Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No networking. Windows Services disabled.


  • This topic is locked This topic is locked
122 replies to this topic

#1 brown_dog

brown_dog

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 24 June 2013 - 07:37 PM

This one is for, "Oh My."

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

 

 

+++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++++

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-06-2013
Ran by Owner (administrator) on 24-06-2013 17:27:00
Running from D:\
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(AOL LLC) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
(WebEx Communications, Inc.) C:\Windows\system32\atashost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Linksys LLC - A Division of Cisco Systems) C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
(Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Crawler.com) C:\Program Files\PCPowerSpeed\PCPowerTray.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(PC MightyMax, Inc.) C:\Users\Owner\AppData\Local\PC MightyMax File Extension Repair\OpenWithMonitor.pcmmexe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
() C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [505720 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [cfFncEnabler.exe] cfFncEnabler.exe [x]
HKLM\...\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide [1242424 2008-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-08-21] (Google)
HKLM\...\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized [131072 2008-05-01] (Linksys LLC - A Division of Cisco Systems)
HKLM\...\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [648504 2008-04-09] (Pure Networks, Inc.)
HKLM\...\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [26112 2009-03-15] (RealNetworks, Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [PCPowerSpeed] "C:\Program Files\PCPowerSpeed\PCPowerTray.exe" /startup [385664 2011-09-27] (Crawler.com)
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [116752 2011-02-10] (Trend Micro Inc.)
HKLM\...\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey [2249352 2013-06-05] (Microsoft Corp.)
HKCU\...\Run: [TOSCDSPD] TOSCDSPD.EXE [x]
HKCU\...\Run: [chromium] C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window [825808 2013-06-14] (Google Inc.)
HKCU\...\Run: [File Extension Repair] "C:\Users\Owner\AppData\Local\PC MightyMax File Extension Repair\OpenWithMonitor.pcmmexe" [x]
MountPoints2: {d9a4be35-9b59-11e1-a2bd-00038a000015} - F:\setup.exe -a
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80114&lng=en
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
HKLM SearchScopes: DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
HKCU SearchScopes: DefaultScope {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80114&lng=en
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=m2eSSKhY0mADkJrlpv0_KtGsbfs?q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80114&lng=en
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL (Omega Partners Ltd)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
BHO: No Name - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~1\REBATE~1\RebateI.dll (Inbox.com, Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU -AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
Toolbar: HKCU -&Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Handler: msdaipp - No CLSID Value -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~1\REBATE~1\RebateI.dll (Inbox.com, Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
Winsock: Catalog5 06  File Not found ()
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-21] (Google)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [648504 2008-04-09] (Pure Networks, Inc.)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
U2 Bonjour Service;
S2 LinksysUpdater; "C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 ATWPKT2; C:\Windows\system32\drivers\ATWPKT2.SYS [24960 2007-10-11] (America Online)
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24888 2008-04-09] (Pure Networks, Inc.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26424 2008-04-09] (Pure Networks, Inc.)
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation)
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
U3 fssfltr; system32\DRIVERS\fssfltr.sys
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-24 17:26 - 2013-06-24 17:26 - 00000000 ____D C:\FRST
2013-06-23 18:08 - 2013-06-23 18:08 - 00000877 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-23 18:08 - 2013-06-23 18:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-06-23 18:08 - 2013-06-23 18:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-23 18:07 - 2013-06-23 18:08 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-23 18:07 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-23 11:52 - 2013-06-23 18:07 - 00000795 ____A C:\Windows\setupact.log
2013-06-23 11:52 - 2013-06-23 11:52 - 00000000 ____A C:\Windows\setuperr.log
2013-06-22 17:32 - 2013-06-24 07:50 - 00000382 ____A C:\TMachInfo.log
2013-06-12 03:07 - 2013-05-16 16:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 03:07 - 2013-05-16 15:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 03:07 - 2013-05-16 15:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 03:07 - 2013-05-16 15:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 03:07 - 2013-05-16 15:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 03:07 - 2013-05-16 15:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 03:07 - 2013-05-16 15:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 03:07 - 2013-05-16 15:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 03:07 - 2013-05-16 15:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 03:07 - 2013-05-16 15:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 03:07 - 2013-05-16 15:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 03:07 - 2013-05-16 15:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 03:07 - 2013-05-16 15:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 03:07 - 2013-05-16 15:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 03:07 - 2013-05-16 15:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 03:07 - 2013-05-16 15:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-11 23:37 - 2013-05-07 21:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 23:37 - 2013-05-02 15:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-11 23:37 - 2013-05-02 15:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:37 - 2013-05-01 21:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 23:37 - 2013-05-01 21:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-11 23:37 - 2013-04-23 21:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 23:37 - 2013-04-23 21:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 23:37 - 2013-04-23 21:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 23:37 - 2013-04-23 21:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 23:37 - 2013-04-23 18:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 23:37 - 2013-04-17 05:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-06-24 17:26 - 2013-06-24 17:26 - 00000000 ____D C:\FRST
2013-06-24 15:47 - 2006-11-02 05:45 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-24 15:47 - 2006-11-02 05:45 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-24 10:01 - 2011-09-29 20:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PCPowerSpeed
2013-06-24 07:55 - 2006-11-02 03:33 - 00005730 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-24 07:52 - 2009-01-11 18:15 - 01260777 ____A C:\Windows\WindowsUpdate.log
2013-06-24 07:50 - 2013-06-22 17:32 - 00000382 ____A C:\TMachInfo.log
2013-06-23 18:08 - 2013-06-23 18:08 - 00000877 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-23 18:08 - 2013-06-23 18:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-06-23 18:08 - 2013-06-23 18:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-23 18:08 - 2013-06-23 18:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-23 18:07 - 2013-06-23 11:52 - 00000795 ____A C:\Windows\setupact.log
2013-06-23 11:52 - 2013-06-23 11:52 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 11:30 - 2013-04-21 15:25 - 00000000 ____D C:\found.004
2013-06-23 11:30 - 2009-05-20 09:39 - 00000000 ____D C:\Windows\Minidump
2013-06-23 11:11 - 2009-03-11 13:37 - 00000000 ____D C:\users\Owner
2013-06-23 10:40 - 2012-12-31 21:34 - 00000000 ____D C:\Users\Owner\AppData\Roaming\licenses
2013-06-22 16:37 - 2010-02-05 18:03 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-21 22:37 - 2010-02-05 18:03 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-19 13:42 - 2011-12-02 15:13 - 00001942 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-12 03:42 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\rescache
2013-06-12 03:26 - 2006-11-02 05:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-12 03:25 - 2006-11-02 05:58 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-12 03:08 - 2009-01-11 17:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 03:03 - 2006-11-02 03:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-24 07:56

==================== End Of Log ============================

 

 

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

System error 1747 has occurred.

The authentication service is unknown.
 

