Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted audio ads.


  • Please log in to reply
10 replies to this topic

#1 johnressler76

johnressler76

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 12 March 2013 - 12:22 AM

I have a computer that constantly has audio ads that come on every 5 mins or so.  I have looked in a lot of forums and have not found an answer.  The ads play whether any browser is open or not.  Please help.


Edited by Orange Blossom, 12 March 2013 - 12:53 AM.
Moved from Vista to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 PM

Posted 12 March 2013 - 12:36 AM

    

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#3 johnressler76

johnressler76
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 12 March 2013 - 01:14 AM

I performed a "full scan" with Malwarebytes. It seems to have fixed the audio issue.  I will send the log of TDSSKiller.



#4 johnressler76

johnressler76
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 12 March 2013 - 01:23 AM

TDSSKILLER will not open.  



#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 PM

Posted 12 March 2013 - 04:58 AM

.


Edited by narenxp, 13 March 2013 - 01:25 AM.


#6 johnressler76

johnressler76
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 12 March 2013 - 09:30 PM

Here are the results:

 

 

20:30:05.0642 0952  TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
20:30:37.0771 0952  ============================================================
20:30:37.0771 0952  Current date / time: 2013/03/12 20:30:37.0771
20:30:37.0771 0952  SystemInfo:
20:30:37.0771 0952  
20:30:37.0771 0952  OS Version: 6.0.6002 ServicePack: 2.0
20:30:37.0771 0952  Product type: Workstation
20:30:37.0771 0952  ComputerName: TONY-PC
20:30:37.0771 0952  UserName: Tony
20:30:37.0771 0952  Windows directory: C:\Windows
20:30:37.0771 0952  System windows directory: C:\Windows
20:30:37.0771 0952  Running under WOW64
20:30:37.0771 0952  Processor architecture: Intel x64
20:30:37.0771 0952  Number of processors: 2
20:30:37.0771 0952  Page size: 0x1000
20:30:37.0771 0952  Boot type: Normal boot
20:30:37.0771 0952  ============================================================
20:30:38.0847 0952  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:30:38.0863 0952  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:30:38.0863 0952  ============================================================
20:30:38.0863 0952  \Device\Harddisk0\DR0:
20:30:38.0863 0952  MBR partitions:
20:30:38.0863 0952  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
20:30:38.0863 0952  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
20:30:38.0863 0952  \Device\Harddisk1\DR1:
20:30:38.0863 0952  MBR partitions:
20:30:38.0863 0952  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
20:30:38.0863 0952  ============================================================
20:30:38.0894 0952  C: <-> \Device\Harddisk0\DR0\Partition2
20:30:38.0925 0952  D: <-> \Device\Harddisk0\DR0\Partition1
20:30:39.0253 0952  G: <-> \Device\Harddisk1\DR1\Partition1
20:30:39.0253 0952  ============================================================
20:30:39.0253 0952  Initialize success
20:30:39.0253 0952  ============================================================
20:30:54.0998 1124  ============================================================
20:30:54.0998 1124  Scan started
20:30:54.0998 1124  Mode: Manual; 
20:30:54.0998 1124  ============================================================
20:30:55.0497 1124  ================ Scan system memory ========================
20:30:55.0497 1124  System memory - ok
20:30:55.0497 1124  ================ Scan services =============================
20:30:55.0668 1124  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:30:55.0668 1124  ACPI - ok
20:30:55.0793 1124  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:30:55.0793 1124  AdobeFlashPlayerUpdateSvc - ok
20:30:55.0840 1124  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:30:55.0871 1124  adp94xx - ok
20:30:55.0918 1124  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:30:55.0934 1124  adpahci - ok
20:30:55.0934 1124  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:30:55.0934 1124  adpu160m - ok
20:30:55.0949 1124  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:30:55.0965 1124  adpu320 - ok
20:30:56.0012 1124  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:30:56.0012 1124  AeLookupSvc - ok
20:30:56.0074 1124  [ 0D7A11395C0A33D9E7587CDB9866EFAD ] AERTFilters     C:\Windows\system32\AERTSr64.exe
20:30:56.0074 1124  AERTFilters - ok
20:30:56.0121 1124  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
20:30:56.0121 1124  AFD - ok
20:30:56.0152 1124  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:30:56.0152 1124  agp440 - ok
20:30:56.0168 1124  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:30:56.0168 1124  aic78xx - ok
20:30:56.0199 1124  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
20:30:56.0199 1124  ALG - ok
20:30:56.0214 1124  [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:30:56.0214 1124  aliide - ok
20:30:56.0214 1124  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
20:30:56.0214 1124  amdide - ok
20:30:56.0230 1124  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:30:56.0230 1124  AmdK8 - ok
20:30:56.0402 1124  [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS         C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
20:30:56.0402 1124  AOL ACS - ok
20:30:56.0448 1124  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
20:30:56.0464 1124  Appinfo - ok
20:30:56.0464 1124  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
20:30:56.0480 1124  arc - ok
20:30:56.0480 1124  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:30:56.0480 1124  arcsas - ok
20:30:56.0511 1124  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:30:56.0511 1124  AsyncMac - ok
20:30:56.0558 1124  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:30:56.0558 1124  atapi - ok
20:30:56.0604 1124  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:30:56.0620 1124  AudioEndpointBuilder - ok
20:30:56.0636 1124  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:30:56.0636 1124  AudioSrv - ok
20:30:56.0682 1124  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
20:30:56.0698 1124  BFE - ok
20:30:56.0776 1124  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
20:30:56.0807 1124  BITS - ok
20:30:56.0823 1124  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:30:56.0823 1124  blbdrive - ok
20:30:56.0854 1124  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:30:56.0854 1124  bowser - ok
20:30:56.0885 1124  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:30:56.0885 1124  BrFiltLo - ok
