Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer has blue screen except in safe mode


  • Please log in to reply
34 replies to this topic

#1 tntmm6

tntmm6

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 11 November 2012 - 01:02 PM

Our desktop has some sort of virus/trojan. We can't run any scans - Avast, Spybot, Malwarebytes, Super Antispyware. We can't connect to the internet.

We are running Windows XP

Thank you in adavance for your help

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 11 November 2012 - 01:16 PM

Boot into safemode with networking.......

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log here,


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log here.


Run a scan with Eset.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download FarbarServiceScanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Go to options then put a tick next to Enable rootkit cleaning. Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.

#3 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 11 November 2012 - 01:31 PM

Wow, thanks for the quick response. I can't update any of the programs in safe mode either, nor access the online scanners. I'm sorry I wasn't clear.

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 11 November 2012 - 01:38 PM

Skip the eset get me the minitoolbox and farbar service scanner log first please.

You will not need to update the norman malware cleaner can you download that and run it on the machine.

You will need to get the programs to the sick machine via a cd/dvd that would be the best way.

Edited by InadequateInfirmity, 11 November 2012 - 02:02 PM.


#5 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 11 November 2012 - 02:51 PM

Can I download those to an external drive and scan from it? I can't access the internet from the infected machine

#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 11 November 2012 - 03:04 PM

Yes just transfer the files to the sick machine norman malware cleaner does not need to be updated when it is downloaded the updated version is already ready already.

As far as the other scans just get me the farbar service scanner log and the minitoolbox log.

#7 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 11 November 2012 - 03:57 PM

Thank you again for your help and quick responses.

I cannot get through a scan with Norman. 3 tries and it keeps blue screening, 2 in Safe Mode with Networking and the last in just Safe Mode. When I tried just Safe Mode (without Networking) a new window popped up - "System Restore". I didn't do anything to it, just left it in the background while I tried the Norman scan again.
I wanted to send the logs from Farbar and Mini-toolkit whilst I try the Norman scan as I wait for further instruction.


MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Kyle (administrator) on 11-11-2012 at 13:34:03
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================



Windows IP Configuration



Host Name . . . . . . . . . . . . : DGGSGT61

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-11-11-C3-03-F3

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 c3 03 f3 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/07/2012 01:10:36 PM) (Source: SecurityCenter) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (08/20/2012 08:20:12 AM) (Source: Application Hang) (User: )
Description: Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/20/2012 08:15:57 AM) (Source: Application Error) (User: )
Description: Fault bucket -1175151377.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/20/2012 08:15:44 AM) (Source: Application Error) (User: )
Description: Faulting application crashreporter.exe, version 14.0.1.4577, faulting module ws2_32.dll, version 5.1.2600.5512, fault address 0x000081da.
Processing media-specific event for [crashreporter.exe!ws!]

Error: (08/16/2012 11:33:38 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module WgaLogon.dll, version 1.7.18.5, fault address 0x00007e7a.
Processing media-specific event for [!ws!]

Error: (08/16/2012 11:33:32 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (08/16/2012 10:12:30 PM) (Source: JavaQuickStarterService) (User: )
Description: Access violation at 0x7c91055f, access to 0x00000070

Error: (08/16/2012 06:53:33 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 updatechecker.exe, P2 1.38.0.0, P3 4c5ff8fb, P4 system.configuration, P5 2.0.0.0, P6 4889de74, P7 1a6, P8 136, P9 clr20r30, P10 clr20r31.

Error: (08/07/2012 06:44:47 AM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 updatechecker.exe, P2 1.38.0.0, P3 4c5ff8fb, P4 system.configuration, P5 2.0.0.0, P6 4889de74, P7 1a6, P8 136, P9 clr20r30, P10 clr20r31.

Error: (08/05/2012 06:20:07 PM) (Source: Bonjour Service) (User: )
Description: 432: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


System errors:
=============
Error: (11/11/2012 01:32:46 PM) (Source: DCOM) (User: DGGSGT61)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/11/2012 01:31:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSnx
aswSP
aswTdi
Fips
intelppm
SASKUTIL

Error: (11/11/2012 01:31:05 PM) (Source: DCOM) (User: DGGSGT61)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/11/2012 01:30:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/11/2012 10:35:16 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/11/2012 10:22:13 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSnx
aswSP
aswTdi
Fips
intelppm
SASKUTIL

Error: (11/11/2012 10:21:09 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/11/2012 00:13:01 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (11/11/2012 00:13:01 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (11/11/2012 00:13:01 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.


Microsoft Office Sessions:
=========================
Error: (09/07/2012 01:10:36 PM) (Source: SecurityCenter)(User: )
Description:

Error: (08/20/2012 08:20:12 AM) (Source: Application Hang)(User: )
Description: SDUpdate.exe1.6.0.12hungapp0.0.0.000000000

Error: (08/20/2012 08:15:57 AM) (Source: Application Error)(User: )
Description: -1175151377

Error: (08/20/2012 08:15:44 AM) (Source: Application Error)(User: )
Description: crashreporter.exe14.0.1.4577ws2_32.dll5.1.2600.5512000081da

Error: (08/16/2012 11:33:38 PM) (Source: Application Error)(User: )
Description: 0.0.0.0WgaLogon.dll1.7.18.500007e7a

Error: (08/16/2012 11:33:32 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BF

Error: (08/16/2012 10:12:30 PM) (Source: JavaQuickStarterService)(User: )
Description: Access violation at 0x7c91055f, access to 0x00000070

Error: (08/16/2012 06:53:33 AM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3updatechecker.exe1.38.0.04c5ff8fbsystem.configuration2.0.0.04889de741a6136ioibmurhynrxkw0zxkyrvfn0boyyufowNIL

