Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot boot up in safe mode


  • Please log in to reply
16 replies to this topic

#1 atomicsocks

atomicsocks

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 09 May 2013 - 07:41 PM

As the topic says, When I try to boot up in safe mode I get a blue screen saying something is wrong and that I need to restart.

For the last few days whenever I watch something with audio my volume controll keeps getting turned all the way down at random. Earlier  today I was watching a video on youtube and in additon to this it started playing some music I didn't recognize in the background that wasn't part of the video and I didn't have any other programs running that would do this. Firefox craps out on me sometimes as well and can't be reactivated without a restart.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 AM

Posted 09 May 2013 - 07:57 PM

Hello, what is your operating system?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 thetechpeople

thetechpeople

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:lakeland fl
  • Local time:07:23 AM

Posted 09 May 2013 - 08:44 PM

sounds like a virus to me



#4 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 10 May 2013 - 12:32 PM

I use winXP and my comp is a Dell. Sorry for not adding that before. Brain fart.

It's over five years old so I was worried it might be a hardware problem as well.



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 AM

Posted 10 May 2013 - 01:08 PM

We Need to Repair Safe Mode
  • Please download Safe Boot Key Repair and save it to your desktop.
  • Open desktopicon.png on your desktop.
  • Copy and paste the resultant log here in your next reply.
If you get in go to Safe Mode with Networking.

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 10 May 2013 - 08:02 PM

Here are the results of Safe Boot Key Repair.

 

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\42534003.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\42534003.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ad-Aware Service]
@="Ad-Aware Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Hamachi2Svc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PEVSystemStart]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\42534003.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Ad-Aware Service
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Lavasoft Ad-Aware Service
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PEVSystemStart
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBAMSvc
 

 

 

 

 

 

I was still unable to boot in safe mode and got a bluescreen saying there was a problem with this info.

 

 

STOP: 0X0000007E (0xC0000005, 0xF7898160, 0xF78D6864, 0xF78D6560)

 

kdcom.dll - Address F7898160 base at F7897000, Date Stamp 4f8f0f42

 

 

 

I do have TDSSKiller on my computer already though.



#7 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 12 May 2013 - 07:23 PM

And here's the file from TDSS.