20:30:56.0885 1124  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:30:56.0885 1124  BrFiltUp - ok
20:30:56.0916 1124  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
20:30:56.0916 1124  Browser - ok
20:30:56.0948 1124  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:30:56.0948 1124  Brserid - ok
20:30:56.0948 1124  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:30:56.0948 1124  BrSerWdm - ok
20:30:56.0963 1124  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:30:56.0963 1124  BrUsbMdm - ok
20:30:56.0979 1124  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:30:56.0979 1124  BrUsbSer - ok
20:30:56.0979 1124  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:30:56.0979 1124  BTHMODEM - ok
20:30:57.0057 1124  [ 6C2DD66A3DB32450D661BA89B18B1941 ] CAXHWBS2        C:\Windows\system32\DRIVERS\CAXHWBS2.sys
20:30:57.0072 1124  CAXHWBS2 - ok
20:30:57.0088 1124  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:30:57.0088 1124  cdfs - ok
20:30:57.0119 1124  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:30:57.0119 1124  cdrom - ok
20:30:57.0150 1124  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:30:57.0150 1124  CertPropSvc - ok
20:30:57.0166 1124  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:30:57.0166 1124  circlass - ok
20:30:57.0213 1124  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
20:30:57.0213 1124  CLFS - ok
20:30:57.0353 1124  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:30:57.0353 1124  clr_optimization_v2.0.50727_32 - ok
20:30:57.0509 1124  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:30:57.0509 1124  clr_optimization_v2.0.50727_64 - ok
20:30:57.0618 1124  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:30:57.0634 1124  clr_optimization_v4.0.30319_32 - ok
20:30:57.0728 1124  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:30:57.0728 1124  clr_optimization_v4.0.30319_64 - ok
20:30:57.0743 1124  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:30:57.0743 1124  cmdide - ok
20:30:57.0759 1124  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:30:57.0759 1124  Compbatt - ok
20:30:57.0806 1124  [ 403433D758C2D8908937265C1FB34F34 ] CompFilter64    C:\Windows\system32\DRIVERS\lvbflt64.sys
20:30:57.0806 1124  CompFilter64 - ok
20:30:57.0806 1124  COMSysApp - ok
20:30:57.0837 1124  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:30:57.0837 1124  crcdisk - ok
20:30:57.0899 1124  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:30:57.0899 1124  CryptSvc - ok
20:30:57.0977 1124  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:30:57.0993 1124  DcomLaunch - ok
20:30:58.0040 1124  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:30:58.0040 1124  DfsC - ok
20:30:58.0164 1124  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
20:30:58.0242 1124  DFSR - ok
20:30:58.0320 1124  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:30:58.0320 1124  Dhcp - ok
20:30:58.0367 1124  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
20:30:58.0367 1124  disk - ok
20:30:58.0430 1124  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:30:58.0430 1124  Dnscache - ok
20:30:58.0570 1124  [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
20:30:58.0570 1124  DockLoginService - ok
20:30:58.0710 1124  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:30:58.0710 1124  dot3svc - ok
20:30:58.0788 1124  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
20:30:58.0788 1124  DPS - ok
20:30:58.0851 1124  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:30:58.0851 1124  drmkaud - ok
20:30:58.0882 1124  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:30:58.0898 1124  DXGKrnl - ok
20:30:58.0976 1124  [ A458E7D986F51C827640F5D1F1E886E4 ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
20:30:58.0991 1124  e1express - ok
20:30:59.0038 1124  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
20:30:59.0054 1124  E1G60 - ok
20:30:59.0069 1124  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
20:30:59.0069 1124  EapHost - ok
20:30:59.0116 1124  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:30:59.0132 1124  Ecache - ok
20:30:59.0178 1124  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:30:59.0178 1124  ehRecvr - ok
20:30:59.0194 1124  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
20:30:59.0210 1124  ehSched - ok
20:30:59.0256 1124  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
20:30:59.0256 1124  ehstart - ok
20:30:59.0272 1124  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:30:59.0288 1124  elxstor - ok
20:30:59.0334 1124  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:30:59.0350 1124  EMDMgmt - ok
20:30:59.0381 1124  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:30:59.0381 1124  ErrDev - ok
20:30:59.0428 1124  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
20:30:59.0444 1124  EventSystem - ok
20:30:59.0490 1124  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:30:59.0490 1124  exfat - ok
20:30:59.0522 1124  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:30:59.0522 1124  fastfat - ok
20:30:59.0724 1124  [ 83158CA47591AF55A9759B5C648B0462 ] FastFreeConverterUpdt C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
20:30:59.0724 1124  FastFreeConverterUpdt - ok
20:30:59.0740 1124  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:30:59.0740 1124  fdc - ok
20:30:59.0756 1124  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
20:30:59.0771 1124  fdPHost - ok
20:30:59.0787 1124  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
20:30:59.0787 1124  FDResPub - ok
20:30:59.0802 1124  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:30:59.0802 1124  FileInfo - ok
20:30:59.0818 1124  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:30:59.0818 1124  Filetrace - ok
20:30:59.0834 1124  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:30:59.0834 1124  flpydisk - ok
20:30:59.0865 1124  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:30:59.0865 1124  FltMgr - ok
20:30:59.0958 1124  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
20:30:59.0990 1124  FontCache - ok
20:31:00.0036 1124  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:31:00.0036 1124  FontCache3.0.0.0 - ok
20:31:00.0068 1124  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:31:00.0068 1124  Fs_Rec - ok
20:31:00.0099 1124  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:31:00.0099 1124  gagp30kx - ok
20:31:00.0130 1124  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:31:00.0146 1124  gpsvc - ok
20:31:00.0239 1124  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9a4934339b6e9 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:31:00.0239 1124  gupdate1c9a4934339b6e9 - ok
20:31:00.0270 1124  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:31:00.0270 1124  gupdatem - ok