Error: (08/07/2012 06:44:47 AM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3updatechecker.exe1.38.0.04c5ff8fbsystem.configuration2.0.0.04889de741a6136ioibmurhynrxkw0zxkyrvfn0boyyufowNIL

Error: (08/05/2012 06:20:07 PM) (Source: Bonjour Service)(User: )
Description: 432: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


=========================== Installed Programs ============================

2350 (Version: 43.0.217.000)
2350_Help (Version: 43.0.217.000)
2350Trb (Version: 43.0.217.000)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Illustrator 10.0.3 (Version: 10.0.3)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player (Version: 10.1.4.20)
Adobe SVG Viewer 3.0 (Version: 3.0)
AiO_Scan (Version: 43.0.217.000)
AiOSoftware (Version: 43.0.217.000)
AMD APP SDK Runtime (Version: 2.5.684.213)
Apple Application Support (Version: 1.3.0)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
ATI Catalyst Install Manager (Version: 3.0.833.0)
ATI Control Panel (Version: 6.14.10.5120)
ATI Display Driver (Version: 8.051-040825a-017900C-Dell)
avast! Free Antivirus (Version: 7.0.1456.0)
Aventail Access Manager (Version: 8.81.191)
BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.18)
BlackBerry® Media Sync (Version: 3.0.0.39)
Bonjour (Version: 2.0.2.0)
Broadcom Advanced Control Suite 2 (Version: 7.58.01)
BufferChm (Version: 43.1.5.000)
CCleaner (Version: 3.14)
Cobian Backup 9
Conexant D850 56K V.9x DFVc Modem
Copy (Version: 43.1.5.000)
Coupon Printer for Windows (Version: 5.0.0.0)
Creative Live! Cam Video Chat or Video IM Driver (1.02.01.00)
CreativeProjects (Version: 43.1.5.000)
CreativeProjectsTemplates (Version: 43.1.5.000)
CueTour (Version: 43.1.5.000)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Networking Guide (Version: 1.00.0001)
Dell Picture Studio v3.0 (Version: 3.0.0)
Dell Support (Version: 2.1.1.0)
Dell System Restore (Version: 2.00.0000)
Destinations (Version: 43.1.5.000)
Digital Line Detect (Version: 1.10)
Director (Version: 43.1.5.000)
DocProc (Version: 4.0.0.0)
DocumentViewer (Version: 43.0.217.000)
DVC5.1 Driver
EarthLink setup files (Version: 2005.1.47.0)
Easy Learning - Flash Game
ESET Online Scanner v3
Facebook Video Calling 1.0.0.8953 (Version: 1.0.8953)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fax (Version: 43.0.217.000)
FCart PayPal for Flash (Version: 1.9.0.0)
FileHippo.com Update Checker
Google Chrome (Version: 19.0.1084.52)
Google Update Helper (Version: 1.3.21.111)
HP Diagnostic Assistant (Version: 1.0.1.0)
HP Image Zone 4.2 (Version: 4.2)
HP PSC & OfficeJet 4.2
HP Software Update (Version: 2.0.39.20040212)
HP Unload DLL Patch (Version: 1.00.0000)
HPSystemDiagnostics (Version: 1.5.0.0)
InstantShare (Version: 4.0.0.40)
Intel Application Accelerator
Internet Explorer Default Page (Version: 1.00.03)
iTunes (Version: 9.2.1.5)
Java Auto Updater (Version: 2.1.5.1)
Java™ 7 (Version: 7.0.0)
Kodak Picture CD Volume 2 Issue 1
Kodak Picture CD Volume 2 Issue 2
KODAK Picture CD Volume 2 Issue 4
Learn2 Player (Uninstall Only)
Macromedia Dreamweaver MX (Version: 6.1)
Macromedia Extension Manager (Version: 1.7.240)
Macromedia Fireworks MX (Version: 6)
Macromedia Flash MX (Version: 6)
Macromedia Flash MX 2004 (Version: 7)
Macromedia FreeHand MX (Version: 11)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.01)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Modem Helper (Version: 2.25)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0)
Musicmatch® Jukebox (Version: 9.00.5100)
My Way Search Assistant (Version: 1.0.256)
NetWaiting (Version: 2.5.12)
Overland (Version: 2.1.5)
PhotoGallery (Version: 43.1.5.000)
PowerDVD 5.3
PrintScreen (Version: 43.1.5.000)
ProductContext (Version: 43.0.217.000)
QFolder (Version: 1.00.0000)
QuickProjects (Version: 43.1.5.000)
QuickTime (Version: 7.66.73.0)
Readme (Version: 43.0.217.000)
RealPlayer Basic
Roxio Media Manager (Version: 9.4.067)
Scan (Version: 4.1.0.0)
SkinsHP1 (Version: 43.1.5.000)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 4.40.1002)
TrayApp (Version: 43.1.5.000)
Tux Paint 0.9.21
Unload (Version: 4.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebEx Support Manager for Internet Explorer (Version: 6.5.47)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 43.1.5.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip (Version: 9.0 SR-1 (6224))
Wizard101 (Version: 1.0.0)
XML Paper Specification Shared Components Pack 1.0

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 1022.09 MB
Available physical RAM: 777.04 MB
Total Pagefile: 2459.93 MB
Available Pagefile: 2370.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.86 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:71.52 GB) (Free:28.48 GB) NTFS
3 Drive e: (SimpleDrivePS) (Fixed) (Total:55.93 GB) (Free:10.78 GB) NTFS

========================= Users: ========================================

**** End of log ****

Farbar Service Scanner Version: 09-11-2012
Ran by Kyle (administrator) on 11-11-2012 at 13:32:12
Running from "E:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) Odptdi(8) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 11 November 2012 - 04:07 PM

Remove Avast and spybot while we work on the machine,then reboot.

