Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected?? Can not open any .exe files/programs


  • Please log in to reply
7 replies to this topic

#1 jeffw11

jeffw11

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 20 December 2012 - 07:15 PM

My friend dropped off his computer as he was having a problem. The computer will not run any .exe files. When I try, a dialog box comes up asking what program to use to open the file. I downloaded malwarebytes but since I can not install it, I am getting no where. Also, I try to boot in Safe Mode but the computer will not do that either.

Any suggestions?

Thanks.

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:10 PM

Posted 22 December 2012 - 02:45 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply.

:step2:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 22 December 2012 - 09:01 PM

I got a lot of the computer working again. I can run exe programs so I've done malwarebytes and avg antivirus.

Here are the results from the programs that you wanted me to run.

TDSSKiller:

19:35:18.0140 4872 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:35:18.0765 4872 ============================================================
19:35:18.0765 4872 Current date / time: 2012/12/22 19:35:18.0765
19:35:18.0765 4872 SystemInfo:
19:35:18.0765 4872
19:35:18.0765 4872 OS Version: 5.1.2600 ServicePack: 3.0
19:35:18.0765 4872 Product type: Workstation
19:35:18.0765 4872 ComputerName: D8T3VZC1
19:35:18.0781 4872 UserName: The Leitners
19:35:18.0781 4872 Windows directory: C:\WINDOWS
19:35:18.0781 4872 System windows directory: C:\WINDOWS
19:35:18.0781 4872 Processor architecture: Intel x86
19:35:18.0781 4872 Number of processors: 2
19:35:18.0781 4872 Page size: 0x1000
19:35:18.0781 4872 Boot type: Normal boot
19:35:18.0781 4872 ============================================================
19:35:20.0250 4872 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:20.0296 4872 ============================================================
19:35:20.0296 4872 \Device\Harddisk0\DR0:
19:35:20.0312 4872 MBR partitions:
19:35:20.0312 4872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x123EC0EE
19:35:20.0312 4872 ============================================================
19:35:20.0390 4872 C: <-> \Device\Harddisk0\DR0\Partition1
19:35:20.0406 4872 ============================================================
19:35:20.0406 4872 Initialize success
19:35:20.0406 4872 ============================================================
19:35:53.0968 4328 ============================================================
19:35:53.0968 4328 Scan started
19:35:53.0968 4328 Mode: Manual; SigCheck; TDLFS;
19:35:53.0968 4328 ============================================================
19:35:55.0093 4328 ================ Scan system memory ========================
19:35:55.0109 4328 System memory - ok
19:35:55.0109 4328 ================ Scan services =============================
19:35:55.0171 4328 Abiosdsk - ok
19:35:55.0203 4328 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:35:56.0875 4328 abp480n5 - ok
19:35:56.0906 4328 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:35:57.0093 4328 ACPI - ok
19:35:57.0109 4328 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:35:57.0281 4328 ACPIEC - ok
19:35:57.0343 4328 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:35:57.0359 4328 AdobeFlashPlayerUpdateSvc - ok
19:35:57.0406 4328 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:35:57.0578 4328 adpu160m - ok
19:35:57.0593 4328 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:35:57.0750 4328 aec - ok
19:35:57.0781 4328 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:35:57.0937 4328 AFD - ok
19:35:57.0968 4328 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:35:58.0109 4328 agp440 - ok
19:35:58.0125 4328 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:35:58.0265 4328 agpCPQ - ok
19:35:58.0281 4328 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:35:58.0375 4328 Aha154x - ok
19:35:58.0406 4328 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:35:58.0593 4328 aic78u2 - ok
19:35:58.0609 4328 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:35:58.0765 4328 aic78xx - ok
19:35:58.0796 4328 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:35:58.0937 4328 Alerter - ok
19:35:58.0953 4328 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:35:59.0140 4328 ALG - ok
19:35:59.0156 4328 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:35:59.0312 4328 AliIde - ok
19:35:59.0343 4328 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:35:59.0500 4328 alim1541 - ok
19:35:59.0531 4328 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:35:59.0671 4328 amdagp - ok
19:35:59.0671 4328 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
19:35:59.0750 4328 amsint - ok
19:35:59.0843 4328 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:35:59.0875 4328 Apple Mobile Device - ok
19:35:59.0875 4328 AppMgmt - ok
19:35:59.0890 4328 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
19:36:00.0078 4328 asc - ok
19:36:00.0093 4328 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:36:00.0156 4328 asc3350p - ok
19:36:00.0171 4328 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:36:00.0359 4328 asc3550 - ok
19:36:00.0437 4328 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:36:00.0500 4328 aspnet_state - ok
19:36:00.0531 4328 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:36:00.0703 4328 AsyncMac - ok
19:36:00.0718 4328 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:36:00.0843 4328 atapi - ok
19:36:00.0843 4328 Atdisk - ok
19:36:00.0859 4328 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:36:01.0000 4328 Atmarpc - ok
19:36:01.0031 4328 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:36:01.0218 4328 AudioSrv - ok
19:36:01.0250 4328 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:36:01.0421 4328 audstub - ok
19:36:01.0609 4328 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
19:36:01.0921 4328 AVGIDSAgent - ok
19:36:01.0968 4328 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
19:36:02.0125 4328 AVGIDSDriver - ok
19:36:02.0156 4328 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
19:36:02.0187 4328 AVGIDSHX - ok
19:36:02.0218 4328 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
19:36:02.0234 4328 AVGIDSShim - ok
19:36:02.0296 4328 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:36:02.0343 4328 Avgldx86 - ok
19:36:02.0375 4328 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
19:36:02.0421 4328 Avglogx - ok
19:36:02.0453 4328 [ 6C7C00B8DD22B4343B47FED148387057 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:36:02.0484 4328 Avgmfx86 - ok
19:36:02.0500 4328 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:36:02.0515 4328 Avgrkx86 - ok
19:36:02.0546 4328 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:36:02.0562 4328 Avgtdix - ok
19:36:02.0609 4328 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
19:36:02.0640 4328 avgwd - ok
19:36:02.0656 4328 [ 78E7B52DA292FA90BAD2F887BBF22159 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:36:02.0750 4328 bcm4sbxp - ok
19:36:02.0781 4328 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:36:02.0937 4328 Beep - ok
19:36:03.0015 4328 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:36:03.0218 4328 BITS - ok
19:36:03.0250 4328 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
19:36:03.0390 4328 Browser - ok
19:36:03.0531 4328 [ EBBA16A88F517BFB1B7681ABF006C8B0 ] Browser Manager C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
19:36:03.0687 4328 Browser Manager - ok
19:36:03.0718 4328 catchme - ok
19:36:03.0750 4328 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:36:03.0906 4328 cbidf - ok
19:36:03.0906 4328 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:36:04.0062 4328 cbidf2k - ok
