Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temp Files showing 140Gb, iExplorer.exe running


  • This topic is locked This topic is locked
10 replies to this topic

#1 SkipDiver

SkipDiver

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:05:46 PM

Posted 08 January 2013 - 04:55 PM

Hello Everyone...

I have a computer that got a massive virus on it...I'm thinking more than one...and I have run Malewarebytes a few times and it keeps finding the same ones. I also now have a "corrupted recycle bin" and in my "task manager" iExplorer.exe is always running randomly even when ie isn't open. I've looked in the services for this "Windows_XP" that seems to be the file that starts this, but it doesn't have it. Please help. Its driving me nuts.
Oh...and to top it off...under "Documents and Settings" there is a folder named NetworkService that has a folder in IT called "LocalSettings" and there is a temporary internet files folder that has stored 140Gb of random data on this 150Gb hard drive. I had 300mb left to use. I have manually deleted as much as I can but its starting to drive me nuts. Any suggestions? I am MORE than open to those.

Thank you WAY in advance for helping me in this matter.

DJ

Edited by hamluis, 08 January 2013 - 05:28 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 SkipDiver

SkipDiver
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:05:46 PM

Posted 08 January 2013 - 04:59 PM

...and to add the icing, I can't use Microsoft Update Service when I AM connected to the internet because some of the files are "corupted"

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:46 PM

Posted 08 January 2013 - 08:17 PM

Hello and welcome

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.


Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 SkipDiver

SkipDiver
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:05:46 PM

Posted 09 January 2013 - 08:36 AM

ok...I finally got TDSSKiller to work as it just wouldn't no matter what I did...but changing the name to something COMPLETELY random did it. I'll attach the logs when I get them completed. Thank you!

#5 SkipDiver

SkipDiver
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:05:46 PM

Posted 09 January 2013 - 09:42 AM

Malewarebytes keeps freezing due to being in the "140gb folder" so I'll keep trying on that one till you say differently, but I've attached the rKill and TDSSKiller Logs for you to look at. Again...Thank you.

Here is the rKill Log:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/09/2013 08:17:36 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\svcutil.exe (PID: 156) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\RECYCLER\S-1-5-18\$fcf8319edf1a31a62d2c91c0dbc4452b\ [ZA Dir]
* C:\RECYCLER\S-1-5-18\$fcf8319edf1a31a62d2c91c0dbc4452b\@ [ZA File]
* C:\RECYCLER\S-1-5-18\$fcf8319edf1a31a62d2c91c0dbc4452b\n [ZA File]
* C:\RECYCLER\S-1-5-18\$fcf8319edf1a31a62d2c91c0dbc4452b\U\ [ZA Dir]
* C:\RECYCLER\S-1-5-18\$fcf8319edf1a31a62d2c91c0dbc4452b\U\00000004.@ [ZA File]
* C:\RECYCLER\S-1-5-18\$fcf8319edf1a31a62d2c91c0dbc4452b\U\00000008.@ [ZA File]
* C:\RECYCLER\S-1-5-18\$fcf8319edf1a31a62d2c91c0dbc4452b\U\000000cb.@ [ZA File]
* C:\RECYCLER\S-1-5-18\$fcf8319edf1a31a62d2c91c0dbc4452b\U\80000000.@ [ZA File]
* C:\RECYCLER\S-1-5-18\$fcf8319edf1a31a62d2c91c0dbc4452b\U\80000032.@ [ZA File]
* C:\RECYCLER\S-1-5-21-2577862939-955188120-766292290-1009\$fcf8319edf1a31a62d2c91c0dbc4452b\ [ZA Dir]
* C:\RECYCLER\S-1-5-21-2577862939-955188120-766292290-1009\$fcf8319edf1a31a62d2c91c0dbc4452b\@ [ZA File]
* C:\RECYCLER\S-1-5-21-2577862939-955188120-766292290-1009\$fcf8319edf1a31a62d2c91c0dbc4452b\L\ [ZA Dir]
* C:\RECYCLER\S-1-5-21-2577862939-955188120-766292290-1009\$fcf8319edf1a31a62d2c91c0dbc4452b\U\ [ZA Dir]

Checking Windows Service Integrity:

* BITS [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* Update [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 00:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 02:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com

20 out of 15308 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 01/09/2013 08:18:17 AM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)








Here is the TDSSKiller Log:

08:20:03.0187 3512 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:20:03.0203 3512 ============================================================
08:20:03.0203 3512 Current date / time: 2013/01/09 08:20:03.0203
08:20:03.0203 3512 SystemInfo:
08:20:03.0203 3512
08:20:03.0218 3512 OS Version: 5.1.2600 ServicePack: 3.0
08:20:03.0218 3512 Product type: Workstation
08:20:03.0218 3512 ComputerName: MASTER
08:20:03.0218 3512 UserName: Dwayne
08:20:03.0218 3512 Windows directory: C:\WINDOWS
08:20:03.0218 3512 System windows directory: C:\WINDOWS
08:20:03.0218 3512 Processor architecture: Intel x86
08:20:03.0218 3512 Number of processors: 1
08:20:03.0218 3512 Page size: 0x1000
08:20:03.0218 3512 Boot type: Normal boot
08:20:03.0218 3512 ============================================================
08:20:07.0093 3512 !crdlk
08:20:07.0093 3512 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
08:20:07.0125 3512 Drive \Device\Harddisk1\DR3 - Size: 0x3C3FFE00 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:20:07.0125 3512 ============================================================
08:20:07.0125 3512 \Device\Harddisk0\DR0:
08:20:07.0125 3512 MBR partitions:
08:20:07.0125 3512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
08:20:07.0125 3512 \Device\Harddisk1\DR3:
08:20:07.0125 3512 MBR partitions:
08:20:07.0125 3512 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1E1FC0
08:20:07.0125 3512 ============================================================
08:20:07.0140 3512 C: <-> \Device\Harddisk0\DR0\Partition1
08:20:07.0140 3512 ============================================================
08:20:07.0140 3512 Initialize success
08:20:07.0140 3512 ============================================================
08:20:12.0437 3324 ============================================================
08:20:12.0437 3324 Scan started
08:20:12.0437 3324 Mode: Manual;
08:20:12.0437 3324 ============================================================
08:20:12.0562 3324 ================ Scan system memory ========================
08:20:12.0562 3324 System memory - ok
08:20:12.0562 3324 ================ Scan services =============================
08:20:12.0625 3324 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:20:12.0625 3324 !SASCORE - ok
08:20:12.0687 3324 Suspicious service (NoAccess): 9d826077f7e33709
08:20:12.0796 3324 [ 192D580919D72E4257CB6ACCA8D5D275 ] 9d826077f7e33709 C:\WINDOWS\System32\Drivers\9d826077f7e33709.sys
08:20:12.0796 3324 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\9d826077f7e33709.sys. md5: 192D580919D72E4257CB6ACCA8D5D275
08:20:12.0984 3324 9d826077f7e33709 ( Rootkit.Win32.Necurs.gen ) - infected
08:20:12.0984 3324 9d826077f7e33709 - detected Rootkit.Win32.Necurs.gen (0)
08:20:13.0062 3324 [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
08:20:13.0062 3324 a2acc - ok
08:20:13.0156 3324 [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe
08:20:13.0171 3324 a2AntiMalware - ok
08:20:13.0234 3324 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
08:20:13.0234 3324 A2DDA - ok
08:20:13.0265 3324 Abiosdsk - ok
08:20:13.0281 3324 abp480n5 - ok
08:20:13.0296 3324 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
08:20:13.0312 3324 ac97intc - ok
08:20:13.0359 3324 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:20:13.0359 3324 ACPI - ok
08:20:13.0406 3324 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:20:13.0406 3324 ACPIEC - ok
08:20:13.0437 3324 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:20:13.0437 3324 adpu160m - ok
08:20:13.0453 3324 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
08:20:13.0453 3324 adpu320 - ok
08:20:13.0500 3324 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:20:13.0500 3324 aec - ok
08:20:13.0546 3324 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:20:13.0546 3324 AFD - ok
08:20:13.0562 3324 Aha154x - ok
08:20:13.0609 3324 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:20:13.0609 3324 aic78u2 - ok
08:20:13.0640 3324 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:20:13.0640 3324 aic78xx - ok
08:20:13.0671 3324 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:20:13.0671 3324 Alerter - ok
08:20:13.0703 3324 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:20:13.0703 3324 ALG - ok
08:20:13.0734 3324 AliIde - ok
08:20:13.0750 3324 amsint - ok
08:20:13.0781 3324 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:20:13.0781 3324 AppMgmt - ok
08:20:13.0796 3324 asc - ok
08:20:13.0812 3324 asc3350p - ok
08:20:13.0828 3324 asc3550 - ok
08:20:13.0906 3324 [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
08:20:13.0906 3324 Aspi32 - ok
08:20:13.0984 3324 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:20:13.0984 3324 aspnet_state - ok
08:20:14.0046 3324 aswArKrn - ok
08:20:14.0078 3324 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:20:14.0078 3324 AsyncMac - ok
08:20:14.0109 3324 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:20:14.0109 3324 atapi - ok
08:20:14.0125 3324 Atdisk - ok
08:20:14.0156 3324 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:20:14.0156 3324 Atmarpc - ok
08:20:14.0218 3324 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:20:14.0218 3324 AudioSrv - ok
08:20:14.0250 3324 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:20:14.0250 3324 audstub - ok
08:20:14.0296 3324 [ DB22E7062FD88CDD1CC8C99CE59E6B2B ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
08:20:14.0296 3324 avgtp - ok
08:20:14.0343 3324 [ E951D262C9144C05D3B21CCDDA6C7E47 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:20:14.0343 3324 b57w2k - ok
08:20:14.0375 3324 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:20:14.0375 3324 Beep - ok
08:20:14.0406 3324 [ 673C79036AB4A47BB8AD555D84FFE42D ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys
08:20:14.0406 3324 Blfp - ok
08:20:14.0453 3324 [ 8A1F4965B53F418483137B4F5815F775 ] BrcmMgmtAgent C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
08:20:14.0453 3324 BrcmMgmtAgent - ok
08:20:14.0500 3324 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
08:20:14.0500 3324 Browser - ok
08:20:14.0546 3324 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:20:14.0546 3324 cbidf2k - ok
08:20:14.0578 3324 cd20xrnt - ok
08:20:14.0609 3324 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:20:14.0609 3324 Cdaudio - ok
08:20:14.0625 3324 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:20:14.0625 3324 Cdfs - ok
08:20:14.0703 3324 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:20:14.0703 3324 Cdrom - ok
08:20:14.0718 3324 Changer - ok
08:20:14.0765 3324 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:20:14.0765 3324 CiSvc - ok
08:20:14.0796 3324 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:20:14.0796 3324 ClipSrv - ok
08:20:14.0828 3324 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:20:14.0828 3324 clr_optimization_v2.0.50727_32 - ok
08:20:14.0843 3324 CmdIde - ok
08:20:14.0859 3324 COMSysApp - ok
08:20:14.0890 3324 Cpqarray - ok
08:20:14.0937 3324 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:20:14.0937 3324 CryptSvc - ok
08:20:14.0984 3324 [ C6EE25C79A9AE5A53C29830843D4DCF9 ] Cwbrxd C:\WINDOWS\CWBRXD.EXE
08:20:14.0984 3324 Cwbrxd - ok
08:20:15.0000 3324 dac2w2k - ok
08:20:15.0015 3324 dac960nt - ok
08:20:15.0078 3324 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:20:15.0093 3324 DcomLaunch - ok
08:20:15.0140 3324 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:20:15.0140 3324 Dhcp - ok
08:20:15.0171 3324 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:20:15.0171 3324 Disk - ok
08:20:15.0187 3324 dmadmin - ok
08:20:15.0234 3324 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:20:15.0234 3324 dmboot - ok
08:20:15.0250 3324 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:20:15.0250 3324 dmio - ok
08:20:15.0281 3324 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:20:15.0281 3324 dmload - ok
08:20:15.0328 3324 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:20:15.0328 3324 dmserver - ok
08:20:15.0359 3324 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:20:15.0359 3324 DMusic - ok
08:20:15.0390 3324 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:20:15.0390 3324 Dnscache - ok
08:20:15.0437 3324 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:20:15.0437 3324 Dot3svc - ok
08:20:15.0468 3324 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:20:15.0468 3324 dpti2o - ok
08:20:15.0500 3324 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:20:15.0500 3324 drmkaud - ok
08:20:15.0531 3324 [ 80CEAFB317A9E8A184644B1E22E0BE6E ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
08:20:15.0531 3324 E1000 - ok
08:20:15.0562 3324 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:20:15.0562 3324 E100B - ok
08:20:15.0593 3324 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:20:15.0609 3324 EapHost - ok