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe


Double Click it . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results

#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 11 November 2012 - 04:14 PM

After the above I would like you to perform a clean boot and see if you are able to boot into normal mode.

Boot into safemode and then hit the start button then type msconfig in the run box.
Now under the start-up tab untick all items and select apply.
Then go to the services tab and then put a tick next to hide microsoft services then untick all that remain then hit apply and reboot and see if normal mode now will work if so then please try and run norman malware cleaner from there and let me know if it works.

#10 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 11 November 2012 - 04:30 PM

During the TDSS scan, I missed the step about removing Avast and Spybot, nonetheless it ran and found a threat. the log is below. I then removed Avast and and Spybot and ran it again, and it found no threats. I have that log, if you would like it as well. I will now do the clean boot steps.

14:14:44.0453 1060 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:14:44.0468 1060 ============================================================
14:14:44.0468 1060 Current date / time: 2012/11/11 14:14:44.0468
14:14:44.0468 1060 SystemInfo:
14:14:44.0468 1060
14:14:44.0468 1060 OS Version: 5.1.2600 ServicePack: 3.0
14:14:44.0468 1060 Product type: Workstation
14:14:44.0468 1060 ComputerName: DGGSGT61
14:14:44.0468 1060 UserName: Kyle
14:14:44.0468 1060 Windows directory: C:\WINDOWS
14:14:44.0468 1060 System windows directory: C:\WINDOWS
14:14:44.0468 1060 Processor architecture: Intel x86
14:14:44.0468 1060 Number of processors: 2
14:14:44.0468 1060 Page size: 0x1000
14:14:44.0468 1060 Boot type: Safe boot
14:14:44.0468 1060 ============================================================
14:14:47.0640 1060 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:14:47.0640 1060 Drive \Device\Harddisk1\DR4 - Size: 0xDFBDD4000 (55.94 Gb), SectorSize: 0x200, Cylinders: 0x1C85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:14:47.0640 1060 ============================================================
14:14:47.0640 1060 \Device\Harddisk0\DR0:
14:14:47.0640 1060 MBR partitions:
14:14:47.0640 1060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x8F08E78
14:14:47.0640 1060 \Device\Harddisk1\DR4:
14:14:47.0640 1060 MBR partitions:
14:14:47.0640 1060 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FDB606
14:14:47.0640 1060 ============================================================
14:14:47.0718 1060 C: <-> \Device\Harddisk0\DR0\Partition1
14:14:47.0765 1060 E: <-> \Device\Harddisk1\DR4\Partition1
14:14:47.0796 1060 ============================================================
14:14:47.0796 1060 Initialize success
14:14:47.0796 1060 ============================================================
14:15:02.0218 1156 ============================================================
14:15:02.0218 1156 Scan started
14:15:02.0218 1156 Mode: Manual; TDLFS;
14:15:02.0218 1156 ============================================================
14:15:02.0578 1156 ================ Scan system memory ========================
14:15:02.0578 1156 System memory - ok
14:15:02.0578 1156 ================ Scan services =============================
14:15:02.0734 1156 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:15:02.0750 1156 !SASCORE - ok
14:15:02.0968 1156 [ 0B27AE82C113D3687024D18459440426 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
14:15:02.0968 1156 Aavmker4 - ok
14:15:02.0984 1156 Abiosdsk - ok
14:15:03.0046 1156 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:15:03.0046 1156 abp480n5 - ok
14:15:03.0093 1156 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:15:03.0093 1156 ACPI - ok
14:15:03.0125 1156 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:15:03.0125 1156 ACPIEC - ok
14:15:03.0156 1156 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:15:03.0156 1156 adpu160m - ok
14:15:03.0203 1156 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:15:03.0203 1156 aec - ok
14:15:03.0250 1156 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:15:03.0265 1156 AFD - ok
14:15:03.0281 1156 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:15:03.0281 1156 agp440 - ok
14:15:03.0296 1156 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:15:03.0296 1156 agpCPQ - ok
14:15:03.0328 1156 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:15:03.0328 1156 Aha154x - ok
14:15:03.0375 1156 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:15:03.0375 1156 aic78u2 - ok
14:15:03.0390 1156 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:15:03.0390 1156 aic78xx - ok
14:15:03.0437 1156 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:15:03.0468 1156 Alerter - ok
14:15:03.0484 1156 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:15:03.0484 1156 ALG - ok
14:15:03.0500 1156 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:15:03.0500 1156 AliIde - ok
14:15:03.0546 1156 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:15:03.0546 1156 alim1541 - ok
14:15:03.0562 1156 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:15:03.0578 1156 amdagp - ok
14:15:03.0593 1156 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
14:15:03.0593 1156 amsint - ok
14:15:03.0718 1156 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:15:03.0734 1156 Apple Mobile Device - ok
14:15:03.0750 1156 AppMgmt - ok
14:15:03.0781 1156 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
14:15:03.0796 1156 asc - ok
14:15:03.0828 1156 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:15:03.0828 1156 asc3350p - ok
14:15:03.0843 1156 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:15:03.0843 1156 asc3550 - ok
14:15:03.0906 1156 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
14:15:03.0906 1156 ASCTRM - ok
14:15:04.0062 1156 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:15:04.0062 1156 aspnet_state - ok
14:15:04.0109 1156 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:15:04.0109 1156 aswFsBlk - ok
14:15:04.0140 1156 [ 088BE3EC42010310FE867F874B6FEDF2 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
14:15:04.0140 1156 aswKbd - ok
14:15:04.0156 1156 [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
14:15:04.0171 1156 aswMon2 - ok
14:15:04.0203 1156 [ 982E275D1C5801042FE94209FB0160FB ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