20:31:00.0333 1124  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:31:00.0333 1124  gusvc - ok
20:31:00.0380 1124  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:00.0395 1124  HDAudBus - ok
20:31:00.0426 1124  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:31:00.0426 1124  HidBth - ok
20:31:00.0426 1124  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:31:00.0426 1124  HidIr - ok
20:31:00.0458 1124  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
20:31:00.0458 1124  hidserv - ok
20:31:00.0489 1124  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:31:00.0489 1124  HidUsb - ok
20:31:00.0504 1124  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:31:00.0520 1124  hkmsvc - ok
20:31:00.0536 1124  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:31:00.0536 1124  HpCISSs - ok
20:31:00.0598 1124  [ 60F1D0EDE7AE2B92B3A8886E825B7147 ] HSF_DPV         C:\Windows\system32\DRIVERS\CAX_DPV.sys
20:31:00.0629 1124  HSF_DPV - ok
20:31:00.0676 1124  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:31:00.0692 1124  HTTP - ok
20:31:00.0707 1124  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:31:00.0707 1124  i2omp - ok
20:31:00.0723 1124  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:00.0723 1124  i8042prt - ok
20:31:00.0785 1124  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:31:00.0785 1124  iaStorV - ok
20:31:00.0848 1124  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:31:00.0879 1124  idsvc - ok
20:31:01.0097 1124  [ DF87170EC724080676C18D5A0AF87FC5 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:31:01.0284 1124  igfx - ok
20:31:01.0284 1124  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:31:01.0284 1124  iirsp - ok
20:31:01.0347 1124  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
20:31:01.0362 1124  IKEEXT - ok
20:31:01.0425 1124  [ B3FB479A7C0626499EB5989BC087CF8D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:31:01.0456 1124  IntcAzAudAddService - ok
20:31:01.0472 1124  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
20:31:01.0472 1124  intelide - ok
20:31:01.0487 1124  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:31:01.0487 1124  intelppm - ok
20:31:01.0503 1124  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:31:01.0503 1124  IPBusEnum - ok
20:31:01.0534 1124  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:01.0534 1124  IpFilterDriver - ok
20:31:01.0565 1124  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:31:01.0565 1124  iphlpsvc - ok
20:31:01.0565 1124  IpInIp - ok
20:31:01.0581 1124  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:31:01.0581 1124  IPMIDRV - ok
20:31:01.0581 1124  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:31:01.0581 1124  IPNAT - ok
20:31:01.0612 1124  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:31:01.0612 1124  IRENUM - ok
20:31:01.0643 1124  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:31:01.0643 1124  isapnp - ok
20:31:01.0690 1124  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:31:01.0690 1124  iScsiPrt - ok
20:31:01.0706 1124  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:31:01.0706 1124  iteatapi - ok
20:31:01.0721 1124  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:31:01.0721 1124  iteraid - ok
20:31:01.0752 1124  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:01.0752 1124  kbdclass - ok
20:31:01.0768 1124  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:31:01.0768 1124  kbdhid - ok
20:31:01.0799 1124  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
20:31:01.0799 1124  KeyIso - ok
20:31:01.0846 1124  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:31:01.0862 1124  KSecDD - ok
20:31:01.0893 1124  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:31:01.0893 1124  ksthunk - ok
20:31:01.0955 1124  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:31:01.0955 1124  KtmRm - ok
20:31:01.0986 1124  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:31:01.0986 1124  LanmanServer - ok
20:31:02.0033 1124  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:31:02.0049 1124  LanmanWorkstation - ok
20:31:02.0064 1124  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:31:02.0064 1124  lltdio - ok
20:31:02.0111 1124  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:31:02.0111 1124  lltdsvc - ok
20:31:02.0127 1124  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:31:02.0127 1124  lmhosts - ok
20:31:02.0142 1124  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:31:02.0142 1124  LSI_FC - ok
20:31:02.0158 1124  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:31:02.0158 1124  LSI_SAS - ok
20:31:02.0174 1124  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:31:02.0174 1124  LSI_SCSI - ok
20:31:02.0189 1124  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:31:02.0189 1124  luafv - ok
20:31:02.0267 1124  [ EF2BE2F45D4F06410A3BD2A3467325B0 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
20:31:02.0267 1124  LVRS64 - ok
20:31:02.0392 1124  [ AC22F92C6078640FE8A70D662A2F3AD5 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
20:31:02.0470 1124  LVUVC64 - ok
20:31:02.0501 1124  lxba_device - ok
20:31:02.0642 1124  [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
20:31:02.0642 1124  McComponentHostService - ok
20:31:02.0673 1124  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:31:02.0673 1124  Mcx2Svc - ok
20:31:02.0704 1124  [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:31:02.0704 1124  mdmxsdk - ok
20:31:02.0735 1124  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
20:31:02.0735 1124  megasas - ok
20:31:02.0782 1124  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:31:02.0798 1124  MegaSR - ok
20:31:02.0813 1124  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
20:31:02.0813 1124  MMCSS - ok
20:31:02.0829 1124  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
20:31:02.0829 1124  Modem - ok
20:31:02.0876 1124  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:31:02.0876 1124  monitor - ok
20:31:02.0891 1124  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:31:02.0891 1124  mouclass - ok
20:31:02.0907 1124  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:31:02.0907 1124  mouhid - ok
20:31:02.0922 1124  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:31:02.0922 1124  MountMgr - ok
20:31:02.0969 1124  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:31:02.0969 1124  MpFilter - ok
20:31:03.0016 1124  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:31:03.0016 1124  mpio - ok
20:31:03.0032 1124  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:31:03.0032 1124  mpsdrv - ok
20:31:03.0078 1124  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:31:03.0094 1124  MpsSvc - ok
