Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antimalwarebytes continuously blocking malicious i.p.


  • This topic is locked This topic is locked
7 replies to this topic

#1 ShortDancer712

ShortDancer712

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:49 AM

Posted 12 June 2013 - 03:00 PM

Hi,

I keep seeing the Antimalwarebytes balloon pop up saying that it "successfully blocked access to a potentially malicious website: 109.236.82.176  Type: outgoing"

I have run antimalware scans and come up with nothing, found several quarantined Trojans with MSE which I removed,  restarted my computer three times, and it's still happening.  The thing that kind of freaks me out is that it still happens when my browser is closed.

 

I would really appreciate some advice, thanks!

 

I am running Windows XP Home Service Pack 3, Firefox 21.0, Antimalwarebytes v2013.06.12.06,  and my MSE virus & spyware definitions are 1.151.2103.0


Edited by hamluis, 12 June 2013 - 03:22 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:49 AM

Posted 12 June 2013 - 04:14 PM

Welcome ShortDancer

Lets look a bit further here.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ShortDancer712

ShortDancer712
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:49 AM

Posted 13 June 2013 - 01:23 PM

MiniToolBox Result
MiniToolBox by Farbar  Version:21-04-2013
Ran by Crane Girl (administrator) on 12-06-2013 at 23:03:06
Running from "C:\Documents and Settings\Crane Girl\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1395 WLAN Mini-Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : KungFuPrincess

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : hsd1.wa.comcast.net.

        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

        Physical Address. . . . . . . . . : 00-1D-09-BC-E6-AC

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.0.103

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        IP Address. . . . . . . . . . . . : fe80::21d:9ff:febc:e6ac%4

        Default Gateway . . . . . . . . . : 192.168.0.1

        DHCP Server . . . . . . . . . . . : 192.168.0.1

        DNS Servers . . . . . . . . . . . : 192.168.0.1

                                            fec0:0:0:ffff::1%2

                                            fec0:0:0:ffff::2%2

                                            fec0:0:0:ffff::3%2

        Lease Obtained. . . . . . . . . . : Wednesday, June 12, 2013 10:52:39 PM

        Lease Expires . . . . . . . . . . : Thursday, June 13, 2013 1:52:39 AM



Ethernet adapter Wireless Network Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card

        Physical Address. . . . . . . . . : 00-16-44-71-6B-23



Tunnel adapter Teredo Tunneling Pseudo-Interface:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : 80-00-0B-5A-9D-09-AF-31

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : 2001:0:9d38:953c:8000:b5a:9d09:af31

        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

        Default Gateway . . . . . . . . . : ::

        NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



        Connection-specific DNS Suffix  . : hsd1.wa.comcast.net.

        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-00-67

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.0.103%2

        Default Gateway . . . . . . . . . :

        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

                                            fec0:0:0:ffff::2%2

                                            fec0:0:0:ffff::3%2

        NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  UnKnown
Address:  192.168.0.1

Name:    google.com
Addresses:  173.194.33.5, 173.194.33.6, 173.194.33.8, 173.194.33.7
      173.194.33.4, 173.194.33.0, 173.194.33.9, 173.194.33.2, 173.194.33.3
      173.194.33.14, 173.194.33.1



Pinging google.com [173.194.33.41] with 32 bytes of data:



Reply from 173.194.33.41: bytes=32 time=15ms TTL=55

Reply from 173.194.33.41: bytes=32 time=14ms TTL=55



Ping statistics for 173.194.33.41:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 14ms, Maximum = 15ms, Average = 14ms

Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=18ms TTL=52

Reply from 206.190.36.45: bytes=32 time=17ms TTL=52



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 17ms, Maximum = 18ms, Average = 17ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 bc e6 ac ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 16 44 71 6b 23 ...... Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.103      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0    192.168.0.103   192.168.0.103      20
      192.168.0.0    255.255.255.0    192.168.0.103   192.168.0.103      20
    192.168.0.103  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.0.255  255.255.255.255    192.168.0.103   192.168.0.103      20
        224.0.0.0        240.0.0.0    192.168.0.103   192.168.0.103      20
  255.255.255.255  255.255.255.255    192.168.0.103   192.168.0.103      1
  255.255.255.255  255.255.255.255    192.168.0.103               3      1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/11/2013 00:59:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2047

Error: (06/11/2013 00:59:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2047

Error: (06/11/2013 00:59:06 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/10/2013 00:20:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2297

Error: (06/10/2013 00:20:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2297

Error: (06/10/2013 00:20:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/07/2013 11:05:44 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/04/2013 02:56:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4734

Error: (06/04/2013 02:56:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4734

Error: (06/04/2013 02:56:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/11/2013 08:16:10 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.103 on the
Network Card with network address 001D09BCE6AC.

Error: (06/10/2013 11:35:09 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.103 on the
Network Card with network address 001D09BCE6AC.

