due to the following error:
%%2

Error: (10/22/2012 07:04:59 AM) (Source: Dhcp) (User: )
Description: The IP address lease 10.0.0.7 for the Network Card with network address 00255622D61C has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (10/22/2012 07:04:05 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/22/2012 07:04:05 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/22/2012 07:04:05 AM) (Source: Service Control Manager) (User: )
Description: The 5762 service failed to start due to the following error:
%%2

Error: (10/21/2012 10:12:51 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the TuneUp.UtilitiesSvc service.

Error: (10/21/2012 10:12:31 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/21/2012 10:12:31 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer eRecovery Management (Version: 4.00.3005)
Acer ScreenSaver (Version: 1.0.0.0304)
Acer VCM (Version: 4.00.3006)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 10 Plugin (Version: 10.2.153.1)
Advertising Center (Version: 0.0.0.2)
Ask Toolbar (Version: 1.12.2.0)
Atheros Driver Installation Program (Version: 7.6.1.244)
AVG 2013 (Version: 13.0.2616)
AVG 2013 (Version: 13.0.2741)
AVG 2013 (Version: 2013.0.2741)
Bonjour (Version: 3.0.0.10)
Choice Guard (Version: 1.2.87.0)
Cisco Connect (Version: 1.4.11245.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
ESET Online Scanner v3
ImagXpress (Version: 7.0.74.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 16 (Version: 6.0.160)
Junk Mail filter update (Version: 14.0.8050.1202)
Launch Manager (Version: 2.0.07)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Menu Templates - Starter Kit (Version: 9.6.0.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6215.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WinUsb 1.0
Microsoft Works (Version: 9.7.0621)
Movie Templates - Starter Kit (Version: 9.6.0.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyDefrag v4.3.1 (Version: 4.0.0.0)
Nero 9 Essentials
Nero BurnRights (Version: 3.4.13.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.23.100)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero Express Help (Version: 9.4.39.100)
Nero InfoTool (Version: 6.4.12.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero ShowTime (Version: 5.4.27.100)
Nero StartSmart (Version: 9.4.40.100)
Nero StartSmart Help (Version: 9.4.40.100)
Nero Vision (Version: 6.4.19.100)
Nero Vision Help (Version: 6.4.15.100)
NeroExpress (Version: 9.4.39.100)
neroxml (Version: 1.0.0)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 5.10.0.5798)
Segoe UI (Version: 14.0.4327.805)
Skype Toolbars (Version: 1.0.4051)
Synaptics Pointing Device Driver (Version: 12.2.2.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Office 2007 (KB946691)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB2.0 Card Reader Software (Version: 6.0.6000.81)
WebCam
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.817.1)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Media Format 11 runtime
Windows Media Player 11

========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 1013.88 MB
Available physical RAM: 449.64 MB
Total Pagefile: 2441.99 MB
Available Pagefile: 1958.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.84 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:142.05 GB) (Free:126.51 GB) NTFS

========================= Users: ========================================

User accounts for \\USER1

Administrator Guest HelpAssistant
steven SUPPORT_388945a0

========================= Restore Points ==================================

28-09-2012 02:28:41 System Checkpoint
07-10-2012 05:59:46 Removed iTunes
07-10-2012 06:02:49 Removed Safari
18-10-2012 03:23:45 Installed AVG 2013
18-10-2012 03:24:13 Installed AVG 2013
18-10-2012 01:45:56 Removed Skype™ 4.2
20-10-2012 18:46:56 Installed AVG PC TuneUp
21-10-2012 02:14:02 Removed Apple Mobile Device Support
21-10-2012 02:14:40 Removed Apple Software Update
21-10-2012 02:23:40 Removed Apple Application Support
21-10-2012 02:26:11 Removed eSobi v2
21-10-2012 02:27:48 Removed MobileMe Control Panel
21-10-2012 02:28:20 Removed MotoConnect
21-10-2012 21:45:51 Removed Adobe Reader 9.
21-10-2012 23:51:09 Software Distribution Service 3.0
22-10-2012 00:33:43 Software Distribution Service 3.0
22-10-2012 04:36:18 Software Distribution Service 3.0
22-10-2012 11:06:31 Removed AVG PC TuneUp
22-10-2012 11:07:36 Removed AVG PC TuneUp Language Pack (en-US)

**** End of log ****

#13 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 22 October 2012 - 07:18 AM

Farbar Service Scanner Version: 19-10-2012
Ran by steven (administrator) on 22-10-2012 at 08:17:39
Running from "C:\Documents and Settings\steven\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A00000004000000010000000200000003000000080000005A00000009000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#14 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 22 October 2012 - 07:27 AM

I ran the Adware Cleaner and it had to restart, it said the report would be available after reboot but nothing came up and I cant locate the log. What should I do?

#15 Splattman2004

Splattman2004
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 22 October 2012 - 08:00 AM

Junkware Removal Tool (JRT) by Thisisu
Version: 1.9.7 (10.22.2012)
OS: Microsoft Windows XP x86
Ran by steven on Mon 10/22/2012 at 8:27:49.12
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** Ask Toolbar Cleanup:

Successfully deleted: [PROFILE XML] C:\Documents and Settings\steven\Application Data\Mozilla\Firefox\Profiles\yjv37y7z.default\searchplugins\"askcom.xml"
Successfully deleted: [PROFILE EXTENSION] C:\Documents and Settings\steven\Application Data\Mozilla\Firefox\Profiles\yjv37y7z.default\extensions\toolbar@ask.com



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Mon 10/22/2012 at 8:59:39.57
End of Report




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users