20:31:03.0094 1124  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:31:03.0094 1124  Mraid35x - ok
20:31:03.0125 1124  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:31:03.0125 1124  MRxDAV - ok
20:31:03.0172 1124  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:03.0188 1124  mrxsmb - ok
20:31:03.0203 1124  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:03.0203 1124  mrxsmb10 - ok
20:31:03.0203 1124  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:03.0219 1124  mrxsmb20 - ok
20:31:03.0234 1124  [ 730B784962D22D2C6481EAE2370E7C8C ] msahci          C:\Windows\system32\drivers\msahci.sys
20:31:03.0234 1124  msahci - ok
20:31:03.0234 1124  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:31:03.0234 1124  msdsm - ok
20:31:03.0266 1124  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
20:31:03.0281 1124  MSDTC - ok
20:31:03.0312 1124  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:31:03.0312 1124  Msfs - ok
20:31:03.0328 1124  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:31:03.0328 1124  msisadrv - ok
20:31:03.0359 1124  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:31:03.0375 1124  MSiSCSI - ok
20:31:03.0375 1124  msiserver - ok
20:31:03.0422 1124  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:31:03.0422 1124  MSKSSRV - ok
20:31:03.0515 1124  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:31:03.0515 1124  MsMpSvc - ok
20:31:03.0531 1124  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:03.0531 1124  MSPCLOCK - ok
20:31:03.0531 1124  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:31:03.0546 1124  MSPQM - ok
20:31:03.0578 1124  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:31:03.0578 1124  MsRPC - ok
20:31:03.0593 1124  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:03.0593 1124  mssmbios - ok
20:31:03.0624 1124  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:31:03.0624 1124  MSTEE - ok
20:31:03.0624 1124  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:31:03.0624 1124  Mup - ok
20:31:03.0656 1124  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
20:31:03.0671 1124  napagent - ok
20:31:03.0718 1124  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:31:03.0718 1124  NativeWifiP - ok
20:31:03.0780 1124  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:31:03.0796 1124  NDIS - ok
20:31:03.0812 1124  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:03.0812 1124  NdisTapi - ok
20:31:03.0827 1124  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:03.0827 1124  Ndisuio - ok
20:31:03.0858 1124  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:03.0858 1124  NdisWan - ok
20:31:03.0874 1124  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:31:03.0874 1124  NDProxy - ok
20:31:03.0890 1124  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:31:03.0890 1124  NetBIOS - ok
20:31:03.0921 1124  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:31:03.0936 1124  netbt - ok
20:31:03.0952 1124  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
20:31:03.0952 1124  Netlogon - ok
20:31:03.0983 1124  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
20:31:03.0999 1124  Netman - ok
20:31:04.0014 1124  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
20:31:04.0030 1124  netprofm - ok
20:31:04.0030 1124  netr7364 - ok
20:31:04.0061 1124  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:31:04.0061 1124  NetTcpPortSharing - ok
20:31:04.0077 1124  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:31:04.0077 1124  nfrd960 - ok
20:31:04.0108 1124  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:31:04.0124 1124  NisDrv - ok
20:31:04.0186 1124  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:31:04.0186 1124  NisSrv - ok
20:31:04.0233 1124  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:31:04.0233 1124  NlaSvc - ok
20:31:04.0248 1124  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:31:04.0248 1124  Npfs - ok
20:31:04.0264 1124  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
20:31:04.0264 1124  nsi - ok
20:31:04.0295 1124  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:31:04.0295 1124  nsiproxy - ok
20:31:04.0358 1124  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:31:04.0389 1124  Ntfs - ok
20:31:04.0404 1124  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
20:31:04.0404 1124  Null - ok
20:31:04.0420 1124  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:31:04.0420 1124  nvraid - ok
20:31:04.0436 1124  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:31:04.0436 1124  nvstor - ok
20:31:04.0467 1124  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:31:04.0467 1124  nv_agp - ok
20:31:04.0467 1124  NwlnkFlt - ok
20:31:04.0482 1124  NwlnkFwd - ok
20:31:04.0498 1124  [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:31:04.0498 1124  ohci1394 - ok
20:31:04.0560 1124  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:04.0576 1124  ose - ok
20:31:04.0623 1124  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:31:04.0654 1124  p2pimsvc - ok
20:31:04.0670 1124  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
20:31:04.0685 1124  p2psvc - ok
20:31:04.0701 1124  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
20:31:04.0716 1124  Parport - ok
20:31:04.0779 1124  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:31:04.0779 1124  partmgr - ok
20:31:04.0794 1124  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:31:04.0794 1124  PcaSvc - ok
20:31:04.0826 1124  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
20:31:04.0826 1124  pci - ok
20:31:04.0872 1124  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:31:04.0872 1124  pciide - ok
20:31:04.0904 1124  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:31:04.0966 1124  pcmcia - ok
20:31:04.0997 1124  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:31:05.0028 1124  PEAUTH - ok
20:31:05.0075 1124  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:31:05.0075 1124  PerfHost - ok
20:31:05.0122 1124  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
20:31:05.0153 1124  pla - ok
20:31:05.0169 1124  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:31:05.0184 1124  PlugPlay - ok
20:31:05.0200 1124  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:31:05.0200 1124  PNRPAutoReg - ok
20:31:05.0216 1124  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:31:05.0216 1124  PNRPsvc - ok
20:31:05.0262 1124  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:31:05.0278 1124  PolicyAgent - ok
20:31:05.0309 1124  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:31:05.0309 1124  PptpMiniport - ok
20:31:05.0325 1124  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
20:31:05.0325 1124  Processor - ok