08:20:15.0640 3324 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:20:15.0640 3324 ERSvc - ok
08:20:15.0703 3324 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:20:15.0703 3324 Eventlog - ok
08:20:15.0750 3324 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:20:15.0750 3324 EventSystem - ok
08:20:15.0781 3324 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:20:15.0781 3324 Fastfat - ok
08:20:15.0828 3324 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:20:15.0828 3324 FastUserSwitchingCompatibility - ok
08:20:15.0875 3324 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:20:15.0875 3324 Fdc - ok
08:20:15.0906 3324 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:20:15.0921 3324 Fips - ok
08:20:15.0937 3324 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:20:15.0937 3324 Flpydisk - ok
08:20:15.0968 3324 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:20:15.0984 3324 FltMgr - ok
08:20:16.0031 3324 [ D5F52D403F29A37F3F6C0912197E7797 ] Fog Service C:\Program Files\FOG\FOGService.exe
08:20:16.0031 3324 Fog Service - ok
08:20:16.0093 3324 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:20:16.0093 3324 FontCache3.0.0.0 - ok
08:20:16.0125 3324 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:20:16.0140 3324 Fs_Rec - ok
08:20:16.0156 3324 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:20:16.0156 3324 Ftdisk - ok
08:20:16.0187 3324 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:20:16.0187 3324 Gpc - ok
08:20:16.0234 3324 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:20:16.0234 3324 HDAudBus - ok
08:20:16.0312 3324 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:20:16.0312 3324 helpsvc - ok
08:20:16.0375 3324 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:20:16.0375 3324 HidServ - ok
08:20:16.0406 3324 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:20:16.0406 3324 HidUsb - ok
08:20:16.0468 3324 [ 7EAB073BF5949ED639660787A01B623D ] hitmanpro37 C:\WINDOWS\system32\drivers\hitmanpro37.sys
08:20:16.0468 3324 hitmanpro37 - ok
08:20:16.0515 3324 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:20:16.0515 3324 hkmsvc - ok
08:20:16.0531 3324 hpn - ok
08:20:16.0593 3324 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:20:16.0593 3324 HTTP - ok
08:20:16.0625 3324 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:20:16.0625 3324 HTTPFilter - ok
08:20:16.0640 3324 i2omgmt - ok
08:20:16.0656 3324 i2omp - ok
08:20:16.0687 3324 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:20:16.0687 3324 i8042prt - ok
08:20:16.0734 3324 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
08:20:16.0734 3324 i81x - ok
08:20:16.0765 3324 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
08:20:16.0765 3324 iAimFP0 - ok
08:20:16.0781 3324 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
08:20:16.0781 3324 iAimFP1 - ok
08:20:16.0796 3324 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
08:20:16.0796 3324 iAimFP2 - ok
08:20:16.0812 3324 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
08:20:16.0812 3324 iAimFP3 - ok
08:20:16.0828 3324 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
08:20:16.0843 3324 iAimFP4 - ok
08:20:16.0859 3324 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
08:20:16.0859 3324 iAimFP5 - ok
08:20:16.0875 3324 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
08:20:16.0875 3324 iAimFP6 - ok
08:20:16.0890 3324 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
08:20:16.0890 3324 iAimFP7 - ok
08:20:16.0906 3324 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
08:20:16.0906 3324 iAimTV0 - ok
08:20:16.0921 3324 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
08:20:16.0921 3324 iAimTV1 - ok
08:20:16.0937 3324 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
08:20:16.0937 3324 iAimTV3 - ok
08:20:16.0953 3324 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
08:20:16.0953 3324 iAimTV4 - ok
08:20:16.0968 3324 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
08:20:16.0968 3324 iAimTV5 - ok
08:20:16.0984 3324 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
08:20:16.0984 3324 iAimTV6 - ok
08:20:17.0109 3324 [ 2AAE7BE67911F4AEC9AD28E9CFB9096F ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:20:17.0156 3324 ialm - ok
08:20:17.0234 3324 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
08:20:17.0234 3324 iaStor - ok
08:20:17.0312 3324 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:20:17.0312 3324 idsvc - ok
08:20:17.0343 3324 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:20:17.0343 3324 Imapi - ok
08:20:17.0390 3324 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:20:17.0390 3324 ImapiService - ok
08:20:17.0421 3324 ini910u - ok
08:20:17.0562 3324 [ A07D4742186B3CC41B0EDDECBBCEC34A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:20:17.0593 3324 IntcAzAudAddService - ok
08:20:17.0640 3324 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
08:20:17.0640 3324 IntelIde - ok
08:20:17.0687 3324 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:20:17.0687 3324 intelppm - ok
08:20:17.0703 3324 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:20:17.0703 3324 Ip6Fw - ok
08:20:17.0718 3324 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:20:17.0718 3324 IpInIp - ok
08:20:17.0750 3324 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:20:17.0765 3324 IpNat - ok
08:20:17.0812 3324 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:20:17.0812 3324 IPSec - ok
08:20:17.0859 3324 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:20:17.0859 3324 IRENUM - ok
08:20:17.0890 3324 Irmon - ok
08:20:17.0937 3324 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:20:17.0937 3324 isapnp - ok
08:20:18.0000 3324 [ E4AE0CBC0B55A5FAA6996E38CE6C981B ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
08:20:18.0000 3324 JavaQuickStarterService - ok
08:20:18.0031 3324 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:20:18.0031 3324 Kbdclass - ok
08:20:18.0062 3324 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:20:18.0062 3324 kbdhid - ok
08:20:18.0109 3324 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:20:18.0109 3324 kmixer - ok
08:20:18.0156 3324 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:20:18.0156 3324 KSecDD - ok
08:20:18.0203 3324 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:20:18.0203 3324 lanmanserver - ok
08:20:18.0250 3324 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:20:18.0250 3324 lanmanworkstation - ok
08:20:18.0265 3324 lbrtfdc - ok
08:20:18.0328 3324 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:20:18.0328 3324 LmHosts - ok
08:20:18.0406 3324 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
08:20:18.0406 3324 MatSvc - ok
08:20:18.0468 3324 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:20:18.0468 3324 Messenger - ok
08:20:18.0515 3324 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:20:18.0515 3324 mnmdd - ok
08:20:18.0546 3324 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:20:18.0562 3324 mnmsrvc - ok
08:20:18.0578 3324 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:20:18.0578 3324 Modem - ok
08:20:18.0609 3324 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:20:18.0609 3324 Mouclass - ok
08:20:18.0656 3324 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:20:18.0656 3324 mouhid - ok
08:20:18.0687 3324 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:20:18.0687 3324 MountMgr - ok
08:20:18.0734 3324 MpKsl722956cb - ok
08:20:18.0750 3324 mraid35x - ok
08:20:18.0781 3324 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:20:18.0781 3324 MRxDAV - ok
08:20:18.0828 3324 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:20:18.0828 3324 MRxSmb - ok
08:20:18.0875 3324 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:20:18.0875 3324 MSDTC - ok
08:20:19.0203 3324 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:20:19.0203 3324 Msfs - ok
08:20:19.0218 3324 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:20:19.0218 3324 Msfs - ok
08:20:19.0265 3324 MSIServer - ok
08:20:19.0296 3324 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:20:19.0296 3324 MSKSSRV - ok
08:20:19.0328 3324 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:20:19.0328 3324 MSPCLOCK - ok
08:20:19.0343 3324 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:20:19.0343 3324 MSPQM - ok
08:20:19.0375 3324 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:20:19.0375 3324 mssmbios - ok
08:20:19.0437 3324 MSSQL$SQLEXPRESS - ok
08:20:19.0484 3324 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:20:19.0484 3324 MSSQLServerADHelper - ok
08:20:19.0546 3324 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:20:19.0546 3324 Mup - ok
08:20:19.0593 3324 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:20:19.0593 3324 napagent - ok