Error: (06/06/2013 10:50:30 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (06/06/2013 10:50:30 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (06/06/2013 10:50:30 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (06/06/2013 10:50:30 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (06/06/2013 10:50:30 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (06/06/2013 10:50:30 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (06/06/2013 10:50:30 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (06/06/2013 10:50:30 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (06/11/2013 00:59:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2047

Error: (06/11/2013 00:59:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2047

Error: (06/11/2013 00:59:06 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/10/2013 00:20:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2297

Error: (06/10/2013 00:20:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2297

Error: (06/10/2013 00:20:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/07/2013 11:05:44 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1hungapp0.0.0.000000000

Error: (06/04/2013 02:56:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4734

Error: (06/04/2013 02:56:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4734

Error: (06/04/2013 02:56:12 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

7-Zip 4.57
AbiWord 2.6.8 (Version: 2.6.8)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Help Center 2.1 (Version: 2.1)
Adobe Photoshop Elements 5.0 (Version: 5.0)
Adobe Reader 9.3 (Version: 9.3.0)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Astral Nebulae
Audacity 1.2.6
Bonjour (Version: 3.0.0.10)
Broadcom Management Programs (Version: 10.15.03)
Browser Address Error Redirector (Version: 1.00.0000)
CCleaner (Version: 3.27)
CDDRV_Installer (Version: 4.60)
Conexant HDA D330 MDC V.92 Modem
Defraggler (Version: 2.12)
Dell DataSafe Online (Version: 1.0.21)
Dell System Restore (Version: 2.00.0000)
Dell Touchpad (Version: 9.1.18.6)
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card (Version: 4.170.25.12)
Digital Line Detect (Version: 1.21)
DivX Setup (Version: 2.6.1.9)
Documentation & Support Launcher (Version: 1.00.0000)
Free Audio Converter version 5.0.22.128 (Version: 5.0.22.128)
Games, Music, & Photos Launcher (Version: 1.00.0000)
Guild Wars
Guild Wars 2
IntelliSonic Speech Enhancement (Version: 2.1.37)
Internet Service Offers Launcher (Version: 1.00.0000)
iTunes (Version: 11.0.4.4)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
KhalInstallWrapper (Version: 4.60.122)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Kotor Tool
LAME v3.98.3 for Audacity
Laptop Integrated Webcam Driver (1.03.02.0719)  
Logitech SetPoint (Version: 4.60)
LOTR The Return of the King tm
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaDirect (Version: 3.5)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
Modem Diagnostic Tool (Version: 1.0.20.0)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 17.0.6 (x86 en-US) (Version: 17.0.6)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NetWaiting (Version: 2.5.44)
Nikon Message Center (Version: 0.91.000)
NVIDIA Control Panel 266.58 (Version: 266.58)
NVIDIA Drivers
NVIDIA Graphics Driver 266.58 (Version: 266.58)
NVIDIA Install Application (Version: 2.265.36.0)
NVIDIA nView 135.50 (Version: 135.50)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
Pando Media Booster (Version: 2.6.0.7)
PictureProject (Version: 1.0)
QuickSet (Version: 8.3.10)
QuickTime (Version: 7.74.80.86)
SearchAssist
Sonic Activation Module (Version: 1.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Star Wars Battlefront II (Version: 1.0)
Star Wars Jedi Knight Jedi Academy
Star Wars JK II Jedi Outcast
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (Version: 1.00.0000)
Star Wars®: Knights of the Old Republic ™
swMSM (Version: 12.0.0.1)
The Battle for Middle-earth ™
The Lord of the Rings Online™ v03.07.00.8037 (Version: 03.07.00.8037)
TSLRCM 1.7
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
Yontoo 1.10.03 (Version: 1.10.03)

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 3581.97 MB
Available physical RAM: 2934.87 MB
Total Pagefile: 5463.67 MB
Available Pagefile: 4969.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:105.91 GB) (Free:10.72 GB) NTFS
2 Drive d: (KOTOR_1) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\KUNGFUPRINCESS

Administrator            ASPNET                   Crane Girl               
Guest                    HelpAssistant            SUPPORT_388945a0         


**** End of log ****
 

 

 
 
 
 