 

 

+++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++++

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-06-2013
Ran by Owner at 2013-06-24 17:27:29
Running from D:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6612.1000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader 9.5.2 (Version: 9.5.2)
Amazon Links (Version: 1.0)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AppGraffiti (Version: 1.0.0.28)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.2)
Atheros Wi-Fi Protected Setup Library
Bing Bar (Version: 7.1.391.0)
Bing Desktop (Version: 1.3.167.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.2)
CD/DVD Drive Acoustic Silencer (Version: 2.02.03)
Cisco Connect (Version: 1.3.11006.1)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
D3DX10 (Version: 15.4.2368.0902)
Download Updater (AOL LLC)
DVD MovieFactory for TOSHIBA (Version: 5.51)
Google Chrome (Version: 27.0.1453.116)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.145)
Inbox Toolbar (Version: 1.0.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.4.0.80)
Java™ 6 Update 11 (Version: 6.0.110)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 6 (Version: 1.6.0.60)
Junk Mail filter update (Version: 15.4.3502.0922)
Learn2 Player (Uninstall Only)
Linksys EasyLink Advisor (Version: 3.0.8122.29)
Logitech Desktop Messenger (Version: 2.54.11)
Logitech Harmony Remote Software 7 (Version: 7.5.0.10)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 97, Professional Edition
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office XP Media Content (Version: 10.0.2619.0)
Microsoft Office XP Standard (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft UI Engine (Version: 6.3.2380.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft XML Parser (Version: 8.20.8730.4)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetZero Internet Access Installer (Version: 1.0.874)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PC Power Speed 1.0.0.24 (Version: 1.0.0.24)
Picasa 2 (Version: 2.0)
Pure Networks Platform (Version: 10.1.8116.1)
QuickBooks Financial Center (Version: 1.10.0000)
QuickTime (Version: 7.69.80.9)
RealPlayer Basic
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader (Version: )
RebateInformer (Version: 1.0.0.79)
Remote Control USB Driver (Version: 2.3.2.317)
RTC Client API v1.2 (Version: 1.2.0000)
Segoe UI (Version: 15.4.2271.0615)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
TOSHIBA Assist (Version: 2.01.08)
TOSHIBA ConfigFree (Version: 7.2.20)
TOSHIBA Desktop Links (Version: 1.7)
TOSHIBA Disc Creator (Version: 2.0.1.3)
TOSHIBA DVD PLAYER (Version: 1.31.14)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Hardware Setup (Version: 2.00.08)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.2)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA Service Station (Version: 1.1.14)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.04)
TOSHIBA Value Added Package (Version: 1.1.24)
Trend Micro Titanium (Version: 3.1.1109)
Trend Micro™ Titanium™ (Version: 3.00)
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Viewpoint Media Player
WebEx Support Manager for Internet Explorer (Version: 6.5.47)
WildTangent Games (Version: 1.0.0.62)
WildTangent Games App (Toshiba Games) (Version: 4.0.5.31)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3374)

==================== Restore Points  =========================

05-06-2013 07:00:03 Scheduled Checkpoint
06-06-2013 07:00:04 Scheduled Checkpoint
07-06-2013 07:00:07 Scheduled Checkpoint
08-06-2013 07:00:07 Scheduled Checkpoint
09-06-2013 07:00:06 Scheduled Checkpoint
10-06-2013 15:20:24 Scheduled Checkpoint
12-06-2013 10:00:32 Windows Update
13-06-2013 07:00:04 Scheduled Checkpoint
14-06-2013 18:46:18 Scheduled Checkpoint
15-06-2013 07:00:07 Scheduled Checkpoint
16-06-2013 07:00:08 Scheduled Checkpoint
18-06-2013 08:19:18 Scheduled Checkpoint
19-06-2013 16:32:51 Scheduled Checkpoint
20-06-2013 18:06:29 Scheduled Checkpoint
21-06-2013 07:46:38 Scheduled Checkpoint
22-06-2013 11:03:38 Scheduled Checkpoint
24-06-2013 14:57:28 Removed TuneUp Utilities 2013
24-06-2013 14:58:28 Removed TuneUp Utilities Language Pack (en-US)

==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {361D2AC8-F3E2-4B30-A1E0-84D6D7B1EFE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05] (Google Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {60460F69-EDDF-41DB-A8C4-992BBE6D1568} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7CD66566-68BE-46AB-8477-7EC69D562EC7} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-20] (Microsoft Corp.)
Task: {81083E0B-2588-48DB-B629-CB29A45887F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {83C9492C-06E9-4444-9F17-ABA8BB370BD9} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {A59314ED-5657-4D31-B1B4-02AF4DE3BFB1} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe No File
Task: {BF0ABC95-5EBC-4D2D-B3FD-54E9B4B60A0A} - System32\Tasks\User_Feed_Synchronization-{E845BA2D-682D-4A1F-9D99-F9074D629D5D} => C:\Windows\system32\msfeedssync.exe [2011-10-22] (Microsoft Corporation)
Task: {C1904EC6-B66D-449E-9DE1-D08D7AAEAF56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05] (Google Inc.)
Task: {E0D85D9F-DF9F-4EE8-992F-023C1D813A7A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {F281738B-C8F5-4548-9A6D-0D27F406086A} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11] (Adobe Systems Incorporated)

==================== Faulty Device Manager Devices =============

Name: TOSHIBA Firmware Linkage Driver
Description: TOSHIBA Firmware Linkage Driver
Class Guid:
Manufacturer:
Service: FwLnk
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: MATbleepA DVD-RAM UJ880AS
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Could not start eventlog service, could not read events.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 1915.26 MB
Available physical RAM: 1001.32 MB
Total Pagefile: 4075.81 MB
Available Pagefile: 3218.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.93 MB

==================== Drives ================================

Drive c: (SQ004890V03) (Fixed) (Total:140.37 GB) (Free:67.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Removable) (Total:1.86 GB) (Free:0.95 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: DA922A78)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=140 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=17)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 000E3E00)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:46 PM

Posted 24 June 2013 - 07:40 PM

Greetings Mark and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:46 PM

Posted 24 June 2013 - 07:54 PM

Hi Mark,

Please run these programs for me.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS log
  • Result log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 brown_dog

brown_dog
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 24 June 2013 - 08:04 PM

Farbar Service Scanner Version: 16-06-2013
Ran by Owner (administrator) on 24-06-2013 at 17:59:47
Running from "E:\"
Windows Vista ™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-11 23:37] - [2013-05-07 21:37] - 0905576 ____A (Microsoft Corporation) 548E198BAE21EFC21F8B5F0C1728AD27

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-11 23:37] - [2013-04-23 21:00] - 0133120 ____A (Microsoft Corporation) 3EDE4C1F9672C972479201544969ADCB

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

 

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Owner (administrator) on 24-06-2013 at 18:03:14
Running from "E:\"
Windows Vista ™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection 2 (Media disconnected)
Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Media disconnected)
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Owner-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1E-33-98-C4-87
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 00-24-D2-01-65-45
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{0441260C-897F-4DCB-82D7-345D0A7AF92A}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  NULL

Unable to initialize Windows Sockets interface, error code 11003.

Server:  UnKnown
Address:  NULL

Unable to initialize Windows Sockets interface, error code 11003.

Unable to initialize Windows Sockets interface, error code 11003.

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06  [File Not found] ()
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

System error 1747 has occurred.

The authentication service is unknown.


**** End of log ****
 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:46 PM

Posted 24 June 2013 - 08:17 PM

Greetings Mark,

Please do this for me. As necessary please download the files from a clean computer and transfer it to your infected computer.