08:20:19.0625 3324 [ 8716356E49A665BDC7B114725B60A456 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:20:19.0625 3324 NDIS - ok
08:20:19.0671 3324 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:20:19.0671 3324 NdisTapi - ok
08:20:19.0734 3324 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:20:19.0734 3324 Ndisuio - ok
08:20:19.0750 3324 [ 5526CFEBB619F7F763BD6A2E1B618078 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:20:19.0750 3324 NdisWan - ok
08:20:19.0781 3324 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:20:19.0781 3324 NDProxy - ok
08:20:19.0796 3324 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:20:19.0796 3324 NetBIOS - ok
08:20:19.0843 3324 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:20:19.0843 3324 NetBT - ok
08:20:19.0906 3324 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:20:19.0906 3324 NetDDE - ok
08:20:19.0921 3324 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:20:19.0921 3324 NetDDEdsdm - ok
08:20:19.0968 3324 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:20:19.0968 3324 Netlogon - ok
08:20:20.0015 3324 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:20:20.0015 3324 Netman - ok
08:20:20.0062 3324 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:20:20.0062 3324 NetTcpPortSharing - ok
08:20:20.0109 3324 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:20:20.0109 3324 Nla - ok
08:20:20.0156 3324 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:20:20.0156 3324 Npfs - ok
08:20:20.0187 3324 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:20:20.0203 3324 Ntfs - ok
08:20:20.0468 3324 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:20:20.0468 3324 NtLmSsp - ok
08:20:20.0609 3324 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:20:20.0609 3324 NtmsSvc - ok
08:20:20.0656 3324 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:20:20.0656 3324 Null - ok
08:20:20.0703 3324 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:20:20.0703 3324 NwlnkFlt - ok
08:20:20.0718 3324 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:20:20.0718 3324 NwlnkFwd - ok
08:20:20.0750 3324 nypfwcpf - ok
08:20:20.0781 3324 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
08:20:20.0781 3324 P3 - ok
08:20:20.0828 3324 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:20:20.0828 3324 Parport - ok
08:20:20.0859 3324 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:20:20.0859 3324 PartMgr - ok
08:20:20.0906 3324 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:20:20.0906 3324 ParVdm - ok
08:20:20.0921 3324 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:20:20.0921 3324 PCI - ok
08:20:20.0953 3324 PCIDump - ok
08:20:20.0984 3324 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:20:20.0984 3324 PCIIde - ok
08:20:21.0000 3324 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:20:21.0000 3324 Pcmcia - ok
08:20:21.0015 3324 PDCOMP - ok
08:20:21.0062 3324 pdfcDispatcher - ok
08:20:21.0078 3324 PDFRAME - ok
08:20:21.0093 3324 PDRELI - ok
08:20:21.0109 3324 PDRFRAME - ok
08:20:21.0125 3324 perc2 - ok
08:20:21.0140 3324 perc2hib - ok
08:20:21.0203 3324 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:20:21.0203 3324 PlugPlay - ok
08:20:21.0234 3324 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:20:21.0234 3324 PolicyAgent - ok
08:20:21.0281 3324 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:20:21.0281 3324 PptpMiniport - ok
08:20:21.0312 3324 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:20:21.0312 3324 ProtectedStorage - ok
08:20:21.0343 3324 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:20:21.0343 3324 PSched - ok
08:20:21.0375 3324 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:20:21.0375 3324 Ptilink - ok
08:20:21.0453 3324 [ E6D35F3AA51A65EB35C1F2340154A25E ] qjsnosg C:\WINDOWS\system32\drivers\hppa.sys
08:20:21.0453 3324 qjsnosg - ok
08:20:21.0468 3324 ql1080 - ok
08:20:21.0484 3324 Ql10wnt - ok
08:20:21.0500 3324 ql12160 - ok
08:20:21.0515 3324 ql1240 - ok
08:20:21.0531 3324 ql1280 - ok
08:20:21.0562 3324 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:20:21.0562 3324 RasAcd - ok
08:20:21.0921 3324 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:20:21.0921 3324 RasAuto - ok
08:20:21.0953 3324 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:20:21.0953 3324 Rasl2tp - ok
08:20:22.0031 3324 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:20:22.0031 3324 RasMan - ok
08:20:22.0046 3324 Scan interrupted by user!
08:20:22.0046 3324 ================ Scan global ===============================
08:20:22.0046 3324 Scan interrupted by user!
08:20:22.0046 3324 ================ Scan MBR ==================================
08:20:22.0046 3324 Scan interrupted by user!
08:20:22.0046 3324 ================ Scan VBR ==================================
08:20:22.0046 3324 Scan interrupted by user!
08:20:22.0046 3324 ============================================================
08:20:22.0046 3324 Scan finished
08:20:22.0046 3324 ============================================================
08:20:22.0046 3744 Detected object count: 1
08:20:22.0046 3744 Actual detected object count: 1
08:20:31.0359 3744 9d826077f7e33709 ( Rootkit.Win32.Necurs.gen ) - skipped by user
08:20:31.0359 3744 9d826077f7e33709 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
08:20:42.0281 3436 ============================================================
08:20:42.0281 3436 Scan started
08:20:42.0281 3436 Mode: Manual; TDLFS;
08:20:42.0281 3436 ============================================================
08:20:42.0453 3436 ================ Scan system memory ========================
08:20:42.0468 3436 System memory - ok
08:20:42.0468 3436 ================ Scan services =============================
08:20:42.0515 3436 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:20:42.0515 3436 !SASCORE - ok
08:20:42.0578 3436 Suspicious service (NoAccess): 9d826077f7e33709
08:20:42.0687 3436 [ 192D580919D72E4257CB6ACCA8D5D275 ] 9d826077f7e33709 C:\WINDOWS\System32\Drivers\9d826077f7e33709.sys
08:20:42.0703 3436 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\9d826077f7e33709.sys. md5: 192D580919D72E4257CB6ACCA8D5D275
08:20:42.0750 3436 9d826077f7e33709 ( Rootkit.Win32.Necurs.gen ) - infected
08:20:42.0750 3436 9d826077f7e33709 - detected Rootkit.Win32.Necurs.gen (0)
08:20:42.0812 3436 [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
08:20:42.0812 3436 a2acc - ok
08:20:42.0921 3436 [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe
08:20:42.0937 3436 a2AntiMalware - ok
08:20:43.0015 3436 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
08:20:43.0015 3436 A2DDA - ok
08:20:43.0031 3436 Abiosdsk - ok
08:20:43.0046 3436 abp480n5 - ok
08:20:43.0078 3436 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
08:20:43.0078 3436 ac97intc - ok
08:20:43.0125 3436 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:20:43.0140 3436 ACPI - ok
08:20:43.0171 3436 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:20:43.0171 3436 ACPIEC - ok
08:20:43.0203 3436 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:20:43.0203 3436 adpu160m - ok
08:20:43.0234 3436 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
08:20:43.0234 3436 adpu320 - ok
08:20:43.0265 3436 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:20:43.0265 3436 aec - ok
08:20:43.0328 3436 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:20:43.0328 3436 AFD - ok
08:20:43.0343 3436 Aha154x - ok
08:20:43.0390 3436 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:20:43.0390 3436 aic78u2 - ok
08:20:43.0406 3436 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:20:43.0406 3436 aic78xx - ok
08:20:43.0453 3436 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:20:43.0453 3436 Alerter - ok
08:20:43.0484 3436 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:20:43.0484 3436 ALG - ok
08:20:43.0500 3436 AliIde - ok
08:20:43.0515 3436 amsint - ok
08:20:43.0562 3436 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:20:43.0562 3436 AppMgmt - ok
08:20:43.0578 3436 asc - ok
08:20:43.0593 3436 asc3350p - ok
08:20:43.0609 3436 asc3550 - ok
08:20:43.0656 3436 [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
08:20:43.0656 3436 Aspi32 - ok
08:20:43.0750 3436 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:20:43.0750 3436 aspnet_state - ok
08:20:43.0796 3436 aswArKrn - ok
08:20:43.0828 3436 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:20:43.0828 3436 AsyncMac - ok
08:20:43.0859 3436 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:20:43.0859 3436 atapi - ok
08:20:43.0890 3436 Atdisk - ok
08:20:43.0906 3436 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:20:43.0921 3436 Atmarpc - ok
08:20:43.0968 3436 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:20:43.0968 3436 AudioSrv - ok
08:20:44.0015 3436 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:20:44.0015 3436 audstub - ok