19:36:04.0093 4328 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:36:04.0203 4328 cd20xrnt - ok
19:36:04.0218 4328 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:36:04.0375 4328 Cdaudio - ok
19:36:04.0406 4328 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:36:04.0531 4328 Cdfs - ok
19:36:04.0546 4328 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:36:04.0687 4328 Cdrom - ok
19:36:04.0687 4328 Changer - ok
19:36:04.0703 4328 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:36:04.0859 4328 CiSvc - ok
19:36:04.0890 4328 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:36:05.0031 4328 ClipSrv - ok
19:36:05.0062 4328 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:05.0156 4328 clr_optimization_v2.0.50727_32 - ok
19:36:05.0171 4328 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:36:05.0375 4328 CmdIde - ok
19:36:05.0375 4328 COMSysApp - ok
19:36:05.0406 4328 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:36:05.0562 4328 Cpqarray - ok
19:36:05.0593 4328 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:36:05.0750 4328 CryptSvc - ok
19:36:05.0781 4328 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:36:05.0953 4328 dac2w2k - ok
19:36:05.0968 4328 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:36:06.0125 4328 dac960nt - ok
19:36:06.0156 4328 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:36:06.0250 4328 DcomLaunch - ok
19:36:06.0296 4328 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:36:06.0437 4328 Dhcp - ok
19:36:06.0453 4328 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:36:06.0609 4328 Disk - ok
19:36:06.0609 4328 dmadmin - ok
19:36:06.0656 4328 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:36:06.0875 4328 dmboot - ok
19:36:06.0906 4328 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:36:07.0062 4328 dmio - ok
19:36:07.0078 4328 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:36:07.0234 4328 dmload - ok
19:36:07.0265 4328 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:36:07.0390 4328 dmserver - ok
19:36:07.0453 4328 [ 4AC7157B62F876FCAE60FD692086CEB9 ] DMService C:\WINDOWS\DOWNLO~1\DMService.exe
19:36:07.0531 4328 DMService - ok
19:36:07.0562 4328 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:36:07.0734 4328 DMusic - ok
19:36:07.0765 4328 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:36:07.0890 4328 Dnscache - ok
19:36:07.0906 4328 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:36:08.0046 4328 Dot3svc - ok
19:36:08.0062 4328 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:36:08.0234 4328 dpti2o - ok
19:36:08.0265 4328 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:36:08.0421 4328 drmkaud - ok
19:36:08.0468 4328 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
19:36:08.0796 4328 DSproct ( UnsignedFile.Multi.Generic ) - warning
19:36:08.0796 4328 DSproct - detected UnsignedFile.Multi.Generic (1)
19:36:08.0828 4328 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:36:08.0984 4328 E100B - ok
19:36:09.0015 4328 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:36:09.0187 4328 EapHost - ok
19:36:09.0218 4328 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:36:09.0375 4328 ERSvc - ok
19:36:09.0406 4328 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:36:09.0453 4328 Eventlog - ok
19:36:09.0484 4328 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:36:09.0562 4328 EventSystem - ok
19:36:09.0593 4328 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:36:09.0734 4328 Fastfat - ok
19:36:09.0781 4328 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:36:09.0875 4328 FastUserSwitchingCompatibility - ok
19:36:09.0906 4328 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:36:10.0046 4328 Fax - ok
19:36:10.0062 4328 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:36:10.0218 4328 Fdc - ok
19:36:10.0250 4328 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:36:10.0390 4328 Fips - ok
19:36:10.0406 4328 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:36:10.0609 4328 Flpydisk - ok
19:36:10.0640 4328 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:36:10.0796 4328 FltMgr - ok
19:36:10.0843 4328 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:10.0875 4328 FontCache3.0.0.0 - ok
19:36:10.0890 4328 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:36:11.0046 4328 Fs_Rec - ok
19:36:11.0078 4328 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:36:11.0265 4328 Ftdisk - ok
19:36:11.0296 4328 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:36:11.0312 4328 GEARAspiWDM - ok
19:36:11.0343 4328 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:36:11.0500 4328 Gpc - ok
19:36:11.0546 4328 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:11.0578 4328 gupdate - ok
19:36:11.0593 4328 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:11.0609 4328 gupdatem - ok
19:36:11.0640 4328 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:36:11.0656 4328 gusvc - ok
19:36:11.0687 4328 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:36:11.0828 4328 HDAudBus - ok
19:36:11.0875 4328 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:36:12.0031 4328 helpsvc - ok
19:36:12.0046 4328 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:36:12.0203 4328 HidServ - ok
19:36:12.0234 4328 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:36:12.0359 4328 HidUsb - ok
19:36:12.0390 4328 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:36:12.0546 4328 hkmsvc - ok
19:36:12.0562 4328 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
19:36:12.0703 4328 hpn - ok
19:36:12.0734 4328 [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
19:36:12.0859 4328 HSFHWBS2 - ok
19:36:12.0890 4328 [ EBB354438A4C5A3327FB97306260714A ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
19:36:13.0078 4328 HSF_DP - ok
19:36:13.0109 4328 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:36:13.0187 4328 HTTP - ok
19:36:13.0203 4328 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:36:13.0390 4328 HTTPFilter - ok
19:36:13.0390 4328 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
19:36:13.0531 4328 i2omgmt - ok
19:36:13.0546 4328 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:36:13.0671 4328 i2omp - ok
19:36:13.0687 4328 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:36:13.0843 4328 i8042prt - ok
19:36:13.0906 4328 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:13.0968 4328 idsvc - ok
19:36:14.0000 4328 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:36:14.0156 4328 Imapi - ok
19:36:14.0187 4328 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:36:14.0312 4328 ImapiService - ok
19:36:14.0328 4328 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:36:14.0500 4328 ini910u - ok
19:36:14.0515 4328 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:36:14.0656 4328 IntelIde - ok
19:36:14.0687 4328 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:36:14.0796 4328 intelppm - ok
19:36:14.0812 4328 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:36:14.0984 4328 Ip6Fw - ok
19:36:15.0000 4328 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:36:15.0187 4328 IpFilterDriver - ok
19:36:15.0203 4328 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:36:15.0312 4328 IpInIp - ok
19:36:15.0343 4328 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:36:15.0468 4328 IpNat - ok
19:36:15.0515 4328 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:36:15.0609 4328 iPod Service - ok
19:36:15.0640 4328 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:36:15.0812 4328 IPSec - ok
19:36:15.0828 4328 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:36:15.0984 4328 IRENUM - ok
19:36:16.0000 4328 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:36:16.0140 4328 isapnp - ok
19:36:16.0218 4328 [ 6D53710E993F9DDFE5C8F2C048F3AE4D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:36:16.0250 4328 JavaQuickStarterService - ok