20:31:05.0340 1124  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
20:31:05.0356 1124  ProfSvc - ok
20:31:05.0356 1124  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
20:31:05.0372 1124  ProtectedStorage - ok
20:31:05.0387 1124  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:31:05.0403 1124  PSched - ok
20:31:05.0465 1124  [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:31:05.0465 1124  PxHlpa64 - ok
20:31:05.0496 1124  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:31:05.0528 1124  ql2300 - ok
20:31:05.0528 1124  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:31:05.0528 1124  ql40xx - ok
20:31:05.0559 1124  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
20:31:05.0559 1124  QWAVE - ok
20:31:05.0606 1124  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:31:05.0606 1124  QWAVEdrv - ok
20:31:05.0699 1124  [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
20:31:05.0777 1124  R300 - ok
20:31:05.0808 1124  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:31:05.0808 1124  RasAcd - ok
20:31:05.0855 1124  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
20:31:05.0855 1124  RasAuto - ok
20:31:05.0886 1124  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:05.0886 1124  Rasl2tp - ok
20:31:05.0949 1124  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
20:31:05.0949 1124  RasMan - ok
20:31:05.0980 1124  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:05.0980 1124  RasPppoe - ok
20:31:06.0011 1124  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:31:06.0011 1124  RasSstp - ok
20:31:06.0042 1124  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:31:06.0042 1124  rdbss - ok
20:31:06.0058 1124  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:06.0058 1124  RDPCDD - ok
20:31:06.0089 1124  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:31:06.0089 1124  rdpdr - ok
20:31:06.0089 1124  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:31:06.0089 1124  RDPENCDD - ok
20:31:06.0136 1124  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:31:06.0152 1124  RDPWD - ok
20:31:06.0183 1124  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:31:06.0183 1124  RemoteAccess - ok
20:31:06.0198 1124  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:31:06.0214 1124  RemoteRegistry - ok
20:31:06.0230 1124  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
20:31:06.0245 1124  RpcLocator - ok
20:31:06.0261 1124  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
20:31:06.0276 1124  RpcSs - ok
20:31:06.0276 1124  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:31:06.0292 1124  rspndr - ok
20:31:06.0308 1124  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
20:31:06.0308 1124  SamSs - ok
20:31:06.0323 1124  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:31:06.0323 1124  sbp2port - ok
20:31:06.0354 1124  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:31:06.0354 1124  SCardSvr - ok
20:31:06.0401 1124  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
20:31:06.0432 1124  Schedule - ok
20:31:06.0479 1124  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:31:06.0479 1124  SCPolicySvc - ok
20:31:06.0510 1124  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:31:06.0510 1124  SDRSVC - ok
20:31:06.0604 1124  [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:31:06.0604 1124  SeaPort - ok
20:31:06.0651 1124  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:31:06.0651 1124  secdrv - ok
20:31:06.0682 1124  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
20:31:06.0682 1124  seclogon - ok
20:31:06.0682 1124  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
20:31:06.0698 1124  SENS - ok
20:31:06.0698 1124  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:31:06.0698 1124  Serenum - ok
20:31:06.0744 1124  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
20:31:06.0744 1124  Serial - ok
20:31:06.0760 1124  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:31:06.0760 1124  sermouse - ok
20:31:06.0776 1124  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:31:06.0791 1124  SessionEnv - ok
20:31:06.0791 1124  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:31:06.0791 1124  sffdisk - ok
20:31:06.0807 1124  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:31:06.0807 1124  sffp_mmc - ok
20:31:06.0807 1124  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:31:06.0822 1124  sffp_sd - ok
20:31:06.0822 1124  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:31:06.0822 1124  sfloppy - ok
20:31:06.0854 1124  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:31:06.0854 1124  SharedAccess - ok
20:31:06.0885 1124  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:31:06.0900 1124  ShellHWDetection - ok
20:31:06.0900 1124  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:31:06.0916 1124  SiSRaid2 - ok
20:31:06.0932 1124  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:31:06.0932 1124  SiSRaid4 - ok
20:31:07.0010 1124  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
20:31:07.0072 1124  slsvc - ok
20:31:07.0088 1124  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:31:07.0088 1124  SLUINotify - ok
20:31:07.0119 1124  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:31:07.0119 1124  Smb - ok
20:31:07.0134 1124  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:31:07.0150 1124  SNMPTRAP - ok
20:31:07.0166 1124  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
20:31:07.0181 1124  spldr - ok
20:31:07.0197 1124  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
20:31:07.0197 1124  Spooler - ok
20:31:07.0259 1124  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:31:07.0275 1124  srv - ok
20:31:07.0306 1124  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:31:07.0306 1124  srv2 - ok
20:31:07.0337 1124  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:31:07.0337 1124  srvnet - ok
20:31:07.0368 1124  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:31:07.0368 1124  SSDPSRV - ok
20:31:07.0415 1124  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:31:07.0415 1124  SstpSvc - ok
20:31:07.0462 1124  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
20:31:07.0478 1124  stisvc - ok
20:31:07.0571 1124  [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:31:07.0571 1124  stllssvr - ok
20:31:07.0602 1124  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:31:07.0602 1124  swenum - ok
20:31:07.0649 1124  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
20:31:07.0665 1124  swprv - ok
20:31:07.0665 1124  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:31:07.0680 1124  Symc8xx - ok
20:31:07.0680 1124  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:31:07.0680 1124  Sym_hi - ok
20:31:07.0696 1124  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:31:07.0696 1124  Sym_u3 - ok