14:15:04.0203 1156 aswRdr - ok
14:15:04.0250 1156 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
14:15:04.0265 1156 aswSnx - ok
14:15:04.0296 1156 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
14:15:04.0328 1156 aswSP - ok
14:15:04.0359 1156 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
14:15:04.0359 1156 aswTdi - ok
14:15:04.0406 1156 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:15:04.0406 1156 AsyncMac - ok
14:15:04.0421 1156 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:15:04.0437 1156 atapi - ok
14:15:04.0453 1156 Atdisk - ok
14:15:04.0531 1156 [ 4DEAA162480367B232F3EE3A6D34084B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:15:04.0546 1156 Ati HotKey Poller - ok
14:15:04.0625 1156 [ F0D0B0CDEC0BE32D775F404CAC2604BF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:15:04.0640 1156 ati2mtag - ok
14:15:04.0687 1156 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:15:04.0687 1156 Atmarpc - ok
14:15:04.0734 1156 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:15:04.0734 1156 AudioSrv - ok
14:15:04.0765 1156 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:15:04.0765 1156 audstub - ok
14:15:04.0843 1156 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:15:04.0843 1156 avast! Antivirus - ok
14:15:04.0875 1156 [ 4826FCF97C47B361A2E2F68CD487A19E ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:15:04.0890 1156 b57w2k - ok
14:15:04.0937 1156 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:15:04.0937 1156 Beep - ok
14:15:05.0000 1156 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:15:05.0140 1156 BITS - ok
14:15:05.0234 1156 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:15:05.0234 1156 Bonjour Service - ok
14:15:05.0281 1156 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:15:05.0281 1156 Browser - ok
14:15:05.0296 1156 bvrp_pci - ok
14:15:05.0343 1156 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:15:05.0359 1156 cbidf - ok
14:15:05.0375 1156 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:15:05.0375 1156 cbidf2k - ok
14:15:05.0406 1156 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:15:05.0406 1156 CCDECODE - ok
14:15:05.0437 1156 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:15:05.0437 1156 cd20xrnt - ok
14:15:05.0484 1156 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:15:05.0484 1156 Cdaudio - ok
14:15:05.0515 1156 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:15:05.0515 1156 Cdfs - ok
14:15:05.0546 1156 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:15:05.0546 1156 Cdrom - ok
14:15:05.0562 1156 Changer - ok
14:15:05.0625 1156 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:15:05.0625 1156 CiSvc - ok
14:15:05.0656 1156 cjixgoipymckvxyl - ok
14:15:05.0703 1156 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:15:05.0703 1156 ClipSrv - ok
14:15:05.0750 1156 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:15:05.0765 1156 clr_optimization_v2.0.50727_32 - ok
14:15:05.0828 1156 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:15:05.0828 1156 CmdIde - ok
14:15:05.0843 1156 COMSysApp - ok
14:15:05.0906 1156 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:15:05.0921 1156 Cpqarray - ok
14:15:05.0937 1156 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:15:05.0937 1156 CryptSvc - ok
14:15:05.0984 1156 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:15:05.0984 1156 dac2w2k - ok
14:15:06.0000 1156 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:15:06.0000 1156 dac960nt - ok
14:15:06.0062 1156 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:15:06.0078 1156 DcomLaunch - ok
14:15:06.0125 1156 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:15:06.0125 1156 Dhcp - ok
14:15:06.0156 1156 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:15:06.0156 1156 Disk - ok
14:15:06.0171 1156 dmadmin - ok
14:15:06.0234 1156 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:15:06.0250 1156 dmboot - ok
14:15:06.0281 1156 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:15:06.0281 1156 dmio - ok
14:15:06.0312 1156 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:15:06.0312 1156 dmload - ok
14:15:06.0375 1156 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:15:06.0390 1156 dmserver - ok
14:15:06.0437 1156 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:15:06.0437 1156 DMusic - ok
14:15:06.0484 1156 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:15:06.0484 1156 Dnscache - ok
14:15:06.0546 1156 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:15:06.0546 1156 Dot3svc - ok
14:15:06.0578 1156 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:15:06.0578 1156 dpti2o - ok
14:15:06.0593 1156 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:15:06.0593 1156 drmkaud - ok
14:15:06.0640 1156 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:15:06.0640 1156 E100B - ok
14:15:06.0671 1156 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:15:06.0671 1156 EapHost - ok
14:15:06.0734 1156 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:15:06.0734 1156 ERSvc - ok
14:15:06.0781 1156 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:15:06.0781 1156 Eventlog - ok
14:15:06.0843 1156 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:15:06.0843 1156 EventSystem - ok
14:15:06.0921 1156 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:15:06.0921 1156 Fastfat - ok
14:15:06.0968 1156 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:15:06.0968 1156 FastUserSwitchingCompatibility - ok
14:15:07.0000 1156 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
14:15:07.0000 1156 Fax - ok
14:15:07.0046 1156 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:15:07.0046 1156 Fdc - ok
14:15:07.0078 1156 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:15:07.0078 1156 Fips - ok
14:15:07.0125 1156 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:15:07.0125 1156 Flpydisk - ok
14:15:07.0171 1156 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:15:07.0171 1156 FltMgr - ok
14:15:07.0281 1156 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:15:07.0281 1156 FontCache3.0.0.0 - ok
14:15:07.0328 1156 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:15:07.0328 1156 Fs_Rec - ok
14:15:07.0375 1156 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:15:07.0390 1156 Ftdisk - ok
14:15:07.0421 1156 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:15:07.0421 1156 GEARAspiWDM - ok
14:15:07.0484 1156 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:15:07.0484 1156 Gpc - ok