===================================================

Services Repair

----------
  • Please download ServicesRepair and save it to your desktop.
  • Double-click ServicesRepair.exe
  • Click Continue or Run and then click Yes on any security notifications that appear
  • Click Yes to restart your computer
  • Double click on the CCSupport folder on your desktop then copy and paste the log in your reply
  • Reboot your computer once more then run Farbar Service Scanner and post the results
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Services Repair log
  • FSS log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 brown_dog

brown_dog
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 24 June 2013 - 08:41 PM

HTTP Status 404 - /library/ESET/KB

type Status report

message /library/ESET/KB

description The requested resource (/library/ESET/KB) is not available.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:46 PM

Posted 24 June 2013 - 08:43 PM

Use this link instead.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 brown_dog

brown_dog
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 24 June 2013 - 09:01 PM

Log Opened: 2013-06-24 @ 18:45:54
18:45:54 - -----------------
18:45:54 - | Begin Logging |
18:45:54 - -----------------
18:45:54 - Fix started on a WIN_VISTA X86 computer
18:45:54 - Prep in progress.  Please Wait.
18:45:55 - Prep complete
18:45:55 - Repairing Services Now.  Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
18:45:56 - Services Repair Complete.
18:45:59 - Reboot Initiated
 

 

 

 

Farbar Service Scanner Version: 16-06-2013
Ran by Owner (administrator) on 24-06-2013 at 18:59:14
Running from "E:\"
Windows Vista ™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-11 23:37] - [2013-05-07 21:37] - 0905576 ____A (Microsoft Corporation) 548E198BAE21EFC21F8B5F0C1728AD27

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-11 23:37] - [2013-04-23 21:00] - 0133120 ____A (Microsoft Corporation) 3EDE4C1F9672C972479201544969ADCB

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

 

 

No change.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:46 PM

Posted 24 June 2013 - 09:07 PM

OK Mark,

Your computer is getting reinfected upon reboot. Please do this.

===================================================

Run TDSSKiller by Kaspersky on Vista/7

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 brown_dog

brown_dog
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 24 June 2013 - 09:19 PM

TDSSKiller found nothing.

 

No Internet connection so, no update to aswMBR

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-24 19:15:22
-----------------------------
19:15:22.222    OS Version: Windows 6.0.6002 Service Pack 2
19:15:22.222    Number of processors: 1 586 0xF0D
19:15:22.222    ComputerName: OWNER-PC  UserName: Owner
19:15:22.940    Initialize success
19:15:36.137    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:15:36.137    Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
19:15:36.278    Disk 0 MBR read successfully
19:15:36.278    Disk 0 MBR scan
19:15:36.278    Disk 0 Windows VISTA default MBR code
19:15:36.324    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
19:15:36.340    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       143737 MB offset 3074048
19:15:36.371    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         7389 MB offset 297447424
19:15:36.371    Disk 0 scanning sectors +312580096
19:15:36.434    Disk 0 scanning C:\Windows\system32\drivers
19:15:44.577    Service scanning
19:16:02.439    Modules scanning
19:16:09.350    Disk 0 trace - called modules:
19:16:09.381    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:16:09.396    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8579f6a0]
19:16:09.396    3 CLASSPNP.SYS[87b188b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8439c028]
19:16:09.396    Scan finished successfully
19:18:02.247    Disk 0 MBR has been saved successfully to "E:\MBR.dat"
19:18:02.262    The log file has been saved successfully to "E:\aswMBR.txt"

 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:46 PM

Posted 24 June 2013 - 09:20 PM

Can I see the TDSSKiller log please?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 brown_dog

brown_dog
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 24 June 2013 - 09:22 PM

Sorry brother.

 