20:18:02.0421 20924  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:18:02.0843 20924  ============================================================
20:18:02.0843 20924  Current date / time: 2013/05/12 20:18:02.0843
20:18:02.0843 20924  SystemInfo:
20:18:02.0843 20924  
20:18:02.0843 20924  OS Version: 5.1.2600 ServicePack: 3.0
20:18:02.0843 20924  Product type: Workstation
20:18:02.0843 20924  ComputerName: ERIKS
20:18:02.0843 20924  UserName: Erik
20:18:02.0843 20924  Windows directory: C:\WINDOWS
20:18:02.0843 20924  System windows directory: C:\WINDOWS
20:18:02.0843 20924  Processor architecture: Intel x86
20:18:02.0843 20924  Number of processors: 1
20:18:02.0843 20924  Page size: 0x1000
20:18:02.0843 20924  Boot type: Normal boot
20:18:02.0843 20924  ============================================================
20:18:04.0093 20924  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
20:18:04.0093 20924  ============================================================
20:18:04.0093 20924  \Device\Harddisk0\DR0:
20:18:04.0093 20924  MBR partitions:
20:18:04.0093 20924  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
20:18:04.0093 20924  ============================================================
20:18:04.0125 20924  C: <-> \Device\Harddisk0\DR0\Partition1
20:18:04.0125 20924  ============================================================
20:18:04.0125 20924  Initialize success
20:18:04.0125 20924  ============================================================
20:18:33.0218 21196  ============================================================
20:18:33.0218 21196  Scan started
20:18:33.0218 21196  Mode: Manual; TDLFS;
20:18:33.0218 21196  ============================================================
20:18:33.0328 21196  ================ Scan system memory ========================
20:18:33.0328 21196  System memory - ok
20:18:33.0343 21196  ================ Scan services =============================
20:18:33.0421 21196  Abiosdsk - ok
20:18:33.0437 21196  abp480n5 - ok
20:18:33.0484 21196  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:18:33.0484 21196  ACPI - ok
20:18:33.0531 21196  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:18:33.0531 21196  ACPIEC - ok
20:18:33.0640 21196  [ 09E61047B0CEF21559CFCEDF4F14D216 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
20:18:33.0781 21196  Ad-Aware Service - ok
20:18:33.0875 21196  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:18:33.0890 21196  AdobeFlashPlayerUpdateSvc - ok
20:18:33.0906 21196  adpu160m - ok
20:18:33.0968 21196  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:18:33.0968 21196  aec - ok
20:18:34.0031 21196  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:18:34.0062 21196  AFD - ok
20:18:34.0062 21196  Aha154x - ok
20:18:34.0062 21196  aic78u2 - ok
20:18:34.0078 21196  aic78xx - ok
20:18:34.0093 21196  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:18:34.0109 21196  Alerter - ok
20:18:34.0125 21196  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
20:18:34.0140 21196  ALG - ok
20:18:34.0140 21196  AliIde - ok
20:18:34.0187 21196  [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
20:18:34.0218 21196  AmdPPM - ok
20:18:34.0218 21196  amsint - ok
20:18:34.0265 21196  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:18:34.0281 21196  AppMgmt - ok
20:18:34.0281 21196  asc - ok
20:18:34.0296 21196  asc3350p - ok
20:18:34.0296 21196  asc3550 - ok
20:18:34.0421 21196  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:18:34.0437 21196  aspnet_state - ok
20:18:34.0468 21196  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:18:34.0468 21196  AsyncMac - ok
20:18:34.0500 21196  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:18:34.0500 21196  atapi - ok
20:18:34.0515 21196  Atdisk - ok
20:18:34.0546 21196  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:18:34.0546 21196  Atmarpc - ok
20:18:34.0593 21196  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:18:34.0609 21196  AudioSrv - ok
20:18:34.0656 21196  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:18:34.0656 21196  audstub - ok
20:18:34.0703 21196  [ 19BB95D5E3C6C22E8677C1D9A84323CC ] ax88772         C:\WINDOWS\system32\DRIVERS\ax88772.sys
20:18:34.0796 21196  ax88772 - ok
20:18:34.0859 21196  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:18:34.0875 21196  Beep - ok
20:18:34.0937 21196  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:18:35.0000 21196  BITS - ok
20:18:35.0062 21196  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
20:18:35.0125 21196  Browser - ok
20:18:35.0281 21196  catchme - ok
20:18:35.0312 21196  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:18:35.0328 21196  cbidf2k - ok
20:18:35.0328 21196  cd20xrnt - ok
20:18:35.0359 21196  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:18:35.0359 21196  Cdaudio - ok
20:18:35.0406 21196  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:18:35.0421 21196  Cdfs - ok
20:18:35.0437 21196  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:18:35.0453 21196  Cdrom - ok
20:18:35.0484 21196  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
20:18:35.0515 21196  cercsr6 - ok
20:18:35.0515 21196  Changer - ok
20:18:35.0562 21196  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:18:35.0578 21196  CiSvc - ok
20:18:35.0593 21196  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:18:35.0593 21196  ClipSrv - ok
20:18:35.0640 21196  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:18:35.0671 21196  clr_optimization_v2.0.50727_32 - ok
20:18:35.0765 21196  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:18:35.0765 21196  clr_optimization_v4.0.30319_32 - ok
20:18:35.0859 21196  [ 09D38AEC081F064FD67B8B9C49790020 ] CltMngSvc       C:\Program Files\SearchProtect\bin\CltMngSvc.exe
20:18:35.0875 21196  CltMngSvc - ok
20:18:35.0875 21196  CmdIde - ok
20:18:35.0875 21196  COMSysApp - ok
20:18:35.0890 21196  Cpqarray - ok
20:18:35.0953 21196  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:18:35.0968 21196  CryptSvc - ok
20:18:35.0984 21196  dac2w2k - ok
20:18:35.0984 21196  dac960nt - ok
20:18:36.0062 21196  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:18:36.0062 21196  DcomLaunch - ok
20:18:36.0109 21196  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:18:36.0109 21196  Dhcp - ok
20:18:36.0125 21196  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:18:36.0125 21196  Disk - ok
20:18:36.0140 21196  dmadmin - ok
20:18:36.0187 21196  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:18:36.0234 21196  dmboot - ok
20:18:36.0250 21196  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:18:36.0250 21196  dmio - ok
20:18:36.0281 21196  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:18:36.0281 21196  dmload - ok
20:18:36.0312 21196  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:18:36.0312 21196  dmserver - ok
20:18:36.0375 21196  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:18:36.0406 21196  DMusic - ok
20:18:36.0437 21196  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:18:36.0468 21196  Dnscache - ok
20:18:36.0500 21196  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:18:36.0531 21196  Dot3svc - ok
20:18:36.0531 21196  dpti2o - ok
20:18:36.0562 21196  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:18:36.0562 21196  drmkaud - ok
20:18:36.0593 21196  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:18:36.0609 21196  EapHost - ok
20:18:36.0640 21196  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:18:36.0671 21196  ERSvc - ok
20:18:36.0718 21196  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
20:18:36.0718 21196  Eventlog - ok
20:18:36.0781 21196  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
20:18:36.0796 21196  EventSystem - ok
20:18:36.0859 21196  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:18:36.0875 21196  Fastfat - ok
20:18:36.0921 21196  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:18:36.0937 21196  FastUserSwitchingCompatibility - ok
20:18:36.0968 21196  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
20:18:36.0968 21196  Fdc - ok
20:18:36.0984 21196  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:18:37.0062 21196  Fips - ok
20:18:37.0078 21196  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
20:18:37.0093 21196  Flpydisk - ok
20:18:37.0125 21196  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:18:37.0125 21196  FltMgr - ok
20:18:37.0218 21196  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:18:37.0250 21196  FontCache3.0.0.0 - ok
20:18:37.0250 21196  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:18:37.0265 21196  Fs_Rec - ok
20:18:37.0281 21196  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:18:37.0281 21196  Ftdisk - ok
20:18:37.0328 21196  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:18:37.0343 21196  Gpc - ok
20:18:37.0437 21196  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:18:37.0437 21196  gupdate - ok
20:18:37.0453 21196  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:18:37.0453 21196  gupdatem - ok
20:18:37.0500 21196  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:18:37.0500 21196  gusvc - ok
20:18:37.0531 21196  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:18:37.0531 21196  hamachi - ok
20:18:37.0687 21196  [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
20:18:37.0765 21196  Hamachi2Svc - ok
20:18:37.0812 21196  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:18:37.0843 21196  HDAudBus - ok
20:18:37.0921 21196  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:18:37.0937 21196  helpsvc - ok
20:18:37.0968 21196  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
20:18:37.0968 21196  HidServ - ok
20:18:37.0984 21196  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:18:38.0031 21196  hidusb - ok
20:18:38.0062 21196  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:18:38.0078 21196  hkmsvc - ok
20:18:38.0093 21196  hpn - ok
20:18:38.0140 21196  [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:18:38.0140 21196  HSFHWBS2 - ok
20:18:38.0171 21196  [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:18:38.0265 21196  HSF_DP - ok
20:18:38.0312 21196  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:18:38.0328 21196  HTTP - ok
20:18:38.0359 21196  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:18:38.0359 21196  HTTPFilter - ok
20:18:38.0375 21196  i2omgmt - ok
20:18:38.0375 21196  i2omp - ok
20:18:38.0406 21196  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
20:18:38.0421 21196  i8042prt - ok
20:18:38.0500 21196  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:18:38.0562 21196  idsvc - ok
20:18:38.0593 21196  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:18:38.0593 21196  Imapi - ok
20:18:38.0656 21196  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:18:38.0656 21196  ImapiService - ok
20:18:38.0671 21196  ini910u - ok
20:18:38.0843 21196  [ DBC702FBC70DC58D9122CE56EADBD659 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:18:38.0984 21196  IntcAzAudAddService - ok
20:18:39.0000 21196  IntelIde - ok
20:18:39.0046 21196  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:18:39.0062 21196  Ip6Fw - ok
20:18:39.0093 21196  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:18:39.0093 21196  IpFilterDriver - ok
20:18:39.0109 21196  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:18:39.0109 21196  IpInIp - ok
20:18:39.0140 21196  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:18:39.0171 21196  IpNat - ok
20:18:39.0218 21196  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:18:39.0218 21196  IPSec - ok
20:18:39.0250 21196  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:18:39.0281 21196  IRENUM - ok
20:18:39.0312 21196  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:18:39.0312 21196  isapnp - ok
20:18:39.0406 21196  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:18:39.0421 21196  JavaQuickStarterService - ok
20:18:39.0468 21196  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:18:39.0531 21196  Kbdclass - ok
20:18:39.0562 21196  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:18:39.0609 21196  kbdhid - ok
20:18:39.0625 21196  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:18:39.0640 21196  kmixer - ok
20:18:39.0687 21196  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:18:39.0687 21196  KSecDD - ok
20:18:39.0750 21196  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:18:39.0796 21196  lanmanserver - ok
20:18:39.0828 21196  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:18:39.0828 21196  lanmanworkstation - ok
20:18:39.0875 21196  Lavasoft Kernexplorer - ok
20:18:39.0890 21196  lbrtfdc - ok
20:18:39.0937 21196  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:18:39.0953 21196  LmHosts - ok
20:18:40.0000 21196  [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:18:40.0015 21196  mdmxsdk - ok
20:18:40.0046 21196  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:18:40.0046 21196  Messenger - ok
20:18:40.0093 21196  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:18:40.0093 21196  mnmdd - ok
20:18:40.0140 21196  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:18:40.0140 21196  mnmsrvc - ok
20:18:40.0156 21196  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:18:40.0171 21196  Modem - ok
20:18:40.0218 21196  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:18:40.0234 21196  MODEMCSA - ok
20:18:40.0265 21196  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:18:40.0296 21196  Mouclass - ok
20:18:40.0343 21196  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:18:40.0375 21196  mouhid - ok
20:18:40.0406 21196  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:18:40.0406 21196  MountMgr - ok
20:18:40.0484 21196  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:18:40.0484 21196  MozillaMaintenance - ok
20:18:40.0515 21196  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:18:40.0515 21196  MpFilter - ok
20:18:40.0671 21196  [ A69630D039C38018689190234F866D77 ] MpKsl315816b4   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84E09E73-211F-4DF8-9207-B7F5B274B227}\MpKsl315816b4.sys
20:18:40.0671 21196  MpKsl315816b4 - ok
20:18:40.0671 21196  mraid35x - ok
20:18:40.0687 21196  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:18:40.0687 21196  MRxDAV - ok
20:18:40.0765 21196  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:18:40.0781 21196  MRxSmb - ok
20:18:40.0828 21196  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:18:40.0828 21196  MSDTC - ok
20:18:40.0843 21196  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:18:40.0843 21196  Msfs - ok
20:18:40.0859 21196  MSIServer - ok
20:18:40.0890 21196  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:18:40.0890 21196  MSKSSRV - ok
20:18:40.0968 21196  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:18:40.0968 21196  MsMpSvc - ok
20:18:41.0000 21196  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:18:41.0000 21196  MSPCLOCK - ok
20:18:41.0031 21196  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:18:41.0046 21196  MSPQM - ok
20:18:41.0062 21196  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:18:41.0062 21196  mssmbios - ok
20:18:41.0093 21196  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:18:41.0093 21196  Mup - ok
20:18:41.0140 21196  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:18:41.0156 21196  napagent - ok
20:18:41.0203 21196  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:18:41.0203 21196  NDIS - ok
20:18:41.0218 21196  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:18:41.0218 21196  NdisTapi - ok
20:18:41.0234 21196  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:18:41.0250 21196  Ndisuio - ok
20:18:41.0265 21196  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:18:41.0296 21196  NdisWan - ok
20:18:41.0343 21196  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:18:41.0359 21196  NDProxy - ok