08:20:44.0062 3436 [ DB22E7062FD88CDD1CC8C99CE59E6B2B ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
08:20:44.0062 3436 avgtp - ok
08:20:44.0109 3436 [ E951D262C9144C05D3B21CCDDA6C7E47 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:20:44.0109 3436 b57w2k - ok
08:20:44.0140 3436 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:20:44.0156 3436 Beep - ok
08:20:44.0187 3436 [ 673C79036AB4A47BB8AD555D84FFE42D ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys
08:20:44.0187 3436 Blfp - ok
08:20:44.0218 3436 [ 8A1F4965B53F418483137B4F5815F775 ] BrcmMgmtAgent C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
08:20:44.0234 3436 BrcmMgmtAgent - ok
08:20:44.0265 3436 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
08:20:44.0265 3436 Browser - ok
08:20:44.0296 3436 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:20:44.0296 3436 cbidf2k - ok
08:20:44.0328 3436 cd20xrnt - ok
08:20:44.0359 3436 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:20:44.0359 3436 Cdaudio - ok
08:20:44.0375 3436 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:20:44.0375 3436 Cdfs - ok
08:20:44.0421 3436 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:20:44.0421 3436 Cdrom - ok
08:20:44.0437 3436 Changer - ok
08:20:44.0484 3436 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:20:44.0484 3436 CiSvc - ok
08:20:44.0515 3436 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:20:44.0515 3436 ClipSrv - ok
08:20:44.0562 3436 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:20:44.0562 3436 clr_optimization_v2.0.50727_32 - ok
08:20:44.0578 3436 CmdIde - ok
08:20:44.0593 3436 COMSysApp - ok
08:20:44.0625 3436 Cpqarray - ok
08:20:44.0656 3436 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:20:44.0656 3436 CryptSvc - ok
08:20:44.0703 3436 [ C6EE25C79A9AE5A53C29830843D4DCF9 ] Cwbrxd C:\WINDOWS\CWBRXD.EXE
08:20:44.0703 3436 Cwbrxd - ok
08:20:44.0718 3436 dac2w2k - ok
08:20:44.0734 3436 dac960nt - ok
08:20:44.0781 3436 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:20:44.0781 3436 DcomLaunch - ok
08:20:44.0828 3436 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:20:44.0828 3436 Dhcp - ok
08:20:44.0875 3436 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:20:44.0875 3436 Disk - ok
08:20:44.0890 3436 dmadmin - ok
08:20:44.0921 3436 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:20:44.0937 3436 dmboot - ok
08:20:44.0953 3436 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:20:44.0953 3436 dmio - ok
08:20:44.0984 3436 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:20:44.0984 3436 dmload - ok
08:20:45.0015 3436 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:20:45.0015 3436 dmserver - ok
08:20:45.0046 3436 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:20:45.0046 3436 DMusic - ok
08:20:45.0078 3436 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:20:45.0078 3436 Dnscache - ok
08:20:45.0125 3436 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:20:45.0125 3436 Dot3svc - ok
08:20:45.0140 3436 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:20:45.0140 3436 dpti2o - ok
08:20:45.0187 3436 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:20:45.0187 3436 drmkaud - ok
08:20:45.0218 3436 [ 80CEAFB317A9E8A184644B1E22E0BE6E ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
08:20:45.0218 3436 E1000 - ok
08:20:45.0234 3436 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:20:45.0234 3436 E100B - ok
08:20:45.0281 3436 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:20:45.0281 3436 EapHost - ok
08:20:45.0328 3436 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:20:45.0328 3436 ERSvc - ok
08:20:45.0375 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:20:45.0375 3436 Eventlog - ok
08:20:45.0421 3436 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:20:45.0421 3436 EventSystem - ok
08:20:45.0453 3436 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:20:45.0453 3436 Fastfat - ok
08:20:45.0500 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:20:45.0500 3436 FastUserSwitchingCompatibility - ok
08:20:45.0546 3436 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:20:45.0546 3436 Fdc - ok
08:20:45.0578 3436 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:20:45.0578 3436 Fips - ok
08:20:45.0593 3436 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:20:45.0593 3436 Flpydisk - ok
08:20:45.0640 3436 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:20:45.0640 3436 FltMgr - ok
08:20:45.0687 3436 [ D5F52D403F29A37F3F6C0912197E7797 ] Fog Service C:\Program Files\FOG\FOGService.exe
08:20:45.0703 3436 Fog Service - ok
08:20:45.0750 3436 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:20:45.0750 3436 FontCache3.0.0.0 - ok
08:20:45.0796 3436 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:20:45.0796 3436 Fs_Rec - ok
08:20:45.0828 3436 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:20:45.0828 3436 Ftdisk - ok
08:20:45.0859 3436 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:20:45.0859 3436 Gpc - ok
08:20:45.0890 3436 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:20:45.0890 3436 HDAudBus - ok
08:20:45.0968 3436 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:20:45.0968 3436 helpsvc - ok
08:20:46.0015 3436 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:20:46.0015 3436 HidServ - ok
08:20:46.0046 3436 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:20:46.0046 3436 HidUsb - ok
08:20:46.0109 3436 [ 7EAB073BF5949ED639660787A01B623D ] hitmanpro37 C:\WINDOWS\system32\drivers\hitmanpro37.sys
08:20:46.0109 3436 hitmanpro37 - ok
08:20:46.0156 3436 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:20:46.0171 3436 hkmsvc - ok
08:20:46.0187 3436 hpn - ok
08:20:46.0234 3436 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:20:46.0234 3436 HTTP - ok
08:20:46.0265 3436 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:20:46.0265 3436 HTTPFilter - ok
08:20:46.0281 3436 i2omgmt - ok
08:20:46.0296 3436 i2omp - ok
08:20:46.0328 3436 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:20:46.0328 3436 i8042prt - ok
08:20:46.0375 3436 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
08:20:46.0375 3436 i81x - ok
08:20:46.0406 3436 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
08:20:46.0406 3436 iAimFP0 - ok
08:20:46.0421 3436 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
08:20:46.0421 3436 iAimFP1 - ok
08:20:46.0437 3436 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
08:20:46.0437 3436 iAimFP2 - ok
08:20:46.0453 3436 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
08:20:46.0453 3436 iAimFP3 - ok
08:20:46.0468 3436 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
08:20:46.0468 3436 iAimFP4 - ok
08:20:46.0484 3436 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
08:20:46.0484 3436 iAimFP5 - ok
08:20:46.0500 3436 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
08:20:46.0500 3436 iAimFP6 - ok
08:20:46.0515 3436 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
08:20:46.0515 3436 iAimFP7 - ok
08:20:46.0546 3436 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
08:20:46.0546 3436 iAimTV0 - ok
08:20:46.0562 3436 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
08:20:46.0562 3436 iAimTV1 - ok
08:20:46.0578 3436 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
08:20:46.0578 3436 iAimTV3 - ok
08:20:46.0593 3436 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
08:20:46.0593 3436 iAimTV4 - ok
08:20:46.0609 3436 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
08:20:46.0609 3436 iAimTV5 - ok
08:20:46.0625 3436 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
08:20:46.0625 3436 iAimTV6 - ok
08:20:46.0765 3436 [ 2AAE7BE67911F4AEC9AD28E9CFB9096F ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:20:46.0812 3436 ialm - ok
08:20:46.0890 3436 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
08:20:46.0890 3436 iaStor - ok
08:20:46.0968 3436 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:20:46.0968 3436 idsvc - ok
08:20:47.0000 3436 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:20:47.0000 3436 Imapi - ok
08:20:47.0046 3436 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:20:47.0046 3436 ImapiService - ok
08:20:47.0078 3436 ini910u - ok
08:20:47.0203 3436 [ A07D4742186B3CC41B0EDDECBBCEC34A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:20:47.0250 3436 IntcAzAudAddService - ok
08:20:47.0281 3436 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
08:20:47.0281 3436 IntelIde - ok
08:20:47.0328 3436 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:20:47.0328 3436 intelppm - ok
08:20:47.0343 3436 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:20:47.0343 3436 Ip6Fw - ok
08:20:47.0359 3436 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:20:47.0359 3436 IpInIp - ok
08:20:47.0390 3436 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:20:47.0390 3436 IpNat - ok