19:36:16.0265 4328 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:36:16.0406 4328 Kbdclass - ok
19:36:16.0437 4328 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:36:16.0546 4328 kbdhid - ok
19:36:16.0578 4328 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:36:16.0703 4328 kmixer - ok
19:36:16.0734 4328 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:36:16.0812 4328 KSecDD - ok
19:36:16.0843 4328 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:36:16.0890 4328 lanmanserver - ok
19:36:16.0921 4328 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:36:17.0000 4328 lanmanworkstation - ok
19:36:17.0015 4328 lbrtfdc - ok
19:36:17.0031 4328 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:36:17.0187 4328 LmHosts - ok
19:36:17.0203 4328 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:36:17.0343 4328 mdmxsdk - ok
19:36:17.0375 4328 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:36:17.0515 4328 Messenger - ok
19:36:17.0531 4328 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:36:17.0703 4328 mnmdd - ok
19:36:17.0734 4328 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:36:17.0890 4328 mnmsrvc - ok
19:36:17.0906 4328 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:36:18.0062 4328 Modem - ok
19:36:18.0078 4328 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:36:18.0218 4328 Mouclass - ok
19:36:18.0250 4328 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:36:18.0437 4328 mouhid - ok
19:36:18.0453 4328 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:36:18.0578 4328 MountMgr - ok
19:36:18.0625 4328 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:36:18.0656 4328 MozillaMaintenance - ok
19:36:18.0687 4328 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:36:18.0859 4328 mraid35x - ok
19:36:18.0875 4328 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:36:19.0015 4328 MRxDAV - ok
19:36:19.0046 4328 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:36:19.0140 4328 MRxSmb - ok
19:36:19.0156 4328 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:36:19.0281 4328 Msfs - ok
19:36:19.0296 4328 MSIServer - ok
19:36:19.0328 4328 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:36:19.0453 4328 MSKSSRV - ok
19:36:19.0468 4328 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:36:19.0593 4328 MSPCLOCK - ok
19:36:19.0609 4328 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:36:19.0781 4328 MSPQM - ok
19:36:19.0796 4328 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:36:19.0921 4328 mssmbios - ok
19:36:19.0953 4328 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:36:20.0031 4328 Mup - ok
19:36:20.0062 4328 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:36:20.0203 4328 napagent - ok
19:36:20.0234 4328 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:36:20.0359 4328 NDIS - ok
19:36:20.0390 4328 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:36:20.0453 4328 NdisTapi - ok
19:36:20.0468 4328 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:36:20.0625 4328 Ndisuio - ok
19:36:20.0656 4328 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:36:20.0812 4328 NdisWan - ok
19:36:20.0828 4328 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:36:20.0890 4328 NDProxy - ok
19:36:20.0921 4328 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:36:21.0062 4328 NetBIOS - ok
19:36:21.0093 4328 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:36:21.0250 4328 NetBT - ok
19:36:21.0281 4328 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:36:21.0437 4328 NetDDE - ok
19:36:21.0437 4328 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:36:21.0562 4328 NetDDEdsdm - ok
19:36:21.0578 4328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:36:21.0703 4328 Netlogon - ok
19:36:21.0734 4328 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:36:21.0875 4328 Netman - ok
19:36:21.0906 4328 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:36:21.0921 4328 NetTcpPortSharing - ok
19:36:21.0984 4328 ngjamoanac - ok
19:36:22.0000 4328 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:36:22.0046 4328 Nla - ok
19:36:22.0062 4328 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:36:22.0218 4328 Npfs - ok
19:36:22.0250 4328 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:36:22.0390 4328 Ntfs - ok
19:36:22.0406 4328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:36:22.0531 4328 NtLmSsp - ok
19:36:22.0562 4328 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:36:22.0703 4328 NtmsSvc - ok
19:36:22.0734 4328 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:36:22.0890 4328 Null - ok
19:36:23.0000 4328 [ 15A6306A0B958BF60F09688D0EE70479 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:36:23.0250 4328 nv - ok
19:36:23.0265 4328 [ EF9941593B2E9B436F64A87DDB570D1A ] nvata C:\WINDOWS\system32\drivers\nvata.sys
19:36:23.0312 4328 nvata - ok
19:36:23.0328 4328 [ 75562456AA672BB5FE56D3C64C6D1C7D ] nvatabus C:\WINDOWS\system32\drivers\nvatabus.sys
19:36:23.0609 4328 nvatabus ( UnsignedFile.Multi.Generic ) - warning
19:36:23.0609 4328 nvatabus - detected UnsignedFile.Multi.Generic (1)
19:36:23.0625 4328 [ 1D4781A5957300DC81B91161B45704BB ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
19:36:23.0984 4328 nvraid ( UnsignedFile.Multi.Generic ) - warning
19:36:23.0984 4328 nvraid - detected UnsignedFile.Multi.Generic (1)
19:36:24.0015 4328 [ 986D6666E076AFD2B60ACAFD5B01A00F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
19:36:24.0078 4328 NVSvc - ok
19:36:24.0109 4328 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:36:24.0296 4328 NwlnkFlt - ok
19:36:24.0312 4328 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:36:24.0500 4328 NwlnkFwd - ok
19:36:24.0531 4328 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:36:24.0656 4328 Parport - ok
19:36:24.0671 4328 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:36:24.0812 4328 PartMgr - ok
19:36:24.0828 4328 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:36:25.0015 4328 ParVdm - ok
19:36:25.0046 4328 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:36:25.0156 4328 PCI - ok
19:36:25.0171 4328 PCIDump - ok
19:36:25.0187 4328 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:36:25.0343 4328 PCIIde - ok
19:36:25.0375 4328 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:36:25.0515 4328 Pcmcia - ok
19:36:25.0515 4328 PDCOMP - ok
19:36:25.0531 4328 PDFRAME - ok
19:36:25.0531 4328 PDRELI - ok
19:36:25.0546 4328 PDRFRAME - ok
19:36:25.0562 4328 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
19:36:25.0718 4328 perc2 - ok
19:36:25.0734 4328 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:36:25.0921 4328 perc2hib - ok
19:36:25.0953 4328 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:36:25.0984 4328 PlugPlay - ok
19:36:26.0015 4328 [ A9D6B1E7EF097C7F3B5DC4F56C0E7386 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
19:36:26.0031 4328 PnkBstrA - ok
19:36:26.0046 4328 [ 422DA66A09822B52162C12BEC9E5BBC5 ] PnkBstrB C:\WINDOWS\system32\PnkBstrB.exe
19:36:26.0078 4328 PnkBstrB - ok
19:36:26.0078 4328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:36:26.0203 4328 PolicyAgent - ok
19:36:26.0218 4328 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:36:26.0406 4328 PptpMiniport - ok
19:36:26.0421 4328 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:36:26.0546 4328 Processor - ok
19:36:26.0562 4328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:36:26.0687 4328 ProtectedStorage - ok
19:36:26.0703 4328 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:36:26.0843 4328 PSched - ok
19:36:26.0859 4328 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:36:27.0015 4328 Ptilink - ok