20:18:41.0406 21196  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:18:41.0406 21196  NetBIOS - ok
20:18:41.0421 21196  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:18:41.0421 21196  NetBT - ok
20:18:41.0468 21196  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:18:41.0484 21196  NetDDE - ok
20:18:41.0500 21196  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:18:41.0500 21196  NetDDEdsdm - ok
20:18:41.0546 21196  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:18:41.0562 21196  Netlogon - ok
20:18:41.0578 21196  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
20:18:41.0578 21196  Netman - ok
20:18:41.0625 21196  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:18:41.0640 21196  NetTcpPortSharing - ok
20:18:41.0671 21196  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:18:41.0671 21196  Nla - ok
20:18:41.0734 21196  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:18:41.0734 21196  Npfs - ok
20:18:41.0750 21196  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:18:41.0750 21196  Ntfs - ok
20:18:41.0765 21196  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:18:41.0765 21196  NtLmSsp - ok
20:18:41.0812 21196  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:18:41.0843 21196  NtmsSvc - ok
20:18:41.0875 21196  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:18:41.0875 21196  Null - ok
20:18:42.0093 21196  [ 90A2FE4B6E558E05E88E4517001A33EA ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:18:43.0312 21196  nv - ok
20:18:43.0359 21196  [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:18:43.0390 21196  NVENETFD - ok
20:18:43.0437 21196  [ 75E2E77C5497F34E60491D27BF03F1CB ] nvgts           C:\WINDOWS\system32\DRIVERS\nvgts.sys
20:18:43.0437 21196  nvgts - ok
20:18:43.0453 21196  [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:18:43.0453 21196  nvnetbus - ok
20:18:43.0484 21196  [ 16403C54F9A9AB6FA45CEF5A7547D243 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
20:18:43.0484 21196  NVSvc - ok
20:18:43.0531 21196  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:18:43.0546 21196  NwlnkFlt - ok
20:18:43.0562 21196  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:18:43.0578 21196  NwlnkFwd - ok
20:18:43.0609 21196  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
20:18:43.0625 21196  Parport - ok
20:18:43.0671 21196  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:18:43.0671 21196  PartMgr - ok
20:18:43.0703 21196  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:18:43.0718 21196  ParVdm - ok
20:18:43.0734 21196  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:18:43.0734 21196  PCI - ok
20:18:43.0734 21196  PCIDump - ok
20:18:43.0750 21196  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:18:43.0750 21196  PCIIde - ok
20:18:43.0765 21196  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:18:43.0781 21196  Pcmcia - ok
20:18:43.0796 21196  PDCOMP - ok
20:18:43.0796 21196  PDFRAME - ok
20:18:43.0812 21196  PDRELI - ok
20:18:43.0812 21196  PDRFRAME - ok
20:18:43.0828 21196  perc2 - ok
20:18:43.0828 21196  perc2hib - ok
20:18:43.0875 21196  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:18:43.0875 21196  PlugPlay - ok
20:18:43.0890 21196  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:18:43.0890 21196  PolicyAgent - ok
20:18:43.0906 21196  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:18:43.0921 21196  PptpMiniport - ok
20:18:43.0953 21196  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
20:18:43.0953 21196  Processor - ok
20:18:43.0953 21196  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:18:43.0953 21196  ProtectedStorage - ok
20:18:43.0968 21196  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:18:44.0000 21196  PSched - ok
20:18:44.0015 21196  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:18:44.0031 21196  Ptilink - ok
20:18:44.0031 21196  ql1080 - ok
20:18:44.0046 21196  Ql10wnt - ok
20:18:44.0046 21196  ql12160 - ok
20:18:44.0046 21196  ql1240 - ok
20:18:44.0062 21196  ql1280 - ok
20:18:44.0078 21196  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:18:44.0093 21196  RasAcd - ok
20:18:44.0125 21196  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:18:44.0125 21196  RasAuto - ok
20:18:44.0171 21196  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:18:44.0171 21196  Rasl2tp - ok
20:18:44.0218 21196  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:18:44.0250 21196  RasMan - ok
20:18:44.0250 21196  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:18:44.0296 21196  RasPppoe - ok
20:18:44.0312 21196  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:18:44.0312 21196  Raspti - ok
20:18:44.0343 21196  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:18:44.0343 21196  Rdbss - ok
20:18:44.0359 21196  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:18:44.0390 21196  RDPCDD - ok
20:18:44.0437 21196  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:18:44.0437 21196  rdpdr - ok
20:18:44.0484 21196  [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:18:44.0500 21196  RDPWD - ok
20:18:44.0546 21196  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:18:44.0562 21196  RDSessMgr - ok
20:18:44.0640 21196  [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
20:18:44.0656 21196  RealNetworks Downloader Resolver Service - ok
20:18:44.0703 21196  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:18:44.0703 21196  redbook - ok
20:18:44.0750 21196  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:18:44.0765 21196  RemoteAccess - ok
20:18:44.0796 21196  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:18:44.0812 21196  RemoteRegistry - ok
20:18:44.0875 21196  [ 79E740644D8D5E6057A4429F0D19A2CB ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
20:18:44.0875 21196  RichVideo - ok
20:18:44.0921 21196  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:18:44.0937 21196  RpcLocator - ok
20:18:44.0953 21196  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
20:18:44.0953 21196  RpcSs - ok
20:18:44.0984 21196  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:18:45.0000 21196  RSVP - ok
20:18:45.0031 21196  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:18:45.0031 21196  SamSs - ok
20:18:45.0171 21196  [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc         C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
20:18:45.0343 21196  SBAMSvc - ok
20:18:45.0406 21196  [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd          C:\WINDOWS\system32\drivers\sbaphd.sys
20:18:45.0406 21196  sbaphd - ok
20:18:45.0421 21196  [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs         C:\WINDOWS\system32\drivers\sbapifs.sys
20:18:45.0421 21196  sbapifs - ok
20:18:45.0484 21196  [ DC19FF9879775AC86BAA9C9282573E87 ] SbFw            C:\WINDOWS\system32\drivers\SbFw.sys
20:18:45.0515 21196  SbFw - ok
20:18:45.0562 21196  [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCL        C:\WINDOWS\system32\DRIVERS\sbfwim.sys
20:18:45.0562 21196  SBFWIMCL - ok
20:18:45.0562 21196  [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCLMP      C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
20:18:45.0578 21196  SBFWIMCLMP - ok
20:18:45.0609 21196  [ 1AFD7178AB9C4FCE2D332DA7AA474FA6 ] sbhips          C:\WINDOWS\system32\drivers\sbhips.sys
20:18:45.0609 21196  sbhips - ok
20:18:45.0640 21196  [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE            C:\WINDOWS\system32\drivers\SBREdrv.sys
20:18:45.0671 21196  SBRE - ok
20:18:45.0687 21196  [ 3CCB4C5686D23033FD01835BED868B4B ] sbtis           C:\WINDOWS\system32\drivers\sbtis.sys
20:18:45.0687 21196  sbtis - ok
20:18:45.0734 21196  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:18:45.0734 21196  SCardSvr - ok
20:18:45.0796 21196  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:18:45.0796 21196  Schedule - ok
20:18:45.0828 21196  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:18:45.0843 21196  Secdrv - ok
20:18:45.0875 21196  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:18:45.0906 21196  seclogon - ok
20:18:45.0953 21196  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
20:18:45.0953 21196  SENS - ok
20:18:46.0015 21196  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
20:18:46.0015 21196  Serial - ok
20:18:46.0062 21196  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:18:46.0062 21196  Sfloppy - ok
20:18:46.0125 21196  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:18:46.0140 21196  SharedAccess - ok
20:18:46.0171 21196  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:18:46.0171 21196  ShellHWDetection - ok
20:18:46.0187 21196  Simbad - ok
20:18:46.0265 21196  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
20:18:46.0281 21196  SkypeUpdate - ok
20:18:46.0296 21196  Sparrow - ok
20:18:46.0343 21196  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:18:46.0343 21196  splitter - ok
20:18:46.0359 21196  Spooler - ok
20:18:46.0359 21196  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:18:46.0359 21196  sr - ok
20:18:46.0421 21196  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:18:46.0421 21196  srservice - ok
20:18:46.0453 21196  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:18:46.0468 21196  Srv - ok
20:18:46.0515 21196  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:18:46.0531 21196  SSDPSRV - ok
20:18:46.0578 21196  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:18:46.0609 21196  stisvc - ok
20:18:46.0640 21196  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:18:46.0656 21196  swenum - ok
20:18:46.0671 21196  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:18:46.0687 21196  swmidi - ok
20:18:46.0687 21196  SwPrv - ok
20:18:46.0703 21196  symc810 - ok
20:18:46.0718 21196  symc8xx - ok
20:18:46.0718 21196  sym_hi - ok
20:18:46.0734 21196  sym_u3 - ok
20:18:46.0765 21196  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:18:46.0796 21196  sysaudio - ok
20:18:46.0843 21196  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:18:46.0843 21196  SysmonLog - ok
20:18:46.0875 21196  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:18:46.0890 21196  TapiSrv - ok
20:18:46.0953 21196  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:18:46.0968 21196  Tcpip - ok
20:18:46.0984 21196  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:18:47.0000 21196  TDPIPE - ok
20:18:47.0015 21196  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:18:47.0015 21196  TDTCP - ok
20:18:47.0046 21196  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:18:47.0062 21196  TermDD - ok
20:18:47.0078 21196  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
20:18:47.0093 21196  TermService - ok
20:18:47.0109 21196  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:18:47.0109 21196  Themes - ok
20:18:47.0171 21196  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
20:18:47.0343 21196  TlntSvr - ok
20:18:47.0343 21196  TosIde - ok
20:18:47.0421 21196  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:18:47.0796 21196  TrkWks - ok
20:18:47.0812 21196  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:18:48.0281 21196  Udfs - ok
20:18:48.0281 21196  ultra - ok
20:18:48.0359 21196  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:18:48.0796 21196  Update - ok
20:18:48.0859 21196  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:18:49.0125 21196  upnphost - ok
20:18:49.0203 21196  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
20:18:49.0203 21196  UPS - ok
20:18:49.0218 21196  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:18:49.0234 21196  usbccgp - ok
20:18:49.0265 21196  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:18:49.0281 21196  usbehci - ok
20:18:49.0312 21196  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:18:49.0312 21196  usbhub - ok
20:18:49.0328 21196  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:18:49.0343 21196  usbohci - ok
20:18:49.0375 21196  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:18:49.0390 21196  VgaSave - ok
20:18:49.0406 21196  ViaIde - ok
20:18:49.0437 21196  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:18:49.0437 21196  VolSnap - ok
20:18:49.0453 21196  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
20:18:49.0484 21196  VSS - ok
20:18:49.0515 21196  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
20:18:49.0531 21196  W32Time - ok
20:18:49.0578 21196  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:18:49.0578 21196  Wanarp - ok
20:18:49.0593 21196  WDICA - ok
20:18:49.0609 21196  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:18:49.0625 21196  wdmaud - ok
20:18:49.0671 21196  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:18:49.0703 21196  WebClient - ok
20:18:49.0765 21196  [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:18:49.0812 21196  winachsf - ok
20:18:49.0921 21196  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:18:49.0937 21196  winmgmt - ok
20:18:50.0000 21196  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
20:18:50.0078 21196  WinRM - ok
20:18:50.0109 21196  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:18:50.0125 21196  WmdmPmSN - ok
20:18:50.0187 21196  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:18:50.0218 21196  Wmi - ok
20:18:50.0265 21196  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:18:50.0296 21196  WmiApSrv - ok
20:18:50.0390 21196  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
20:18:50.0437 21196  WMPNetworkSvc - ok
20:18:50.0546 21196  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:18:50.0625 21196  WPFFontCache_v0400 - ok
20:18:50.0671 21196  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:18:50.0687 21196  WS2IFSL - ok
20:18:50.0734 21196  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:18:50.0765 21196  wscsvc - ok
20:18:50.0781 21196  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:18:50.0781 21196  wuauserv - ok
20:18:50.0828 21196  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:18:50.0843 21196  WudfPf - ok
20:18:50.0859 21196  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:18:50.0875 21196  WudfRd - ok
20:18:50.0890 21196  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:18:50.0890 21196  WudfSvc - ok
20:18:50.0984 21196  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:18:51.0031 21196  WZCSVC - ok
20:18:51.0078 21196  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:18:51.0078 21196  xmlprov - ok
20:18:51.0093 21196  ================ Scan global ===============================
20:18:51.0140 21196  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:18:51.0203 21196  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:18:51.0250 21196  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:18:51.0281 21196  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:18:51.0281 21196  [Global] - ok
20:18:51.0281 21196  ================ Scan MBR ==================================
20:18:51.0312 21196  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:18:51.0515 21196  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:18:51.0515 21196  \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:18:51.0515 21196  ================ Scan VBR ==================================
20:18:51.0531 21196  [ 6DA1899AF3E2FEE25CC5B311048E8455 ] \Device\Harddisk0\DR0\Partition1
20:18:51.0531 21196  \Device\Harddisk0\DR0\Partition1 - ok
20:18:51.0531 21196  ============================================================
20:18:51.0531 21196  Scan finished
20:18:51.0531 21196  ============================================================
20:18:51.0546 21188  Detected object count: 1
20:18:51.0546 21188  Actual detected object count: 1
20:19:33.0859 21188  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:19:33.0859 21188  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:19:44.0109 20916  Deinitialize success
 