14:15:07.0578 1156 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:15:07.0578 1156 gupdate - ok
14:15:07.0593 1156 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:15:07.0593 1156 gupdatem - ok
14:15:07.0703 1156 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:15:07.0703 1156 helpsvc - ok
14:15:07.0718 1156 HidServ - ok
14:15:07.0765 1156 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:15:07.0765 1156 HidUsb - ok
14:15:07.0812 1156 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:15:07.0828 1156 hkmsvc - ok
14:15:07.0859 1156 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
14:15:07.0859 1156 hpn - ok
14:15:07.0921 1156 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:15:07.0921 1156 HPZid412 - ok
14:15:07.0953 1156 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:15:07.0953 1156 HPZipr12 - ok
14:15:07.0968 1156 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:15:07.0984 1156 HPZius12 - ok
14:15:08.0046 1156 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:15:08.0046 1156 HSFHWBS2 - ok
14:15:08.0093 1156 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:15:08.0125 1156 HSF_DP - ok
14:15:08.0171 1156 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:15:08.0171 1156 HTTP - ok
14:15:08.0218 1156 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:15:08.0234 1156 HTTPFilter - ok
14:15:08.0265 1156 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:15:08.0265 1156 i2omgmt - ok
14:15:08.0281 1156 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:15:08.0281 1156 i2omp - ok
14:15:08.0312 1156 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:15:08.0312 1156 i8042prt - ok
14:15:08.0390 1156 [ 3277CF101AE78C38B00702D688E37D44 ] IAANTMon C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
14:15:08.0390 1156 IAANTMon - ok
14:15:08.0453 1156 [ F26BFD48B1C314E0F23BF77ACFA75940 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
14:15:08.0453 1156 iaStor - ok
14:15:08.0562 1156 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:15:08.0562 1156 IDriverT - ok
14:15:08.0593 1156 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:15:08.0593 1156 Imapi - ok
14:15:08.0656 1156 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:15:08.0656 1156 ImapiService - ok
14:15:08.0718 1156 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:15:08.0718 1156 ini910u - ok
14:15:08.0765 1156 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:15:08.0765 1156 IntelIde - ok
14:15:08.0843 1156 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:15:08.0843 1156 intelppm - ok
14:15:08.0875 1156 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:15:08.0875 1156 Ip6Fw - ok
14:15:08.0937 1156 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:15:08.0937 1156 IpFilterDriver - ok
14:15:09.0000 1156 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:15:09.0000 1156 IpInIp - ok
14:15:09.0046 1156 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:15:09.0046 1156 IpNat - ok
14:15:09.0109 1156 [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:15:09.0125 1156 iPod Service - ok
14:15:09.0140 1156 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:15:09.0140 1156 IPSec - ok
14:15:09.0187 1156 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:15:09.0187 1156 IRENUM - ok
14:15:09.0234 1156 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:15:09.0234 1156 isapnp - ok
14:15:09.0375 1156 [ A1509BA3A5FDC5366146E92B3D130EB5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:15:09.0375 1156 JavaQuickStarterService - ok
14:15:09.0421 1156 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:15:09.0421 1156 Kbdclass - ok
14:15:09.0453 1156 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:15:09.0453 1156 kmixer - ok
14:15:09.0515 1156 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:15:09.0515 1156 KSecDD - ok
14:15:09.0562 1156 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:15:09.0562 1156 lanmanserver - ok
14:15:09.0609 1156 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:15:09.0625 1156 lanmanworkstation - ok
14:15:09.0625 1156 lbrtfdc - ok
14:15:09.0703 1156 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:15:09.0703 1156 LmHosts - ok
14:15:09.0750 1156 [ A8382713F5870E4AF1DE4E8F7AF9D882 ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
14:15:09.0765 1156 Macromedia Licensing Service - ok
14:15:09.0796 1156 MBAMSwissArmy - ok
14:15:09.0859 1156 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:15:09.0859 1156 mdmxsdk - ok
14:15:09.0906 1156 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:15:09.0906 1156 Messenger - ok
14:15:09.0953 1156 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:15:09.0953 1156 mnmdd - ok
14:15:10.0000 1156 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:15:10.0000 1156 mnmsrvc - ok
14:15:10.0046 1156 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:15:10.0046 1156 Modem - ok
14:15:10.0062 1156 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:15:10.0093 1156 MODEMCSA - ok
14:15:10.0125 1156 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:15:10.0125 1156 Mouclass - ok
14:15:10.0187 1156 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:15:10.0187 1156 mouhid - ok
14:15:10.0218 1156 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:15:10.0218 1156 MountMgr - ok
14:15:10.0265 1156 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:15:10.0281 1156 MozillaMaintenance - ok
14:15:10.0296 1156 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:15:10.0296 1156 mraid35x - ok
14:15:10.0328 1156 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:15:10.0328 1156 MRxDAV - ok
14:15:10.0359 1156 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:15:10.0375 1156 MRxSmb - ok
14:15:10.0421 1156 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:15:10.0437 1156 MSDTC - ok
14:15:10.0468 1156 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:15:10.0468 1156 Msfs - ok
14:15:10.0484 1156 MSIServer - ok
14:15:10.0546 1156 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:15:10.0546 1156 MSKSSRV - ok
14:15:10.0562 1156 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:15:10.0562 1156 MSPCLOCK - ok
14:15:10.0593 1156 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:15:10.0593 1156 MSPQM - ok
14:15:10.0625 1156 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:15:10.0625 1156 mssmbios - ok
14:15:10.0671 1156 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:15:10.0671 1156 MSTEE - ok