19:36:27.0031 4328 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:36:27.0343 4328 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:36:27.0343 4328 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:36:27.0375 4328 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:36:27.0546 4328 ql1080 - ok
19:36:27.0562 4328 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:36:27.0718 4328 Ql10wnt - ok
19:36:27.0750 4328 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:36:27.0890 4328 ql12160 - ok
19:36:27.0906 4328 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:36:28.0078 4328 ql1240 - ok
19:36:28.0093 4328 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:36:28.0234 4328 ql1280 - ok
19:36:28.0265 4328 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:36:28.0406 4328 RasAcd - ok
19:36:28.0437 4328 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:36:28.0562 4328 RasAuto - ok
19:36:28.0578 4328 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:36:28.0703 4328 Rasl2tp - ok
19:36:28.0750 4328 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:36:28.0921 4328 RasMan - ok
19:36:28.0937 4328 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:36:29.0078 4328 RasPppoe - ok
19:36:29.0093 4328 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:36:29.0265 4328 Raspti - ok
19:36:29.0281 4328 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:36:29.0437 4328 Rdbss - ok
19:36:29.0453 4328 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:36:29.0593 4328 RDPCDD - ok
19:36:29.0625 4328 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:36:29.0750 4328 rdpdr - ok
19:36:29.0781 4328 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:36:29.0843 4328 RDPWD - ok
19:36:29.0875 4328 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:36:30.0015 4328 RDSessMgr - ok
19:36:30.0046 4328 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:36:30.0156 4328 redbook - ok
19:36:30.0203 4328 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:36:30.0328 4328 RemoteAccess - ok
19:36:30.0359 4328 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:36:30.0484 4328 RpcLocator - ok
19:36:30.0515 4328 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:36:30.0546 4328 RpcSs - ok
19:36:30.0562 4328 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:36:30.0734 4328 RSVP - ok
19:36:30.0750 4328 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:36:30.0859 4328 SamSs - ok
19:36:30.0890 4328 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:36:31.0031 4328 SCardSvr - ok
19:36:31.0062 4328 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:36:31.0203 4328 Schedule - ok
19:36:31.0234 4328 [ 07F7F501AD50DE2BA2D5842D9B6D6155 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:36:31.0656 4328 Secdrv ( UnsignedFile.Multi.Generic ) - warning
19:36:31.0656 4328 Secdrv - detected UnsignedFile.Multi.Generic (1)
19:36:31.0687 4328 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:36:31.0828 4328 seclogon - ok
19:36:31.0843 4328 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:36:31.0984 4328 SENS - ok
19:36:32.0015 4328 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:36:32.0187 4328 serenum - ok
19:36:32.0203 4328 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:36:32.0343 4328 Serial - ok
19:36:32.0359 4328 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:36:32.0515 4328 Sfloppy - ok
19:36:32.0562 4328 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:36:32.0734 4328 SharedAccess - ok
19:36:32.0750 4328 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:36:32.0781 4328 ShellHWDetection - ok
19:36:32.0781 4328 Simbad - ok
19:36:32.0812 4328 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:36:32.0921 4328 sisagp - ok
19:36:32.0953 4328 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
19:36:32.0968 4328 SmartDefragDriver - ok
19:36:33.0281 4328 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:36:33.0359 4328 Sparrow - ok
19:36:33.0375 4328 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:36:33.0531 4328 splitter - ok
19:36:33.0546 4328 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:36:33.0625 4328 Spooler - ok
19:36:33.0640 4328 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:36:33.0843 4328 sr - ok
19:36:33.0859 4328 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:36:33.0984 4328 srservice - ok
19:36:34.0015 4328 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:36:34.0109 4328 Srv - ok
19:36:34.0140 4328 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
19:36:34.0156 4328 sscdbus - ok
19:36:34.0171 4328 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
19:36:34.0187 4328 sscdmdfl - ok
19:36:34.0218 4328 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
19:36:34.0234 4328 sscdmdm - ok
19:36:34.0265 4328 [ D04BD59F28C78E2E66632092CAFC0A2B ] sscdserd C:\WINDOWS\system32\DRIVERS\sscdserd.sys
19:36:34.0281 4328 sscdserd - ok
19:36:34.0312 4328 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:36:34.0437 4328 SSDPSRV - ok
19:36:34.0484 4328 [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
19:36:34.0703 4328 STHDA - ok
19:36:34.0734 4328 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:36:34.0875 4328 stisvc - ok
19:36:34.0890 4328 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:36:35.0031 4328 swenum - ok
19:36:35.0046 4328 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:36:35.0171 4328 swmidi - ok
19:36:35.0171 4328 SwPrv - ok
19:36:35.0203 4328 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
19:36:35.0359 4328 symc810 - ok
19:36:35.0390 4328 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:36:35.0546 4328 symc8xx - ok
19:36:35.0578 4328 SYMIDSCO - ok
19:36:35.0593 4328 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:36:35.0781 4328 sym_hi - ok
19:36:35.0796 4328 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:36:35.0937 4328 sym_u3 - ok
19:36:35.0968 4328 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:36:36.0109 4328 sysaudio - ok
19:36:36.0140 4328 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:36:36.0265 4328 SysmonLog - ok
19:36:36.0296 4328 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:36:36.0421 4328 TapiSrv - ok
19:36:36.0468 4328 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:36:36.0515 4328 Tcpip - ok
19:36:36.0546 4328 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:36:36.0671 4328 TDPIPE - ok
19:36:36.0687 4328 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:36:36.0812 4328 TDTCP - ok
19:36:36.0828 4328 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:36:36.0984 4328 TermDD - ok
19:36:37.0015 4328 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:36:37.0156 4328 TermService - ok
19:36:37.0171 4328 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:36:37.0187 4328 Themes - ok
19:36:37.0218 4328 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
19:36:37.0375 4328 TosIde - ok
19:36:37.0406 4328 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:36:37.0562 4328 TrkWks - ok
19:36:37.0625 4328 [ 90EA2F8A920EE567029089B6A3C05C96 ] uagqecsvc C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
19:36:37.0671 4328 uagqecsvc - ok
19:36:37.0687 4328 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:36:37.0843 4328 Udfs - ok
19:36:37.0859 4328 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
19:36:37.0921 4328 ultra - ok
19:36:37.0968 4328 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:36:38.0156 4328 Update - ok
19:36:38.0187 4328 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:36:38.0328 4328 upnphost - ok
19:36:38.0359 4328 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:36:38.0515 4328 UPS - ok
19:36:38.0546 4328 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
19:36:38.0875 4328 USBAAPL - ok
19:36:38.0906 4328 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:36:39.0046 4328 usbaudio - ok
19:36:39.0062 4328 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:36:39.0234 4328 usbccgp - ok