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 AM

Posted 13 May 2013 - 08:46 PM

Please rerun TDSS and change the option on this to Quarantine, Cure or Delete

Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

 

Next run these and let me know how it is.

 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

 

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

 

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

>>>>>

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.

 

 

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 14 May 2013 - 12:36 PM

Here we go.

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by Erik (administrator) on 14-05-2013 at 04:50:40
Running from "C:\Documents and Settings\Erik\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet  = Local Area Connection 3 (Connected)
Hamachi Network Interface = Hamachi (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Hamachi"

set address name="Hamachi" source=dhcp
set dns name="Hamachi" source=dhcp register=NONE
set wins name="Hamachi" source=dhcp

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration        Host Name . . . . . . . . . . . . : eriks        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No        DNS Suffix Search List. . . . . . : hsd1.mi.comcast.net.Ethernet adapter Hamachi:        Connection-specific DNS Suffix  . :         Description . . . . . . . . . . . : Hamachi Network Interface        Physical Address. . . . . . . . . : 7A-79-19-57-82-F5        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : No        IP Address. . . . . . . . . . . . : 25.87.130.245        Subnet Mask . . . . . . . . . . . : 255.0.0.0        Default Gateway . . . . . . . . . :         DHCP Server . . . . . . . . . . . : 25.0.0.1        Lease Obtained. . . . . . . . . . : Sunday, May 12, 2013 12:40:40 PM        Lease Expires . . . . . . . . . . : Monday, May 12, 2014 12:40:40 PMEthernet adapter Local Area Connection 3:        Connection-specific DNS Suffix  . : hsd1.mi.comcast.net.        Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet         Physical Address. . . . . . . . . : 00-1A-A0-65-7B-7C        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 68.61.121.182        Subnet Mask . . . . . . . . . . . : 255.255.252.0        Default Gateway . . . . . . . . . : 68.61.120.1        DHCP Server . . . . . . . . . . . : 69.252.72.70        DNS Servers . . . . . . . . . . . : 75.75.76.76                                            75.75.75.75        Lease Obtained. . . . . . . . . . : Sunday, May 12, 2013 12:38:36 PM        Lease Expires . . . . . . . . . . : Thursday, May 16, 2013 11:36:44 AMServer:  cdns02.comcast.net
Address:  75.75.76.76

Name:    google.com
Addresses:  74.125.225.104, 74.125.225.103, 74.125.225.105, 74.125.225.97
      74.125.225.96, 74.125.225.100, 74.125.225.101, 74.125.225.110, 74.125.225.98
      74.125.225.102, 74.125.225.99

Pinging google.com [74.125.225.105] with 32 bytes of data:Reply from 74.125.225.105: bytes=32 time=16ms TTL=56Reply from 74.125.225.105: bytes=32 time=16ms TTL=56Ping statistics for 74.125.225.105:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 16ms, Maximum = 16ms, Average = 16msServer:  cdns02.comcast.net
Address:  75.75.76.76

Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=606ms TTL=49Reply from 98.139.183.24: bytes=32 time=637ms TTL=49Ping statistics for 98.139.183.24:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 606ms, Maximum = 637ms, Average = 621msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...7a 79 19 57 82 f5 ...... Hamachi Network Interface - GFI Software Firewall NDIS IM Filter Miniport
0x3 ...00 1a a0 65 7b 7c ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      68.61.120.1   68.61.121.182      20
         25.0.0.0        255.0.0.0    25.87.130.245   25.87.130.245      20
    25.87.130.245  255.255.255.255        127.0.0.1       127.0.0.1      20
   25.255.255.255  255.255.255.255    25.87.130.245   25.87.130.245      20
      68.61.120.0    255.255.252.0    68.61.121.182   68.61.121.182      20
    68.61.121.182  255.255.255.255        127.0.0.1       127.0.0.1      20
   68.255.255.255  255.255.255.255    68.61.121.182   68.61.121.182      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
        224.0.0.0        240.0.0.0    25.87.130.245   25.87.130.245      20
        224.0.0.0        240.0.0.0    68.61.121.182   68.61.121.182      20
  255.255.255.255  255.255.255.255    25.87.130.245   25.87.130.245      1
  255.255.255.255  255.255.255.255    68.61.121.182   68.61.121.182      1
Default Gateway:       68.61.120.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/13/2013 06:51:09 AM) (Source: ESENT) (User: )
Description: wuauclt (11276) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The delete file operation will fail with error -1032 (0xfffffbf8).

Error: (05/13/2013 03:41:59 AM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (05/10/2013 01:59:53 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 20.0.1.4847, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/09/2013 03:41:09 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 20.0.1.4847, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/09/2013 03:38:56 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 20.0.1.4847, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/09/2013 00:09:05 AM) (Source: Application Hang) (User: )
Description: Hanging application realplay.exe, version 16.0.1.18, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/08/2013 08:48:54 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 20.0.1.4847, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/07/2013 01:32:44 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 20.0.1.4847, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/07/2013 01:26:31 PM) (Source: Application Hang) (User: )
Description: Hanging application SketchUp.exe, version 8.0.16846.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/01/2013 09:05:16 PM) (Source: Application Hang) (User: )
Description: Hanging application Paint Shop Pro.exe, version 8.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (05/14/2013 02:58:31 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e0226: Automatic Updates.

Error: (05/13/2013 09:56:09 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e0226: Automatic Updates.

Error: (05/13/2013 04:54:29 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e0226: Automatic Updates.

Error: (05/13/2013 11:52:45 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e0226: Automatic Updates.

Error: (05/13/2013 06:51:09 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e0226: Automatic Updates.

Error: (05/13/2013 01:49:25 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e0226: Automatic Updates.

Error: (05/12/2013 08:47:57 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e0226: Automatic Updates.

Error: (05/12/2013 07:52:01 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/12/2013 03:46:29 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e0226: Automatic Updates.

Error: (05/12/2013 00:38:54 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (05/13/2013 06:51:09 AM) (Source: ESENT)(User: )
Description: wuauclt11276C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (05/13/2013 03:41:59 AM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (05/10/2013 01:59:53 PM) (Source: Application Hang)(User: )
Description: firefox.exe20.0.1.4847hungapp0.0.0.000000000

Error: (05/09/2013 03:41:09 PM) (Source: Application Hang)(User: )
Description: firefox.exe20.0.1.4847hungapp0.0.0.000000000

Error: (05/09/2013 03:38:56 PM) (Source: Application Hang)(User: )
Description: firefox.exe20.0.1.4847hungapp0.0.0.000000000

Error: (05/09/2013 00:09:05 AM) (Source: Application Hang)(User: )
Description: realplay.exe16.0.1.18hungapp0.0.0.000000000

Error: (05/08/2013 08:48:54 AM) (Source: Application Hang)(User: )
Description: firefox.exe20.0.1.4847hungapp0.0.0.000000000

Error: (05/07/2013 01:32:44 PM) (Source: Application Hang)(User: )
Description: firefox.exe20.0.1.4847hungapp0.0.0.000000000

Error: (05/07/2013 01:26:31 PM) (Source: Application Hang)(User: )
Description: SketchUp.exe8.0.16846.0hungapp0.0.0.000000000

Error: (05/01/2013 09:05:16 PM) (Source: Application Hang)(User: )
Description: Paint Shop Pro.exe8.0.0.0hungapp0.0.0.000000000