TDSSKiller
23:05:46.0859 3920  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:05:47.0484 3920  ============================================================
23:05:47.0484 3920  Current date / time: 2013/06/12 23:05:47.0484
23:05:47.0484 3920  SystemInfo:
23:05:47.0484 3920  
23:05:47.0484 3920  OS Version: 5.1.2600 ServicePack: 3.0
23:05:47.0484 3920  Product type: Workstation
23:05:47.0484 3920  ComputerName: KUNGFUPRINCESS
23:05:47.0484 3920  UserName: Crane Girl
23:05:47.0484 3920  Windows directory: C:\WINDOWS
23:05:47.0484 3920  System windows directory: C:\WINDOWS
23:05:47.0484 3920  Processor architecture: Intel x86
23:05:47.0484 3920  Number of processors: 2
23:05:47.0484 3920  Page size: 0x1000
23:05:47.0484 3920  Boot type: Normal boot
23:05:47.0484 3920  ============================================================
23:05:50.0328 3920  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:05:50.0328 3920  ============================================================
23:05:50.0328 3920  \Device\Harddisk0\DR0:
23:05:50.0328 3920  MBR partitions:
23:05:50.0328 3920  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0xD3D3382
23:05:50.0359 3920  ============================================================
23:05:50.0421 3920  C: <-> \Device\Harddisk0\DR0\Partition1
23:05:50.0437 3920  ============================================================
23:05:50.0437 3920  Initialize success
23:05:50.0437 3920  ============================================================
23:06:38.0046 2928  ============================================================
23:06:38.0046 2928  Scan started
23:06:38.0046 2928  Mode: Manual; TDLFS;
23:06:38.0046 2928  ============================================================
23:06:38.0343 2928  ================ Scan system memory ========================
23:06:38.0359 2928  System memory - ok
23:06:38.0359 2928  ================ Scan services =============================
23:06:38.0515 2928  [ C07D5197410AAB28D0D93F943F59656D ] 6to4            C:\WINDOWS\System32\6to4svc.dll
23:06:38.0515 2928  6to4 - ok
23:06:38.0562 2928  Abiosdsk - ok
23:06:38.0593 2928  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:06:38.0593 2928  abp480n5 - ok
23:06:38.0656 2928  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:06:38.0656 2928  ACPI - ok
23:06:38.0687 2928  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
23:06:38.0687 2928  ACPIEC - ok
23:06:38.0796 2928  [ 63AB43534CBF5D7F3EB81DFDC8161490 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
23:06:38.0796 2928  AdobeActiveFileMonitor5.0 - ok
23:06:38.0906 2928  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:06:38.0921 2928  AdobeFlashPlayerUpdateSvc - ok
23:06:38.0968 2928  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:06:38.0968 2928  adpu160m - ok
23:06:39.0031 2928  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:06:39.0031 2928  aec - ok
23:06:39.0093 2928  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:06:39.0093 2928  AFD - ok
23:06:39.0140 2928  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
23:06:39.0156 2928  agp440 - ok
23:06:39.0156 2928  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:06:39.0171 2928  agpCPQ - ok
23:06:39.0187 2928  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:06:39.0187 2928  Aha154x - ok
23:06:39.0218 2928  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:06:39.0218 2928  aic78u2 - ok
23:06:39.0234 2928  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:06:39.0234 2928  aic78xx - ok
23:06:39.0281 2928  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:06:39.0281 2928  Alerter - ok
23:06:39.0328 2928  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
23:06:39.0328 2928  ALG - ok
23:06:39.0375 2928  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
23:06:39.0375 2928  AliIde - ok
23:06:39.0390 2928  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:06:39.0390 2928  alim1541 - ok
23:06:39.0406 2928  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:06:39.0406 2928  amdagp - ok
23:06:39.0421 2928  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
23:06:39.0421 2928  amsint - ok
23:06:39.0484 2928  [ EC94E05B76D033B74394E7B2175103CF ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
23:06:39.0484 2928  APPDRV - ok
23:06:39.0578 2928  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:06:39.0578 2928  Apple Mobile Device - ok
23:06:39.0593 2928  AppMgmt - ok
23:06:39.0625 2928  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:06:39.0625 2928  Arp1394 - ok
23:06:39.0656 2928  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
23:06:39.0671 2928  asc - ok
23:06:39.0703 2928  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:06:39.0703 2928  asc3350p - ok
23:06:39.0750 2928  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:06:39.0750 2928  asc3550 - ok
23:06:39.0875 2928  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:06:39.0921 2928  aspnet_state - ok
23:06:39.0953 2928  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:06:39.0953 2928  AsyncMac - ok
23:06:40.0000 2928  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:06:40.0000 2928  atapi - ok
23:06:40.0015 2928  Atdisk - ok
23:06:40.0046 2928  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:06:40.0046 2928  Atmarpc - ok
23:06:40.0093 2928  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:06:40.0109 2928  AudioSrv - ok
23:06:40.0156 2928  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:06:40.0156 2928  audstub - ok
23:06:40.0218 2928  [ E9EA635B8432D68F0005B3F6CEBAB837 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:06:40.0250 2928  BCM43XX - ok
23:06:40.0265 2928  [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:06:40.0265 2928  bcm4sbxp - ok
23:06:40.0312 2928  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:06:40.0312 2928  Beep - ok
23:06:40.0390 2928  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
23:06:40.0531 2928  BITS - ok
23:06:40.0656 2928  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:06:40.0671 2928  Bonjour Service - ok
23:06:40.0750 2928  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
23:06:40.0750 2928  Browser - ok
23:06:40.0859 2928  catchme - ok
23:06:40.0906 2928  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:06:40.0906 2928  cbidf - ok
23:06:40.0921 2928  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:06:40.0921 2928  cbidf2k - ok
23:06:40.0984 2928  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:06:40.0984 2928  CCDECODE - ok
23:06:41.0015 2928  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:06:41.0015 2928  cd20xrnt - ok
23:06:41.0046 2928  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:06:41.0046 2928  Cdaudio - ok
23:06:41.0062 2928  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:06:41.0062 2928  Cdfs - ok
23:06:41.0093 2928  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:06:41.0093 2928  Cdrom - ok
23:06:41.0093 2928  Changer - ok
23:06:41.0156 2928  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
23:06:41.0156 2928  CiSvc - ok
23:06:41.0187 2928  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:06:41.0187 2928  ClipSrv - ok
23:06:41.0296 2928  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:06:41.0531 2928  clr_optimization_v2.0.50727_32 - ok
23:06:41.0578 2928  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:06:41.0656 2928  clr_optimization_v4.0.30319_32 - ok
23:06:41.0703 2928  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:06:41.0703 2928  CmBatt - ok
23:06:41.0750 2928  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:06:41.0750 2928  CmdIde - ok
23:06:41.0781 2928  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:06:41.0781 2928  Compbatt - ok
23:06:41.0796 2928  COMSysApp - ok
23:06:41.0843 2928  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:06:41.0859 2928  Cpqarray - ok
23:06:41.0906 2928  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:06:41.0921 2928  CryptSvc - ok
23:06:41.0953 2928  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:06:41.0968 2928  dac2w2k - ok
23:06:42.0000 2928  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:06:42.0000 2928  dac960nt - ok
23:06:42.0140 2928  [ 22FABDC07B4DE09773A92D49201C9F94 ] dbustrcm        C:\DOCUME~1\CRANEG~1\LOCALS~1\Temp\dbustrcm.sys
23:06:42.0375 2928  dbustrcm - ok
23:06:42.0437 2928  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:06:42.0468 2928  DcomLaunch - ok
23:06:42.0515 2928  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:06:42.0515 2928  Dhcp - ok
23:06:42.0546 2928  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:06:42.0546 2928  Disk - ok
23:06:42.0546 2928  dmadmin - ok
23:06:42.0593 2928  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:06:42.0593 2928  dmboot - ok
23:06:42.0609 2928  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:06:42.0625 2928  dmio - ok
23:06:42.0656 2928  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:06:42.0656 2928  dmload - ok
23:06:42.0703 2928  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:06:42.0703 2928  dmserver - ok
