Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan. . .unable to complete Anti-Rootkit scan


  • This topic is locked This topic is locked
15 replies to this topic

#1 addygard

addygard

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:59 PM

Posted 25 August 2013 - 03:49 PM

I apologize in advance, but this will be a very long and probably very confusing post because of me being almost a complete computer dummy, and not knowing the proper terminology for discussing my problem, much less what the hell I’m doing. I was on here about a year ago and several very lovely helpers, especially Elise, assisted me very knowledgably and veeeery patiently with my computer then.

 

This current issue has been going on for almost two weeks, but I haven’t been in a hurry to fix it as I have a Puppy cd that I’ve been using to get online with. Meanwhile, I perused the forum here and found a post that I thought the op’s problem might possibly be like my own and I tried to follow the instructions for all the preliminary scans, thinking to get a jump on the problem, and post those results from my own scans to start my own thread.

 

However, I kept getting hung up on the MBAM AntiRootkit scan which would scan for hours. . .yesterday being the third time to try, it still didn’t complete the scan after 8 hours and seemed stuck on one object for at least an hour. Each of the three times I tried to abort the scans, it wouldn’t let me, nor would it close when I tried to x out of it. In fact my computer was totally unresponsive to any commands to close or shut down, and I had to power down manually.  Each time I did this, I would start completely over. . .deleting the scan tools and logs, re-downloading them, and re-doing the scans. I even uninstalled MBAM and reinstalled it and each scan with that found no malicious items.

 

To go back to what started all of this. First of all, over a week ago, while browsing, I tried to open a link from Google about a health question. An Avast (I have the Paid version) red screen threat alert popped up, and while it usually blocks the page to prevent it from opening, this time the page opened although I immediately closed it. Next, I did a malware scan using MBAM (free version) Chameleon scan tool. And I have to say I have never had anything show up on my results before until this time (the result log is shown first below). After the problem scan, the new scan was clear. Then a few days later I tried to get online, but couldn’t. At least I couldn’t figure out how because my email sign-in is my homepage and when it would load, it would then immediately crash and reload, as if in a loop, until the page would display an error message that IE would not try to reload the page. That’s when I started using my Puppy cd to log into my email. However, I figured out that, once IE stopped trying to load my homepage, I could still browse online, but I didn’t try to log into my email account from there. That’s when I began to search the BC forum and found the “PUP virus” thread.

 

Unfortunately, I think things have gone from totally annoying to really seriously bad, although I will say my email homepage is not in that crash/reload loop anymore, although I have not tried to sign-in from IE.

 

Then today when I started up my computer, I noticed my Avast icon was not in the little tool tray at the bottom of my screen. I went to All Programs and tried to open it and nothing happened. I tried to open it from my desktop and got the message that it was no longer there or had been changed or something to that effect. I went to Add/Remove programs and Avast was there so I tried to uninstall it so I could reinstall it, but nothing happened as it wouldn’t respond to “uninstall.” I had manually shutdown my computer as it would not shut down any other way.

 

Also, I don’t know if this is an issue, but when I right-click on all the little icons on my desktop and the little action menu pops up, where the Avast icon is I thought it used to say scan with Avast, but now I notice it says scan with whatever program the icon represents (for example, iTunes. . .when I right-click it, the menu shows the Avast icon and says Scan iTunes.exe).

 

So from my shutdown computer, I started up in Safe Mode and tried to uninstall/reinstall Avast from there, but my screen resolution was the wrong size (I didn’t know how to change it), so I couldn’t uninstall Avast because I couldn’t get to the “uninstall” button. Again, I had to manually shut down as I couldn’t get to the Start menu to shutdown that way. I started up again, tried to install only Avast, was able to download it, but again couldn’t get to the “Install” button because of the screen resolution, so I interrupted the process by x-ing out of it. I was given an error message with a Log as it was closing, and have copied/pasted the Log below the original problem MBAM Log. . .don’t know if it was necessary, but it sounded so bad I thought it might be helpful.

 

For the umpteenth time, I restarted my computer the regular way and the Avast icon is now back in my tool tray, but I don’t know if it is fully installed. I’m afraid to uninstall/reinstall anything else because who knows how badly things have gotten with all the hard shutdowns in the middle of scans and uninstalls/installs and everything else.

 

And one more thing, I was browsing Pinterest yesterday and clicked on a link from there. A window popped up that Security Essentials detected a Trojan threat and did I want to clean it up. I don’t have Microsoft Security Essentials on my computer (at least not that I know of), so I thought it was fake and just x’d out of the window. Was I wrong to do that?

 

I don’t know where to go from here or what to do. . .please HELP! :( 

 

Thanking you in advance for your time and consideration.

 

***

 

MBAM SCAN WITH PROBLEM (dated 08.14.13):

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.14.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

:: BETSY [administrator]

8/14/2013 7:10:25 PM

mbam-log-2013-08-14 (19-10-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 354259

Time elapsed: 1 hour(s), 49 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 3

C:\Documents and Settings\All Users\Application Data\InstallMate (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22 (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

Files Detected: 12

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\1.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\3_1.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\3_2.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\3_3.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\4.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\5.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\5_1.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\5_2.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\5_3.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\5_4.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\5_5.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\InstallMate\60A03F22\cfg\5_6.ini (PUP.Optional.InstallMate.A) -> Quarantined and deleted successfully.

(end)

 

***

 

AVAST ERROR INSTALLATION (Interrupted) LOG (dated 08.25.13):

 

25.08.201312:27:07Started:

25.08.2013, 12:27:07

25.08.201312:27:07Operation set to INST_OP_UNKNOWN

25.08.201312:27:07Old version: 5d1 (1489)

25.08.201312:27:08Cmdline: /sfx /sfxstorage "C:\DOCUME~1\Mom\LOCALS~1\Temp\_av_sfx.tm~f3da526f-49d1-4172-8e8e-dbcf4765ebdf" /GetEdition:is /edition "3" /srcpath "C:\DOCUME~1\Mom\Desktop" /sfxname "avast_internet_security_setup" /spawnfordeleter

25.08.201312:27:08SYNCER: Agent=Syncer/5.00 (ais-1489;p)

25.08.201312:27:08Running SETUP_AIS-5d1 (1489)

25.08.201312:27:08Operating system: Windows XP ver 5.1, build 2600, sp 3.0 [Service Pack 3]

25.08.201312:27:08Memory: 88% load. Phys:54320/458224K free, Page:665464/1083724K free, Virt:2051072/2097024K free

25.08.201312:27:08Computer WinName: BETSY

25.08.201312:27:08Windows Net User: BETSY\Mom

25.08.201312:27:08DldSrc set to sfx

25.08.201312:27:08Old version: 5d1 (1489)

25.08.201312:27:08Deleted registry: Software\AVAST Software\Avast\UpdateReady

25.08.201312:27:08SGW32AIS::CheckIfInstalled set m_bAlreadyInstalled and m_bIsOldVersionDetected to 1

25.08.201312:27:11SYNCER: Agent=Syncer/5.00 (ais-1489;p)

25.08.201312:27:11SYNCER: Type: use IE settings

25.08.201312:27:11SYNCER: Auth: another authentication, use WinInet

25.08.201312:27:14Used server:

25.08.201312:27:14Setup GUI has been successfuly loaded from DLL.

25.08.201312:27:14Installed in: C:\Program Files\AVAST Software\Avast (84106M free)

25.08.201312:27:14SYNCER: Type: use IE settings

25.08.201312:27:14SYNCER: Auth: another authentication, use WinInet

25.08.201312:27:14Part prg_ais-5d1 is installed

25.08.201312:27:14Part vps_win32-13082500 is installed

25.08.201312:27:14Part setup_ais-5d1 is installed

25.08.201312:27:14Part jrog-a7 is installed

25.08.201312:27:14Part jrog2-879 is installed

25.08.201312:27:14Debug: Windows Server registry key not retrieved.

25.08.201312:27:14Ignoring cmdline switch: /GetEdition:is

25.08.201312:27:14Old version: 5d1 (1489)

25.08.201312:27:14Debug: Windows Server registry key not retrieved.