=========================== Installed Programs ============================

µTorrent (Version: 3.3.0.29126)
Ad-Aware Antivirus (Version: 10.1.211.3382)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Ad-Aware Security Toolbar (Version: 2.1.0.20)
Adblock IE 2.2 (Version: 2.2.1524)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
AMDAway INF
Blast Thru
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 56K V.9x DFVc Modem
CyberLink PowerDVD 9 (Version: 9.0.3518.52)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 26.0.1410.64)
Google Talk Plugin (Version: 3.19.1.13088)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
High-Definition Video Playback (Version: 7.1.13500.43.0)
Jasc Paint Shop Pro 8 (Version: 8.00.0000)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 14.0.8117.416)
LogMeIn Hamachi (Version: 2.1.0.294)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30730)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MixiDJ V8 Toolbar (Version: 6.11.2.6)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 10 Movie ThemePack Basic (Version: 10.2.10000.0.0)
Nero BurnRights 10 (Version: 4.2.10500.1.102)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10700)
Nero Control Center 10 (Version: 10.2.11100.1.1)
Nero Core Components 10 (Version: 2.0.18100.8.8)
Nero CoverDesigner 10 (Version: 5.2.11400.11.100)
Nero CoverDesigner 10 Help (CHM) (Version: 10.5.10700)
Nero Express 10 (Version: 10.2.11500.17.100)
Nero Express 10 Help (CHM) (Version: 10.5.10700)
Nero Multimedia Suite 10 Essentials (Version: 10.5.11100)
Nero StartSmart 10 (Version: 10.2.11300.12.100)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10700)
NVIDIA Drivers (Version: 1.3)
OpenOffice.org 3.3 (Version: 3.3.9567)
PCGen6000
RealDownloader (Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek High Definition Audio Driver (Version: 5.10.0.5548)
RealUpgrade 1.1 (Version: 1.1.0)
Screencast-O-Matic
Search Protect by conduit (Version: 1.5.0.71)
Segoe UI (Version: 14.0.4327.805)
SketchUp 8 (Version: 3.0.16846)
Skype™ 6.3 (Version: 6.3.105)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 1982.42 MB
Available physical RAM: 1235.1 MB
Total Pagefile: 3875.54 MB
Available Pagefile: 3201.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.1 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149 GB) (Free:119.51 GB) NTFS

========================= Users: ========================================

User accounts for \\ERIKS

Administrator            ASPNET                   Erik                     
Guest                    HelpAssistant            SUPPORT_388945a0         


**** End of log ****
 

 

 

 