23:06:42.0734 2928  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:06:42.0734 2928  DMusic - ok
23:06:42.0796 2928  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:06:42.0796 2928  Dnscache - ok
23:06:42.0843 2928  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:06:42.0843 2928  Dot3svc - ok
23:06:42.0859 2928  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:06:42.0859 2928  dpti2o - ok
23:06:42.0890 2928  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:06:42.0890 2928  drmkaud - ok
23:06:42.0937 2928  [ 0C8762B91B967A91373E0E022B62ACFC ] DXEC02          C:\WINDOWS\system32\drivers\dxec02.sys
23:06:42.0937 2928  DXEC02 - ok
23:06:42.0968 2928  [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:06:42.0984 2928  E100B - ok
23:06:43.0000 2928  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:06:43.0000 2928  EapHost - ok
23:06:43.0015 2928  EraserUtilRebootDrv - ok
23:06:43.0046 2928  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:06:43.0046 2928  ERSvc - ok
23:06:43.0109 2928  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
23:06:43.0125 2928  Eventlog - ok
23:06:43.0218 2928  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
23:06:43.0234 2928  EventSystem - ok
23:06:43.0281 2928  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:06:43.0296 2928  Fastfat - ok
23:06:43.0343 2928  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:06:43.0359 2928  FastUserSwitchingCompatibility - ok
23:06:43.0421 2928  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
23:06:43.0437 2928  Fax - ok
23:06:43.0453 2928  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
23:06:43.0453 2928  Fdc - ok
23:06:43.0484 2928  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:06:43.0484 2928  Fips - ok
23:06:43.0515 2928  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:06:43.0515 2928  Flpydisk - ok
23:06:43.0578 2928  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
23:06:43.0578 2928  FltMgr - ok
23:06:43.0671 2928  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:06:43.0671 2928  FontCache3.0.0.0 - ok
23:06:43.0703 2928  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:06:43.0703 2928  Fs_Rec - ok
23:06:43.0734 2928  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:06:43.0750 2928  Ftdisk - ok
23:06:43.0781 2928  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:06:43.0796 2928  GEARAspiWDM - ok
23:06:43.0843 2928  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:06:43.0843 2928  Gpc - ok
23:06:43.0875 2928  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:06:43.0875 2928  HDAudBus - ok
23:06:43.0984 2928  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:06:43.0984 2928  helpsvc - ok
23:06:43.0984 2928  HidServ - ok
23:06:44.0015 2928  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:06:44.0015 2928  HidUsb - ok
23:06:44.0078 2928  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
23:06:44.0078 2928  hkmsvc - ok
23:06:44.0109 2928  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
23:06:44.0109 2928  hpn - ok
23:06:44.0171 2928  [ 290CDBB05903742EA06B7203C5A662F5 ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:06:44.0171 2928  HSFHWAZL - ok
23:06:44.0234 2928  [ 7AB812355F98858B9ECDD46E6FCC221F ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:06:44.0250 2928  HSF_DPV - ok
23:06:44.0328 2928  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:06:44.0328 2928  HTTP - ok
23:06:44.0359 2928  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:06:44.0390 2928  HTTPFilter - ok
23:06:44.0421 2928  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
23:06:44.0437 2928  i2omgmt - ok
23:06:44.0453 2928  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:06:44.0453 2928  i2omp - ok
23:06:44.0484 2928  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:06:44.0484 2928  i8042prt - ok
23:06:44.0515 2928  [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
23:06:44.0515 2928  iaStor - ok
23:06:44.0656 2928  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:06:44.0656 2928  IDriverT - ok
23:06:44.0765 2928  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:06:44.0796 2928  idsvc - ok
23:06:44.0796 2928  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:06:44.0812 2928  Imapi - ok
23:06:44.0859 2928  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
23:06:44.0859 2928  ImapiService - ok
23:06:44.0890 2928  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:06:44.0890 2928  ini910u - ok
23:06:44.0937 2928  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
23:06:44.0937 2928  IntelIde - ok
23:06:45.0000 2928  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:06:45.0000 2928  intelppm - ok
23:06:45.0015 2928  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
23:06:45.0015 2928  Ip6Fw - ok
23:06:45.0078 2928  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:06:45.0078 2928  IpFilterDriver - ok
23:06:45.0109 2928  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:06:45.0109 2928  IpInIp - ok
23:06:45.0140 2928  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:06:45.0140 2928  IpNat - ok
23:06:45.0218 2928  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:06:45.0218 2928  iPod Service - ok
23:06:45.0250 2928  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:06:45.0250 2928  IPSec - ok
23:06:45.0296 2928  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:06:45.0312 2928  IRENUM - ok
23:06:45.0343 2928  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:06:45.0343 2928  isapnp - ok
23:06:45.0484 2928  [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:06:45.0484 2928  JavaQuickStarterService - ok
23:06:45.0500 2928  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:06:45.0515 2928  Kbdclass - ok
23:06:45.0531 2928  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:06:45.0531 2928  kmixer - ok
23:06:45.0578 2928  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:06:45.0578 2928  KSecDD - ok
23:06:45.0625 2928  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
23:06:45.0625 2928  lanmanserver - ok
23:06:45.0703 2928  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:06:45.0703 2928  lanmanworkstation - ok
23:06:45.0718 2928  lbrtfdc - ok
23:06:45.0796 2928  [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
23:06:45.0812 2928  LBTServ - ok
23:06:45.0859 2928  [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
23:06:45.0859 2928  LHidFilt - ok
23:06:45.0921 2928  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:06:45.0921 2928  LmHosts - ok
23:06:45.0937 2928  [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
23:06:45.0937 2928  LMouFilt - ok
23:06:45.0953 2928  [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt        C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
23:06:45.0953 2928  LUsbFilt - ok
23:06:46.0015 2928  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
23:06:46.0015 2928  MBAMProtector - ok
23:06:46.0109 2928  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:06:46.0109 2928  MBAMScheduler - ok
23:06:46.0171 2928  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:06:46.0187 2928  MBAMService - ok
23:06:46.0203 2928  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:06:46.0203 2928  mdmxsdk - ok
23:06:46.0250 2928  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:06:46.0250 2928  Messenger - ok
23:06:46.0281 2928  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
23:06:46.0296 2928  mnmdd - ok
23:06:46.0343 2928  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
23:06:46.0343 2928  mnmsrvc - ok
23:06:46.0390 2928  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:06:46.0390 2928  Modem - ok
23:06:46.0453 2928  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:06:46.0453 2928  Mouclass - ok
23:06:46.0500 2928  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:06:46.0500 2928  mouhid - ok
23:06:46.0531 2928  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:06:46.0531 2928  MountMgr - ok
23:06:46.0593 2928  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:06:46.0609 2928  MozillaMaintenance - ok
23:06:46.0625 2928  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:06:46.0640 2928  MpFilter - ok
23:06:46.0671 2928  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:06:46.0671 2928  mraid35x - ok
23:06:46.0703 2928  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:06:46.0718 2928  MRxDAV - ok
23:06:46.0796 2928  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:06:46.0812 2928  MRxSmb - ok
23:06:46.0843 2928  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
23:06:46.0859 2928  MSDTC - ok
23:06:46.0875 2928  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:06:46.0875 2928  Msfs - ok
23:06:46.0890 2928  MSIServer - ok
23:06:46.0921 2928  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:06:46.0937 2928  MSKSSRV - ok
23:06:47.0000 2928  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:06:47.0015 2928  MsMpSvc - ok
23:06:47.0046 2928  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:06:47.0046 2928  MSPCLOCK - ok