19:36:39.0250 4328 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:36:39.0390 4328 usbehci - ok
19:36:39.0421 4328 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:36:39.0562 4328 usbhub - ok
19:36:39.0578 4328 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:36:39.0718 4328 usbohci - ok
19:36:39.0734 4328 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:36:39.0859 4328 usbprint - ok
19:36:39.0875 4328 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:36:40.0000 4328 usbscan - ok
19:36:40.0015 4328 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:36:40.0171 4328 USBSTOR - ok
19:36:40.0187 4328 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:36:40.0296 4328 usbuhci - ok
19:36:40.0328 4328 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:36:40.0453 4328 VgaSave - ok
19:36:40.0484 4328 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:36:40.0609 4328 viaagp - ok
19:36:40.0625 4328 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:36:40.0765 4328 ViaIde - ok
19:36:40.0781 4328 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:36:40.0953 4328 VolSnap - ok
19:36:40.0968 4328 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:36:41.0093 4328 VSS - ok
19:36:41.0125 4328 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
19:36:41.0265 4328 w32time - ok
19:36:41.0296 4328 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:36:41.0453 4328 Wanarp - ok
19:36:41.0453 4328 WDICA - ok
19:36:41.0468 4328 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:36:41.0640 4328 wdmaud - ok
19:36:41.0640 4328 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:36:41.0781 4328 WebClient - ok
19:36:41.0828 4328 [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE ] winachsf C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
19:36:41.0968 4328 winachsf - ok
19:36:42.0031 4328 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:36:42.0156 4328 winmgmt - ok
19:36:42.0187 4328 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:36:42.0281 4328 WmdmPmSN - ok
19:36:42.0312 4328 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:36:42.0468 4328 WmiApSrv - ok
19:36:42.0546 4328 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:36:42.0625 4328 WMPNetworkSvc - ok
19:36:42.0687 4328 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:36:42.0734 4328 WpdUsb - ok
19:36:42.0750 4328 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:36:42.0921 4328 WS2IFSL - ok
19:36:42.0937 4328 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:36:43.0109 4328 wscsvc - ok
19:36:43.0125 4328 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:36:43.0265 4328 wuauserv - ok
19:36:43.0296 4328 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:36:43.0375 4328 WudfPf - ok
19:36:43.0390 4328 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:36:43.0437 4328 WudfRd - ok
19:36:43.0453 4328 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:36:43.0515 4328 WudfSvc - ok
19:36:43.0562 4328 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:36:43.0750 4328 WZCSVC - ok
19:36:43.0765 4328 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:36:43.0906 4328 xmlprov - ok
19:36:43.0953 4328 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:36:44.0015 4328 YahooAUService - ok
19:36:44.0062 4328 [ EA6F371D2FB0DBCF87BEF9529A794DA7 ] ZDManager Service C:\Program Files\ZD Systems\ZD Manager\ZDManagerService.exe
19:36:44.0734 4328 ZDManager Service ( UnsignedFile.Multi.Generic ) - warning
19:36:44.0734 4328 ZDManager Service - detected UnsignedFile.Multi.Generic (1)
19:36:44.0750 4328 ================ Scan global ===============================
19:36:44.0781 4328 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:36:44.0843 4328 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
19:36:44.0859 4328 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
19:36:44.0875 4328 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:36:44.0875 4328 [Global] - ok
19:36:44.0875 4328 ================ Scan MBR ==================================
19:36:44.0906 4328 [ 91722E6BC3A2B40FF00222DCA4A3DB3E ] \Device\Harddisk0\DR0
19:36:44.0906 4328 Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:36:44.0921 4328 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
19:36:44.0921 4328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
19:36:44.0984 4328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:36:44.0984 4328 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:36:44.0984 4328 ================ Scan VBR ==================================
19:36:45.0015 4328 [ F5E967A8824250B0F7B149EF2E2DB8EF ] \Device\Harddisk0\DR0\Partition1
19:36:45.0015 4328 \Device\Harddisk0\DR0\Partition1 - ok
19:36:45.0015 4328 ============================================================
19:36:45.0015 4328 Scan finished
19:36:45.0015 4328 ============================================================
19:36:45.0125 0964 Detected object count: 8
19:36:45.0125 0964 Actual detected object count: 8
19:38:06.0218 0964 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:06.0218 0964 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:06.0218 0964 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:06.0218 0964 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:06.0218 0964 nvraid ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:06.0218 0964 nvraid ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:06.0234 0964 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:06.0234 0964 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:06.0234 0964 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:06.0234 0964 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:06.0234 0964 ZDManager Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:06.0234 0964 ZDManager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:06.0984 0964 \Device\Harddisk0\DR0\# - copied to quarantine
19:38:06.0984 0964 \Device\Harddisk0\DR0 - copied to quarantine
19:38:07.0046 0964 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
19:38:07.0046 0964 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
19:38:07.0046 0964 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
19:38:07.0046 0964 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
19:38:07.0046 0964 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
19:38:07.0062 0964 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
19:38:07.0078 0964 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
19:38:07.0078 0964 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
19:38:07.0078 0964 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
19:38:07.0093 0964 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:38:07.0109 0964 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:38:07.0109 0964 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:38:07.0109 0964 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:38:07.0109 0964 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
19:38:07.0109 0964 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
19:38:07.0109 0964 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
19:38:07.0156 0964 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
19:38:07.0187 0964 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
19:38:07.0203 0964 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
19:38:07.0218 0964 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
19:38:07.0218 0964 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
19:38:07.0234 0964 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
19:38:07.0250 0964 \Device\Harddisk0\DR0 - ok
19:38:07.0265 0964 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
19:38:07.0265 0964 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:38:07.0265 0964 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:38:16.0843 4828 Deinitialize success