22:49:57.0178 50348  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:49:57.0568 50348  ============================================================
22:49:57.0568 50348  Current date / time: 2013/05/13 22:49:57.0568
22:49:57.0568 50348  SystemInfo:
22:49:57.0568 50348  
22:49:57.0568 50348  OS Version: 5.1.2600 ServicePack: 3.0
22:49:57.0568 50348  Product type: Workstation
22:49:57.0568 50348  ComputerName: ERIKS
22:49:57.0568 50348  UserName: Erik
22:49:57.0568 50348  Windows directory: C:\WINDOWS
22:49:57.0568 50348  System windows directory: C:\WINDOWS
22:49:57.0568 50348  Processor architecture: Intel x86
22:49:57.0568 50348  Number of processors: 1
22:49:57.0568 50348  Page size: 0x1000
22:49:57.0568 50348  Boot type: Normal boot
22:49:57.0568 50348  ============================================================
22:49:58.0600 50348  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
22:49:58.0600 50348  ============================================================
22:49:58.0600 50348  \Device\Harddisk0\DR0:
22:49:58.0600 50348  MBR partitions:
22:49:58.0600 50348  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
22:49:58.0600 50348  ============================================================
22:49:58.0631 50348  C: <-> \Device\Harddisk0\DR0\Partition1
22:49:58.0631 50348  ============================================================
22:49:58.0631 50348  Initialize success
22:49:58.0631 50348  ============================================================
22:51:14.0100 51812  ============================================================
22:51:14.0115 51812  Scan started
22:51:14.0115 51812  Mode: Manual; TDLFS;
22:51:14.0115 51812  ============================================================
22:51:14.0256 51812  ================ Scan system memory ========================
22:51:14.0271 51812  System memory - ok
22:51:14.0271 51812  ================ Scan services =============================
22:51:14.0365 51812  Abiosdsk - ok
22:51:14.0365 51812  abp480n5 - ok
22:51:14.0428 51812  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:51:14.0506 51812  ACPI - ok
22:51:14.0537 51812  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
22:51:14.0553 51812  ACPIEC - ok
22:51:14.0678 51812  [ 09E61047B0CEF21559CFCEDF4F14D216 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
22:51:14.0818 51812  Ad-Aware Service - ok
22:51:14.0912 51812  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:51:14.0928 51812  AdobeFlashPlayerUpdateSvc - ok
22:51:14.0943 51812  adpu160m - ok
22:51:14.0990 51812  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
22:51:15.0021 51812  aec - ok
22:51:15.0068 51812  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
22:51:15.0068 51812  AFD - ok
22:51:15.0068 51812  Aha154x - ok
22:51:15.0084 51812  aic78u2 - ok
22:51:15.0084 51812  aic78xx - ok
22:51:15.0115 51812  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
22:51:15.0146 51812  Alerter - ok
22:51:15.0162 51812  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
22:51:15.0193 51812  ALG - ok
22:51:15.0193 51812  AliIde - ok
22:51:15.0240 51812  [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
22:51:15.0271 51812  AmdPPM - ok
22:51:15.0287 51812  amsint - ok
22:51:15.0318 51812  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
22:51:15.0350 51812  AppMgmt - ok
22:51:15.0365 51812  asc - ok
22:51:15.0381 51812  asc3350p - ok
22:51:15.0381 51812  asc3550 - ok
22:51:15.0521 51812  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:51:15.0521 51812  aspnet_state - ok
22:51:15.0568 51812  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:51:15.0584 51812  AsyncMac - ok
22:51:15.0600 51812  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
22:51:15.0631 51812  atapi - ok
22:51:15.0631 51812  Atdisk - ok
22:51:15.0662 51812  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:51:15.0678 51812  Atmarpc - ok
22:51:15.0709 51812  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
22:51:15.0740 51812  AudioSrv - ok
22:51:15.0787 51812  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
22:51:15.0803 51812  audstub - ok
22:51:15.0834 51812  [ 19BB95D5E3C6C22E8677C1D9A84323CC ] ax88772         C:\WINDOWS\system32\DRIVERS\ax88772.sys
22:51:15.0834 51812  ax88772 - ok
22:51:15.0881 51812  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:51:15.0896 51812  Beep - ok
22:51:15.0943 51812  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
22:51:16.0006 51812  BITS - ok
22:51:16.0068 51812  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
22:51:16.0100 51812  Browser - ok
22:51:16.0287 51812  catchme - ok
22:51:16.0334 51812  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
22:51:16.0334 51812  cbidf2k - ok
22:51:16.0350 51812  cd20xrnt - ok
22:51:16.0381 51812  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
22:51:16.0412 51812  Cdaudio - ok
22:51:16.0443 51812  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
22:51:16.0475 51812  Cdfs - ok
22:51:16.0506 51812  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:51:16.0521 51812  Cdrom - ok
22:51:16.0537 51812  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
22:51:16.0537 51812  cercsr6 - ok
22:51:16.0553 51812  Changer - ok
22:51:16.0584 51812  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
22:51:16.0631 51812  CiSvc - ok
22:51:16.0631 51812  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
22:51:16.0662 51812  ClipSrv - ok
22:51:16.0709 51812  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:51:16.0943 51812  clr_optimization_v2.0.50727_32 - ok
22:51:17.0021 51812  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:51:17.0068 51812  clr_optimization_v4.0.30319_32 - ok
22:51:17.0146 51812  [ 09D38AEC081F064FD67B8B9C49790020 ] CltMngSvc       C:\Program Files\SearchProtect\bin\CltMngSvc.exe
22:51:17.0178 51812  CltMngSvc - ok
22:51:17.0178 51812  CmdIde - ok
22:51:17.0193 51812  COMSysApp - ok
22:51:17.0209 51812  Cpqarray - ok
22:51:17.0240 51812  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
22:51:17.0271 51812  CryptSvc - ok
22:51:17.0287 51812  dac2w2k - ok
22:51:17.0287 51812  dac960nt - ok
22:51:17.0350 51812  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:51:17.0350 51812  DcomLaunch - ok
22:51:17.0396 51812  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
22:51:17.0428 51812  Dhcp - ok
22:51:17.0459 51812  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
22:51:17.0506 51812  Disk - ok
22:51:17.0521 51812  dmadmin - ok
22:51:17.0553 51812  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
22:51:17.0615 51812  dmboot - ok
22:51:17.0646 51812  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
22:51:17.0678 51812  dmio - ok
22:51:17.0693 51812  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
22:51:17.0709 51812  dmload - ok
22:51:17.0756 51812  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
22:51:17.0787 51812  dmserver - ok
22:51:17.0818 51812  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
22:51:17.0850 51812  DMusic - ok
22:51:17.0881 51812  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:51:17.0881 51812  Dnscache - ok
22:51:17.0928 51812  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:51:17.0959 51812  Dot3svc - ok
22:51:17.0959 51812  dpti2o - ok
22:51:17.0990 51812  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:51:17.0990 51812  drmkaud - ok
22:51:18.0021 51812  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
22:51:18.0068 51812  EapHost - ok
22:51:18.0115 51812  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
22:51:18.0193 51812  ERSvc - ok
22:51:18.0240 51812  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
22:51:18.0240 51812  Eventlog - ok
22:51:18.0287 51812  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
22:51:18.0303 51812  EventSystem - ok
22:51:18.0381 51812  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
22:51:18.0396 51812  Fastfat - ok
22:51:18.0475 51812  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:51:18.0490 51812  FastUserSwitchingCompatibility - ok
22:51:18.0490 51812  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
22:51:18.0521 51812  Fdc - ok
22:51:18.0537 51812  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
22:51:18.0537 51812  Fips - ok
22:51:18.0568 51812  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
22:51:18.0584 51812  Flpydisk - ok
22:51:18.0615 51812  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:51:18.0646 51812  FltMgr - ok
22:51:18.0725 51812  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:51:18.0740 51812  FontCache3.0.0.0 - ok
22:51:18.0756 51812  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:51:18.0771 51812  Fs_Rec - ok
22:51:18.0771 51812  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:51:18.0803 51812  Ftdisk - ok
22:51:18.0850 51812  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:51:18.0881 51812  Gpc - ok
22:51:18.0959 51812  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:51:18.0959 51812  gupdate - ok
22:51:18.0975 51812  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:51:18.0975 51812  gupdatem - ok
22:51:19.0006 51812  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:51:19.0084 51812  gusvc - ok
22:51:19.0131 51812  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\WINDOWS\system32\DRIVERS\hamachi.sys
22:51:19.0162 51812  hamachi - ok
22:51:19.0303 51812  [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
22:51:19.0428 51812  Hamachi2Svc - ok
22:51:19.0475 51812  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:51:19.0506 51812  HDAudBus - ok
22:51:19.0553 51812  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:51:19.0600 51812  helpsvc - ok
22:51:19.0615 51812  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
22:51:19.0646 51812  HidServ - ok
22:51:19.0678 51812  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:51:19.0678 51812  hidusb - ok
22:51:19.0725 51812  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
22:51:19.0740 51812  hkmsvc - ok
22:51:19.0756 51812  hpn - ok
22:51:19.0787 51812  [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:51:19.0818 51812  HSFHWBS2 - ok
22:51:19.0865 51812  [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:51:19.0959 51812  HSF_DP - ok
22:51:20.0021 51812  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
22:51:20.0021 51812  HTTP - ok
22:51:20.0053 51812  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
22:51:20.0084 51812  HTTPFilter - ok
22:51:20.0084 51812  i2omgmt - ok
22:51:20.0100 51812  i2omp - ok
22:51:20.0131 51812  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
22:51:20.0146 51812  i8042prt - ok
22:51:20.0209 51812  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:51:20.0271 51812  idsvc - ok
22:51:20.0287 51812  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
22:51:20.0318 51812  Imapi - ok
22:51:20.0350 51812  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
22:51:20.0381 51812  ImapiService - ok
22:51:20.0381 51812  ini910u - ok
22:51:20.0428 51812  [ 42C428D228DB20FC7EA0F52B9E8C7717 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:51:20.0568 51812  Suspicious file (Forged): C:\WINDOWS\system32\drivers\RtkHDAud.sys. Real md5: 42C428D228DB20FC7EA0F52B9E8C7717, Fake md5: DBC702FBC70DC58D9122CE56EADBD659
22:51:20.0584 51812  IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
22:51:20.0584 51812  IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
22:51:20.0584 51812  IntelIde - ok
22:51:20.0615 51812  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
22:51:20.0646 51812  Ip6Fw - ok
22:51:20.0693 51812  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:51:20.0709 51812  IpFilterDriver - ok
22:51:20.0725 51812  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:51:20.0756 51812  IpInIp - ok
22:51:20.0771 51812  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:51:20.0803 51812  IpNat - ok
22:51:20.0850 51812  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:51:20.0865 51812  IPSec - ok
22:51:20.0896 51812  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
22:51:20.0912 51812  IRENUM - ok
22:51:20.0928 51812  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:51:20.0959 51812  isapnp - ok
22:51:21.0021 51812  [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:51:21.0021 51812  JavaQuickStarterService - ok
22:51:21.0068 51812  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:51:21.0068 51812  Kbdclass - ok
22:51:21.0084 51812  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:51:21.0084 51812  kbdhid - ok
22:51:21.0100 51812  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
22:51:21.0131 51812  kmixer - ok
22:51:21.0162 51812  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
22:51:21.0178 51812  KSecDD - ok
22:51:21.0225 51812  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
22:51:21.0225 51812  lanmanserver - ok
22:51:21.0240 51812  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:51:21.0240 51812  lanmanworkstation - ok
22:51:21.0287 51812  Lavasoft Kernexplorer - ok
22:51:21.0303 51812  lbrtfdc - ok
22:51:21.0350 51812  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
22:51:21.0365 51812  LmHosts - ok
22:51:21.0396 51812  [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:51:21.0412 51812  mdmxsdk - ok
22:51:21.0428 51812  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
22:51:21.0443 51812  Messenger - ok
22:51:21.0490 51812  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
22:51:21.0521 51812  mnmdd - ok
22:51:21.0553 51812  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
22:51:21.0584 51812  mnmsrvc - ok
22:51:21.0600 51812  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
22:51:21.0646 51812  Modem - ok
22:51:21.0693 51812  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:51:21.0709 51812  MODEMCSA - ok
22:51:21.0740 51812  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:51:21.0740 51812  Mouclass - ok
22:51:21.0787 51812  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:51:21.0803 51812  mouhid - ok
22:51:21.0834 51812  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
22:51:21.0865 51812  MountMgr - ok
22:51:21.0928 51812  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:51:21.0928 51812  MozillaMaintenance - ok
22:51:21.0975 51812  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:51:22.0006 51812  MpFilter - ok
22:51:22.0146 51812  [ A69630D039C38018689190234F866D77 ] MpKsl02e6389e   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7417DB6C-8913-41CA-91BD-D1856E2C6818}\MpKsl02e6389e.sys
22:51:22.0146 51812  MpKsl02e6389e - ok
22:51:22.0146 51812  mraid35x - ok
22:51:22.0146 51812  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:51:22.0162 51812  MRxDAV - ok
22:51:22.0225 51812  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:51:22.0240 51812  MRxSmb - ok
22:51:22.0287 51812  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
22:51:22.0318 51812  MSDTC - ok
22:51:22.0334 51812  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:51:22.0350 51812  Msfs - ok
22:51:22.0365 51812  MSIServer - ok
22:51:22.0381 51812  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:51:22.0396 51812  MSKSSRV - ok
22:51:22.0459 51812  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:51:22.0459 51812  MsMpSvc - ok
22:51:22.0506 51812  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:51:22.0506 51812  MSPCLOCK - ok
22:51:22.0521 51812  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:51:22.0521 51812  MSPQM - ok
22:51:22.0553 51812  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:51:22.0584 51812  mssmbios - ok
22:51:22.0631 51812  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
22:51:22.0631 51812  Mup - ok
22:51:22.0678 51812  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
22:51:22.0709 51812  napagent - ok
22:51:22.0756 51812  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
22:51:22.0787 51812  NDIS - ok
22:51:22.0818 51812  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:51:22.0818 51812  NdisTapi - ok
22:51:22.0834 51812  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:51:22.0865 51812  Ndisuio - ok
22:51:22.0865 51812  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:51:22.0865 51812  NdisWan - ok
22:51:22.0928 51812  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:51:22.0928 51812  NDProxy - ok
22:51:22.0943 51812  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:51:22.0943 51812  NetBIOS - ok
22:51:22.0959 51812  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:51:22.0975 51812  NetBT - ok
22:51:23.0006 51812  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
22:51:23.0037 51812  NetDDE - ok
22:51:23.0037 51812  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
22:51:23.0037 51812  NetDDEdsdm - ok
22:51:23.0146 51812  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:51:23.0146 51812  Netlogon - ok
22:51:23.0162 51812  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
22:51:23.0193 51812  Netman - ok
22:51:23.0225 51812  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:51:23.0240 51812  NetTcpPortSharing - ok