23:06:47.0078 2928  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:06:47.0078 2928  MSPQM - ok
23:06:47.0125 2928  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:06:47.0125 2928  mssmbios - ok
23:06:47.0156 2928  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
23:06:47.0156 2928  MSTEE - ok
23:06:47.0203 2928  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:06:47.0203 2928  Mup - ok
23:06:47.0250 2928  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:06:47.0250 2928  NABTSFEC - ok
23:06:47.0296 2928  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
23:06:47.0296 2928  napagent - ok
23:06:47.0343 2928  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:06:47.0359 2928  NDIS - ok
23:06:47.0390 2928  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:06:47.0390 2928  NdisIP - ok
23:06:47.0421 2928  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:06:47.0421 2928  NdisTapi - ok
23:06:47.0453 2928  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:06:47.0453 2928  Ndisuio - ok
23:06:47.0484 2928  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:06:47.0500 2928  NdisWan - ok
23:06:47.0531 2928  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:06:47.0531 2928  NDProxy - ok
23:06:47.0562 2928  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:06:47.0562 2928  NetBIOS - ok
23:06:47.0578 2928  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:06:47.0593 2928  NetBT - ok
23:06:47.0640 2928  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:06:47.0640 2928  NetDDE - ok
23:06:47.0656 2928  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:06:47.0656 2928  NetDDEdsdm - ok
23:06:47.0703 2928  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:06:47.0703 2928  Netlogon - ok
23:06:47.0765 2928  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
23:06:47.0781 2928  Netman - ok
23:06:47.0843 2928  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:06:47.0890 2928  NetTcpPortSharing - ok
23:06:47.0937 2928  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:06:47.0937 2928  NIC1394 - ok
23:06:48.0015 2928  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:06:48.0015 2928  Nla - ok
23:06:48.0046 2928  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:06:48.0046 2928  Npfs - ok
23:06:48.0078 2928  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:06:48.0109 2928  Ntfs - ok
23:06:48.0156 2928  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
23:06:48.0156 2928  NtLmSsp - ok
23:06:48.0265 2928  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:06:48.0281 2928  NtmsSvc - ok
23:06:48.0312 2928  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:06:48.0328 2928  Null - ok
23:06:48.0656 2928  [ E531EAA795A273FC70C9DE3F195069C8 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:06:48.0906 2928  nv - ok
23:06:48.0968 2928  [ 0AC27B53A34DC9E76F61DA7A74F546C6 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
23:06:48.0968 2928  NVSvc - ok
23:06:49.0000 2928  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:06:49.0000 2928  NwlnkFlt - ok
23:06:49.0062 2928  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:06:49.0062 2928  NwlnkFwd - ok
23:06:49.0125 2928  [ 9D20FA5D8875F6063AA5E1C44446F698 ] OEM02Dev        C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys
23:06:49.0140 2928  OEM02Dev - ok
23:06:49.0140 2928  [ 86326062A90494BDD79CE383511D7D69 ] OEM02Vfx        C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys
23:06:49.0140 2928  OEM02Vfx - ok
23:06:49.0203 2928  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:06:49.0203 2928  ohci1394 - ok
23:06:49.0234 2928  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:06:49.0234 2928  Parport - ok
23:06:49.0265 2928  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:06:49.0265 2928  PartMgr - ok
23:06:49.0296 2928  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:06:49.0296 2928  ParVdm - ok
23:06:49.0296 2928  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:06:49.0312 2928  PCI - ok
23:06:49.0312 2928  PCIDump - ok
23:06:49.0328 2928  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
23:06:49.0328 2928  PCIIde - ok
23:06:49.0359 2928  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
23:06:49.0375 2928  Pcmcia - ok
23:06:49.0375 2928  PDCOMP - ok
23:06:49.0390 2928  PDFRAME - ok
23:06:49.0406 2928  PDRELI - ok
23:06:49.0421 2928  PDRFRAME - ok
23:06:49.0453 2928  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
23:06:49.0453 2928  perc2 - ok
23:06:49.0484 2928  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:06:49.0484 2928  perc2hib - ok
23:06:49.0546 2928  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
23:06:49.0546 2928  PlugPlay - ok
23:06:49.0562 2928  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
23:06:49.0562 2928  PolicyAgent - ok
23:06:49.0593 2928  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:06:49.0593 2928  PptpMiniport - ok
23:06:49.0593 2928  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:06:49.0609 2928  ProtectedStorage - ok
23:06:49.0609 2928  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:06:49.0625 2928  PSched - ok
23:06:49.0625 2928  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:06:49.0640 2928  Ptilink - ok
23:06:49.0703 2928  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:06:49.0703 2928  PxHelp20 - ok
23:06:49.0812 2928  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:06:49.0812 2928  ql1080 - ok
23:06:49.0843 2928  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:06:49.0843 2928  Ql10wnt - ok
23:06:49.0859 2928  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:06:49.0859 2928  ql12160 - ok
23:06:49.0906 2928  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:06:49.0906 2928  ql1240 - ok
23:06:49.0937 2928  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:06:49.0937 2928  ql1280 - ok
23:06:49.0968 2928  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:06:49.0968 2928  RasAcd - ok
23:06:50.0015 2928  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:06:50.0015 2928  RasAuto - ok
23:06:50.0062 2928  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:06:50.0062 2928  Rasl2tp - ok
23:06:50.0125 2928  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:06:50.0140 2928  RasMan - ok
23:06:50.0156 2928  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:06:50.0156 2928  RasPppoe - ok
23:06:50.0171 2928  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:06:50.0171 2928  Raspti - ok
23:06:50.0187 2928  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:06:50.0203 2928  Rdbss - ok
23:06:50.0203 2928  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:06:50.0218 2928  RDPCDD - ok
23:06:50.0265 2928  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:06:50.0265 2928  rdpdr - ok
23:06:50.0312 2928  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:06:50.0328 2928  RDPWD - ok
23:06:50.0359 2928  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:06:50.0375 2928  RDSessMgr - ok
23:06:50.0421 2928  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:06:50.0421 2928  redbook - ok
23:06:50.0484 2928  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:06:50.0484 2928  RemoteAccess - ok
23:06:50.0515 2928  [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
23:06:50.0515 2928  rimmptsk - ok
23:06:50.0531 2928  [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
23:06:50.0531 2928  rimsptsk - ok
23:06:50.0546 2928  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp         C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
23:06:50.0546 2928  rismxdp - ok
23:06:50.0578 2928  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
23:06:50.0578 2928  RpcLocator - ok
23:06:50.0625 2928  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
23:06:50.0640 2928  RpcSs - ok
23:06:50.0687 2928  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
23:06:50.0703 2928  RSVP - ok
23:06:50.0734 2928  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:06:50.0734 2928  SamSs - ok
23:06:50.0781 2928  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:06:50.0781 2928  SCardSvr - ok
23:06:50.0843 2928  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:06:50.0843 2928  Schedule - ok
23:06:50.0875 2928  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:06:50.0890 2928  sdbus - ok
23:06:50.0921 2928  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:06:50.0921 2928  Secdrv - ok
23:06:50.0953 2928  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:06:50.0953 2928  seclogon - ok
23:06:51.0015 2928  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
23:06:51.0015 2928  SENS - ok
23:06:51.0046 2928  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:06:51.0046 2928  serenum - ok
23:06:51.0093 2928  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:06:51.0093 2928  Serial - ok
23:06:51.0140 2928  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
23:06:51.0140 2928  Sfloppy - ok