14:15:10.0734 1156 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:15:10.0734 1156 Mup - ok
14:15:10.0765 1156 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:15:10.0765 1156 NABTSFEC - ok
14:15:10.0843 1156 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:15:10.0843 1156 napagent - ok
14:15:10.0890 1156 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:15:10.0890 1156 NDIS - ok
14:15:10.0937 1156 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:15:10.0937 1156 NdisIP - ok
14:15:10.0984 1156 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:15:10.0984 1156 NdisTapi - ok
14:15:11.0015 1156 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:15:11.0015 1156 Ndisuio - ok
14:15:11.0031 1156 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:15:11.0031 1156 NdisWan - ok
14:15:11.0078 1156 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:15:11.0078 1156 NDProxy - ok
14:15:11.0109 1156 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:15:11.0109 1156 NetBIOS - ok
14:15:11.0125 1156 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:15:11.0140 1156 NetBT - ok
14:15:11.0187 1156 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:15:11.0187 1156 NetDDE - ok
14:15:11.0203 1156 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:15:11.0218 1156 NetDDEdsdm - ok
14:15:11.0265 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:15:11.0265 1156 Netlogon - ok
14:15:11.0296 1156 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:15:11.0296 1156 Netman - ok
14:15:11.0359 1156 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:15:11.0359 1156 Nla - ok
14:15:11.0406 1156 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:15:11.0406 1156 Npfs - ok
14:15:11.0453 1156 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:15:11.0453 1156 Ntfs - ok
14:15:11.0468 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:15:11.0484 1156 NtLmSsp - ok
14:15:11.0546 1156 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:15:11.0546 1156 NtmsSvc - ok
14:15:11.0578 1156 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:15:11.0578 1156 Null - ok
14:15:11.0671 1156 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:15:11.0703 1156 nv - ok
14:15:11.0765 1156 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:15:11.0765 1156 NwlnkFlt - ok
14:15:11.0796 1156 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:15:11.0796 1156 NwlnkFwd - ok
14:15:11.0843 1156 [ 83B82D16CBACF0A6DAE8263B3893479B ] Odptdi C:\WINDOWS\system32\drivers\odptdi.sys
14:15:11.0843 1156 Odptdi - ok
14:15:11.0906 1156 [ 53D5F1278D9EDB21689BBBCECC09108D ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
14:15:11.0906 1156 omci - ok
14:15:11.0953 1156 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:15:11.0953 1156 Parport - ok
14:15:11.0984 1156 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:15:11.0984 1156 PartMgr - ok
14:15:12.0046 1156 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:15:12.0046 1156 ParVdm - ok
14:15:12.0078 1156 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:15:12.0078 1156 PCI - ok
14:15:12.0093 1156 PCIDump - ok
14:15:12.0109 1156 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:15:12.0125 1156 PCIIde - ok
14:15:12.0156 1156 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:15:12.0171 1156 Pcmcia - ok
14:15:12.0187 1156 PDCOMP - ok
14:15:12.0203 1156 PDFRAME - ok
14:15:12.0234 1156 PDRELI - ok
14:15:12.0250 1156 PDRFRAME - ok
14:15:12.0281 1156 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
14:15:12.0281 1156 perc2 - ok
14:15:12.0312 1156 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:15:12.0312 1156 perc2hib - ok
14:15:12.0390 1156 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:15:12.0406 1156 PlugPlay - ok
14:15:12.0453 1156 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
14:15:12.0453 1156 Pml Driver HPZ12 - ok
14:15:12.0468 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:15:12.0484 1156 PolicyAgent - ok
14:15:12.0531 1156 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:15:12.0531 1156 PptpMiniport - ok
14:15:12.0546 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:15:12.0546 1156 ProtectedStorage - ok
14:15:12.0578 1156 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:15:12.0578 1156 PSched - ok
14:15:12.0640 1156 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:15:12.0640 1156 Ptilink - ok
14:15:12.0687 1156 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:15:12.0687 1156 PxHelp20 - ok
14:15:12.0718 1156 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:15:12.0718 1156 ql1080 - ok
14:15:12.0734 1156 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:15:12.0750 1156 Ql10wnt - ok
14:15:12.0781 1156 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:15:12.0781 1156 ql12160 - ok
14:15:12.0796 1156 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:15:12.0796 1156 ql1240 - ok
14:15:12.0828 1156 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:15:12.0828 1156 ql1280 - ok
14:15:12.0875 1156 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:15:12.0875 1156 RasAcd - ok
14:15:12.0906 1156 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:15:12.0921 1156 RasAuto - ok
14:15:12.0953 1156 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:15:12.0953 1156 Rasl2tp - ok
14:15:13.0000 1156 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:15:13.0000 1156 RasMan - ok
14:15:13.0031 1156 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:15:13.0031 1156 RasPppoe - ok
14:15:13.0046 1156 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:15:13.0062 1156 Raspti - ok
14:15:13.0109 1156 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:15:13.0109 1156 Rdbss - ok
14:15:13.0125 1156 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:15:13.0140 1156 RDPCDD - ok
14:15:13.0187 1156 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:15:13.0187 1156 rdpdr - ok
14:15:13.0250 1156 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:15:13.0250 1156 RDPWD - ok
14:15:13.0312 1156 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:15:13.0312 1156 RDSessMgr - ok
14:15:13.0343 1156 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:15:13.0343 1156 redbook - ok
14:15:13.0390 1156 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:15:13.0390 1156 RemoteAccess - ok
14:15:13.0437 1156 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
14:15:13.0453 1156 RimUsb - ok
14:15:13.0500 1156 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