25.08.201312:28:05SetExistingFilesBitmap: 1305->684->675

25.08.201312:28:05GUID: de10a1b2-33f6-46ed-b065-24b5d1e67c6f

25.08.201312:28:05Set m_bAlreadyInstalled to false, behave like a new installation

25.08.201312:28:05Operation set to INST_OP_INSTALL

25.08.201312:28:05SelectCurrent: selected server 'tmp sfx storage' from 'sfx'

25.08.201312:28:05SYNCER: Type: use IE settings

25.08.201312:28:05SYNCER: Auth: another authentication, use WinInet

25.08.201312:28:05Changed Edition=3

25.08.201312:28:05Debug: Windows Server registry key not retrieved.

25.08.201312:28:05Entered SetupProcessAIS::Do( INST_OP_INSTALL )

25.08.201312:28:05Entered SetupProcessWin32Avast::Do( INST_OP_INSTALL )

25.08.201312:28:06Entered SetupProcessWin32::Do( INST_OP_INSTALL )

25.08.201312:28:06Entered SetupProcess::Do( INST_OP_INSTALL )

25.08.201312:28:06SYNCER: Agent=Syncer/5.00 (ais-1489;p)

25.08.201312:28:06SYNCER: Type: use IE settings

25.08.201312:28:06SYNCER: Auth: another authentication, use WinInet

25.08.201312:28:06Used server: C:\DOCUME~1\Mom\LOCALS~1\Temp\_av_sfx.tm~f3da526f-49d1-4172-8e8e-dbcf4765ebdf

25.08.201312:31:00SYNCER: Agent=Syncer/5.00 (ais-1489;p)

25.08.201312:31:00SYNCER: Type: use IE settings

25.08.201312:31:00SYNCER: Auth: another authentication, use WinInet

25.08.201312:31:00Used server: C:\DOCUME~1\Mom\LOCALS~1\Temp\_av_sfx.tm~f3da526f-49d1-4172-8e8e-dbcf4765ebdf

25.08.201312:31:00LoadPartInfo: jrog = jrog-a7 returned 00000000

25.08.201312:31:00LoadPartInfo: jrog2 = jrog2-7a5 returned 00000000

25.08.201312:31:00LoadPartInfo: program = prg_ais-5d1 returned 00000000

25.08.201312:31:00LoadPartInfo: setup = setup_ais-5d1 returned 00000000

25.08.201312:31:00LoadPartInfo: vps = vps_win32-13050900 returned 00000000

25.08.201312:31:00Part prg_ais-5d1 was set to be installed

25.08.201312:31:00Part vps_win32-13050900 was set to be installed

25.08.201312:31:00Part setup_ais-5d1 was set to be installed

25.08.201312:31:00Part jrog-a7 was set to be installed

25.08.201312:31:00Part jrog2-7a5 was set to be installed

25.08.201312:31:01SYNCER: Agent=Syncer/5.00 (ais-1489;p)

25.08.201312:31:01SYNCER: Type: use IE settings

25.08.201312:31:01SYNCER: Auth: another authentication, use WinInet

25.08.201312:31:01Used server: C:\DOCUME~1\Mom\LOCALS~1\Temp\_av_sfx.tm~f3da526f-49d1-4172-8e8e-dbcf4765ebdf

25.08.201312:44:31SYNCER: Agent=Syncer/5.00 (ais-1489;p)

25.08.201312:44:31SYNCER: Type: use IE settings

25.08.201312:44:31SYNCER: Auth: another authentication, use WinInet

25.08.201312:44:32Used server: C:\DOCUME~1\Mom\LOCALS~1\Temp\_av_sfx.tm~f3da526f-49d1-4172-8e8e-dbcf4765ebdf

25.08.201312:44:32SYNCER: Agent=Syncer/5.00 (ais-1489;p)

25.08.201312:44:32SYNCER: Type: use IE settings

25.08.201312:44:32SYNCER: Auth: another authentication, use WinInet

25.08.201312:44:32Used server: C:\DOCUME~1\Mom\LOCALS~1\Temp\_av_sfx.tm~f3da526f-49d1-4172-8e8e-dbcf4765ebdf

25.08.201312:44:40SYNCER: Agent=Syncer/5.00 (ais-1489;p)

25.08.201312:44:40SYNCER: Type: use IE settings

25.08.201312:44:40SYNCER: Auth: another authentication, use WinInet

25.08.201312:44:40Used server: C:\DOCUME~1\Mom\LOCALS~1\Temp\_av_sfx.tm~f3da526f-49d1-4172-8e8e-dbcf4765ebdf

25.08.201312:44:40No recommendation number found

25.08.201312:44:40Transferred: files 7, bytes 343, time 4342 ms

25.08.201312:44:40Retries: total 0, files 0, servers 1

25.08.201312:44:40Customer 102680955

25.08.201312:44:43licenseFeature = d414cf90-6a55-4ab0-86dd-f217f03eed49

25.08.201312:44:43DldSrc set to inet

25.08.201312:44:44Server definition(s) loaded for 'main': 112 (maintenance:0)

25.08.201312:44:44SelectCurrent: selected server 'Download120 AVAST5 Server' from 'main'

25.08.201312:44:44SYNCER: Type: use IE settings

25.08.201312:44:44SYNCER: Auth: another authentication, use WinInet

25.08.201312:44:44Sending stats 'http://v7.stats.avast.com/cgi-bin/iavs4stats.cgi': 00000000 204

25.08.201312:44:44NeedReboot=false

25.08.201312:44:44Return code: 0x000004C7 [The operation was canceled by the user.]

25.08.201312:44:44Stopped:

25.08.2013, 12:44:44

25.08.201312:44:45SYNCER: Agent=Syncer/5.00 (ais-1489;p)

25.08.201312:44:45SYNCER: Type: use IE settings

25.08.201312:44:45SYNCER: Auth: another authentication, use WinInet

25.08.201312:44:45Used server: http://download120.avast.com/iavs5x

 


When the power of love overcomes the love of power, the world will know peace.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:59 PM

Posted 01 September 2013 - 08:42 PM

Hello, can you do these?

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Please Download TDSSkiller
    Launch it.
    Click on change parameters-Select TDLFS file system
    Click on "Scan".
    Please post the LOG report(log file should be in your C drive)
    Do not change the default options on scan results.


    Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.



  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:59 PM

Posted 02 September 2013 - 10:37 AM

Thank you for your reply and help.  As you can probably see, I've tried to help myself by doing some scans from the MBAM forum and I hope that won't interfere with what you've asked me to do.  I didn't start a topic there as I'm not a member, but I only did it because I've been feeling a little desperate.  I messed up my live linux cd, and of course, don't know how to sort that out (I started a topic in the Linux section of this forum and hope someone can advise from there).  So I've been having to call my daughter so she can sign in on my accounts to pay bills, etc.  I've just been too paranoid to sign in to my email, etc, from my computer mainly because of what happened when my Avast disappeared and I had to go through all the problem of trying to reinstall it from safe mode, not being sure of what I was doing in the first place, getting the error message during installation, and wondering if I could have possibly installed a fake one (how would I know?).  As I said I have about as much understanding and know-how about all of this as a donkey.  Thank you again for your help and your patience.

 

Question:  Ran the TDSSKiller and still have it open at this point:  Am I supposed to "Skip" the suspicious object, or "Continue" at the bottom of the box?

 

Will finish the rest of the scans and post all when I hear back.

 

Thanks!

 

EDIT:  Forget what I said above about the scans I did from the MBAM forum.  I just this minute got back online because there was a problem in which my internet connection was lost, and I couldn't get back online at all.  So I did a system restore back to yesterday (09.01.13 @4:45PM). . .at that time, my computer was in the middle of a scan so I guess all the results and fixes from yesterday's scans from 4:45 pm forward are as if they'd never been done.  I do still need an aswer to the questions above, so that I will know how to continue.  Thank you.

 

2nd EDIT:  I truly don't know what's going on.  While I had BC open, I opened a new tab to go to one of my bookmarks.  When I closed out the new tab, I got a blue screen full of text, basically saying a problem was detected and windows had to be shut down.  It said the problem was caused by the file: win32k.sys PAGE_FAULT_IN_NONPAGED_AREA.  There was "technical information" which I wrote down if it would be helpful.  I have not tried any scans since I did the system restore a little while ago, but will as soon as I know how to proceed with TDSSKiller. Sorry for all these edits, but I wasn't sure if it would help you to know about these problems.  I go with the idea that too much info is better than too little.  Thank you.