23:06:51.0203 2928  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:06:51.0218 2928  SharedAccess - ok
23:06:51.0234 2928  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:06:51.0250 2928  ShellHWDetection - ok
23:06:51.0250 2928  Simbad - ok
23:06:51.0312 2928  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:06:51.0312 2928  sisagp - ok
23:06:51.0375 2928  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:06:51.0375 2928  SLIP - ok
23:06:51.0421 2928  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:06:51.0421 2928  Sparrow - ok
23:06:51.0453 2928  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:06:51.0453 2928  splitter - ok
23:06:51.0515 2928  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:06:51.0515 2928  Spooler - ok
23:06:51.0531 2928  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:06:51.0546 2928  sr - ok
23:06:51.0609 2928  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
23:06:51.0625 2928  srservice - ok
23:06:51.0687 2928  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:06:51.0687 2928  Srv - ok
23:06:51.0718 2928  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:06:51.0734 2928  SSDPSRV - ok
23:06:51.0843 2928  [ 58F855684E163466A5C565ADF0865536 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
23:06:51.0859 2928  STHDA - ok
23:06:51.0906 2928  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:06:51.0906 2928  stisvc - ok
23:06:51.0937 2928  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:06:51.0953 2928  streamip - ok
23:06:51.0984 2928  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:06:51.0984 2928  swenum - ok
23:06:52.0000 2928  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:06:52.0015 2928  swmidi - ok
23:06:52.0015 2928  SwPrv - ok
23:06:52.0062 2928  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
23:06:52.0062 2928  symc810 - ok
23:06:52.0093 2928  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:06:52.0093 2928  symc8xx - ok
23:06:52.0109 2928  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:06:52.0125 2928  sym_hi - ok
23:06:52.0140 2928  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:06:52.0140 2928  sym_u3 - ok
23:06:52.0203 2928  [ 936CD58395D36659BB798B961EF7357F ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:06:52.0218 2928  SynTP - ok
23:06:52.0234 2928  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:06:52.0234 2928  sysaudio - ok
23:06:52.0281 2928  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:06:52.0281 2928  SysmonLog - ok
23:06:52.0328 2928  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:06:52.0343 2928  TapiSrv - ok
23:06:52.0406 2928  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:06:52.0421 2928  Tcpip - ok
23:06:52.0421 2928  [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6          C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:06:52.0437 2928  Tcpip6 - ok
23:06:52.0468 2928  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:06:52.0468 2928  TDPIPE - ok
23:06:52.0484 2928  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:06:52.0484 2928  TDTCP - ok
23:06:52.0531 2928  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:06:52.0531 2928  TermDD - ok
23:06:52.0562 2928  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
23:06:52.0562 2928  TermService - ok
23:06:52.0593 2928  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:06:52.0593 2928  Themes - ok
23:06:52.0625 2928  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
23:06:52.0625 2928  TosIde - ok
23:06:52.0703 2928  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:06:52.0718 2928  TrkWks - ok
23:06:52.0781 2928  [ 8F861EDA21C05857EB8197300A92501C ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:06:52.0781 2928  tunmp - ok
23:06:52.0828 2928  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:06:52.0828 2928  Udfs - ok
23:06:52.0859 2928  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
23:06:52.0875 2928  ultra - ok
23:06:52.0921 2928  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:06:52.0937 2928  Update - ok
23:06:52.0968 2928  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:06:52.0968 2928  upnphost - ok
23:06:53.0031 2928  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
23:06:53.0031 2928  UPS - ok
23:06:53.0093 2928  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
23:06:53.0203 2928  USBAAPL - ok
23:06:53.0234 2928  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:06:53.0250 2928  usbccgp - ok
23:06:53.0296 2928  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:06:53.0296 2928  usbehci - ok
23:06:53.0312 2928  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:06:53.0312 2928  usbhub - ok
23:06:53.0359 2928  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:06:53.0375 2928  usbscan - ok
23:06:53.0406 2928  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:06:53.0406 2928  USBSTOR - ok
23:06:53.0421 2928  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:06:53.0437 2928  usbuhci - ok
23:06:53.0453 2928  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
23:06:53.0468 2928  usbvideo - ok
23:06:53.0484 2928  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:06:53.0484 2928  VgaSave - ok
23:06:53.0531 2928  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:06:53.0531 2928  viaagp - ok
23:06:53.0562 2928  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
23:06:53.0562 2928  ViaIde - ok
23:06:53.0609 2928  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:06:53.0625 2928  VolSnap - ok
23:06:53.0671 2928  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
23:06:53.0687 2928  VSS - ok
23:06:53.0718 2928  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
23:06:53.0734 2928  w32time - ok
23:06:53.0781 2928  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:06:53.0796 2928  Wanarp - ok
23:06:53.0875 2928  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:06:53.0875 2928  Wdf01000 - ok
23:06:53.0890 2928  WDICA - ok
23:06:53.0921 2928  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:06:53.0921 2928  wdmaud - ok
23:06:53.0953 2928  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:06:53.0953 2928  WebClient - ok
23:06:54.0031 2928  [ A8596CF86D445269A42ECC08B7066A4C ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:06:54.0062 2928  winachsf - ok
23:06:54.0187 2928  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:06:54.0203 2928  winmgmt - ok
23:06:54.0218 2928  wltrysvc - ok
23:06:54.0281 2928  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
23:06:54.0281 2928  WmdmPmSN - ok
23:06:54.0312 2928  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:06:54.0312 2928  WmiAcpi - ok
23:06:54.0343 2928  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:06:54.0359 2928  WmiApSrv - ok
23:06:54.0468 2928  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
23:06:54.0484 2928  WMPNetworkSvc - ok
23:06:54.0625 2928  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:06:54.0640 2928  WPFFontCache_v0400 - ok
23:06:54.0703 2928  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:06:54.0703 2928  WS2IFSL - ok
23:06:54.0765 2928  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:06:54.0765 2928  wscsvc - ok
23:06:54.0796 2928  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:06:54.0812 2928  WSTCODEC - ok
23:06:54.0843 2928  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:06:54.0875 2928  wuauserv - ok
23:06:54.0921 2928  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:06:54.0921 2928  WudfPf - ok
23:06:54.0968 2928  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:06:54.0968 2928  WudfRd - ok
23:06:54.0984 2928  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
23:06:55.0000 2928  WudfSvc - ok
23:06:55.0062 2928  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:06:55.0140 2928  WZCSVC - ok
23:06:55.0171 2928  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:06:55.0171 2928  xmlprov - ok
23:06:55.0203 2928  ================ Scan global ===============================
23:06:55.0250 2928  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:06:55.0312 2928  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:06:55.0421 2928  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
23:06:55.0453 2928  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:06:55.0468 2928  [Global] - ok
23:06:55.0468 2928  ================ Scan MBR ==================================
23:06:55.0500 2928  [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
23:06:55.0890 2928  \Device\Harddisk0\DR0 - ok
23:06:55.0890 2928  ================ Scan VBR ==================================
23:06:55.0890 2928  [ EED8B11E1B5663D98779B7D86DB9832F ] \Device\Harddisk0\DR0\Partition1
23:06:55.0906 2928  \Device\Harddisk0\DR0\Partition1 - ok
23:06:55.0906 2928  ============================================================
23:06:55.0906 2928  Scan finished
23:06:55.0906 2928  ============================================================
23:06:55.0921 1848  Detected object count: 0
23:06:55.0921 1848  Actual detected object count: 0
23:07:34.0234 2812  Deinitialize success
 