14:15:13.0500 1156 RimVSerPort - ok
14:15:13.0562 1156 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
14:15:13.0562 1156 ROOTMODEM - ok
14:15:13.0640 1156 [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
14:15:13.0640 1156 Roxio UPnP Renderer 9 - ok
14:15:13.0687 1156 [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
14:15:13.0687 1156 Roxio Upnp Server 9 - ok
14:15:13.0781 1156 [ 78E680A105F47B6AA0003BD23ED9FA51 ] RoxLiveShare9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
14:15:13.0781 1156 RoxLiveShare9 - ok
14:15:13.0859 1156 [ 9D5C024170C376D7CC66ED853FDA9068 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
14:15:13.0890 1156 RoxMediaDB9 - ok
14:15:13.0937 1156 [ 87F175539DBBA297018AA7FCDD563FF7 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
14:15:13.0937 1156 RoxWatch9 - ok
14:15:13.0984 1156 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:15:13.0984 1156 RpcLocator - ok
14:15:14.0031 1156 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:15:14.0046 1156 RpcSs - ok
14:15:14.0109 1156 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:15:14.0109 1156 RSVP - ok
14:15:14.0140 1156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:15:14.0140 1156 SamSs - ok
14:15:14.0187 1156 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:15:14.0187 1156 SASDIFSV - ok
14:15:14.0265 1156 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:15:14.0265 1156 SASKUTIL - ok
14:15:14.0328 1156 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:15:14.0328 1156 SCardSvr - ok
14:15:14.0375 1156 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:15:14.0390 1156 Schedule - ok
14:15:14.0437 1156 [ 83A7FC4EBCDB9D75E88ADF99A2213FC0 ] SDVC05 C:\WINDOWS\system32\Drivers\SDVC05.sys
14:15:14.0437 1156 SDVC05 - ok
14:15:14.0484 1156 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:15:14.0484 1156 Secdrv - ok
14:15:14.0500 1156 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:15:14.0515 1156 seclogon - ok
14:15:14.0593 1156 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
14:15:14.0593 1156 senfilt - ok
14:15:14.0656 1156 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:15:14.0656 1156 SENS - ok
14:15:14.0703 1156 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:15:14.0703 1156 serenum - ok
14:15:14.0734 1156 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:15:14.0734 1156 Serial - ok
14:15:14.0796 1156 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:15:14.0796 1156 Sfloppy - ok
14:15:14.0875 1156 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:15:14.0875 1156 SharedAccess - ok
14:15:14.0921 1156 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:15:14.0921 1156 ShellHWDetection - ok
14:15:14.0937 1156 Simbad - ok
14:15:15.0000 1156 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:15:15.0000 1156 sisagp - ok
14:15:15.0031 1156 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:15:15.0031 1156 SLIP - ok
14:15:15.0078 1156 [ 86C4D93B7B7818D066C52FDB03C6C921 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
14:15:15.0093 1156 smwdm - ok
14:15:15.0156 1156 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:15:15.0156 1156 Sparrow - ok
14:15:15.0203 1156 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:15:15.0203 1156 splitter - ok
14:15:15.0250 1156 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:15:15.0265 1156 Spooler - ok
14:15:15.0296 1156 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:15:15.0296 1156 sr - ok
14:15:15.0359 1156 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:15:15.0359 1156 srservice - ok
14:15:15.0390 1156 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:15:15.0406 1156 Srv - ok
14:15:15.0453 1156 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:15:15.0453 1156 SSDPSRV - ok
14:15:15.0515 1156 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:15:15.0531 1156 stisvc - ok
14:15:15.0562 1156 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:15:15.0562 1156 streamip - ok
14:15:15.0593 1156 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:15:15.0593 1156 swenum - ok
14:15:15.0609 1156 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:15:15.0625 1156 swmidi - ok
14:15:15.0625 1156 SwPrv - ok
14:15:15.0703 1156 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
14:15:15.0703 1156 symc810 - ok
14:15:15.0750 1156 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:15:15.0750 1156 symc8xx - ok
14:15:15.0781 1156 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:15:15.0781 1156 sym_hi - ok
14:15:15.0796 1156 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:15:15.0812 1156 sym_u3 - ok
14:15:15.0859 1156 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:15:15.0859 1156 sysaudio - ok
14:15:15.0921 1156 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:15:15.0921 1156 SysmonLog - ok
14:15:15.0968 1156 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:15:15.0984 1156 TapiSrv - ok
14:15:16.0031 1156 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:15:16.0046 1156 Tcpip - ok
14:15:16.0078 1156 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:15:16.0078 1156 TDPIPE - ok
14:15:16.0125 1156 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:15:16.0125 1156 TDTCP - ok
14:15:16.0156 1156 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:15:16.0156 1156 TermDD - ok
14:15:16.0218 1156 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:15:16.0234 1156 TermService - ok
14:15:16.0265 1156 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:15:16.0265 1156 Themes - ok
14:15:16.0296 1156 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
14:15:16.0296 1156 TosIde - ok
14:15:16.0328 1156 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:15:16.0328 1156 TrkWks - ok
14:15:16.0390 1156 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:15:16.0390 1156 Udfs - ok
14:15:16.0421 1156 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
14:15:16.0421 1156 ultra - ok
14:15:16.0468 1156 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:15:16.0484 1156 Update - ok
14:15:16.0531 1156 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:15:16.0531 1156 upnphost - ok
14:15:16.0578 1156 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:15:16.0578 1156 UPS - ok
14:15:16.0625 1156 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:15:16.0640 1156 USBAAPL - ok
14:15:16.0671 1156 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:15:16.0671 1156 usbaudio - ok