Edited by addygard, 02 September 2013 - 01:24 PM.

When the power of love overcomes the love of power, the world will know peace.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:59 PM

Posted 02 September 2013 - 07:27 PM

Sorry for the bad instructions..
Download %5BB%5DTDSSKiller[/b] and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:59 PM

Posted 02 September 2013 - 07:46 PM

Hi and thanks for your reply. . .not bad instructions. . .hee haw!

 

Below are the results for MiniToolBox and TDSSKiller.  I started to load aswMBR, but the download screen was showing that it would take over an hour to download, and it was going really, really slow.  I wasn't sure if it should take that long, so I thought I'd let you know first before I tried to download it again.  Thank you.

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Mom (administrator) on 02-09-2013 at 19:34:08
Running from "C:\Documents and Settings\Mom\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

NVIDIA nForce MCP Networking Controller = Local Area Connection (Connected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : BETSY

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : Belkin

 

Ethernet adapter Local Area Connection:

 

        Connection-specific DNS Suffix  . : Belkin

        Description . . . . . . . . . . . : NVIDIA nForce MCP Networking Controller

        Physical Address. . . . . . . . . : 00-40-CA-86-E0-7E

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.2.6

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.2.1

        DHCP Server . . . . . . . . . . . : 192.168.2.1

        DNS Servers . . . . . . . . . . . : 192.168.2.1

        Lease Obtained. . . . . . . . . . : Monday, September 02, 2013 1:00:17 PM

        Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM

Server:  router.Belkin
Address:  192.168.2.1

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  173.194.115.33, 173.194.115.35, 173.194.115.41, 173.194.115.38
   173.194.115.34, 173.194.115.36, 173.194.115.46, 173.194.115.40, 173.194.115.39
   173.194.115.32, 173.194.115.37

 

Pinging google.com [173.194.115.37] with 32 bytes of data:

 

Reply from 173.194.115.37: bytes=32 time=18ms TTL=51

Reply from 173.194.115.37: bytes=32 time=18ms TTL=51

 

Ping statistics for 173.194.115.37:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 18ms, Maximum = 18ms, Average = 18ms

Server:  router.Belkin
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

 

Reply from 206.190.36.45: bytes=32 time=145ms TTL=44

Reply from 206.190.36.45: bytes=32 time=137ms TTL=44

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 137ms, Maximum = 145ms, Average = 141ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 ca 86 e0 7e ...... NVIDIA nForce MCP Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.6   20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      169.254.0.0      255.255.0.0      192.168.2.6     192.168.2.6   20
      192.168.2.0    255.255.255.0      192.168.2.6     192.168.2.6   20
      192.168.2.6  255.255.255.255        127.0.0.1       127.0.0.1   20
    192.168.2.255  255.255.255.255      192.168.2.6     192.168.2.6   20
        224.0.0.0        240.0.0.0      192.168.2.6     192.168.2.6   20
  255.255.255.255  255.255.255.255      192.168.2.6     192.168.2.6   1
Default Gateway:       192.168.2.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/02/2013 04:16:53 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/02/2013 11:37:42 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/02/2013 11:37:42 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/01/2013 11:39:03 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/01/2013 10:15:20 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/01/2013 10:15:20 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/01/2013 10:28:21 AM) (Source: Application Error) (User: )
Description: Faulting application adwcleanerzipopenersetup.exe, version 0.0.0.0, faulting module adwcleanerzipopenersetup.exe, version 0.0.0.0, fault address 0x00004fb6.
Processing media-specific event for [adwcleanerzipopenersetup.exe!ws!]

Error: (09/01/2013 10:27:48 AM) (Source: Application Error) (User: )
Description: Faulting application adwcleanerzipopenersetup.exe, version 0.0.0.0, faulting module adwcleanerzipopenersetup.exe, version 0.0.0.0, fault address 0x00004fb6.
Processing media-specific event for [adwcleanerzipopenersetup.exe!ws!]

Error: (08/30/2013 10:53:32 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/25/2013 06:11:04 PM) (Source: Application Error) (User: )
Description: Faulting application FreeAgentService.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (FreeAgentService.exe!ld!)

System errors:
=============
Error: (09/02/2013 01:08:05 PM) (Source: System Error) (User: )
Description: Error code 10000050, parameter1 fc4c7d25, parameter2 00000000, parameter3 bf862276, parameter4 00000000.

Error: (09/02/2013 01:04:21 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Error: (09/02/2013 01:00:35 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (09/02/2013 11:44:11 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (09/02/2013 11:43:41 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (09/02/2013 11:43:39 AM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service failed to start due to the following error:
%%1053

Error: (09/02/2013 11:43:20 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Error: (09/02/2013 11:42:23 AM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (09/02/2013 11:32:26 AM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (09/02/2013 11:19:09 AM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (09/02/2013 04:16:53 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe11.0.3.37hungapp0.0.0.000000000

Error: (09/02/2013 11:37:42 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/02/2013 11:37:42 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/01/2013 11:39:03 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/01/2013 10:15:20 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/01/2013 10:15:20 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/01/2013 10:28:21 AM) (Source: Application Error)(User: )
Description: adwcleanerzipopenersetup.exe0.0.0.0adwcleanerzipopenersetup.exe0.0.0.000004fb6

Error: (09/01/2013 10:27:48 AM) (Source: Application Error)(User: )
Description: adwcleanerzipopenersetup.exe0.0.0.0adwcleanerzipopenersetup.exe0.0.0.000004fb6

Error: (08/30/2013 10:53:32 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1hungapp0.0.0.000000000

Error: (08/25/2013 06:11:04 PM) (Source: Application Error)(User: )
Description: FreeAgentService.exe0.0.0.0unknown0.0.0.000000000

=========================== Installed Programs ============================

56Kbps Internal Modem
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 3.6.0.6090)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoImpression 5
AT&T Yahoo! Applications
ATT-AACE
ATT-RemoteControl
avast! Internet Security (Version: 8.0.1489.0)
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center (Version: 1.1.3)
Bonjour (Version: 3.0.0.10)
CardRd81 (Version: 4.00.0000.0004)
CCleaner (Version: 4.05)
CCScore (Version: 5.01.0000.0001)
CR2 (Version: 4.00.0000.0003)
Critical Update for Windows Media Player 11 (KB959772)
ESSBrwr (Version: 5.01.0000.0001)
ESSCDBK (Version: 5.01.0000.0001)
ESScore (Version: 5.01.0000.0002)
ESSCT (Version: 5.01.0000.0101)
ESSEMAIL (Version: 5.01.0000.0001)
ESSgui (Version: 5.01.0000.0004)
ESShelp (Version: 5.01.0000.0001)
ESSini (Version: 5.01.0000.0101)
ESSPCD (Version: 5.01.0000.0001)
ESSPDock (Version: 4.00.0000.0003)
ESSSONIC (Version: 5.00.0000.0002)
ESSTOOLS (Version: 5.00.0000.0004)
essvcpt (Version: 5.01.0000.0002)
ESSvpaht (Version: 5.01.0000.0004)
ESSvpot (Version: 5.01.0000.0101)
F.lux
Far Cry (Patch 1) (Version: 1.00.0000)
Far Cry (Patch 1.3) (Version: 1.00.0000)
Far Cry (Patch 1.31) (Version: 1.00.0000)
Far Cry (Patch 1.33) (Version: 1.00.0000)
green label Greetings Cards
H&R Block Basic + Efile 2010 (Version: 10.02.5701)
H&R Block Basic + Efile 2011 (Version: 11.02.6203)
H&R Block Basic + Efile 2012 (Version: 12.02.7801)
HLPIndex (Version: 5.01.0000.0001)
HLPPDOCK (Version: 4.00.0000.0002)
HLPSFO (Version: 5.01.0000.0103)
InstallMgr (Version: 1.0.39.0)
InterActual Player
IOI Multimedia Card Reader (Version: 1.03)
iTunes (Version: 11.0.4.4)
Java 7 Update 10 (Version: 7.0.100)
Java Auto Updater (Version: 2.1.9.0)
Kodak EasyShare software
KSU (Version: 632.62.0002.0001)
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player (Version: 10.1.0.11)
Make a Movie (Version: 1.00.0000)
MakeAMov (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Default Manager (Version: 1.1.53.0)
Microsoft IntelliPoint 6.2 (Version: 6.20.182.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works 7.0 (Version: 07.02.0620)
MobileMe Control Panel (Version: 3.1.5.0)
Move Networks Media Player for Internet Explorer
MP3 Player Utilities 1.51 (Version: 1.51)
MSN Music Assistant
MSN Toolbar (Version: 1.0.39.0)
MSN Toolbar (Version: 3.0.1125.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Multimedia Keyboard Driver
Netscape 6 (6.2.1)
Notifier (Version: 5.01.0000.0101)
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Ethernet Driver
NVIDIA nForce Drivers
OfotoXMI (Version: 5.01.0000.0001)
OTtBP (Version: 5.01.0000.0002)
OTtBPSDK (Version: 4.00.0000.0000)
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PowerDVD
QuickTime (Version: 7.74.80.86)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
Seagate Manager Installer (Version: 2.01.0048)
SFR (Version: 5.00.0000.0005)
SFR2 (Version: 3.03.0000.0002)
SHASTA (Version: 5.00.0002.0001)
SKIN0001 (Version: 5.01.0000.0002)
SKINXSDK (Version: 5.00.0000.0004)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Video Mover
Viewpoint Media Player
VPRINTOL (Version: 5.01.0000.0001)
WebFldrs XP (Version: 9.50.6513)
Winamp (Version: 5.57 )
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Movie Maker 2.0 (Version: 2.0.0000)
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 5.00.0000.0001)
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 77%
Total physical RAM: 447.48 MB
Available physical RAM: 100.22 MB
Total Pagefile: 1058.34 MB
Available Pagefile: 307.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.21 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:153.38 GB) (Free:80.57 GB) NTFS