Security Check:

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2013
ESET Online Scanner v3
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java™ 6 Update 38
Java version out of Date!
Adobe Flash Player 11.5.502.135
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````


FarBar Service Scanner:

Farbar Service Scanner Version: 10-12-2012
Ran by The Leitners (administrator) on 22-12-2012 at 19:51:30
Running from "C:\Documents and Settings\The Leitners\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****


MiniToolBox

MiniToolBox by Farbar Version: 25-11-2012
Ran by The Leitners (administrator) on 22-12-2012 at 19:54:13
Running from "C:\Documents and Settings\The Leitners\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : D8T3VZC1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-1A-A0-40-CD-0B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.141

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Saturday, December 22, 2012 7:40:22 PM

Lease Expires . . . . . . . . . . : Sunday, December 23, 2012 7:40:22 PM

Server: DD-WRT
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.68, 74.125.225.64, 74.125.225.65, 74.125.225.66
74.125.225.78, 74.125.225.67, 74.125.225.73, 74.125.225.70, 74.125.225.72
74.125.225.69, 74.125.225.71



Pinging google.com [74.125.225.71] with 32 bytes of data:



Reply from 74.125.225.71: bytes=32 time=22ms TTL=54

Reply from 74.125.225.71: bytes=32 time=22ms TTL=54



Ping statistics for 74.125.225.71:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 22ms, Average = 22ms

Server: DD-WRT
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=112ms TTL=50

Reply from 98.138.253.109: bytes=32 time=121ms TTL=50



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 112ms, Maximum = 121ms, Average = 116ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a a0 40 cd 0b ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.141 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.141 192.168.1.141 20
192.168.1.141 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.141 192.168.1.141 20
224.0.0.0 240.0.0.0 192.168.1.141 192.168.1.141 20
255.255.255.255 255.255.255.255 192.168.1.141 192.168.1.141 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/22/2012 04:19:09 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 16.0.2.4680, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/22/2012 04:14:57 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1015318745.