14:15:16.0703 1156 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:15:16.0703 1156 usbccgp - ok
14:15:16.0734 1156 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:15:16.0734 1156 usbehci - ok
14:15:16.0750 1156 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:15:16.0750 1156 usbhub - ok
14:15:16.0781 1156 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:15:16.0781 1156 usbprint - ok
14:15:16.0812 1156 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:15:16.0812 1156 usbscan - ok
14:15:16.0828 1156 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:15:16.0828 1156 USBSTOR - ok
14:15:16.0875 1156 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:15:16.0875 1156 usbuhci - ok
14:15:16.0921 1156 [ E8532CCC886588219BCEB3EA6F9F5339 ] VF0350Afx C:\WINDOWS\system32\Drivers\V0350Afx.sys
14:15:16.0921 1156 VF0350Afx - ok
14:15:16.0953 1156 [ 86326062A90494BDD79CE383511D7D69 ] VF0350Vfx C:\WINDOWS\system32\DRIVERS\V0350VFx.sys
14:15:16.0953 1156 VF0350Vfx - ok
14:15:17.0000 1156 [ 0BFD58F9AD1E953F475526E12B81A85A ] VF0350Vid C:\WINDOWS\system32\DRIVERS\V0350Vid.sys
14:15:17.0000 1156 VF0350Vid - ok
14:15:17.0031 1156 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:15:17.0031 1156 VgaSave - ok
14:15:17.0078 1156 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:15:17.0078 1156 viaagp - ok
14:15:17.0125 1156 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:15:17.0125 1156 ViaIde - ok
14:15:17.0140 1156 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:15:17.0156 1156 VolSnap - ok
14:15:17.0203 1156 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:15:17.0203 1156 VSS - ok
14:15:17.0250 1156 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
14:15:17.0250 1156 w32time - ok
14:15:17.0281 1156 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:15:17.0281 1156 Wanarp - ok
14:15:17.0296 1156 wanatw - ok
14:15:17.0328 1156 WDICA - ok
14:15:17.0375 1156 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:15:17.0375 1156 wdmaud - ok
14:15:17.0406 1156 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:15:17.0406 1156 WebClient - ok
14:15:17.0453 1156 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:15:17.0453 1156 winachsf - ok
14:15:17.0562 1156 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:15:17.0578 1156 winmgmt - ok
14:15:17.0656 1156 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:15:17.0656 1156 WmdmPmSN - ok
14:15:17.0718 1156 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:15:17.0718 1156 WmiApSrv - ok
14:15:17.0828 1156 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:15:17.0843 1156 WMPNetworkSvc - ok
14:15:17.0890 1156 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:15:17.0890 1156 WS2IFSL - ok
14:15:17.0953 1156 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:15:17.0953 1156 wscsvc - ok
14:15:18.0000 1156 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:15:18.0000 1156 WSTCODEC - ok
14:15:18.0046 1156 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:15:18.0062 1156 wuauserv - ok
14:15:18.0109 1156 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:15:18.0109 1156 WudfPf - ok
14:15:18.0140 1156 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:15:18.0140 1156 WudfRd - ok
14:15:18.0171 1156 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:15:18.0171 1156 WudfSvc - ok
14:15:18.0250 1156 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:15:18.0250 1156 WZCSVC - ok
14:15:18.0296 1156 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:15:18.0312 1156 xmlprov - ok
14:15:18.0328 1156 ================ Scan global ===============================
14:15:18.0390 1156 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:15:18.0437 1156 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:15:18.0453 1156 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:15:18.0484 1156 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:15:18.0484 1156 [Global] - ok
14:15:18.0484 1156 ================ Scan MBR ==================================
14:15:18.0515 1156 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
14:15:18.0781 1156 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:15:18.0781 1156 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:15:19.0265 1156 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR4
14:15:19.0421 1156 \Device\Harddisk1\DR4 - ok
14:15:19.0421 1156 ================ Scan VBR ==================================
14:15:19.0437 1156 [ A680DF058B8D9335C54950301EF2D5F5 ] \Device\Harddisk0\DR0\Partition1
14:15:19.0437 1156 \Device\Harddisk0\DR0\Partition1 - ok
14:15:19.0453 1156 [ F06D10F43169EF266E3D9D311B1B8109 ] \Device\Harddisk1\DR4\Partition1
14:15:19.0468 1156 \Device\Harddisk1\DR4\Partition1 - ok
14:15:19.0468 1156 ============================================================
14:15:19.0468 1156 Scan finished
14:15:19.0468 1156 ============================================================
14:15:19.0515 1148 Detected object count: 1
14:15:19.0515 1148 Actual detected object count: 1
14:15:26.0703 1148 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:15:26.0703 1148 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 11 November 2012 - 04:36 PM

Re-run tdss killer and select delete for the item below.


14:15:19.0515 1148 Detected object count: 1
14:15:19.0515 1148 Actual detected object count: 1
14:15:26.0703 1148 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:15:26.0703 1148 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Edited by InadequateInfirmity, 11 November 2012 - 04:36 PM.


#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 11 November 2012 - 04:38 PM

Then re-run tdss killer and make sure that the scan comes up clean and test normal mode.

#13 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 11 November 2012 - 04:53 PM

We're having a little timing issue here :-)

I did rerun tdss and it found 3 threats.

Also, I did the msconfig instructions, and tried to run Norman again in Normal mode, but I got the blue screen again.

Edited by tntmm6, 11 November 2012 - 04:57 PM.


#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 PM

Posted 11 November 2012 - 04:58 PM

Ok can you post the tdss log please.
Re-run Tdss killer in normal mode if possible.

#15 tntmm6

tntmm6
  • Topic Starter

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 11 November 2012 - 05:00 PM

I'm not sure what to do with tdss killer. Do I click continue?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users