========================= Users: ========================================

User accounts for \\BETSY

Administrator            Guest                    HelpAssistant           
Justin Denman            Mom                      Ramona Noske            
SUPPORT_388945a0        

**** End of log ****

 

 

 

 

19:36:03.0968 0x0a2c  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
19:36:04.0750 0x0a2c  ============================================================
19:36:04.0750 0x0a2c  Current date / time: 2013/09/02 19:36:04.0750
19:36:04.0750 0x0a2c  SystemInfo:
19:36:04.0750 0x0a2c 
19:36:04.0750 0x0a2c  OS Version: 5.1.2600 ServicePack: 3.0
19:36:04.0750 0x0a2c  Product type: Workstation
19:36:04.0750 0x0a2c  ComputerName: BETSY
19:36:04.0750 0x0a2c  UserName: Mom
19:36:04.0750 0x0a2c  Windows directory: C:\WINDOWS
19:36:04.0750 0x0a2c  System windows directory: C:\WINDOWS
19:36:04.0750 0x0a2c  Processor architecture: Intel x86
19:36:04.0750 0x0a2c  Number of processors: 1
19:36:04.0750 0x0a2c  Page size: 0x1000
19:36:04.0750 0x0a2c  Boot type: Normal boot
19:36:04.0750 0x0a2c  ============================================================
19:36:06.0781 0x0a2c  Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:36:06.0843 0x0a2c  ============================================================
19:36:06.0843 0x0a2c  \Device\Harddisk0\DR0:
19:36:06.0843 0x0a2c  MBR partitions:
19:36:06.0843 0x0a2c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C4938
19:36:06.0843 0x0a2c  ============================================================
19:36:06.0890 0x0a2c  C: <-> \Device\Harddisk0\DR0\Partition1
19:36:06.0906 0x0a2c  ============================================================
19:36:06.0906 0x0a2c  Initialize success
19:36:06.0906 0x0a2c  ============================================================
19:36:15.0828 0x0128  ============================================================
19:36:15.0828 0x0128  Scan started
19:36:15.0828 0x0128  Mode: Manual; TDLFS;
19:36:15.0828 0x0128  ============================================================
19:36:18.0140 0x0128  ================ Scan system memory ========================
19:36:18.0140 0x0128  System memory - ok
19:36:18.0156 0x0128  ================ Scan services =============================
19:36:18.0390 0x0128  Abiosdsk - ok
19:36:18.0421 0x0128  abp480n5 - ok
19:36:18.0468 0x0128  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:36:18.0484 0x0128  ACPI - ok
19:36:18.0546 0x0128  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:36:18.0546 0x0128  ACPIEC - ok
19:36:18.0656 0x0128  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:18.0656 0x0128  AdobeFlashPlayerUpdateSvc - ok
19:36:18.0671 0x0128  adpu160m - ok
19:36:18.0734 0x0128  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:36:18.0734 0x0128  aec - ok
19:36:18.0796 0x0128  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:36:18.0796 0x0128  AFD - ok
19:36:19.0031 0x0128  [ 91B76D91C781E9DD49D9D03A2AB3E8C3 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
19:36:19.0046 0x0128  AffinegyService - ok
19:36:19.0078 0x0128  AFGMp50 - ok
19:36:19.0125 0x0128  [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50         C:\WINDOWS\system32\Drivers\AFGSp50.sys
19:36:19.0156 0x0128  AFGSp50 - ok
19:36:19.0171 0x0128  Aha154x - ok
19:36:19.0203 0x0128  aic78u2 - ok
19:36:19.0234 0x0128  aic78xx - ok
19:36:19.0281 0x0128  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:36:19.0281 0x0128  Alerter - ok
19:36:19.0312 0x0128  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
19:36:19.0312 0x0128  ALG - ok
19:36:19.0343 0x0128  AliIde - ok
19:36:19.0421 0x0128  [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7           C:\WINDOWS\system32\DRIVERS\amdk7.sys
19:36:19.0421 0x0128  AmdK7 - ok
19:36:19.0453 0x0128  amsint - ok
19:36:19.0515 0x0128  AOL TopSpeedMonitor - ok
19:36:19.0609 0x0128  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:36:19.0609 0x0128  Apple Mobile Device - ok
19:36:19.0640 0x0128  AppMgmt - ok
19:36:19.0656 0x0128  asc - ok
19:36:19.0687 0x0128  asc3350p - ok
19:36:19.0718 0x0128  asc3550 - ok
19:36:19.0906 0x0128  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:36:19.0968 0x0128  aspnet_state - ok
19:36:20.0031 0x0128  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:36:20.0031 0x0128  aswFsBlk - ok
19:36:20.0093 0x0128  [ EA235FC109D9B9FA7A602BA30888B2B9 ] aswFW           C:\WINDOWS\system32\drivers\aswFW.sys
19:36:20.0109 0x0128  aswFW - ok
19:36:20.0125 0x0128  [ 3FCA5C1A8F33CF9857220CC3A3076A3E ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
19:36:20.0140 0x0128  aswKbd - ok
19:36:20.0171 0x0128  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
19:36:20.0171 0x0128  aswMonFlt - ok
19:36:20.0218 0x0128  [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis         C:\WINDOWS\system32\DRIVERS\aswNdis.sys
19:36:20.0218 0x0128  aswNdis - ok
19:36:20.0265 0x0128  [ 47DA17FD9C2F8B1B62A06DFB7AFDC8CA ] aswNdis2        C:\WINDOWS\system32\drivers\aswNdis2.sys
19:36:20.0281 0x0128  aswNdis2 - ok
19:36:20.0343 0x0128  [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
19:36:20.0343 0x0128  AswRdr - ok
19:36:20.0375 0x0128  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
19:36:20.0390 0x0128  aswRvrt - ok
19:36:20.0531 0x0128  [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
19:36:20.0562 0x0128  aswSnx - ok
19:36:20.0640 0x0128  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
19:36:20.0656 0x0128  aswSP - ok
19:36:20.0718 0x0128  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
19:36:20.0718 0x0128  aswTdi - ok
19:36:20.0750 0x0128  [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
19:36:20.0765 0x0128  aswVmm - ok
19:36:20.0812 0x0128  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:36:20.0812 0x0128  AsyncMac - ok
19:36:20.0843 0x0128  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:36:20.0843 0x0128  atapi - ok
19:36:20.0875 0x0128  Atdisk - ok
19:36:20.0921 0x0128  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:36:20.0921 0x0128  Atmarpc - ok
19:36:20.0984 0x0128  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:36:20.0984 0x0128  AudioSrv - ok
19:36:21.0046 0x0128  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:36:21.0046 0x0128  audstub - ok
19:36:21.0140 0x0128  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:36:21.0140 0x0128  avast! Antivirus - ok
19:36:21.0187 0x0128  [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
19:36:21.0203 0x0128  avast! Firewall - ok
19:36:21.0265 0x0128  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:36:21.0265 0x0128  Beep - ok
19:36:21.0359 0x0128  [ DEFCE42FE9EED1A0DC4A28FDDFF603C9 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
19:36:21.0359 0x0128  Belkin Local Backup Service - ok
19:36:21.0390 0x0128  [ E23AF2900A4E3CA7FF22F1C80A013305 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
19:36:21.0390 0x0128  Belkin Network USB Helper - ok
19:36:21.0453 0x0128  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:36:21.0609 0x0128  BITS - ok
19:36:21.0718 0x0128  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:36:21.0750 0x0128  Bonjour Service - ok
19:36:21.0796 0x0128  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
19:36:21.0812 0x0128  Browser - ok
19:36:21.0984 0x0128  catchme - ok
19:36:22.0031 0x0128  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:36:22.0046 0x0128  cbidf2k - ok
19:36:22.0062 0x0128  cd20xrnt - ok
19:36:22.0125 0x0128  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:36:22.0125 0x0128  Cdaudio - ok
19:36:22.0171 0x0128  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:36:22.0171 0x0128  Cdfs - ok
19:36:22.0218 0x0128  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:36:22.0218 0x0128  Cdrom - ok
19:36:22.0250 0x0128  Changer - ok
19:36:22.0296 0x0128  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:36:22.0296 0x0128  CiSvc - ok
19:36:22.0343 0x0128  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:36:22.0343 0x0128  ClipSrv - ok
19:36:22.0421 0x0128  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:22.0484 0x0128  clr_optimization_v2.0.50727_32 - ok
19:36:22.0578 0x0128  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:36:22.0578 0x0128  clr_optimization_v4.0.30319_32 - ok
19:36:22.0625 0x0128  CmdIde - ok
19:36:22.0640 0x0128  COMSysApp - ok
19:36:22.0687 0x0128  Cpqarray - ok
19:36:22.0734 0x0128  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:36:22.0750 0x0128  CryptSvc - ok
19:36:22.0765 0x0128  dac2w2k - ok
19:36:22.0796 0x0128  dac960nt - ok
19:36:22.0937 0x0128  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:36:22.0968 0x0128  DcomLaunch - ok
19:36:23.0046 0x0128  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:36:23.0062 0x0128  Dhcp - ok