22:51:23.0271 51812  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
22:51:23.0271 51812  Nla - ok
22:51:23.0334 51812  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:51:23.0350 51812  Npfs - ok
22:51:23.0381 51812  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:51:23.0459 51812  Ntfs - ok
22:51:23.0506 51812  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
22:51:23.0506 51812  NtLmSsp - ok
22:51:23.0553 51812  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
22:51:23.0600 51812  NtmsSvc - ok
22:51:23.0615 51812  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:51:23.0615 51812  Null - ok
22:51:23.0678 51812  [ 2F58567DD0B36D6DC60C14BD0BCD7C4A ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:51:25.0209 51812  Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: 2F58567DD0B36D6DC60C14BD0BCD7C4A, Fake md5: 90A2FE4B6E558E05E88E4517001A33EA
22:51:25.0240 51812  nv ( ForgedFile.Multi.Generic ) - warning
22:51:25.0240 51812  nv - detected ForgedFile.Multi.Generic (1)
22:51:25.0271 51812  [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:51:25.0303 51812  NVENETFD - ok
22:51:25.0350 51812  [ 75E2E77C5497F34E60491D27BF03F1CB ] nvgts           C:\WINDOWS\system32\DRIVERS\nvgts.sys
22:51:25.0350 51812  nvgts - ok
22:51:25.0350 51812  [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:51:25.0443 51812  nvnetbus - ok
22:51:25.0459 51812  [ 16403C54F9A9AB6FA45CEF5A7547D243 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
22:51:26.0365 51812  NVSvc - ok
22:51:26.0396 51812  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:51:26.0412 51812  NwlnkFlt - ok
22:51:26.0412 51812  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:51:26.0428 51812  NwlnkFwd - ok
22:51:26.0475 51812  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
22:51:26.0490 51812  Parport - ok
22:51:26.0521 51812  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
22:51:26.0537 51812  PartMgr - ok
22:51:26.0568 51812  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
22:51:26.0600 51812  ParVdm - ok
22:51:26.0615 51812  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
22:51:26.0646 51812  PCI - ok
22:51:26.0646 51812  PCIDump - ok
22:51:26.0678 51812  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
22:51:26.0693 51812  PCIIde - ok
22:51:26.0740 51812  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
22:51:26.0756 51812  Pcmcia - ok
22:51:26.0756 51812  PDCOMP - ok
22:51:26.0771 51812  PDFRAME - ok
22:51:26.0771 51812  PDRELI - ok
22:51:26.0787 51812  PDRFRAME - ok
22:51:26.0787 51812  perc2 - ok
22:51:26.0803 51812  perc2hib - ok
22:51:26.0850 51812  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
22:51:26.0850 51812  PlugPlay - ok
22:51:26.0850 51812  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
22:51:26.0850 51812  PolicyAgent - ok
22:51:26.0865 51812  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:51:26.0881 51812  PptpMiniport - ok
22:51:26.0896 51812  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
22:51:26.0896 51812  Processor - ok
22:51:26.0912 51812  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:51:26.0912 51812  ProtectedStorage - ok
22:51:26.0928 51812  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
22:51:26.0928 51812  PSched - ok
22:51:26.0959 51812  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:51:26.0975 51812  Ptilink - ok
22:51:26.0990 51812  ql1080 - ok
22:51:26.0990 51812  Ql10wnt - ok
22:51:27.0006 51812  ql12160 - ok
22:51:27.0006 51812  ql1240 - ok
22:51:27.0021 51812  ql1280 - ok
22:51:27.0037 51812  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:51:27.0053 51812  RasAcd - ok
22:51:27.0084 51812  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:51:27.0131 51812  RasAuto - ok
22:51:27.0178 51812  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:51:27.0193 51812  Rasl2tp - ok
22:51:27.0256 51812  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:51:27.0271 51812  RasMan - ok
22:51:27.0318 51812  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:51:27.0334 51812  RasPppoe - ok
22:51:27.0381 51812  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
22:51:27.0396 51812  Raspti - ok
22:51:27.0443 51812  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:51:27.0459 51812  Rdbss - ok
22:51:27.0506 51812  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:51:27.0521 51812  RDPCDD - ok
22:51:27.0568 51812  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:51:27.0600 51812  rdpdr - ok
22:51:27.0631 51812  [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
22:51:27.0646 51812  RDPWD - ok
22:51:27.0678 51812  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
22:51:27.0725 51812  RDSessMgr - ok
22:51:27.0818 51812  [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
22:51:27.0834 51812  RealNetworks Downloader Resolver Service - ok
22:51:27.0850 51812  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
22:51:27.0881 51812  redbook - ok
22:51:27.0912 51812  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:51:27.0928 51812  RemoteAccess - ok
22:51:27.0959 51812  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
22:51:27.0975 51812  RemoteRegistry - ok
22:51:28.0037 51812  [ 79E740644D8D5E6057A4429F0D19A2CB ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
22:51:28.0100 51812  RichVideo - ok
22:51:28.0131 51812  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:51:28.0162 51812  RpcLocator - ok
22:51:28.0225 51812  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
22:51:28.0225 51812  RpcSs - ok
22:51:28.0256 51812  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
22:51:28.0287 51812  RSVP - ok
22:51:28.0334 51812  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:51:28.0334 51812  SamSs - ok
22:51:28.0381 51812  [ 63D5211B43E3CB7E03407168EA36EF79 ] SBAMSvc         C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
22:51:28.0600 51812  Suspicious file (Forged): C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe. Real md5: 63D5211B43E3CB7E03407168EA36EF79, Fake md5: BCE943896289A91AD75CC5652620B1C6
22:51:28.0615 51812  SBAMSvc ( ForgedFile.Multi.Generic ) - warning
22:51:28.0615 51812  SBAMSvc - detected ForgedFile.Multi.Generic (1)
22:51:28.0662 51812  [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd          C:\WINDOWS\system32\drivers\sbaphd.sys
22:51:28.0693 51812  sbaphd - ok
22:51:28.0709 51812  [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs         C:\WINDOWS\system32\drivers\sbapifs.sys
22:51:28.0740 51812  sbapifs - ok
22:51:28.0803 51812  [ DC19FF9879775AC86BAA9C9282573E87 ] SbFw            C:\WINDOWS\system32\drivers\SbFw.sys
22:51:28.0818 51812  SbFw - ok
22:51:28.0881 51812  [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCL        C:\WINDOWS\system32\DRIVERS\sbfwim.sys
22:51:28.0896 51812  SBFWIMCL - ok
22:51:28.0912 51812  [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCLMP      C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
22:51:28.0912 51812  SBFWIMCLMP - ok
22:51:28.0959 51812  [ 1AFD7178AB9C4FCE2D332DA7AA474FA6 ] sbhips          C:\WINDOWS\system32\drivers\sbhips.sys
22:51:28.0990 51812  sbhips - ok
22:51:29.0037 51812  [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE            C:\WINDOWS\system32\drivers\SBREdrv.sys
22:51:29.0053 51812  SBRE - ok
22:51:29.0100 51812  [ 3CCB4C5686D23033FD01835BED868B4B ] sbtis           C:\WINDOWS\system32\drivers\sbtis.sys
22:51:29.0115 51812  sbtis - ok
22:51:29.0178 51812  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
22:51:29.0178 51812  SCardSvr - ok
22:51:29.0225 51812  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:51:29.0256 51812  Schedule - ok
22:51:29.0287 51812  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:51:29.0318 51812  Secdrv - ok
22:51:29.0334 51812  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
22:51:29.0365 51812  seclogon - ok
22:51:29.0396 51812  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
22:51:29.0412 51812  SENS - ok
22:51:29.0443 51812  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
22:51:29.0475 51812  Serial - ok
22:51:29.0521 51812  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
22:51:29.0521 51812  Sfloppy - ok
22:51:29.0584 51812  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:51:29.0631 51812  SharedAccess - ok
22:51:29.0662 51812  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:51:29.0662 51812  ShellHWDetection - ok
22:51:29.0678 51812  Simbad - ok
22:51:29.0756 51812  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:51:29.0771 51812  SkypeUpdate - ok
22:51:29.0787 51812  Sparrow - ok
22:51:29.0818 51812  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
22:51:29.0834 51812  splitter - ok
22:51:29.0850 51812  Spooler - ok
22:51:29.0881 51812  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
22:51:29.0912 51812  sr - ok
22:51:29.0959 51812  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
22:51:29.0975 51812  srservice - ok
22:51:30.0053 51812  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:51:30.0053 51812  Srv - ok
22:51:30.0100 51812  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:51:30.0131 51812  SSDPSRV - ok
22:51:30.0178 51812  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
22:51:30.0193 51812  stisvc - ok
22:51:30.0225 51812  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
22:51:30.0271 51812  swenum - ok
22:51:30.0303 51812  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
22:51:30.0318 51812  swmidi - ok
22:51:30.0334 51812  SwPrv - ok
22:51:30.0334 51812  symc810 - ok
22:51:30.0350 51812  symc8xx - ok
22:51:30.0350 51812  sym_hi - ok
22:51:30.0365 51812  sym_u3 - ok
22:51:30.0412 51812  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
22:51:30.0428 51812  sysaudio - ok
22:51:30.0475 51812  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
22:51:30.0490 51812  SysmonLog - ok
22:51:30.0553 51812  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:51:30.0584 51812  TapiSrv - ok
22:51:30.0646 51812  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:51:30.0646 51812  Tcpip - ok
22:51:30.0678 51812  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
22:51:30.0693 51812  TDPIPE - ok
22:51:30.0709 51812  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
22:51:30.0725 51812  TDTCP - ok
22:51:30.0756 51812  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
22:51:30.0787 51812  TermDD - ok
22:51:30.0818 51812  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
22:51:30.0850 51812  TermService - ok
22:51:30.0865 51812  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
22:51:30.0865 51812  Themes - ok
22:51:30.0928 51812  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
22:51:30.0943 51812  TlntSvr - ok
22:51:30.0959 51812  TosIde - ok
22:51:31.0006 51812  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
22:51:31.0037 51812  TrkWks - ok
22:51:31.0068 51812  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
22:51:31.0084 51812  Udfs - ok
22:51:31.0084 51812  ultra - ok
22:51:31.0131 51812  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
22:51:31.0162 51812  Update - ok
22:51:31.0209 51812  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:51:31.0240 51812  upnphost - ok
22:51:31.0271 51812  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
22:51:31.0303 51812  UPS - ok
22:51:31.0334 51812  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:51:31.0365 51812  usbccgp - ok
22:51:31.0396 51812  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:51:31.0412 51812  usbehci - ok
22:51:31.0459 51812  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:51:31.0490 51812  usbhub - ok
22:51:31.0521 51812  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:51:31.0553 51812  usbohci - ok
22:51:31.0584 51812  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
22:51:31.0600 51812  VgaSave - ok
22:51:31.0615 51812  ViaIde - ok
22:51:31.0646 51812  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
22:51:31.0678 51812  VolSnap - ok
22:51:31.0709 51812  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
22:51:31.0740 51812  VSS - ok
22:51:31.0787 51812  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
22:51:31.0818 51812  W32Time - ok
22:51:31.0850 51812  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:51:31.0881 51812  Wanarp - ok
22:51:31.0881 51812  WDICA - ok
22:51:31.0928 51812  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
22:51:31.0943 51812  wdmaud - ok
22:51:31.0990 51812  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:51:32.0021 51812  WebClient - ok
22:51:32.0100 51812  [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:51:32.0193 51812  winachsf - ok
22:51:32.0303 51812  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:51:32.0334 51812  winmgmt - ok
22:51:32.0381 51812  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
22:51:32.0459 51812  WinRM - ok
22:51:32.0506 51812  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
22:51:32.0521 51812  WmdmPmSN - ok
22:51:32.0553 51812  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
22:51:32.0568 51812  Wmi - ok
22:51:32.0631 51812  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:51:32.0662 51812  WmiApSrv - ok
22:51:32.0740 51812  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
22:51:32.0803 51812  WMPNetworkSvc - ok
22:51:32.0912 51812  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:51:33.0006 51812  WPFFontCache_v0400 - ok
22:51:33.0037 51812  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:51:33.0068 51812  WS2IFSL - ok
22:51:33.0115 51812  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
22:51:33.0146 51812  wscsvc - ok
22:51:33.0178 51812  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
22:51:33.0178 51812  wuauserv - ok
22:51:33.0225 51812  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:51:33.0240 51812  WudfPf - ok
22:51:33.0271 51812  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:51:33.0287 51812  WudfRd - ok
22:51:33.0318 51812  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
22:51:33.0334 51812  WudfSvc - ok
22:51:33.0396 51812  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
22:51:33.0475 51812  WZCSVC - ok
22:51:33.0521 51812  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
22:51:33.0537 51812  xmlprov - ok
22:51:33.0553 51812  ================ Scan global ===============================
22:51:33.0584 51812  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:51:33.0662 51812  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:51:33.0662 51812  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:51:33.0709 51812  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:51:33.0709 51812  [Global] - ok
22:51:33.0709 51812  ================ Scan MBR ==================================
22:51:33.0740 51812  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:51:33.0943 51812  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:51:33.0943 51812  \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:51:33.0959 51812  ================ Scan VBR ==================================
22:51:33.0959 51812  [ 6DA1899AF3E2FEE25CC5B311048E8455 ] \Device\Harddisk0\DR0\Partition1
22:51:33.0959 51812  \Device\Harddisk0\DR0\Partition1 - ok
22:51:33.0959 51812  ============================================================
22:51:33.0959 51812  Scan finished
22:51:33.0959 51812  ============================================================
22:51:33.0975 48912  Detected object count: 4
22:51:33.0975 48912  Actual detected object count: 4
22:52:30.0115 48912  C:\WINDOWS\system32\drivers\RtkHDAud.sys - copied to quarantine
22:52:30.0225 48912  IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Quarantine
22:52:30.0537 48912  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - copied to quarantine
22:52:30.0615 48912  nv ( ForgedFile.Multi.Generic ) - User select action: Quarantine
22:52:30.0771 48912  C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe - copied to quarantine
22:52:30.0959 48912  SBAMSvc ( ForgedFile.Multi.Generic ) - User select action: Quarantine
22:52:30.0990 48912  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:52:31.0068 48912  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:52:31.0490 48912  \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
22:52:31.0678 48912  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:52:31.0756 48912  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:52:34.0287 48912  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:52:34.0678 48912  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:52:34.0709 48912  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:52:34.0756 48912  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:52:35.0178 48912  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:52:35.0225 48912  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:52:35.0287 48912  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:52:35.0287 48912  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:52:35.0318 48912  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
22:52:42.0912 51624  Deinitialize success
 