 
 
 
AdwCleaner
# AdwCleaner v2.303 - Logfile created 06/12/2013 at 23:09:04
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Crane Girl - KUNGFUPRINCESS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Crane Girl\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Crane Girl\Application Data\Mozilla\Firefox\Profiles\usu4c9hj.default\extensions\plugin@yontoo.com.xpi
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\fast.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Crane Girl\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Crane Girl\Application Data\Iminent
Folder Deleted : C:\Documents and Settings\Crane Girl\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Crane Girl\Application Data\registry mechanic
Folder Deleted : C:\Documents and Settings\Crane Girl\Local Settings\Application Data\Babylon-English
Folder Deleted : C:\Documents and Settings\Crane Girl\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\Babylon-English
Key Deleted : HKCU\Software\CompeteInc
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\Babylon-English
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2720081
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2563F435-C6E0-4178-A4E5-81B9A7918015}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Crane Girl\Application Data\Mozilla\Firefox\Profiles\usu4c9hj.default\prefs.js

C:\Documents and Settings\Crane Girl\Application Data\Mozilla\Firefox\Profiles\usu4c9hj.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "1");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "BestVideoDownloader");
Deleted : user_pref("extentions.y2layers.installId", "fe5827cb-a7f2-4e48-b31b-287e52bbbd4d");