19:36:23.0171 0x0128  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:36:23.0187 0x0128  Disk - ok
19:36:23.0203 0x0128  dmadmin - ok
19:36:23.0281 0x0128  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:36:23.0296 0x0128  dmboot - ok
19:36:23.0343 0x0128  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:36:23.0359 0x0128  dmio - ok
19:36:23.0406 0x0128  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:36:23.0406 0x0128  dmload - ok
19:36:23.0453 0x0128  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:36:23.0468 0x0128  dmserver - ok
19:36:23.0500 0x0128  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:36:23.0500 0x0128  DMusic - ok
19:36:23.0546 0x0128  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:36:23.0546 0x0128  Dnscache - ok
19:36:23.0593 0x0128  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:36:23.0609 0x0128  Dot3svc - ok
19:36:23.0625 0x0128  dpti2o - ok
19:36:23.0656 0x0128  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:36:23.0671 0x0128  drmkaud - ok
19:36:23.0734 0x0128  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:36:23.0734 0x0128  EapHost - ok
19:36:23.0781 0x0128  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:36:23.0796 0x0128  ERSvc - ok
19:36:23.0859 0x0128  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
19:36:23.0875 0x0128  Eventlog - ok
19:36:23.0937 0x0128  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
19:36:23.0953 0x0128  EventSystem - ok
19:36:24.0062 0x0128  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:36:24.0062 0x0128  Fastfat - ok
19:36:24.0140 0x0128  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:36:24.0156 0x0128  FastUserSwitchingCompatibility - ok
19:36:24.0187 0x0128  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
19:36:24.0187 0x0128  Fdc - ok
19:36:24.0218 0x0128  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:36:24.0234 0x0128  Fips - ok
19:36:24.0265 0x0128  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:36:24.0265 0x0128  Flpydisk - ok
19:36:24.0312 0x0128  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:36:24.0312 0x0128  FltMgr - ok
19:36:24.0406 0x0128  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:24.0406 0x0128  FontCache3.0.0.0 - ok
19:36:24.0546 0x0128  [ C0504D5561D4E3872BCBA47531E2763B ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
19:36:24.0546 0x0128  FreeAgentGoNext Service - ok
19:36:24.0609 0x0128  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:36:24.0609 0x0128  Fs_Rec - ok
19:36:24.0640 0x0128  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:36:24.0656 0x0128  Ftdisk - ok
19:36:24.0703 0x0128  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:36:24.0703 0x0128  GEARAspiWDM - ok
19:36:24.0750 0x0128  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:36:24.0750 0x0128  Gpc - ok
19:36:24.0843 0x0128  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:36:24.0859 0x0128  helpsvc - ok
19:36:24.0921 0x0128  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
19:36:24.0921 0x0128  HidServ - ok
19:36:24.0968 0x0128  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:36:24.0968 0x0128  HidUsb - ok
19:36:25.0062 0x0128  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:36:25.0062 0x0128  hkmsvc - ok
19:36:25.0093 0x0128  hpn - ok
19:36:25.0171 0x0128  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:36:25.0187 0x0128  HTTP - ok
19:36:25.0234 0x0128  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:36:25.0265 0x0128  HTTPFilter - ok
19:36:25.0296 0x0128  i2omgmt - ok
19:36:25.0312 0x0128  i2omp - ok
19:36:25.0359 0x0128  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:36:25.0375 0x0128  i8042prt - ok
19:36:25.0468 0x0128  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:25.0500 0x0128  idsvc - ok
19:36:25.0546 0x0128  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:36:25.0546 0x0128  Imapi - ok
19:36:25.0593 0x0128  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:36:25.0609 0x0128  ImapiService - ok
19:36:25.0640 0x0128  ini910u - ok
19:36:25.0687 0x0128  IntelIde - ok
19:36:25.0781 0x0128  [ 4BEFE7B88F963DCC4B302ADF60D47E4F ] Intels51        C:\WINDOWS\system32\DRIVERS\Intels51.sys
19:36:25.0843 0x0128  Intels51 - ok
19:36:25.0937 0x0128  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:36:25.0968 0x0128  ip6fw - ok
19:36:26.0062 0x0128  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:36:26.0062 0x0128  IpFilterDriver - ok
19:36:26.0093 0x0128  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:36:26.0093 0x0128  IpInIp - ok
19:36:26.0140 0x0128  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:36:26.0140 0x0128  IpNat - ok
19:36:26.0234 0x0128  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:36:26.0250 0x0128  iPod Service - ok
19:36:26.0281 0x0128  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:36:26.0281 0x0128  IPSec - ok
19:36:26.0312 0x0128  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:36:26.0328 0x0128  IRENUM - ok
19:36:26.0375 0x0128  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:36:26.0375 0x0128  isapnp - ok
19:36:26.0515 0x0128  [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:36:26.0515 0x0128  JavaQuickStarterService - ok
19:36:26.0578 0x0128  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:36:26.0578 0x0128  Kbdclass - ok
19:36:26.0609 0x0128  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:36:26.0609 0x0128  kbdhid - ok
19:36:26.0640 0x0128  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:36:26.0656 0x0128  kmixer - ok
19:36:26.0718 0x0128  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:36:26.0718 0x0128  KSecDD - ok
19:36:26.0796 0x0128  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:36:26.0812 0x0128  lanmanserver - ok
19:36:26.0859 0x0128  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:36:26.0890 0x0128  lanmanworkstation - ok
19:36:26.0921 0x0128  lbrtfdc - ok
19:36:27.0156 0x0128  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:36:27.0171 0x0128  LmHosts - ok
19:36:27.0218 0x0128  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
19:36:27.0234 0x0128  MBAMProtector - ok
19:36:27.0281 0x0128  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\mymbamAnti-Malware\mbamscheduler.exe
19:36:27.0296 0x0128  MBAMScheduler - ok
19:36:27.0390 0x0128  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\mymbamAnti-Malware\mbamservice.exe
19:36:27.0406 0x0128  MBAMService - ok
19:36:27.0437 0x0128  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:36:27.0453 0x0128  Messenger - ok
19:36:27.0515 0x0128  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:36:27.0515 0x0128  mnmdd - ok
19:36:27.0562 0x0128  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
19:36:27.0578 0x0128  mnmsrvc - ok
19:36:27.0625 0x0128  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:36:27.0625 0x0128  Modem - ok
19:36:27.0687 0x0128  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:36:27.0687 0x0128  MODEMCSA - ok
19:36:27.0718 0x0128  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:36:27.0718 0x0128  Mouclass - ok
19:36:27.0781 0x0128  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:36:27.0781 0x0128  mouhid - ok
19:36:27.0828 0x0128  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:36:27.0843 0x0128  MountMgr - ok
19:36:27.0859 0x0128  mraid35x - ok
19:36:27.0937 0x0128  [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5         C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19:36:27.0953 0x0128  MREMPR5 - ok
19:36:28.0078 0x0128  [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5        C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
19:36:28.0078 0x0128  MRENDIS5 - ok
19:36:28.0156 0x0128  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:36:28.0171 0x0128  MRxDAV - ok
19:36:28.0234 0x0128  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:36:28.0250 0x0128  MRxSmb - ok
19:36:28.0296 0x0128  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
19:36:28.0296 0x0128  MSDTC - ok
19:36:28.0343 0x0128  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:36:28.0359 0x0128  Msfs - ok
19:36:28.0375 0x0128  MSIServer - ok
19:36:28.0421 0x0128  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:36:28.0421 0x0128  MSKSSRV - ok
19:36:28.0453 0x0128  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:36:28.0453 0x0128  MSPCLOCK - ok
19:36:28.0484 0x0128  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:36:28.0484 0x0128  MSPQM - ok
19:36:28.0531 0x0128  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:36:28.0531 0x0128  mssmbios - ok
19:36:28.0593 0x0128  [ 33F438BD66F2877BBB5567E49208A346 ] Mtlmnt5         C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
19:36:28.0593 0x0128  Mtlmnt5 - ok
19:36:28.0687 0x0128  [ 4D98402AE75097E362CC8ED94079D94C ] Mtlstrm         C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