 

 

# AdwCleaner v2.300 - Logfile created 05/14/2013 at 04:54:19
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Erik - ERIKS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Erik\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\Erik\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\Erik\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Erik\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Erik\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Erik\Local Settings\Application Data\MixiDJ_V8
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\SearchProtect
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MixiDJ_V8
Folder Deleted : C:\Program Files\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E4C3A8B6-7724-45D1-A629-17B69118EBCD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4C3A8B6-7724-45D1-A629-17B69118EBCD}
Key Deleted : HKCU\Software\MixiDJ_V8
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85318F7B-ACB8-4719-A35C-14BF9F7EFBD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E4C3A8B6-7724-45D1-A629-17B69118EBCD}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6662A494-0CFD-488E-B5C2-D878DC3EFCC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF8E9DB-2E04-4FE7-B7B5-2E06453A27FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4C3A8B6-7724-45D1-A629-17B69118EBCD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85318F7B-ACB8-4719-A35C-14BF9F7EFBD7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V8 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\Software\MixiDJ_V8
Key Deleted : HKLM\Software\SearchProtect
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E4C3A8B6-7724-45D1-A629-17B69118EBCD}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E4C3A8B6-7724-45D1-A629-17B69118EBCD}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Erik\Application Data\Mozilla\Firefox\Profiles\sz8364pt.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4109 octets] - [14/05/2013 04:54:19]

########## EOF - C:\AdwCleaner[S1].txt - [4169 octets] ##########
 

 

 

C:\Documents and Settings\Erik\Application Data\Sun\Java\Deployment\cache\6.0\21\20209355-6231c3ae    a variant of Java/Exploit.CVE-2012-1723.AJ trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Erik\Local Settings\temp\10.tmp    a variant of Win32/Kryptik.BAPG trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.05.2013_21.26.49\mbr0000\tdlfs0000\tsk0002.dta    a variant of Win32/Olmarik.AYZ trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.05.2013_21.26.49\mbr0000\tdlfs0000\tsk0003.dta    Win64/Olmarik.BC trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.05.2013_21.26.49\mbr0000\tdlfs0000\tsk0004.dta    a variant of Win32/Rootkit.Kryptik.UK trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.05.2013_22.49.57\tdlfs0000\tsk0002.dta    a variant of Win32/Olmarik.AYZ trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.05.2013_22.49.57\tdlfs0000\tsk0003.dta    Win64/Olmarik.BC trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.05.2013_22.49.57\tdlfs0000\tsk0004.dta    a variant of Win32/Rootkit.Kryptik.UK trojan    cleaned by deleting - quarantined
C:\WINDOWS\Temp\11.tmp    a variant of Win32/Rootkit.Kryptik.UK trojan    cleaned by deleting - quarantined
 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 AM

Posted 14 May 2013 - 01:41 PM

Hello, so how is it running now? There were a lot of info stealing Trojans removed. Many of these come from Torrent downloads. You need to change all passwords used from this computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 14 May 2013 - 05:48 PM

Safe mode works again woo!

When the goblin hordes attack, you have my sword good sir.

Am doing the password changing now.

It still exhibits the odd quirk on startup of always acting as though I've pressed F8 though.

Do the trojans specifically prevent safe mode from working to keep them from being removed or is that incidental?



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 AM

Posted 14 May 2013 - 07:03 PM

That is a possibility as some will.
 
Lets see if you have a corrupt file.
 
Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see [url="http://www.bleepingcomputer.com/forums/topic43051.html"]How To Use Sfc.exe To Repair System Files
NOTE for Vista/WIN 7 users..The command needs to be run from an [url="http://www.bleepingcomputer.com/tutorials/tutorial167.html"]Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'
You will need your operating system  CD handy.
Open Windows Task Manager....by pressing CTRL+SHIFT+ESC
Then click  File.. then New Task(Run)
In the box that opens type sfc /scannow ......There is a space between c and /
Click OK
Let it run and insert the CD when asked.

Edited by boopme, 13 January 2015 - 03:29 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 14 May 2013 - 07:48 PM

Yikes I don't have my OS CD or I would have just reformatted from the get-go and spared you guys the trouble.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 AM

Posted 14 May 2013 - 07:55 PM

Well run it and see if it says there are any.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 atomicsocks

atomicsocks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 14 May 2013 - 09:15 PM

I gave it a go. It ran but I don't see any differences and I get the same thing on startup.

 

Edit: Google doesn't work for me in firefox now but that's probably a settings issue.


Edited by atomicsocks, 14 May 2013 - 10:05 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users