Error: (12/22/2012 04:14:51 PM) (Source: Application Hang) (User: )
Description: Hanging application RebateInf.exe, version 1.0.0.98, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/22/2012 06:08:48 AM) (Source: Application Hang) (User: )
Description: Fault bucket 736166847.

Error: (12/22/2012 06:08:44 AM) (Source: Application Hang) (User: )
Description: Hanging application notepad.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/21/2012 08:19:35 PM) (Source: MsiInstaller) (User: D8T3VZC1)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error: (12/21/2012 08:12:41 PM) (Source: MsiInstaller) (User: D8T3VZC1)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error: (12/21/2012 08:06:36 PM) (Source: MSSHA) (User: )
Description: The Windows Security Health Agent could not be initialized.
Failure Code: 80070424.

Error: (12/21/2012 06:59:42 PM) (Source: MSSHA) (User: )
Description: The Windows Security Health Agent could not be initialized.
Failure Code: 80070424.

Error: (12/21/2012 06:50:43 PM) (Source: MSSHA) (User: )
Description: The Windows Security Health Agent could not be initialized.
Failure Code: 80070424.


System errors:
=============
Error: (12/22/2012 07:41:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
atapi
nvatabus
nvraid
PCIIde

Error: (12/22/2012 06:03:53 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/22/2012 06:03:53 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/22/2012 06:03:53 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/22/2012 06:03:52 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/22/2012 06:03:52 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/22/2012 06:03:52 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/22/2012 06:03:52 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/22/2012 06:03:52 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (12/22/2012 06:03:52 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (12/22/2012 04:19:09 PM) (Source: Application Hang)(User: )
Description: firefox.exe16.0.2.4680hungapp0.0.0.000000000

Error: (12/22/2012 04:14:57 PM) (Source: Application Hang)(User: )
Description: -1015318745

Error: (12/22/2012 04:14:51 PM) (Source: Application Hang)(User: )
Description: RebateInf.exe1.0.0.98hungapp0.0.0.000000000

Error: (12/22/2012 06:08:48 AM) (Source: Application Hang)(User: )
Description: 736166847

Error: (12/22/2012 06:08:44 AM) (Source: Application Hang)(User: )
Description: notepad.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (12/21/2012 08:19:35 PM) (Source: MsiInstaller)(User: D8T3VZC1)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed(NULL)(NULL)(NULL)

Error: (12/21/2012 08:12:41 PM) (Source: MsiInstaller)(User: D8T3VZC1)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed(NULL)(NULL)(NULL)

Error: (12/21/2012 08:06:36 PM) (Source: MSSHA)(User: )
Description: 80070424

Error: (12/21/2012 06:59:42 PM) (Source: MSSHA)(User: )
Description: 80070424

Error: (12/21/2012 06:50:43 PM) (Source: MSSHA)(User: )
Description: 80070424


=========================== Installed Programs ============================

7-zip v9.20 (Version: v9.20)
Adobe AIR (Version: 3.5.0.600)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
AVG 2013 (Version: 13.0.2637)
AVG 2013 (Version: 13.0.2805)
AVG 2013 (Version: 2013.0.2805)
Browser Manager
CCleaner (Version: 3.26)
Corel Paint Shop Pro Photo XI (Version: 11.00.0000)
Critical Update for Windows Media Player 11 (KB959772)
CWA Reminder by We-Care.com v4.1.19.3 (Version: 4.1.19.3)
DefaultTab Chrome (Version: 1.1.14)
Dell CinePlayer (Version: 3.0)
Dell Resource CD (Version: 1.00.0000)
Dell Support 3.2.1 (Version: 5.5.2087)
Dell System Restore (Version: 2.00.0000)
Download Updater (AOL LLC)
Driver Performer (Version: 10.0)
EPSON Printer Software
EPSON Scan
ESET Online Scanner v3
Expert PDF 7 Reader (Version: 7.0.1370.0)
Free File Opener v2011.7.0.1 (Version: 2011.7.0.1)
FriendsChecker (Version: 2.5.55)
Google Chrome (Version: 23.0.1271.97)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.123)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Inbox Toolbar (Version: 1.0.0)
InstaCodecs (Version: 1.0)
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 38 (Version: 6.0.380)
Junk Mail filter update (Version: 14.0.8089.726)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MediaBar (Version: 2.0.0.93720)
MediaBar (Version: 2.5.0.100449)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetAssistant (Version: 3.8.3)
NVIDIA Drivers
QuickTime (Version: 7.71.80.42)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
RebateInformer (Version: 1.0.0.82)
Safari (Version: 5.34.55.3)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.550.0)
Segoe UI (Version: 14.0.4327.805)
SelectionLinks (Version: 1.0)
SiteRanker (Version: 1.0.0.21)
Smart Defrag 2 (Version: 2.7)
Sonic Activation Module (Version: 1.0)
Sonic Update Manager (Version: 3.0.0)
Torch (Version: 2.0.0.1705)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (Version: 1.11.1001)
Verizon Wireless Software Upgrade Assistant - Samsung (Version: 1.11.1201)
WebFldrs XP (Version: 9.50.7523)
WhiteSmokeTranslator (Version: 1.00.6033.12731)
Wincore MediaBar (Version: 4.0.0.2790)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Software Update
Yontoo 1.10.03 (Version: 1.10.03)
YourFileDownloader (Version: 1.0.0)
ZD Manager