08:20:47.0453 3436 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:20:47.0453 3436 IPSec - ok
08:20:47.0468 3436 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:20:47.0468 3436 IRENUM - ok
08:20:47.0500 3436 Irmon - ok
08:20:47.0531 3436 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:20:47.0531 3436 isapnp - ok
08:20:47.0593 3436 [ E4AE0CBC0B55A5FAA6996E38CE6C981B ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
08:20:47.0593 3436 JavaQuickStarterService - ok
08:20:47.0625 3436 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:20:47.0625 3436 Kbdclass - ok
08:20:47.0640 3436 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:20:47.0640 3436 kbdhid - ok
08:20:47.0687 3436 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:20:47.0687 3436 kmixer - ok
08:20:47.0734 3436 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:20:47.0734 3436 KSecDD - ok
08:20:47.0796 3436 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:20:47.0796 3436 lanmanserver - ok
08:20:47.0812 3436 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:20:47.0812 3436 lanmanworkstation - ok
08:20:47.0843 3436 lbrtfdc - ok
08:20:47.0890 3436 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:20:47.0890 3436 LmHosts - ok
08:20:47.0968 3436 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
08:20:47.0968 3436 MatSvc - ok
08:20:48.0031 3436 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:20:48.0031 3436 Messenger - ok
08:20:48.0062 3436 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:20:48.0062 3436 mnmdd - ok
08:20:48.0109 3436 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:20:48.0109 3436 mnmsrvc - ok
08:20:48.0156 3436 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:20:48.0156 3436 Modem - ok
08:20:48.0187 3436 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:20:48.0187 3436 Mouclass - ok
08:20:48.0234 3436 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:20:48.0234 3436 mouhid - ok
08:20:48.0250 3436 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:20:48.0250 3436 MountMgr - ok
08:20:48.0312 3436 MpKsl722956cb - ok
08:20:48.0328 3436 mraid35x - ok
08:20:48.0359 3436 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:20:48.0359 3436 MRxDAV - ok
08:20:48.0406 3436 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:20:48.0406 3436 MRxSmb - ok
08:20:48.0453 3436 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:20:48.0453 3436 MSDTC - ok
08:20:48.0468 3436 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:20:48.0468 3436 Msfs - ok
08:20:48.0500 3436 MSIServer - ok
08:20:48.0531 3436 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:20:48.0531 3436 MSKSSRV - ok
08:20:48.0562 3436 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:20:48.0562 3436 MSPCLOCK - ok
08:20:48.0593 3436 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:20:48.0593 3436 MSPQM - ok
08:20:48.0625 3436 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:20:48.0625 3436 mssmbios - ok
08:20:48.0671 3436 MSSQL$SQLEXPRESS - ok
08:20:48.0718 3436 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:20:48.0718 3436 MSSQLServerADHelper - ok
08:20:48.0781 3436 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:20:48.0781 3436 Mup - ok
08:20:48.0828 3436 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:20:48.0828 3436 napagent - ok
08:20:48.0859 3436 [ 8716356E49A665BDC7B114725B60A456 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:20:48.0859 3436 NDIS - ok
08:20:48.0906 3436 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:20:48.0906 3436 NdisTapi - ok
08:20:48.0953 3436 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:20:48.0953 3436 Ndisuio - ok
08:20:48.0968 3436 [ 5526CFEBB619F7F763BD6A2E1B618078 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:20:48.0968 3436 NdisWan - ok
08:20:49.0000 3436 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:20:49.0000 3436 NDProxy - ok
08:20:49.0015 3436 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:20:49.0015 3436 NetBIOS - ok
08:20:49.0062 3436 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:20:49.0062 3436 NetBT - ok
08:20:49.0125 3436 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:20:49.0125 3436 NetDDE - ok
08:20:49.0140 3436 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:20:49.0140 3436 NetDDEdsdm - ok
08:20:49.0171 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:20:49.0171 3436 Netlogon - ok
08:20:49.0218 3436 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:20:49.0218 3436 Netman - ok
08:20:49.0250 3436 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:20:49.0250 3436 NetTcpPortSharing - ok
08:20:49.0312 3436 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:20:49.0312 3436 Nla - ok
08:20:49.0359 3436 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:20:49.0359 3436 Npfs - ok
08:20:49.0375 3436 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:20:49.0375 3436 Ntfs - ok
08:20:49.0406 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:20:49.0406 3436 NtLmSsp - ok
08:20:49.0468 3436 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:20:49.0468 3436 NtmsSvc - ok
08:20:49.0515 3436 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:20:49.0515 3436 Null - ok
08:20:49.0562 3436 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:20:49.0562 3436 NwlnkFlt - ok
08:20:49.0578 3436 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:20:49.0578 3436 NwlnkFwd - ok
08:20:49.0609 3436 nypfwcpf - ok
08:20:49.0640 3436 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
08:20:49.0640 3436 P3 - ok
08:20:49.0687 3436 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:20:49.0687 3436 Parport - ok
08:20:49.0718 3436 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:20:49.0718 3436 PartMgr - ok
08:20:49.0781 3436 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:20:49.0781 3436 ParVdm - ok
08:20:49.0812 3436 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:20:49.0812 3436 PCI - ok
08:20:49.0828 3436 PCIDump - ok
08:20:49.0859 3436 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:20:49.0859 3436 PCIIde - ok
08:20:49.0890 3436 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:20:49.0890 3436 Pcmcia - ok
08:20:49.0906 3436 PDCOMP - ok
08:20:49.0937 3436 pdfcDispatcher - ok
08:20:49.0953 3436 PDFRAME - ok
08:20:49.0968 3436 PDRELI - ok
08:20:49.0984 3436 PDRFRAME - ok
08:20:50.0015 3436 perc2 - ok
08:20:50.0031 3436 perc2hib - ok
08:20:50.0093 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:20:50.0093 3436 PlugPlay - ok
08:20:50.0125 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:20:50.0125 3436 PolicyAgent - ok
08:20:50.0140 3436 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:20:50.0140 3436 PptpMiniport - ok
08:20:50.0156 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:20:50.0156 3436 ProtectedStorage - ok
08:20:50.0187 3436 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:20:50.0187 3436 PSched - ok
08:20:50.0218 3436 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:20:50.0218 3436 Ptilink - ok
08:20:50.0296 3436 [ E6D35F3AA51A65EB35C1F2340154A25E ] qjsnosg C:\WINDOWS\system32\drivers\hppa.sys
08:20:50.0296 3436 qjsnosg - ok
08:20:50.0312 3436 ql1080 - ok
08:20:50.0328 3436 Ql10wnt - ok
08:20:50.0343 3436 ql12160 - ok
08:20:50.0359 3436 ql1240 - ok
08:20:50.0375 3436 ql1280 - ok
08:20:50.0406 3436 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:20:50.0406 3436 RasAcd - ok
08:20:50.0453 3436 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:20:50.0453 3436 RasAuto - ok
08:20:50.0484 3436 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:20:50.0484 3436 Rasl2tp - ok
08:20:50.0531 3436 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:20:50.0531 3436 RasMan - ok
08:20:50.0546 3436 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:20:50.0546 3436 RasPppoe - ok
08:20:50.0578 3436 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:20:50.0578 3436 Raspti - ok
08:20:50.0609 3436 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:20:50.0625 3436 Rdbss - ok
08:20:50.0640 3436 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:20:50.0640 3436 RDPCDD - ok
08:20:50.0687 3436 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:20:50.0687 3436 rdpdr - ok
08:20:50.0734 3436 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:20:50.0734 3436 RDPWD - ok
08:20:50.0750 3436 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:20:50.0765 3436 RDSessMgr - ok
08:20:50.0781 3436 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:20:50.0781 3436 redbook - ok
08:20:50.0812 3436 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:20:50.0812 3436 RemoteAccess - ok
08:20:50.0859 3436 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:20:50.0859 3436 RemoteRegistry - ok
08:20:50.0906 3436 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:20:50.0921 3436 RpcLocator - ok