*************************

AdwCleaner[S1].txt - [9320 octets] - [12/06/2013 23:09:04]

########## EOF - C:\AdwCleaner[S1].txt - [9380 octets] ##########
 
 
 
 
 
ESET
C:\Documents and Settings\Crane Girl\Local Settings\temp\7931D.tmp    multiple threats    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Crane Girl\Application Data\eseg7esg8seg7.exe.vir    a variant of MSIL/Injector.AKN trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Crane Girl\Application Data\eseg7esg8seg7.tempcodec.vir    a variant of MSIL/Injector.AKN trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Crane Girl\Application Data\ixgmrw.exe.vir    a variant of MSIL/Injector.AGK trojan    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Crane Girl\Application Data\rfsjxy.exe.vir    a variant of MSIL/Injector.AKN trojan    cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP110\A0010176.dll    a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP84\A0008980.exe    Win32/OpenCandy application    cleaned by deleting - quarantined


Edited by ShortDancer712, 13 June 2013 - 01:26 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:49 AM

Posted 13 June 2013 - 01:35 PM

Seems it is a Keylogger phoning home.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Identify Theft and Internet Fraud Post 8

 

Edited to new link above


Edited by boopme, 13 June 2013 - 08:33 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 hansV

hansV

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 14 June 2013 - 12:07 PM

Shortdancer,

 

I had the exact same problem with the same IP number. Every couple of minutes my computer tried to connect with 109.236.82.176, which was then blocked by my anti-virus program.

 

In case you haven't been able to solve the problem, try the following simple solution.

 

I did system restore and let the software choose an earlier date, but that didn't work.

The second time I choose an even earlier date and voila, problem fixed.  It has been more than an hour

now and I have not seen the Error message again. Try it and see what happens.



#6 ShortDancer712

ShortDancer712
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:49 AM

Posted 14 June 2013 - 03:03 PM

After I used ESET and quarantined/removed the infected files it found I stopped getting antimal popups.  Does this mean it might be gone, or is it likely still there and my programs are no longer catching it?



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:49 AM

Posted 14 June 2013 - 09:14 PM

I am certain ESET removed it.  But I would like you to make a nw topic so we can get a deper look to be sure there is nothing here we cannot see.

Make a new topic... Am I clean now?

Reference this topic with this link

http://www.bleepingcomputer.com/forums/t/497835/antimalwarebytes-continuously-blocking-malicious-ip/#entry3078612

 

Please follow this Preparation Guide do steps6,7 and 8 and post in a new topic.

Let me know if all went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:49 AM

Posted 15 June 2013 - 01:23 AM

Now that your log is properly posted here, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users