07:56:08.0162 3340  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:56:08.0177 3340  ============================================================
07:56:08.0177 3340  Current date / time: 2013/06/24 07:56:08.0177
07:56:08.0177 3340  SystemInfo:
07:56:08.0177 3340  
07:56:08.0177 3340  OS Version: 6.0.6002 ServicePack: 2.0
07:56:08.0177 3340  Product type: Workstation
07:56:08.0177 3340  ComputerName: OWNER-PC
07:56:08.0177 3340  UserName: Owner
07:56:08.0177 3340  Windows directory: C:\Windows
07:56:08.0177 3340  System windows directory: C:\Windows
07:56:08.0177 3340  Processor architecture: Intel x86
07:56:08.0177 3340  Number of processors: 1
07:56:08.0177 3340  Page size: 0x1000
07:56:08.0177 3340  Boot type: Normal boot
07:56:08.0177 3340  ============================================================
07:56:08.0552 3340  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:56:08.0552 3340  Drive \Device\Harddisk1\DR1 - Size: 0x77A00000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:56:08.0552 3340  ============================================================
07:56:08.0552 3340  \Device\Harddisk0\DR0:
07:56:08.0552 3340  MBR partitions:
07:56:08.0552 3340  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x118BC800
07:56:08.0552 3340  \Device\Harddisk1\DR1:
07:56:08.0552 3340  MBR partitions:
07:56:08.0552 3340  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3E, BlocksNum 0x3BC4AE
07:56:08.0552 3340  ============================================================
07:56:08.0598 3340  C: <-> \Device\Harddisk0\DR0\Partition1
07:56:08.0598 3340  ============================================================
07:56:08.0598 3340  Initialize success
07:56:08.0598 3340  ============================================================
07:56:19.0300 4056  ============================================================
07:56:19.0300 4056  Scan started
07:56:19.0300 4056  Mode: Manual;
07:56:19.0300 4056  ============================================================
07:56:19.0596 4056  ================ Scan system memory ========================
07:56:19.0596 4056  System memory - ok
07:56:19.0596 4056  ================ Scan services =============================
07:56:19.0815 4056  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
07:56:19.0815 4056  ACPI - ok
07:56:19.0877 4056  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:56:19.0893 4056  adp94xx - ok
07:56:19.0940 4056  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:56:19.0940 4056  adpahci - ok
07:56:19.0971 4056  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
07:56:19.0971 4056  adpu160m - ok
07:56:19.0986 4056  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:56:19.0986 4056  adpu320 - ok
07:56:20.0033 4056  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:56:20.0033 4056  AeLookupSvc - ok
07:56:20.0064 4056  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
07:56:20.0064 4056  AFD - ok
07:56:20.0096 4056  [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
07:56:20.0111 4056  AgereModemAudio - ok
07:56:20.0174 4056  [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
07:56:20.0205 4056  AgereSoftModem - ok
07:56:20.0236 4056  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:56:20.0236 4056  agp440 - ok
07:56:20.0283 4056  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
07:56:20.0283 4056  aic78xx - ok
07:56:20.0314 4056  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
07:56:20.0314 4056  ALG - ok
07:56:20.0361 4056  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:56:20.0361 4056  aliide - ok
07:56:20.0376 4056  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
07:56:20.0376 4056  amdagp - ok
07:56:20.0392 4056  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
07:56:20.0392 4056  amdide - ok
07:56:20.0454 4056  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
07:56:20.0454 4056  AmdK7 - ok
07:56:20.0470 4056  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
07:56:20.0470 4056  AmdK8 - ok
07:56:20.0626 4056  [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS         C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
07:56:20.0626 4056  AOL ACS - ok
07:56:20.0688 4056  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
07:56:20.0688 4056  Appinfo - ok
07:56:20.0751 4056  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:56:20.0751 4056  Apple Mobile Device - ok
07:56:20.0798 4056  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
07:56:20.0798 4056  arc - ok
07:56:20.0844 4056  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:56:20.0844 4056  arcsas - ok
07:56:20.0876 4056  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:56:20.0876 4056  AsyncMac - ok
07:56:20.0907 4056  [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi           C:\Windows\system32\drivers\atapi.sys
07:56:20.0907 4056  atapi - ok
07:56:20.0954 4056  [ 1941D70C83BDFF19A5F47043A5883678 ] atashost        C:\Windows\system32\atashost.exe
07:56:20.0954 4056  atashost - ok
07:56:21.0016 4056  [ 8BE56F8300E1C37B578DA23C71816B7A ] athr            C:\Windows\system32\DRIVERS\athr.sys
07:56:21.0047 4056  athr - ok
07:56:21.0078 4056  [ 6276B02B10E55CCBB2A23979AD345AA9 ] ATWPKT2         C:\Windows\system32\drivers\ATWPKT2.SYS
07:56:21.0078 4056  ATWPKT2 - ok
07:56:21.0141 4056  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:56:21.0141 4056  AudioEndpointBuilder - ok
07:56:21.0172 4056  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
07:56:21.0172 4056  Audiosrv - ok
07:56:21.0234 4056  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
07:56:21.0234 4056  BBSvc - ok
07:56:21.0266 4056  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
07:56:21.0266 4056  BBUpdate - ok
07:56:21.0312 4056  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:56:21.0312 4056  Beep - ok
07:56:21.0344 4056  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
07:56:21.0359 4056  BFE - ok
07:56:21.0406 4056  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
07:56:21.0422 4056  BITS - ok
07:56:21.0453 4056  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
07:56:21.0453 4056  blbdrive - ok
07:56:21.0515 4056  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:56:21.0515 4056  bowser - ok
07:56:21.0546 4056  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
07:56:21.0546 4056  BrFiltLo - ok
07:56:21.0578 4056  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
07:56:21.0578 4056  BrFiltUp - ok
07:56:21.0609 4056  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
07:56:21.0609 4056  Browser - ok
07:56:21.0640 4056  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
07:56:21.0640 4056  Brserid - ok
07:56:21.0671 4056  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
07:56:21.0671 4056  BrSerWdm - ok
07:56:21.0702 4056  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
07:56:21.0702 4056  BrUsbMdm - ok
07:56:21.0718 4056  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
07:56:21.0718 4056  BrUsbSer - ok
07:56:21.0749 4056  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:56:21.0749 4056  BTHMODEM - ok
07:56:21.0796 4056  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:56:21.0796 4056  cdfs - ok
07:56:21.0827 4056  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:56:21.0827 4056  cdrom - ok
07:56:21.0874 4056  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
07:56:21.0874 4056  CertPropSvc - ok
07:56:21.0905 4056  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
07:56:21.0905 4056  circlass - ok
07:56:21.0952 4056  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
07:56:21.0952 4056  CLFS - ok
07:56:22.0014 4056  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:56:22.0014 4056  clr_optimization_v2.0.50727_32 - ok
07:56:22.0077 4056  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:56:22.0077 4056  clr_optimization_v4.0.30319_32 - ok
07:56:22.0139 4056  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:56:22.0139 4056  CmBatt - ok
07:56:22.0170 4056  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:56:22.0170 4056  cmdide - ok
07:56:22.0202 4056  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
07:56:22.0202 4056  Compbatt - ok
07:56:22.0217 4056  COMSysApp - ok
07:56:22.0217 4056  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
07:56:22.0217 4056  crcdisk - ok
07:56:22.0248 4056  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
07:56:22.0248 4056  Crusoe - ok
07:56:22.0295 4056  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:56:22.0295 4056  CryptSvc - ok
07:56:22.0358 4056  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:56:22.0358 4056  DcomLaunch - ok
07:56:22.0389 4056  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:56:22.0389 4056  DfsC - ok
07:56:22.0467 4056  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
07:56:22.0529 4056  DFSR - ok
07:56:22.0560 4056  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
07:56:22.0560 4056  Dhcp - ok
07:56:22.0607 4056  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
07:56:22.0607 4056  disk - ok
07:56:22.0638 4056  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:56:22.0638 4056  Dnscache - ok
07:56:22.0685 4056  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:56:22.0685 4056  dot3svc - ok
07:56:22.0716 4056  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
07:56:22.0716 4056  DPS - ok