20:31:07.0743 1124  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
20:31:07.0774 1124  SysMain - ok
20:31:07.0774 1124  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:31:07.0790 1124  TabletInputService - ok
20:31:07.0821 1124  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:31:07.0836 1124  TapiSrv - ok
20:31:07.0852 1124  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
20:31:07.0852 1124  TBS - ok
20:31:07.0914 1124  [ 2860D16C5021F72130212DDB1C53018F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:31:07.0961 1124  Tcpip - ok
20:31:07.0992 1124  [ 2860D16C5021F72130212DDB1C53018F ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:31:08.0008 1124  Tcpip6 - ok
20:31:08.0055 1124  [ EFC6BE643B476118EC726D35A821B2A9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:31:08.0055 1124  tcpipreg - ok
20:31:08.0070 1124  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:31:08.0070 1124  TDPIPE - ok
20:31:08.0086 1124  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:31:08.0086 1124  TDTCP - ok
20:31:08.0117 1124  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:31:08.0117 1124  tdx - ok
20:31:08.0133 1124  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:31:08.0148 1124  TermDD - ok
20:31:08.0180 1124  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
20:31:08.0195 1124  TermService - ok
20:31:08.0211 1124  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
20:31:08.0211 1124  Themes - ok
20:31:08.0226 1124  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:31:08.0226 1124  THREADORDER - ok
20:31:08.0258 1124  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
20:31:08.0258 1124  TrkWks - ok
20:31:08.0304 1124  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:31:08.0304 1124  TrustedInstaller - ok
20:31:08.0304 1124  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:08.0304 1124  tssecsrv - ok
20:31:08.0351 1124  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:31:08.0351 1124  tunmp - ok
20:31:08.0382 1124  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:31:08.0382 1124  tunnel - ok
20:31:08.0414 1124  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:31:08.0414 1124  uagp35 - ok
20:31:08.0445 1124  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:31:08.0460 1124  udfs - ok
20:31:08.0507 1124  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:31:08.0507 1124  UI0Detect - ok
20:31:08.0538 1124  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:31:08.0538 1124  uliagpkx - ok
20:31:08.0554 1124  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:31:08.0554 1124  uliahci - ok
20:31:08.0570 1124  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:31:08.0570 1124  UlSata - ok
20:31:08.0585 1124  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:31:08.0585 1124  ulsata2 - ok
20:31:08.0616 1124  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:31:08.0616 1124  umbus - ok
20:31:08.0726 1124  [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
20:31:08.0726 1124  UMVPFSrv - ok
20:31:08.0772 1124  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
20:31:08.0788 1124  upnphost - ok
20:31:08.0835 1124  [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:31:08.0835 1124  usbaudio - ok
20:31:08.0882 1124  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:08.0882 1124  usbccgp - ok
20:31:08.0882 1124  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:31:08.0897 1124  usbcir - ok
20:31:08.0913 1124  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:31:08.0928 1124  usbehci - ok
20:31:08.0960 1124  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:31:08.0960 1124  usbhub - ok
20:31:08.0975 1124  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:31:08.0975 1124  usbohci - ok
20:31:09.0006 1124  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:31:09.0006 1124  usbprint - ok
20:31:09.0053 1124  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:31:09.0053 1124  usbscan - ok
20:31:09.0069 1124  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:09.0069 1124  USBSTOR - ok
20:31:09.0084 1124  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:31:09.0084 1124  usbuhci - ok
20:31:09.0100 1124  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:31:09.0100 1124  usbvideo - ok
20:31:09.0116 1124  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
20:31:09.0131 1124  UxSms - ok
20:31:09.0147 1124  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
20:31:09.0147 1124  vds - ok
20:31:09.0162 1124  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:09.0162 1124  vga - ok
20:31:09.0194 1124  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:31:09.0194 1124  VgaSave - ok
20:31:09.0194 1124  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
20:31:09.0194 1124  viaide - ok
20:31:09.0225 1124  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:31:09.0225 1124  volmgr - ok
20:31:09.0256 1124  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:31:09.0256 1124  volmgrx - ok
20:31:09.0303 1124  [ 582F710097B46140F5A89A19A6573D4B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:31:09.0303 1124  volsnap - ok
20:31:09.0334 1124  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:31:09.0334 1124  vsmraid - ok
20:31:09.0381 1124  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
20:31:09.0412 1124  VSS - ok
20:31:09.0443 1124  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
20:31:09.0443 1124  W32Time - ok
20:31:09.0459 1124  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:31:09.0459 1124  WacomPen - ok
20:31:09.0552 1124  [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
20:31:09.0552 1124  WajamUpdater - ok
20:31:09.0584 1124  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:31:09.0584 1124  Wanarp - ok
20:31:09.0584 1124  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:31:09.0584 1124  Wanarpv6 - ok
20:31:09.0646 1124  [ ECEB715BECE47E101DDEC06B11126066 ] wanatw          C:\Windows\system32\DRIVERS\wanatw64.sys
20:31:09.0646 1124  wanatw - ok
20:31:09.0662 1124  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:31:09.0677 1124  wcncsvc - ok
20:31:09.0708 1124  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:31:09.0708 1124  WcsPlugInService - ok
20:31:09.0708 1124  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
20:31:09.0708 1124  Wd - ok
20:31:09.0771 1124  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:31:09.0786 1124  Wdf01000 - ok
20:31:09.0833 1124  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:31:09.0833 1124  WdiServiceHost - ok
20:31:09.0833 1124  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:31:09.0833 1124  WdiSystemHost - ok
20:31:09.0849 1124  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