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 958.42 MB
Available physical RAM: 429.55 MB
Total Pagefile: 2313.88 MB
Available Pagefile: 1700.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:145.96 GB) (Free:102.4 GB) NTFS

========================= Users: ========================================

User accounts for \\D8T3VZC1

Administrator Guest HelpAssistant
SUPPORT_388945a0 The Leitners

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

24-09-2012 01:05:36 System Checkpoint
25-09-2012 14:39:44 System Checkpoint
26-09-2012 17:36:50 System Checkpoint
27-09-2012 17:54:24 System Checkpoint
28-09-2012 21:11:20 System Checkpoint
30-09-2012 04:17:04 System Checkpoint
01-10-2012 14:18:01 System Checkpoint
02-10-2012 14:52:50 System Checkpoint
03-10-2012 16:10:43 System Checkpoint
03-10-2012 21:50:39 Installed iTunes
05-10-2012 00:09:07 System Checkpoint
06-10-2012 02:03:14 System Checkpoint
07-10-2012 16:54:21 System Checkpoint
08-10-2012 19:23:18 System Checkpoint
10-10-2012 00:09:44 System Checkpoint
11-10-2012 02:05:44 System Checkpoint
12-10-2012 12:58:20 System Checkpoint
14-10-2012 15:41:32 System Checkpoint
15-10-2012 19:19:30 System Checkpoint
16-10-2012 20:45:00 System Checkpoint
18-10-2012 12:39:35 System Checkpoint
19-10-2012 16:54:15 System Checkpoint
20-10-2012 19:06:38 System Checkpoint
22-10-2012 00:11:53 System Checkpoint
23-10-2012 01:02:21 System Checkpoint
24-10-2012 02:18:27 System Checkpoint
25-10-2012 22:35:22 System Checkpoint
26-10-2012 23:42:12 System Checkpoint
28-10-2012 15:11:46 System Checkpoint
29-10-2012 16:08:50 System Checkpoint
30-10-2012 18:38:33 System Checkpoint
31-10-2012 18:41:52 System Checkpoint
01-11-2012 22:44:20 System Checkpoint
03-11-2012 00:38:13 System Checkpoint
04-11-2012 16:15:42 System Checkpoint
05-11-2012 23:55:14 System Checkpoint
07-11-2012 01:48:19 System Checkpoint
09-11-2012 00:13:01 System Checkpoint
10-11-2012 01:15:49 System Checkpoint
11-11-2012 17:09:15 System Checkpoint
12-11-2012 21:12:57 System Checkpoint
13-11-2012 22:07:06 System Checkpoint
15-11-2012 21:15:39 System Checkpoint
16-11-2012 21:50:51 System Checkpoint
18-11-2012 16:41:31 System Checkpoint
19-11-2012 22:59:12 System Checkpoint
21-11-2012 01:59:56 System Checkpoint
22-11-2012 04:03:54 System Checkpoint
23-11-2012 22:46:12 System Checkpoint
25-11-2012 18:17:37 System Checkpoint
27-11-2012 01:15:14 System Checkpoint
28-11-2012 17:13:00 System Checkpoint
29-11-2012 23:21:49 System Checkpoint
01-12-2012 01:40:17 Removed MusicOasis
01-12-2012 01:43:14 Removed Bonjour
02-12-2012 15:25:36 System Checkpoint
03-12-2012 22:39:38 System Checkpoint
04-12-2012 23:12:34 System Checkpoint
06-12-2012 01:21:23 System Checkpoint
07-12-2012 13:36:28 System Checkpoint
08-12-2012 15:23:25 System Checkpoint
09-12-2012 17:55:57 System Checkpoint
12-12-2012 23:55:23 System Checkpoint
16-12-2012 17:38:21 System Checkpoint
18-12-2012 01:25:24 System Checkpoint
20-12-2012 01:53:37 System Checkpoint
21-12-2012 12:11:55 System Checkpoint
22-12-2012 00:57:52 Restore Operation
22-12-2012 01:08:56 Restore Operation
22-12-2012 01:11:10 Restore Operation
22-12-2012 02:13:45 Removed AVG 2011
22-12-2012 02:19:58 Removed AVG 2011
22-12-2012 02:24:01 Installed AVG 2013
22-12-2012 02:24:08 Removed AVG 2011
22-12-2012 02:24:44 Installed AVG 2013
22-12-2012 02:28:01 Removed AVG 2011
22-12-2012 02:39:08 Removed Java™ 6 Update 24
22-12-2012 02:39:46 Installed Java™ 6 Update 38
23-12-2012 00:00:08 Removed Babylon Chrome Toolbar
23-12-2012 00:03:36 Removed SpecialSavings

**** End of log ****


There you go. I will leave the computer as is until you tell me different.

Thanks for the help,
Jeff

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:10 PM

Posted 23 December 2012 - 09:19 AM

Hi

One of the infections identified is a variant of the TDSS rootkit.
Please note the following:

----------------------------

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes.
They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms.
This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.
Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities.
You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say:

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Help: I Got Hacked. Now What Do I Do?.

We will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what information can be accessed from it.

Knowing the above, do you wish to proceed with cleaning the malware from the computer?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 23 December 2012 - 05:02 PM

yes, I would like to clean the malware off of this system. What do we need to do to go ahead?

JEff

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:10 PM

Posted 24 December 2012 - 03:42 PM

Hi

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 25 December 2012 - 09:13 AM

I have completed the steps and have now posted in the other section.

Thank you for your help.

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:10 PM

Posted 25 December 2012 - 10:42 AM

You're welcome :)
Good luck

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users