19:36:28.0765 0x0128  Mtlstrm - ok
19:36:28.0796 0x0128  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:36:28.0812 0x0128  Mup - ok
19:36:28.0859 0x0128  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:36:28.0890 0x0128  napagent - ok
19:36:28.0937 0x0128  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:36:28.0937 0x0128  NDIS - ok
19:36:29.0015 0x0128  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:36:29.0015 0x0128  NdisTapi - ok
19:36:29.0093 0x0128  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:36:29.0093 0x0128  Ndisuio - ok
19:36:29.0171 0x0128  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:36:29.0171 0x0128  NdisWan - ok
19:36:29.0218 0x0128  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:36:29.0234 0x0128  NDProxy - ok
19:36:29.0265 0x0128  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:36:29.0265 0x0128  NetBIOS - ok
19:36:29.0296 0x0128  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:36:29.0312 0x0128  NetBT - ok
19:36:29.0359 0x0128  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:36:29.0375 0x0128  NetDDE - ok
19:36:29.0406 0x0128  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:36:29.0406 0x0128  NetDDEdsdm - ok
19:36:29.0453 0x0128  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:36:29.0453 0x0128  Netlogon - ok
19:36:29.0515 0x0128  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
19:36:29.0531 0x0128  Netman - ok
19:36:29.0593 0x0128  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:36:29.0609 0x0128  NetTcpPortSharing - ok
19:36:29.0656 0x0128  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:36:29.0671 0x0128  Nla - ok
19:36:29.0734 0x0128  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:36:29.0734 0x0128  Npfs - ok
19:36:29.0781 0x0128  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:36:29.0796 0x0128  Ntfs - ok
19:36:29.0828 0x0128  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
19:36:29.0843 0x0128  NtLmSsp - ok
19:36:29.0906 0x0128  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:36:29.0937 0x0128  NtmsSvc - ok
19:36:30.0000 0x0128  [ 6AF0557BBFFDDE15B985F2C1B82D43E0 ] NtMtlFax        C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
19:36:30.0093 0x0128  NtMtlFax - ok
19:36:30.0140 0x0128  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:36:30.0140 0x0128  Null - ok
19:36:30.0281 0x0128  [ 71DBDC08DF86B80511E72953FA1AD6B0 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:36:30.0312 0x0128  nv - ok
19:36:30.0390 0x0128  [ C940418D48B98359E9CCBAD695E5F530 ] nvax            C:\WINDOWS\system32\drivers\nvax.sys
19:36:30.0390 0x0128  nvax - ok
19:36:30.0437 0x0128  [ 5155E22DA2F2E1CA4023D00F6EB31B5E ] NVENET          C:\WINDOWS\system32\DRIVERS\NVENET.sys
19:36:30.0437 0x0128  NVENET - ok
19:36:30.0500 0x0128  [ B000A8B4946F786A56C7B020620B3A46 ] nvnforce        C:\WINDOWS\system32\drivers\nvapu.sys
19:36:30.0531 0x0128  nvnforce - ok
19:36:30.0578 0x0128  [ 5ED834603C36414B579979B3A9C90F54 ] NVSvc           C:\WINDOWS\System32\nvsvc32.exe
19:36:30.0593 0x0128  NVSvc - ok
19:36:30.0640 0x0128  [ 29291C3A7256337327051CC37E4FC09A ] nv_agp          C:\WINDOWS\system32\DRIVERS\nv_agp.sys
19:36:30.0640 0x0128  nv_agp - ok
19:36:30.0687 0x0128  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:36:30.0703 0x0128  NwlnkFlt - ok
19:36:30.0734 0x0128  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:36:30.0734 0x0128  NwlnkFwd - ok
19:36:30.0781 0x0128  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:36:30.0796 0x0128  Parport - ok
19:36:30.0828 0x0128  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:36:30.0828 0x0128  PartMgr - ok
19:36:30.0890 0x0128  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:36:30.0890 0x0128  ParVdm - ok
19:36:30.0921 0x0128  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:36:30.0937 0x0128  PCI - ok
19:36:30.0953 0x0128  PCIDump - ok
19:36:31.0062 0x0128  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:36:31.0062 0x0128  PCIIde - ok
19:36:31.0125 0x0128  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:36:31.0125 0x0128  Pcmcia - ok
19:36:31.0156 0x0128  PDCOMP - ok
19:36:31.0187 0x0128  PDFRAME - ok
19:36:31.0218 0x0128  PDRELI - ok
19:36:31.0250 0x0128  PDRFRAME - ok
19:36:31.0265 0x0128  perc2 - ok
19:36:31.0296 0x0128  perc2hib - ok
19:36:31.0390 0x0128  [ 6C1618A07B49E3873582B6449E744088 ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
19:36:31.0406 0x0128  pfc - ok
19:36:31.0437 0x0128  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:36:31.0437 0x0128  PlugPlay - ok
19:36:31.0515 0x0128  [ B4F59A953EF9E507F0D00C3A68580B8B ] Point32         C:\WINDOWS\system32\DRIVERS\point32.sys
19:36:31.0515 0x0128  Point32 - ok
19:36:31.0546 0x0128  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:36:31.0546 0x0128  PolicyAgent - ok
19:36:31.0609 0x0128  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:36:31.0609 0x0128  PptpMiniport - ok
19:36:31.0640 0x0128  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
19:36:31.0640 0x0128  Processor - ok
19:36:31.0671 0x0128  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:36:31.0687 0x0128  ProtectedStorage - ok
19:36:31.0718 0x0128  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:36:31.0718 0x0128  PSched - ok
19:36:31.0765 0x0128  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:36:31.0765 0x0128  Ptilink - ok
19:36:31.0828 0x0128  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:36:31.0828 0x0128  PxHelp20 - ok
19:36:31.0859 0x0128  ql1080 - ok
19:36:31.0875 0x0128  Ql10wnt - ok
19:36:31.0906 0x0128  ql12160 - ok
19:36:31.0937 0x0128  ql1240 - ok
19:36:31.0968 0x0128  ql1280 - ok
19:36:32.0078 0x0128  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:36:32.0109 0x0128  RasAcd - ok
19:36:32.0171 0x0128  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:36:32.0187 0x0128  RasAuto - ok
19:36:32.0234 0x0128  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:36:32.0234 0x0128  Rasl2tp - ok
19:36:32.0312 0x0128  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:36:32.0328 0x0128  RasMan - ok
19:36:32.0375 0x0128  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:36:32.0375 0x0128  RasPppoe - ok
19:36:32.0437 0x0128  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:36:32.0437 0x0128  Raspti - ok
19:36:32.0484 0x0128  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:36:32.0484 0x0128  Rdbss - ok
19:36:32.0546 0x0128  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:36:32.0546 0x0128  RDPCDD - ok
19:36:32.0625 0x0128  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:36:32.0640 0x0128  RDPWD - ok
19:36:32.0703 0x0128  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:36:32.0718 0x0128  RDSessMgr - ok
19:36:32.0781 0x0128  [ E9AAA0092D74A9D371659C4C38882E12 ] RecAgent        C:\WINDOWS\system32\DRIVERS\RecAgent.sys
19:36:32.0781 0x0128  RecAgent - ok
19:36:32.0828 0x0128  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:36:32.0828 0x0128  redbook - ok
19:36:32.0875 0x0128  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:36:32.0906 0x0128  RemoteAccess - ok
19:36:32.0937 0x0128  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
19:36:32.0953 0x0128  RpcLocator - ok
19:36:33.0062 0x0128  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
19:36:33.0078 0x0128  RpcSs - ok
19:36:33.0140 0x0128  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
19:36:33.0156 0x0128  RSVP - ok
19:36:33.0203 0x0128  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:36:33.0203 0x0128  SamSs - ok
19:36:33.0265 0x0128  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:36:33.0281 0x0128  SCardSvr - ok
19:36:33.0343 0x0128  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:36:33.0359 0x0128  Schedule - ok
19:36:33.0484 0x0128  [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:36:33.0484 0x0128  SeaPort - ok
19:36:33.0546 0x0128  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:36:33.0562 0x0128  Secdrv - ok
19:36:33.0609 0x0128  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:36:33.0625 0x0128  seclogon - ok
19:36:33.0656 0x0128  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
19:36:33.0671 0x0128  SENS - ok
19:36:33.0718 0x0128  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
19:36:33.0718 0x0128  serenum - ok
19:36:33.0750 0x0128  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:36:33.0765 0x0128  Serial - ok
19:36:33.0859 0x0128  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:36:33.0859 0x0128  Sfloppy - ok
19:36:33.0921 0x0128  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:36:33.0937 0x0128  SharedAccess - ok
19:36:33.0984 0x0128  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:36:34.0000 0x0128  ShellHWDetection - ok