20:31:09.0864 1124  WebClient - ok
20:31:09.0896 1124  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:31:09.0896 1124  Wecsvc - ok
20:31:09.0911 1124  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:31:09.0911 1124  wercplsupport - ok
20:31:09.0927 1124  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
20:31:09.0927 1124  WerSvc - ok
20:31:09.0958 1124  [ A53CDE6BEEA165FE9B430476EEDE3C54 ] winachsf        C:\Windows\system32\DRIVERS\CAX_CNXT.sys
20:31:09.0989 1124  winachsf - ok
20:31:10.0005 1124  WinDefend - ok
20:31:10.0005 1124  WinHttpAutoProxySvc - ok
20:31:10.0067 1124  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:31:10.0083 1124  Winmgmt - ok
20:31:10.0145 1124  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:31:10.0192 1124  WinRM - ok
20:31:10.0239 1124  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:31:10.0254 1124  Wlansvc - ok
20:31:10.0364 1124  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:31:10.0410 1124  wlidsvc - ok
20:31:10.0442 1124  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:31:10.0442 1124  WmiAcpi - ok
20:31:10.0488 1124  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:31:10.0488 1124  wmiApSrv - ok
20:31:10.0535 1124  WMPNetworkSvc - ok
20:31:10.0566 1124  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:31:10.0566 1124  WPCSvc - ok
20:31:10.0629 1124  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:31:10.0629 1124  WPDBusEnum - ok
20:31:10.0644 1124  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:31:10.0660 1124  WpdUsb - ok
20:31:10.0832 1124  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:31:10.0863 1124  WPFFontCache_v0400 - ok
20:31:10.0878 1124  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:31:10.0878 1124  ws2ifsl - ok
20:31:10.0925 1124  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\System32\wscsvc.dll
20:31:10.0925 1124  wscsvc - ok
20:31:10.0925 1124  WSearch - ok
20:31:11.0034 1124  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:31:11.0097 1124  wuauserv - ok
20:31:11.0159 1124  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:31:11.0159 1124  WudfPf - ok
20:31:11.0222 1124  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:11.0222 1124  WUDFRd - ok
20:31:11.0268 1124  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:31:11.0268 1124  wudfsvc - ok
20:31:11.0284 1124  [ F22E443518BC599D12888DAF292A56D8 ] XAudio          C:\Windows\system32\DRIVERS\xaudio64.sys
20:31:11.0284 1124  XAudio - ok
20:31:11.0315 1124  [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio64.exe
20:31:11.0331 1124  XAudioService - ok
20:31:11.0456 1124  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:31:11.0487 1124  YahooAUService - ok
20:31:11.0502 1124  ================ Scan global ===============================
20:31:11.0534 1124  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
20:31:11.0565 1124  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:31:11.0596 1124  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
20:31:11.0658 1124  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
20:31:11.0674 1124  [Global] - ok
20:31:11.0674 1124  ================ Scan MBR ==================================
20:31:11.0690 1124  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
20:31:11.0690 1124  Suspicious mbr (Forged): \Device\Harddisk0\DR0
20:31:11.0721 1124  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
20:31:11.0721 1124  \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
20:31:11.0736 1124  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
20:31:11.0736 1124  \Device\Harddisk1\DR1 - ok
20:31:11.0736 1124  ================ Scan VBR ==================================
20:31:11.0783 1124  [ 9CB736B8EBA99AAB8217FF23D8E60310 ] \Device\Harddisk0\DR0\Partition1
20:31:11.0783 1124  \Device\Harddisk0\DR0\Partition1 - ok
20:31:11.0799 1124  [ 99FD39222FBEED53C673F6EA1E9C9379 ] \Device\Harddisk0\DR0\Partition2
20:31:11.0799 1124  \Device\Harddisk0\DR0\Partition2 - ok
20:31:11.0814 1124  [ 9234ADC665163EC23935DEC6ED9583E4 ] \Device\Harddisk1\DR1\Partition1
20:31:11.0814 1124  \Device\Harddisk1\DR1\Partition1 - ok
20:31:11.0814 1124  ============================================================
20:31:11.0814 1124  Scan finished
20:31:11.0814 1124  ============================================================
20:31:11.0830 1640  Detected object count: 1
20:31:11.0830 1640  Actual detected object count: 1
20:31:43.0542 1640  \Device\Harddisk0\DR0\# - copied to quarantine
20:31:43.0542 1640  \Device\Harddisk0\DR0 - copied to quarantine
20:31:43.0604 1640  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:31:43.0604 1640  \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
20:31:43.0604 1640  \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
20:31:43.0604 1640  \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
20:31:43.0604 1640  \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
20:31:43.0604 1640  \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
20:31:43.0604 1640  \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
20:31:43.0604 1640  \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
20:31:43.0604 1640  \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
20:31:43.0620 1640  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:31:43.0620 1640  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:31:43.0620 1640  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:31:43.0620 1640  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:31:43.0620 1640  \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
20:31:43.0620 1640  \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
20:31:43.0620 1640  \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
20:31:43.0651 1640  \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
20:31:44.0322 1640  \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
20:31:44.0369 1640  \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
20:31:44.0369 1640  \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
20:31:44.0384 1640  \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
20:31:44.0431 1640  \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
20:31:44.0478 1640  \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
20:31:44.0618 1640  \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
20:31:44.0930 1640  \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
20:31:44.0977 1640  \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
20:31:45.0008 1640  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
20:31:45.0024 1640  \Device\Harddisk0\DR0 - ok
20:31:45.0523 1640  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure 
20:31:58.0501 2644  Deinitialize success
 