07:56:22.0748 4056  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:56:22.0748 4056  drmkaud - ok
07:56:22.0794 4056  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:56:22.0810 4056  DXGKrnl - ok
07:56:22.0841 4056  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
07:56:22.0841 4056  E1G60 - ok
07:56:22.0857 4056  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
07:56:22.0857 4056  EapHost - ok
07:56:22.0888 4056  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
07:56:22.0904 4056  Ecache - ok
07:56:22.0935 4056  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
07:56:22.0935 4056  elxstor - ok
07:56:22.0997 4056  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
07:56:23.0013 4056  EMDMgmt - ok
07:56:23.0044 4056  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:56:23.0044 4056  ErrDev - ok
07:56:23.0091 4056  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
07:56:23.0091 4056  EventSystem - ok
07:56:23.0138 4056  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
07:56:23.0138 4056  exfat - ok
07:56:23.0184 4056  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:56:23.0184 4056  fastfat - ok
07:56:23.0247 4056  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
07:56:23.0247 4056  fdc - ok
07:56:23.0294 4056  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
07:56:23.0294 4056  fdPHost - ok
07:56:23.0309 4056  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:56:23.0309 4056  FDResPub - ok
07:56:23.0325 4056  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:56:23.0325 4056  FileInfo - ok
07:56:23.0356 4056  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:56:23.0356 4056  Filetrace - ok
07:56:23.0372 4056  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:56:23.0372 4056  flpydisk - ok
07:56:23.0418 4056  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:56:23.0418 4056  FltMgr - ok
07:56:23.0496 4056  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
07:56:23.0496 4056  FontCache - ok
07:56:23.0543 4056  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:56:23.0543 4056  FontCache3.0.0.0 - ok
07:56:23.0793 4056  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
07:56:23.0840 4056  fsssvc - ok
07:56:23.0886 4056  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:56:23.0886 4056  Fs_Rec - ok
07:56:23.0949 4056  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:56:23.0949 4056  gagp30kx - ok
07:56:24.0027 4056  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
07:56:24.0027 4056  GamesAppService - ok
07:56:24.0074 4056  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:56:24.0074 4056  GEARAspiWDM - ok
07:56:24.0136 4056  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
07:56:24.0136 4056  GoogleDesktopManager-051210-111108 - ok
07:56:24.0198 4056  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:56:24.0214 4056  gpsvc - ok
07:56:24.0276 4056  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
07:56:24.0276 4056  gupdate - ok
07:56:24.0308 4056  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
07:56:24.0308 4056  gupdatem - ok
07:56:24.0354 4056  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:56:24.0354 4056  gusvc - ok
07:56:24.0432 4056  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:56:24.0432 4056  HdAudAddService - ok
07:56:24.0479 4056  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:56:24.0495 4056  HDAudBus - ok
07:56:24.0526 4056  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:56:24.0526 4056  HidBth - ok
07:56:24.0542 4056  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
07:56:24.0542 4056  HidIr - ok
07:56:24.0588 4056  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
07:56:24.0588 4056  hidserv - ok
07:56:24.0604 4056  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:56:24.0620 4056  HidUsb - ok
07:56:24.0635 4056  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:56:24.0635 4056  hkmsvc - ok
07:56:24.0666 4056  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
07:56:24.0666 4056  HpCISSs - ok
07:56:24.0698 4056  [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:56:24.0713 4056  HTTP - ok
07:56:24.0729 4056  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
07:56:24.0729 4056  i2omp - ok
07:56:24.0791 4056  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:56:24.0791 4056  i8042prt - ok
07:56:24.0869 4056  [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
07:56:24.0869 4056  IAANTMON - ok
07:56:24.0932 4056  [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
07:56:24.0947 4056  iaStor - ok
07:56:24.0978 4056  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
07:56:24.0978 4056  iaStorV - ok
07:56:25.0072 4056  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
07:56:25.0088 4056  IDriverT - ok
07:56:25.0150 4056  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:56:25.0197 4056  idsvc - ok
07:56:25.0290 4056  [ 6FB1858D1F0923D122B0331865695041 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
07:56:25.0368 4056  igfx - ok
07:56:25.0431 4056  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:56:25.0431 4056  iirsp - ok
07:56:25.0478 4056  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
07:56:25.0478 4056  IKEEXT - ok
07:56:25.0587 4056  [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
07:56:25.0665 4056  IntcAzAudAddService - ok
07:56:25.0712 4056  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:56:25.0712 4056  intelide - ok
07:56:25.0727 4056  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:56:25.0727 4056  intelppm - ok
07:56:25.0758 4056  IO_Memory - ok
07:56:25.0790 4056  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:56:25.0790 4056  IPBusEnum - ok
07:56:25.0805 4056  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:56:25.0805 4056  IpFilterDriver - ok
07:56:25.0836 4056  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:56:25.0852 4056  iphlpsvc - ok
07:56:25.0852 4056  IpInIp - ok
07:56:25.0899 4056  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
07:56:25.0899 4056  IPMIDRV - ok
07:56:25.0961 4056  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
07:56:25.0977 4056  IPNAT - ok
07:56:26.0024 4056  [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
07:56:26.0039 4056  iPod Service - ok
07:56:26.0070 4056  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:56:26.0070 4056  IRENUM - ok
07:56:26.0086 4056  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:56:26.0086 4056  isapnp - ok
07:56:26.0133 4056  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
07:56:26.0133 4056  iScsiPrt - ok
07:56:26.0180 4056  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
07:56:26.0180 4056  iteatapi - ok
07:56:26.0211 4056  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
07:56:26.0211 4056  iteraid - ok
07:56:26.0273 4056  [ 957135960E7533EA5C7EA0BFB34F8EFD ] jswpsapi        C:\Program Files\Jumpstart\jswpsapi.exe
07:56:26.0289 4056  jswpsapi - ok
07:56:26.0351 4056  [ 11AD410F41AF42BA12E63187E3EC141A ] jswpslwf        C:\Windows\system32\DRIVERS\jswpslwf.sys
07:56:26.0351 4056  jswpslwf - ok
07:56:26.0382 4056  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:56:26.0382 4056  kbdclass - ok
07:56:26.0414 4056  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:56:26.0414 4056  kbdhid - ok
07:56:26.0445 4056  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
07:56:26.0445 4056  KeyIso - ok
07:56:26.0460 4056  [ E8CA038F51F7761BD6E3A3B0B8014263 ] KR10I           C:\Windows\system32\drivers\kr10i.sys
07:56:26.0460 4056  KR10I - ok
07:56:26.0492 4056  [ 6A4ADB9186DD0E114E623DAF57E42B31 ] KR10N           C:\Windows\system32\drivers\kr10n.sys
07:56:26.0492 4056  KR10N - ok
07:56:26.0538 4056  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:56:26.0554 4056  KSecDD - ok
07:56:26.0601 4056  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:56:26.0616 4056  KtmRm - ok
07:56:26.0648 4056  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:56:26.0648 4056  LanmanServer - ok
07:56:26.0679 4056  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:56:26.0679 4056  LanmanWorkstation - ok
07:56:26.0757 4056  [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater  C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
07:56:26.0757 4056  LinksysUpdater - ok
07:56:26.0788 4056  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:56:26.0788 4056  lltdio - ok
07:56:26.0850 4056  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:56:26.0850 4056  lltdsvc - ok
07:56:26.0882 4056  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:56:26.0882 4056  lmhosts - ok
07:56:26.0913 4056  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:56:26.0913 4056  LSI_FC - ok
07:56:26.0944 4056  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:56:26.0944 4056  LSI_SAS - ok
07:56:26.0960 4056  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:56:26.0960 4056  LSI_SCSI - ok
07:56:26.0991 4056  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
07:56:26.0991 4056  luafv - ok
07:56:27.0069 4056  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
07:56:27.0069 4056  McComponentHostService - ok
07:56:27.0131 4056  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:56:27.0131 4056  megasas - ok
07:56:27.0162 4056  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