19:36:34.0015 0x0128  Simbad - ok
19:36:34.0109 0x0128  [ 769D8F1C7BBDB5C0C1EB157575DAD0BA ] Slntamr         C:\WINDOWS\system32\DRIVERS\slntamr.sys
19:36:34.0125 0x0128  Slntamr - ok
19:36:34.0156 0x0128  [ EDD0BCB2B8548A95B2633C249BFAEEC7 ] SlNtHal         C:\WINDOWS\system32\DRIVERS\Slnthal.sys
19:36:34.0171 0x0128  SlNtHal - ok
19:36:34.0187 0x0128  SLService - ok
19:36:34.0218 0x0128  [ 3B4A3B282F62FE5D75127D22B26909ED ] SlWdmSup        C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
19:36:34.0218 0x0128  SlWdmSup - ok
19:36:34.0281 0x0128  Sparrow - ok
19:36:34.0328 0x0128  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:36:34.0328 0x0128  splitter - ok
19:36:34.0390 0x0128  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:36:34.0437 0x0128  Spooler - ok
19:36:34.0468 0x0128  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:36:34.0484 0x0128  sr - ok
19:36:34.0531 0x0128  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:36:34.0546 0x0128  srservice - ok
19:36:34.0609 0x0128  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:36:34.0640 0x0128  Srv - ok
19:36:34.0687 0x0128  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:36:34.0703 0x0128  SSDPSRV - ok
19:36:34.0765 0x0128  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:36:34.0796 0x0128  stisvc - ok
19:36:34.0843 0x0128  [ F658D6420B14BEDB49C19E39E7D03594 ] SunkFilt        C:\WINDOWS\System32\Drivers\sunkfilt.sys
19:36:34.0859 0x0128  SunkFilt - ok
19:36:34.0890 0x0128  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:36:34.0890 0x0128  swenum - ok
19:36:34.0937 0x0128  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:36:34.0953 0x0128  swmidi - ok
19:36:34.0968 0x0128  SwPrv - ok
19:36:35.0078 0x0128  [ C8A43978DADCF12B7E40A0577227DFBC ] sxuptp          C:\WINDOWS\system32\DRIVERS\sxuptp.sys
19:36:35.0156 0x0128  sxuptp - ok
19:36:35.0171 0x0128  symc810 - ok
19:36:35.0203 0x0128  symc8xx - ok
19:36:35.0218 0x0128  sym_hi - ok
19:36:35.0234 0x0128  sym_u3 - ok
19:36:35.0296 0x0128  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:36:35.0296 0x0128  sysaudio - ok
19:36:35.0359 0x0128  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:36:35.0375 0x0128  SysmonLog - ok
19:36:35.0406 0x0128  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:36:35.0437 0x0128  TapiSrv - ok
19:36:35.0515 0x0128  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:36:35.0531 0x0128  Tcpip - ok
19:36:35.0578 0x0128  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:36:35.0593 0x0128  TDPIPE - ok
19:36:35.0609 0x0128  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:36:35.0625 0x0128  TDTCP - ok
19:36:35.0640 0x0128  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:36:35.0656 0x0128  TermDD - ok
19:36:35.0734 0x0128  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
19:36:35.0750 0x0128  TermService - ok
19:36:35.0781 0x0128  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:36:35.0796 0x0128  Themes - ok
19:36:35.0828 0x0128  TosIde - ok
19:36:35.0875 0x0128  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:36:35.0890 0x0128  TrkWks - ok
19:36:35.0953 0x0128  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:36:35.0968 0x0128  Udfs - ok
19:36:35.0984 0x0128  ultra - ok
19:36:36.0093 0x0128  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:36:36.0109 0x0128  Update - ok
19:36:36.0171 0x0128  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:36:36.0187 0x0128  upnphost - ok
19:36:36.0234 0x0128  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
19:36:36.0250 0x0128  UPS - ok
19:36:36.0312 0x0128  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
19:36:36.0328 0x0128  USBAAPL - ok
19:36:36.0359 0x0128  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:36:36.0375 0x0128  usbccgp - ok
19:36:36.0406 0x0128  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:36:36.0421 0x0128  usbehci - ok
19:36:36.0453 0x0128  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:36:36.0468 0x0128  usbhub - ok
19:36:36.0500 0x0128  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:36:36.0500 0x0128  usbohci - ok
19:36:36.0546 0x0128  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:36:36.0546 0x0128  usbprint - ok
19:36:36.0578 0x0128  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:36:36.0578 0x0128  usbscan - ok
19:36:36.0625 0x0128  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:36:36.0625 0x0128  usbstor - ok
19:36:36.0671 0x0128  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:36:36.0671 0x0128  VgaSave - ok
19:36:36.0718 0x0128  ViaIde - ok
19:36:36.0750 0x0128  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:36:36.0765 0x0128  VolSnap - ok
19:36:36.0859 0x0128  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
19:36:36.0906 0x0128  VSS - ok
19:36:36.0984 0x0128  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
19:36:37.0000 0x0128  W32Time - ok
19:36:37.0078 0x0128  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:36:37.0078 0x0128  Wanarp - ok
19:36:37.0140 0x0128  [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw          C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:36:37.0140 0x0128  wanatw - ok
19:36:37.0203 0x0128  [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:36:37.0203 0x0128  wceusbsh - ok
19:36:37.0281 0x0128  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
19:36:37.0296 0x0128  Wdf01000 - ok
19:36:37.0328 0x0128  WDICA - ok
19:36:37.0390 0x0128  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:36:37.0390 0x0128  wdmaud - ok
19:36:37.0437 0x0128  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:36:37.0468 0x0128  WebClient - ok
19:36:37.0562 0x0128  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:36:37.0578 0x0128  winmgmt - ok
19:36:37.0671 0x0128  [ 668056D5C3C11AB7D266819A96B964E8 ] WMDM PMSP Service C:\WINDOWS\System32\MsPMSPSv.exe
19:36:37.0687 0x0128  WMDM PMSP Service - ok
19:36:37.0734 0x0128  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:36:37.0750 0x0128  WmdmPmSN - ok
19:36:37.0812 0x0128  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:36:37.0828 0x0128  WmiApSrv - ok
19:36:37.0937 0x0128  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
19:36:37.0968 0x0128  WMPNetworkSvc - ok
19:36:38.0156 0x0128  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:36:38.0203 0x0128  WPFFontCache_v0400 - ok
19:36:38.0265 0x0128  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:36:38.0265 0x0128  WS2IFSL - ok
19:36:38.0328 0x0128  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:36:38.0375 0x0128  wscsvc - ok
19:36:38.0421 0x0128  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:36:38.0437 0x0128  wuauserv - ok
19:36:38.0500 0x0128  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:36:38.0515 0x0128  WudfPf - ok
19:36:38.0531 0x0128  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:36:38.0546 0x0128  WudfRd - ok
19:36:38.0593 0x0128  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:36:38.0609 0x0128  WudfSvc - ok
19:36:38.0671 0x0128  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:36:38.0703 0x0128  WZCSVC - ok
19:36:38.0781 0x0128  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:36:38.0796 0x0128  xmlprov - ok
19:36:38.0921 0x0128  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:36:38.0953 0x0128  YahooAUService - ok
19:36:38.0968 0x0128  zumbus - ok
19:36:39.0000 0x0128  ================ Scan global ===============================
19:36:39.0109 0x0128  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:36:39.0234 0x0128  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
19:36:39.0296 0x0128  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
19:36:39.0343 0x0128  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:36:39.0359 0x0128  [Global] - ok
19:36:39.0359 0x0128  ================ Scan MBR ==================================
19:36:39.0390 0x0128  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:36:39.0625 0x0128  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:36:39.0625 0x0128  \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:36:39.0640 0x0128  ================ Scan VBR ==================================
19:36:39.0656 0x0128  [ E6B2B1F04E34E83F3F13ED4B8AD7F281 ] \Device\Harddisk0\DR0\Partition1
19:36:39.0656 0x0128  \Device\Harddisk0\DR0\Partition1 - ok
19:36:39.0671 0x0128  ============================================================
19:36:39.0671 0x0128  Scan finished
19:36:39.0671 0x0128  ============================================================
19:36:39.0703 0x0574  Detected object count: 1
19:36:39.0703 0x0574  Actual detected object count: 1
19:36:48.0796 0x0574  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:36:48.0796 0x0574  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:37:02.0312 0x0d38  Deinitialize success
 