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-12 20:42:16
-----------------------------
20:42:16.442    OS Version: Windows x64 6.0.6002 Service Pack 2
20:42:16.442    Number of processors: 2 586 0x1706
20:42:16.442    ComputerName: TONY-PC  UserName: Tony
20:42:18.080    Initialize success
20:45:35.116    AVAST engine defs: 13031200
20:45:59.920    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:45:59.920    Disk 0 Vendor: WDC_WD5000AAKS-75A7B2 01.03B01 Size: 476940MB BusType: 3
20:45:59.935    Disk 0 MBR read successfully
20:45:59.935    Disk 0 MBR scan
20:45:59.935    Disk 0 Windows VISTA default MBR code
20:45:59.951    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
20:45:59.966    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        15000 MB offset 81920
20:45:59.998    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       461899 MB offset 30801920
20:46:00.091    Disk 0 scanning C:\Windows\system32\drivers
20:46:13.164    Service scanning
20:46:35.066    Modules scanning
20:46:35.066    Disk 0 trace - called modules:
20:46:35.113    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
20:46:35.113    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b18790]
20:46:35.113    3 CLASSPNP.SYS[fffffa60007a9c33] -> nt!IofCallDriver -> [0xfffffa80048bd760]
20:46:35.129    5 acpi.sys[fffffa60008e7fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004891060]
20:46:36.658    AVAST engine scan C:\Windows
20:46:39.731    AVAST engine scan C:\Windows\system32
20:50:25.999    AVAST engine scan C:\Windows\system32\drivers
20:50:40.383    AVAST engine scan C:\Users\Tony
20:53:57.093    Disk 0 MBR has been saved successfully to "C:\Users\Tony\Desktop\MBR.dat"
20:53:57.109    The log file has been saved successfully to "C:\Users\Tony\Desktop\aswMBR.txt"
 
ESET List:
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Kryptik.YXR trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0011.dta Win32/Olmasco.Q trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0020.dta a variant of Win32/Olmasco.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0021.dta a variant of Win32/Olmarik.AYN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0022.dta a variant of Win64/Olmasco.AB trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.03.2013_20.30.37\mbr0000\tdlfs0000\tsk0023.dta a variant of Win64/Olmasco.AB trojan cleaned by deleting - quarantined
 
 
 


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 PM

Posted 12 March 2013 - 09:36 PM

Run TDSSkiller once again and post the new log

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#8 johnressler76

johnressler76
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 13 March 2013 - 12:51 AM

Sent all docs w/ copy paste, and page is displaying "saving post..." for over 15 mins now.



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 PM

Posted 13 March 2013 - 12:58 AM

Post the logs here

 

http://www.pastebin.com/

 

and paste the link to the logs here



#10 johnressler76

johnressler76
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 13 March 2013 - 01:05 AM

http://pastebin.com/DC7rNnj8



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 PM

Posted 13 March 2013 - 01:26 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users