07:56:27.0178 4056  MegaSR - ok
07:56:27.0209 4056  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
07:56:27.0209 4056  MMCSS - ok
07:56:27.0225 4056  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
07:56:27.0225 4056  Modem - ok
07:56:27.0240 4056  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:56:27.0240 4056  monitor - ok
07:56:27.0256 4056  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:56:27.0256 4056  mouclass - ok
07:56:27.0272 4056  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:56:27.0272 4056  mouhid - ok
07:56:27.0272 4056  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
07:56:27.0287 4056  MountMgr - ok
07:56:27.0303 4056  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:56:27.0303 4056  mpio - ok
07:56:27.0334 4056  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:56:27.0334 4056  mpsdrv - ok
07:56:27.0365 4056  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:56:27.0365 4056  MpsSvc - ok
07:56:27.0412 4056  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
07:56:27.0412 4056  Mraid35x - ok
07:56:27.0474 4056  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:56:27.0474 4056  MRxDAV - ok
07:56:27.0506 4056  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:56:27.0506 4056  mrxsmb - ok
07:56:27.0552 4056  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:56:27.0552 4056  mrxsmb10 - ok
07:56:27.0568 4056  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:56:27.0568 4056  mrxsmb20 - ok
07:56:27.0615 4056  [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci          C:\Windows\system32\drivers\msahci.sys
07:56:27.0615 4056  msahci - ok
07:56:27.0630 4056  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:56:27.0630 4056  msdsm - ok
07:56:27.0646 4056  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
07:56:27.0662 4056  MSDTC - ok
07:56:27.0708 4056  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:56:27.0708 4056  Msfs - ok
07:56:27.0740 4056  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:56:27.0740 4056  msisadrv - ok
07:56:27.0771 4056  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:56:27.0771 4056  MSiSCSI - ok
07:56:27.0771 4056  msiserver - ok
07:56:27.0818 4056  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:56:27.0818 4056  MSKSSRV - ok
07:56:27.0833 4056  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:56:27.0833 4056  MSPCLOCK - ok
07:56:27.0833 4056  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:56:27.0833 4056  MSPQM - ok
07:56:27.0880 4056  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:56:27.0880 4056  MsRPC - ok
07:56:27.0911 4056  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
07:56:27.0911 4056  mssmbios - ok
07:56:27.0942 4056  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:56:27.0942 4056  MSTEE - ok
07:56:27.0974 4056  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
07:56:27.0974 4056  Mup - ok
07:56:28.0020 4056  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
07:56:28.0020 4056  napagent - ok
07:56:28.0052 4056  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:56:28.0067 4056  NativeWifiP - ok
07:56:28.0114 4056  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:56:28.0114 4056  NDIS - ok
07:56:28.0161 4056  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:56:28.0161 4056  NdisTapi - ok
07:56:28.0176 4056  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:56:28.0176 4056  Ndisuio - ok
07:56:28.0239 4056  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:56:28.0239 4056  NdisWan - ok
07:56:28.0254 4056  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:56:28.0254 4056  NDProxy - ok
07:56:28.0270 4056  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:56:28.0270 4056  NetBIOS - ok
07:56:28.0301 4056  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
07:56:28.0301 4056  netbt - ok
07:56:28.0317 4056  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
07:56:28.0317 4056  Netlogon - ok
07:56:28.0364 4056  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
07:56:28.0364 4056  Netman - ok
07:56:28.0410 4056  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
07:56:28.0410 4056  netprofm - ok
07:56:28.0457 4056  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:56:28.0457 4056  NetTcpPortSharing - ok
07:56:28.0504 4056  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:56:28.0504 4056  nfrd960 - ok
07:56:28.0535 4056  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:56:28.0551 4056  NlaSvc - ok
07:56:28.0629 4056  [ 82C5A813E8EA7E94DC1AFA24CD803B80 ] nmservice       C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
07:56:28.0676 4056  nmservice - ok
07:56:28.0707 4056  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:56:28.0707 4056  Npfs - ok
07:56:28.0738 4056  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
07:56:28.0738 4056  nsi - ok
07:56:28.0769 4056  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:56:28.0769 4056  nsiproxy - ok
07:56:28.0832 4056  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:56:28.0863 4056  Ntfs - ok
07:56:28.0878 4056  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
07:56:28.0894 4056  ntrigdigi - ok
07:56:28.0910 4056  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
07:56:28.0910 4056  Null - ok
07:56:28.0941 4056  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:56:28.0941 4056  nvraid - ok
07:56:28.0956 4056  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:56:28.0956 4056  nvstor - ok
07:56:28.0988 4056  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:56:28.0988 4056  nv_agp - ok
07:56:28.0988 4056  NwlnkFlt - ok
07:56:29.0003 4056  NwlnkFwd - ok
07:56:29.0128 4056  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:56:29.0128 4056  odserv - ok
07:56:29.0159 4056  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:56:29.0159 4056  ohci1394 - ok
07:56:29.0206 4056  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:56:29.0206 4056  ose - ok
07:56:29.0253 4056  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
07:56:29.0268 4056  p2pimsvc - ok
07:56:29.0284 4056  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:56:29.0300 4056  p2psvc - ok
07:56:29.0362 4056  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
07:56:29.0362 4056  Parport - ok
07:56:29.0409 4056  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:56:29.0409 4056  partmgr - ok
07:56:29.0424 4056  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
07:56:29.0424 4056  Parvdm - ok
07:56:29.0471 4056  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:56:29.0471 4056  PcaSvc - ok
07:56:29.0487 4056  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
07:56:29.0502 4056  pci - ok
07:56:29.0518 4056  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
07:56:29.0518 4056  pciide - ok
07:56:29.0549 4056  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:56:29.0549 4056  pcmcia - ok
07:56:29.0612 4056  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:56:29.0643 4056  PEAUTH - ok
07:56:29.0768 4056  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
07:56:29.0830 4056  pla - ok
07:56:29.0861 4056  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:56:29.0877 4056  PlugPlay - ok
07:56:29.0908 4056  [ B63A3AE87ED0AC525B3AA88B39608BFC ] pnarp           C:\Windows\system32\DRIVERS\pnarp.sys
07:56:29.0908 4056  pnarp - ok
07:56:29.0924 4056  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
07:56:29.0939 4056  PNRPAutoReg - ok
07:56:29.0955 4056  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
07:56:29.0970 4056  PNRPsvc - ok
07:56:29.0986 4056  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:56:30.0002 4056  PolicyAgent - ok
07:56:30.0048 4056  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:56:30.0048 4056  PptpMiniport - ok
07:56:30.0080 4056  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
07:56:30.0080 4056  Processor - ok
07:56:30.0111 4056  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
07:56:30.0111 4056  ProfSvc - ok
07:56:30.0126 4056  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
07:56:30.0126 4056  ProtectedStorage - ok
07:56:30.0158 4056  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
07:56:30.0158 4056  PSched - ok
07:56:30.0173 4056  [ 633CC728D6493C4263368A86928B0BFD ] purendis        C:\Windows\system32\DRIVERS\purendis.sys
07:56:30.0189 4056  purendis - ok
07:56:30.0189 4056  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
07:56:30.0189 4056  PxHelp20 - ok
07:56:30.0267 4056  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:56:30.0314 4056  ql2300 - ok
07:56:30.0329 4056  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:56:30.0345 4056  ql40xx - ok
07:56:30.0360 4056  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
07:56:30.0376 4056  QWAVE - ok
07:56:30.0376 4056  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:56:30.0376 4056  QWAVEdrv - ok
07:56:30.0392 4056  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:56:30.0392 4056  RasAcd - ok
07:56:30.0423 4056  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
07:56:30.0438 4056  RasAuto - ok
07:56:30.0454 4056  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:56:30.0454 4056  Rasl2tp - ok
07:56:30.0485 4056  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
07:56:30.0501 4056  RasMan - ok