08:20:50.0968 3436 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
08:20:50.0968 3436 RpcSs - ok
08:20:51.0015 3436 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:20:51.0015 3436 RSVP - ok
08:20:51.0046 3436 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:20:51.0046 3436 SamSs - ok
08:20:51.0093 3436 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:20:51.0093 3436 SASDIFSV - ok
08:20:51.0109 3436 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:20:51.0109 3436 SASKUTIL - ok
08:20:51.0156 3436 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:20:51.0156 3436 SCardSvr - ok
08:20:51.0203 3436 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:20:51.0203 3436 Schedule - ok
08:20:51.0250 3436 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:20:51.0250 3436 Secdrv - ok
08:20:51.0312 3436 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:20:51.0312 3436 seclogon - ok
08:20:51.0343 3436 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:20:51.0343 3436 SENS - ok
08:20:51.0375 3436 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:20:51.0375 3436 serenum - ok
08:20:51.0406 3436 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:20:51.0406 3436 Serial - ok
08:20:51.0437 3436 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:20:51.0437 3436 Sfloppy - ok
08:20:51.0484 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:20:51.0484 3436 ShellHWDetection - ok
08:20:51.0500 3436 Simbad - ok
08:20:51.0531 3436 Sparrow - ok
08:20:51.0578 3436 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:20:51.0578 3436 splitter - ok
08:20:51.0625 3436 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:20:51.0625 3436 Spooler - ok
08:20:51.0656 3436 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:20:51.0656 3436 SQLBrowser - ok
08:20:51.0703 3436 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:20:51.0703 3436 SQLWriter - ok
08:20:51.0750 3436 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:20:51.0750 3436 sr - ok
08:20:51.0812 3436 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:20:51.0812 3436 srservice - ok
08:20:51.0843 3436 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:20:51.0843 3436 Srv - ok
08:20:51.0875 3436 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:20:51.0875 3436 SSDPSRV - ok
08:20:51.0921 3436 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:20:51.0921 3436 stisvc - ok
08:20:51.0968 3436 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:20:51.0968 3436 swenum - ok
08:20:51.0984 3436 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:20:51.0984 3436 swmidi - ok
08:20:52.0015 3436 SwPrv - ok
08:20:52.0078 3436 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
08:20:52.0078 3436 symc810 - ok
08:20:52.0093 3436 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:20:52.0093 3436 symc8xx - ok
08:20:52.0109 3436 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
08:20:52.0109 3436 Symmpi - ok
08:20:52.0125 3436 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:20:52.0125 3436 sym_hi - ok
08:20:52.0140 3436 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:20:52.0140 3436 sym_u3 - ok
08:20:52.0171 3436 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:20:52.0171 3436 sysaudio - ok
08:20:52.0234 3436 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:20:52.0234 3436 SysmonLog - ok
08:20:52.0281 3436 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:20:52.0281 3436 TapiSrv - ok
08:20:52.0328 3436 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:20:52.0328 3436 Tcpip - ok
08:20:52.0359 3436 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:20:52.0359 3436 TDPIPE - ok
08:20:52.0390 3436 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:20:52.0390 3436 TDTCP - ok
08:20:52.0437 3436 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:20:52.0437 3436 TermDD - ok
08:20:52.0500 3436 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:20:52.0500 3436 TermService - ok
08:20:52.0531 3436 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:20:52.0531 3436 Themes - ok
08:20:52.0578 3436 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:20:52.0578 3436 TlntSvr - ok
08:20:52.0593 3436 TosIde - ok
08:20:52.0656 3436 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:20:52.0656 3436 TrkWks - ok
08:20:52.0687 3436 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:20:52.0703 3436 Udfs - ok
08:20:52.0718 3436 ultra - ok
08:20:52.0750 3436 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:20:52.0750 3436 upnphost - ok
08:20:52.0781 3436 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:20:52.0781 3436 UPS - ok
08:20:52.0828 3436 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:20:52.0828 3436 usbccgp - ok
08:20:52.0875 3436 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:20:52.0875 3436 usbehci - ok
08:20:52.0921 3436 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:20:52.0921 3436 usbhub - ok
08:20:52.0968 3436 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:20:52.0968 3436 USBSTOR - ok
08:20:53.0000 3436 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:20:53.0000 3436 usbuhci - ok
08:20:53.0015 3436 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:20:53.0015 3436 VgaSave - ok
08:20:53.0062 3436 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
08:20:53.0062 3436 ViaIde - ok
08:20:53.0109 3436 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:20:53.0109 3436 VolSnap - ok
08:20:53.0156 3436 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:20:53.0156 3436 VSS - ok
08:20:53.0453 3436 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
08:20:53.0453 3436 W32Time - ok
08:20:53.0484 3436 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
08:20:53.0484 3436 W32Time - ok
08:20:53.0531 3436 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:20:53.0531 3436 Wanarp - ok
08:20:53.0546 3436 WDICA - ok
08:20:53.0578 3436 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:20:53.0578 3436 wdmaud - ok
08:20:53.0625 3436 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:20:53.0625 3436 WebClient - ok
08:20:53.0734 3436 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:20:53.0734 3436 winmgmt - ok
08:20:53.0812 3436 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
08:20:53.0812 3436 WmdmPmSN - ok
08:20:53.0859 3436 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:20:53.0859 3436 Wmi - ok
08:20:53.0890 3436 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:20:53.0890 3436 WmiAcpi - ok
08:20:53.0953 3436 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:20:53.0953 3436 WmiApSrv - ok
08:20:54.0031 3436 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:20:54.0031 3436 WZCSVC - ok
08:20:54.0093 3436 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:20:54.0093 3436 xmlprov - ok
08:20:54.0140 3436 ================ Scan global ===============================
08:20:54.0218 3436 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:20:54.0265 3436 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:20:54.0281 3436 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:20:54.0296 3436 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:20:54.0296 3436 [Global] - ok
08:20:54.0296 3436 ================ Scan MBR ==================================
08:20:54.0312 3436 [ 4975BDBEDA8A3AFB2AEADEFC06CE9E12 ] \Device\Harddisk0\DR0
08:20:54.0312 3436 Suspicious mbr (Forged): \Device\Harddisk0\DR0
08:20:54.0500 3436 \Device\Harddisk0\DR0 - ok
08:20:54.0515 3436 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR3
08:20:57.0218 3436 \Device\Harddisk1\DR3 - ok
08:20:57.0218 3436 ================ Scan VBR ==================================
08:20:57.0234 3436 [ DD55B00384CAA514AD015B417D2AA37C ] \Device\Harddisk0\DR0\Partition1
08:20:57.0234 3436 \Device\Harddisk0\DR0\Partition1 - ok
08:20:57.0234 3436 [ 9A4D50134D270B5DE1F7F8926E8C2006 ] \Device\Harddisk1\DR3\Partition1
08:20:57.0250 3436 \Device\Harddisk1\DR3\Partition1 - ok
08:20:57.0250 3436 ============================================================
08:20:57.0250 3436 Scan finished
08:20:57.0250 3436 ============================================================
08:20:57.0250 3488 Detected object count: 1
08:20:57.0250 3488 Actual detected object count: 1
08:21:15.0375 3488 C:\WINDOWS\System32\Drivers\9d826077f7e33709.sys - copied to quarantine
08:21:15.0406 3488 HKLM\SYSTEM\ControlSet001\services\9d826077f7e33709 - will be deleted on reboot
08:21:15.0421 3488 HKLM\SYSTEM\ControlSet002\services\9d826077f7e33709 - will be deleted on reboot
08:21:15.0468 3488 HKLM\SYSTEM\ControlSet003\services\9d826077f7e33709 - will be deleted on reboot
08:21:15.0609 3488 C:\WINDOWS\System32\Drivers\9d826077f7e33709.sys - will be deleted on reboot
08:21:15.0609 3488 9d826077f7e33709 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete


I have not restarted yet, as your instructions have not told me to do so. Talk with you soon. ~DJ

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:46 PM

Posted 09 January 2013 - 11:09 AM

OK,reboot the machine.. you have a ZEROACCESS rootkit we will ry one more tool after reboot.
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 SkipDiver

SkipDiver
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:05:46 PM

Posted 09 January 2013 - 11:11 AM

mBam is still going (2 hours and 50 minutes on QUICK) Do you want me to stop it where its at and delete the 1 entry it found thus far?

#8 SkipDiver

SkipDiver
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:05:46 PM

Posted 09 January 2013 - 11:27 AM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-09 11:19:01
-----------------------------
11:19:01.046 OS Version: Windows 5.1.2600 Service Pack 3
11:19:01.046 Number of processors: 1 586 0x1601
11:19:01.046 ComputerName: MASTER UserName: Dwayne
11:19:04.343 Initialize success
11:20:31.843 AVAST engine defs: 13010900
11:20:41.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:20:41.078 Disk 0 Vendor: ST3160318AS HP35 Size: 152627MB BusType: 3
11:20:41.093 Disk 0 MBR read successfully
11:20:41.093 Disk 0 MBR scan
11:20:41.125 Disk 0 Windows VISTA default MBR code
11:20:41.125 Disk 0 MBR hidden
11:20:41.140 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 152625 MB offset 2048
11:20:41.156 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 1 MB offset 312578048
11:20:41.156 Disk 0 Partition 2 **INFECTED** MBR:SST [Rtk]
11:20:41.171 Disk 0 MBR [SST] **ROOTKIT**
11:20:41.171 Disk 0 trace - called modules:
11:20:41.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a896fa9]<<
11:20:41.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a842ab8]
11:20:41.453 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a87ff18]
11:20:41.453 5 ACPI.sys[b9f40620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a852940]
11:20:41.453 \Driver\atapi[0x8a8a4300] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a896fa9
11:20:43.593 AVAST engine scan C:\WINDOWS
11:21:22.140 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
11:21:22.437 The log file has been saved successfully to "E:\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-09 11:19:01
-----------------------------
11:19:01.046 OS Version: Windows 5.1.2600 Service Pack 3
11:19:01.046 Number of processors: 1 586 0x1601
11:19:01.046 ComputerName: MASTER UserName: Dwayne
11:19:04.343 Initialize success
11:20:31.843 AVAST engine defs: 13010900
11:20:41.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:20:41.078 Disk 0 Vendor: ST3160318AS HP35 Size: 152627MB BusType: 3
11:20:41.093 Disk 0 MBR read successfully
11:20:41.093 Disk 0 MBR scan
11:20:41.125 Disk 0 Windows VISTA default MBR code
11:20:41.125 Disk 0 MBR hidden
11:20:41.140 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 152625 MB offset 2048
11:20:41.156 Disk 0 Partition 2 80 (A) 17 Hidd HPFS/NTFS NTFS 1 MB offset 312578048
11:20:41.156 Disk 0 Partition 2 **INFECTED** MBR:SST [Rtk]
11:20:41.171 Disk 0 MBR [SST] **ROOTKIT**
11:20:41.171 Disk 0 trace - called modules:
11:20:41.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a896fa9]<<
11:20:41.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a842ab8]
11:20:41.453 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a87ff18]
11:20:41.453 5 ACPI.sys[b9f40620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a852940]
11:20:41.453 \Driver\atapi[0x8a8a4300] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a896fa9
11:20:43.593 AVAST engine scan C:\WINDOWS
11:21:22.140 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
11:21:22.437 The log file has been saved successfully to "E:\aswMBR.txt"
11:21:32.062 AVAST engine scan C:\WINDOWS\system32
11:23:06.515 File: C:\WINDOWS\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:23:58.812 AVAST engine scan C:\WINDOWS\system32\drivers
11:24:17.031 AVAST engine scan C:\Documents and Settings\Dwayne
11:24:31.812 File: C:\Documents and Settings\Dwayne\pmyukfhocdquyqud.exe **INFECTED** Win32:Malware-gen
11:24:32.937 File: C:\Documents and Settings\Dwayne\xesbcjxozkntkm.exe **INFECTED** Win32:Malware-gen
11:24:38.609 AVAST engine scan C:\Documents and Settings\All Users
11:24:49.906 Scan finished successfully
11:25:47.265 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
11:25:47.421 The log file has been saved successfully to "E:\aswMBR.txt"

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:46 PM

Posted 09 January 2013 - 11:33 AM

Yes stop MBAm you have multple rootkits.. We ned to start anew topic.

We need a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.

Include this link back to here...
http://www.bleepingcomputer.com/forums/topic481078.html/page__pid__2942869#entry2942869
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 SkipDiver

SkipDiver
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:05:46 PM

Posted 09 January 2013 - 11:53 AM

Here is the link to the new posting. Thank you for what you've helped me with and I'll TRY to keep this thread informed of the progress.

http://www.bleepingcomputer.com/forums/topic481157.html

DJ

PS~ if you come up with anything else...let me know.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:46 PM

Posted 09 January 2013 - 05:53 PM

Thank you. We willbe able to clean it after reviewing the log to see where it is.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users