07:56:30.0532 4056  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:56:30.0532 4056  RasPppoe - ok
07:56:30.0548 4056  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:56:30.0548 4056  RasSstp - ok
07:56:30.0594 4056  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:56:30.0594 4056  rdbss - ok
07:56:30.0610 4056  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:56:30.0610 4056  RDPCDD - ok
07:56:30.0657 4056  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
07:56:30.0657 4056  rdpdr - ok
07:56:30.0657 4056  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:56:30.0657 4056  RDPENCDD - ok
07:56:30.0735 4056  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:56:30.0735 4056  RDPWD - ok
07:56:30.0782 4056  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:56:30.0782 4056  RemoteAccess - ok
07:56:30.0813 4056  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:56:30.0813 4056  RemoteRegistry - ok
07:56:30.0844 4056  [ F17713D108ACA124A139FDE877EEF68A ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
07:56:30.0860 4056  RimUsb - ok
07:56:30.0891 4056  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
07:56:30.0891 4056  RpcLocator - ok
07:56:30.0922 4056  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
07:56:30.0922 4056  RpcSs - ok
07:56:30.0953 4056  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:56:30.0953 4056  rspndr - ok
07:56:30.0984 4056  [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
07:56:31.0000 4056  RTL8169 - ok
07:56:31.0062 4056  [ 9FF7D9CF3A5F296613588B0E8DB83AFE ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
07:56:31.0062 4056  RTSTOR - ok
07:56:31.0078 4056  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
07:56:31.0078 4056  SamSs - ok
07:56:31.0109 4056  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:56:31.0109 4056  sbp2port - ok
07:56:31.0156 4056  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:56:31.0156 4056  SCardSvr - ok
07:56:31.0203 4056  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
07:56:31.0218 4056  Schedule - ok
07:56:31.0234 4056  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:56:31.0234 4056  SCPolicySvc - ok
07:56:31.0265 4056  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:56:31.0281 4056  SDRSVC - ok
07:56:31.0296 4056  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:56:31.0296 4056  secdrv - ok
07:56:31.0312 4056  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
07:56:31.0328 4056  seclogon - ok
07:56:31.0328 4056  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
07:56:31.0343 4056  SENS - ok
07:56:31.0359 4056  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
07:56:31.0359 4056  Serenum - ok
07:56:31.0374 4056  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
07:56:31.0390 4056  Serial - ok
07:56:31.0406 4056  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:56:31.0406 4056  sermouse - ok
07:56:31.0452 4056  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:56:31.0452 4056  SessionEnv - ok
07:56:31.0499 4056  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:56:31.0499 4056  sffdisk - ok
07:56:31.0530 4056  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:56:31.0530 4056  sffp_mmc - ok
07:56:31.0546 4056  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:56:31.0546 4056  sffp_sd - ok
07:56:31.0562 4056  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
07:56:31.0562 4056  sfloppy - ok
07:56:31.0608 4056  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:56:31.0608 4056  SharedAccess - ok
07:56:31.0655 4056  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:56:31.0655 4056  ShellHWDetection - ok
07:56:31.0686 4056  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
07:56:31.0686 4056  sisagp - ok
07:56:31.0702 4056  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
07:56:31.0702 4056  SiSRaid2 - ok
07:56:31.0733 4056  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:56:31.0733 4056  SiSRaid4 - ok
07:56:31.0874 4056  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
07:56:31.0920 4056  slsvc - ok
07:56:31.0967 4056  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
07:56:31.0967 4056  SLUINotify - ok
07:56:32.0014 4056  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:56:32.0014 4056  Smb - ok
07:56:32.0061 4056  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:56:32.0061 4056  SNMPTRAP - ok
07:56:32.0108 4056  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
07:56:32.0108 4056  spldr - ok
07:56:32.0139 4056  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
07:56:32.0139 4056  Spooler - ok
07:56:32.0186 4056  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:56:32.0186 4056  srv - ok
07:56:32.0217 4056  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:56:32.0217 4056  srv2 - ok
07:56:32.0232 4056  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:56:32.0232 4056  srvnet - ok
07:56:32.0248 4056  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:56:32.0264 4056  SSDPSRV - ok
07:56:32.0295 4056  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:56:32.0295 4056  SstpSvc - ok
07:56:32.0342 4056  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
07:56:32.0342 4056  stisvc - ok
07:56:32.0373 4056  [ 3E4239B92139F7174A0DA7D53FE5E1AB ] SVRPEDRV        C:\Windows\System32\sysprep\PEDrv.sys
07:56:32.0373 4056  SVRPEDRV - ok
07:56:32.0420 4056  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
07:56:32.0420 4056  swenum - ok
07:56:32.0451 4056  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
07:56:32.0451 4056  swprv - ok
07:56:32.0498 4056  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
07:56:32.0498 4056  Symc8xx - ok
07:56:32.0529 4056  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
07:56:32.0529 4056  Sym_hi - ok
07:56:32.0560 4056  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
07:56:32.0560 4056  Sym_u3 - ok
07:56:32.0607 4056  [ 70534D1E4F9AC990536D5FB5B550B3DE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
07:56:32.0607 4056  SynTP - ok
07:56:32.0654 4056  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
07:56:32.0654 4056  SysMain - ok
07:56:32.0685 4056  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:56:32.0685 4056  TabletInputService - ok
07:56:32.0903 4056  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:56:32.0903 4056  TapiSrv - ok
07:56:32.0966 4056  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
07:56:32.0981 4056  TBS - ok
07:56:33.0059 4056  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:56:33.0090 4056  Tcpip - ok
07:56:33.0137 4056  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
07:56:33.0137 4056  Tcpip6 - ok
07:56:33.0168 4056  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:56:33.0168 4056  tcpipreg - ok
07:56:33.0215 4056  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:56:33.0215 4056  TDPIPE - ok
07:56:33.0231 4056  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:56:33.0231 4056  TDTCP - ok
07:56:33.0262 4056  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:56:33.0262 4056  tdx - ok
07:56:33.0278 4056  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
07:56:33.0278 4056  TermDD - ok
07:56:33.0309 4056  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
07:56:33.0324 4056  TermService - ok
07:56:33.0356 4056  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
07:56:33.0356 4056  Themes - ok
07:56:33.0356 4056  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
07:56:33.0371 4056  THREADORDER - ok
07:56:33.0590 4056  [ E09CAAFB2B323A6FF120CEFB96DA0A44 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
07:56:33.0590 4056  TMachInfo - ok
07:56:33.0621 4056  [ DE87A23D2DDC7378D1C7AB681E20DE47 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
07:56:33.0636 4056  tmactmon - ok
07:56:33.0683 4056  [ 5A61679B2277B9AD550E30479A69503B ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
07:56:33.0699 4056  tmtdi - ok
07:56:33.0761 4056  [ 89F74C86523F5E334628DBCE66E6D165 ] TNaviSrv        C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
07:56:33.0761 4056  TNaviSrv - ok
07:56:33.0792 4056  [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
07:56:33.0808 4056  TODDSrv - ok
07:56:33.0839 4056  [ 44DBAC611B11646683B5B066A049B8E4 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
07:56:33.0855 4056  TosCoSrv - ok
07:56:33.0870 4056  [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
07:56:33.0870 4056  TOSHIBA SMART Log Service - ok
07:56:33.0902 4056  [ 4399A9BF7D8F49991A07FD86590A1619 ] tos_sps32       C:\Windows\system32\DRIVERS\tos_sps32.sys
07:56:33.0917 4056  tos_sps32 - ok
07:56:33.0933 4056  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
07:56:33.0933 4056  TrkWks - ok
07:56:34.0089 4056  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:56:34.0089 4056  TrustedInstaller - ok
07:56:34.0136 4056  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:56:34.0136 4056  tssecsrv - ok
07:56:34.0229 4056  [ D179DD8F0C475B0FC609EE01FB3F5F50 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
07:56:34.0276 4056  TuneUp.UtilitiesSvc - ok
07:56:34.0323 4056  [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
07:56:34.0323 4056  TuneUpUtilitiesDrv - ok
07:56:34.0338 4056  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
07:56:34.0354 4056  tunmp - ok
07:56:34.0385 4056  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:56:34.0385 4056  tunnel - ok
07:56:34.0416 4056  [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
07:56:34.0416 4056  TVALZ - ok
07:56:34.0448 4056  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:56:34.0448 4056  uagp35 - ok
07:56:34.0494 4056  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:56:34.0494 4056  udfs - ok
07:56:34.0572 4056  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:56:34.0572 4056  UI0Detect - ok
07:56:34.0619 4056  [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
07:56:34.0619 4056  UleadBurningHelper - ok
07:56:34.0650 4056  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:56:34.0650 4056  uliagpkx - ok
07:56:34.0682 4056  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
07:56:34.0697 4056  uliahci - ok
07:56:34.0713 4056  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
07:56:34.0713 4056  UlSata - ok
07:56:34.0744 4056  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
07:56:34.0744 4056  ulsata2 - ok
07:56:34.0775 4056  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:56:34.0775 4056  umbus - ok
07:56:34.0806 4056  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
07:56:34.0822 4056  upnphost - ok
07:56:34.0853 4056  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
07:56:34.0853 4056  USBAAPL - ok
07:56:34.0884 4056  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
07:56:34.0884 4056  usbaudio - ok
07:56:34.0916 4056  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:56:34.0916 4056  usbccgp - ok
07:56:34.0931 4056  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:56:34.0931 4056  usbcir - ok
07:56:34.0978 4056  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
07:56:34.0978 4056  usbehci - ok
07:56:35.0009 4056  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:56:35.0009 4056  usbhub - ok
07:56:35.0040 4056  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:56:35.0040 4056  usbohci - ok
07:56:35.0056 4056  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:56:35.0056 4056  usbprint - ok
07:56:35.0103 4056  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:56:35.0103 4056  usbscan - ok
07:56:35.0134 4056  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:56:35.0134 4056  USBSTOR - ok
07:56:35.0165 4056  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
07:56:35.0165 4056  usbuhci - ok
07:56:35.0196 4056  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
07:56:35.0196 4056  usbvideo - ok
07:56:35.0243 4056  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
07:56:35.0243 4056  UxSms - ok
07:56:35.0306 4056  [ 08D6390A4150577C1FA0330B98485AB5 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
07:56:35.0306 4056  UxTuneUp - ok
07:56:35.0446 4056  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
07:56:35.0462 4056  vds - ok
07:56:35.0493 4056  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:56:35.0493 4056  vga - ok
07:56:35.0524 4056  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:56:35.0524 4056  VgaSave - ok
07:56:35.0540 4056  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
07:56:35.0540 4056  viaagp - ok
07:56:35.0571 4056  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
07:56:35.0571 4056  ViaC7 - ok
07:56:35.0586 4056  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
07:56:35.0586 4056  viaide - ok
07:56:35.0602 4056  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:56:35.0602 4056  volmgr - ok
07:56:35.0664 4056  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:56:35.0664 4056  volmgrx - ok
07:56:35.0696 4056  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:56:35.0711 4056  volsnap - ok
07:56:35.0758 4056  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:56:35.0758 4056  vsmraid - ok
07:56:35.0820 4056  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
07:56:35.0852 4056  VSS - ok
07:56:35.0898 4056  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
07:56:35.0914 4056  W32Time - ok
07:56:35.0961 4056  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:56:35.0961 4056  WacomPen - ok
07:56:35.0992 4056  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
07:56:35.0992 4056  Wanarp - ok
07:56:35.0992 4056  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:56:35.0992 4056  Wanarpv6 - ok
07:56:36.0023 4056  [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw          C:\Windows\system32\DRIVERS\wanatw4.sys
07:56:36.0023 4056  wanatw - ok
07:56:36.0070 4056  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:56:36.0070 4056  wcncsvc - ok
07:56:36.0101 4056  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:56:36.0101 4056  WcsPlugInService - ok
07:56:36.0148 4056  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
07:56:36.0148 4056  Wd - ok
07:56:36.0179 4056  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:56:36.0210 4056  Wdf01000 - ok
07:56:36.0242 4056  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:56:36.0242 4056  WdiServiceHost - ok
07:56:36.0257 4056  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:56:36.0257 4056  WdiSystemHost - ok
07:56:36.0304 4056  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
07:56:36.0320 4056  WebClient - ok
07:56:36.0351 4056  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:56:36.0351 4056  Wecsvc - ok
07:56:36.0382 4056  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:56:36.0382 4056  wercplsupport - ok
07:56:36.0429 4056  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:56:36.0429 4056  WerSvc - ok
07:56:36.0444 4056  WinHttpAutoProxySvc - ok
07:56:36.0522 4056  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:56:36.0522 4056  Winmgmt - ok
07:56:36.0632 4056  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
07:56:36.0710 4056  WinRM - ok
07:56:36.0772 4056  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:56:36.0772 4056  Wlansvc - ok
07:56:36.0912 4056  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:56:36.0944 4056  wlidsvc - ok
07:56:36.0990 4056  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
07:56:36.0990 4056  WmiAcpi - ok
07:56:37.0037 4056  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:56:37.0037 4056  wmiApSrv - ok
07:56:37.0084 4056  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
07:56:37.0115 4056  WMPNetworkSvc - ok
07:56:37.0131 4056  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:56:37.0146 4056  WPCSvc - ok
07:56:37.0162 4056  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:56:37.0162 4056  WPDBusEnum - ok
07:56:37.0193 4056  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
07:56:37.0209 4056  WpdUsb - ok
07:56:37.0287 4056  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:56:37.0302 4056  WPFFontCache_v0400 - ok
07:56:37.0334 4056  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:56:37.0349 4056  ws2ifsl - ok
07:56:37.0396 4056  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
07:56:37.0396 4056  wscsvc - ok
07:56:37.0396 4056  WSearch - ok
07:56:37.0536 4056  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
07:56:37.0630 4056  wuauserv - ok
07:56:37.0661 4056  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:56:37.0661 4056  WudfPf - ok
07:56:37.0677 4056  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:56:37.0677 4056  WUDFRd - ok
07:56:37.0692 4056  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:56:37.0692 4056  wudfsvc - ok
07:56:37.0708 4056  ================ Scan global ===============================
07:56:37.0942 4056  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
07:56:37.0989 4056  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
07:56:38.0098 4056  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
07:56:38.0145 4056  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
07:56:38.0160 4056  [Global] - ok
07:56:38.0160 4056  ================ Scan MBR ==================================
07:56:38.0207 4056  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
07:56:38.0675 4056  \Device\Harddisk0\DR0 - ok
07:56:38.0675 4056  [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk1\DR1
07:56:51.0015 4056  \Device\Harddisk1\DR1 - ok
07:56:51.0015 4056  ================ Scan VBR ==================================
07:56:51.0124 4056  [ 21453BD62692BA94BE9B117308C50865 ] \Device\Harddisk0\DR0\Partition1
07:56:51.0124 4056  \Device\Harddisk0\DR0\Partition1 - ok
07:56:51.0155 4056  [ 409FCB8AD71A7F4A752CAF94B9BD7329 ] \Device\Harddisk1\DR1\Partition1
07:56:51.0155 4056  \Device\Harddisk1\DR1\Partition1 - ok
07:56:51.0171 4056  ============================================================
07:56:51.0171 4056  Scan finished
07:56:51.0171 4056  ============================================================
07:56:51.0186 2952  Detected object count: 0
07:56:51.0186 2952  Actual detected object count: 0
 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:46 PM

Posted 24 June 2013 - 09:28 PM

Thanks for posting. We are going to run the program again with some modifications.

Please do this.

===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 brown_dog

brown_dog
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 24 June 2013 - 09:33 PM

In process.  Restarting this beast takes a long time.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:46 PM

Posted 24 June 2013 - 09:33 PM

OK thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users