Edited by addygard, 02 September 2013 - 07:48 PM.

When the power of love overcomes the love of power, the world will know peace.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:59 PM

Posted 02 September 2013 - 08:32 PM

Rerun TDSSKiller,

Change the option on this  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

from skip to Cure or Delete.

 

In Control Panel uninstall this

Java 7 Update 10 (Version: 7.0.100)

Reboot

 

aswMBR must be busy or doing maintenance, I checked and that is way to long. Should only be a couple minutes.

Try again later or tomorrow.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:59 PM

Posted 02 September 2013 - 09:04 PM

As TDSSkiller was deleting/curing the threat, I got a red alert from Avast saying it was blocking a threat moving it to my virus chest.  It was 7 of the objects TDSSkiller was trying to quarantine.  I you didn't say if you needed to see the result and that probably means you don't, but just in case the log is pasted below.  Java is removed and I'm rebooting now.

 

 

 

20:41:56.0125 0x0574  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
20:41:56.0843 0x0574  ============================================================
20:41:56.0843 0x0574  Current date / time: 2013/09/02 20:41:56.0843
20:41:56.0843 0x0574  SystemInfo:
20:41:56.0843 0x0574 
20:41:56.0843 0x0574  OS Version: 5.1.2600 ServicePack: 3.0
20:41:56.0843 0x0574  Product type: Workstation
20:41:56.0843 0x0574  ComputerName: BETSY
20:41:56.0859 0x0574  UserName: Mom
20:41:56.0859 0x0574  Windows directory: C:\WINDOWS
20:41:56.0859 0x0574  System windows directory: C:\WINDOWS
20:41:56.0859 0x0574  Processor architecture: Intel x86
20:41:56.0859 0x0574  Number of processors: 1
20:41:56.0859 0x0574  Page size: 0x1000
20:41:56.0859 0x0574  Boot type: Normal boot
20:41:56.0859 0x0574  ============================================================
20:42:01.0265 0x0574  Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:42:01.0718 0x0574  ============================================================
20:42:01.0718 0x0574  \Device\Harddisk0\DR0:
20:42:01.0765 0x0574  MBR partitions:
20:42:01.0765 0x0574  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C4938
20:42:01.0765 0x0574  ============================================================
20:42:02.0000 0x0574  C: <-> \Device\Harddisk0\DR0\Partition1
20:42:02.0218 0x0574  ============================================================
20:42:02.0218 0x0574  Initialize success
20:42:02.0218 0x0574  ============================================================
20:42:15.0265 0x09c4  ============================================================
20:42:15.0265 0x09c4  Scan started
20:42:15.0265 0x09c4  Mode: Manual; TDLFS;
20:42:15.0265 0x09c4  ============================================================
20:42:17.0484 0x09c4  ================ Scan system memory ========================
20:42:17.0500 0x09c4  System memory - ok
20:42:17.0515 0x09c4  ================ Scan services =============================
20:42:17.0703 0x09c4  Abiosdsk - ok
20:42:17.0734 0x09c4  abp480n5 - ok
20:42:17.0796 0x09c4  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:42:17.0812 0x09c4  ACPI - ok
20:42:17.0875 0x09c4  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:42:17.0875 0x09c4  ACPIEC - ok
20:42:18.0031 0x09c4  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:42:18.0031 0x09c4  AdobeFlashPlayerUpdateSvc - ok
20:42:18.0062 0x09c4  adpu160m - ok
20:42:18.0109 0x09c4  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:42:18.0125 0x09c4  aec - ok
20:42:18.0218 0x09c4  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:42:18.0234 0x09c4  AFD - ok
20:42:18.0421 0x09c4  [ 91B76D91C781E9DD49D9D03A2AB3E8C3 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
20:42:18.0437 0x09c4  AffinegyService - ok
20:42:18.0500 0x09c4  AFGMp50 - ok
20:42:18.0578 0x09c4  [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50         C:\WINDOWS\system32\Drivers\AFGSp50.sys
20:42:18.0593 0x09c4  AFGSp50 - ok
20:42:18.0609 0x09c4  Aha154x - ok
20:42:18.0640 0x09c4  aic78u2 - ok
20:42:18.0671 0x09c4  aic78xx - ok
20:42:18.0750 0x09c4  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:42:18.0765 0x09c4  Alerter - ok
20:42:18.0812 0x09c4  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
20:42:18.0828 0x09c4  ALG - ok
20:42:18.0859 0x09c4  AliIde - ok
20:42:18.0953 0x09c4  [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7           C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:42:18.0953 0x09c4  AmdK7 - ok
20:42:18.0984 0x09c4  amsint - ok
20:42:19.0078 0x09c4  AOL TopSpeedMonitor - ok
20:42:19.0171 0x09c4  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:42:19.0171 0x09c4  Apple Mobile Device - ok
20:42:19.0203 0x09c4  AppMgmt - ok
20:42:19.0234 0x09c4  asc - ok
20:42:19.0250 0x09c4  asc3350p - ok
20:42:19.0296 0x09c4  asc3550 - ok
20:42:19.0468 0x09c4  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:42:19.0593 0x09c4  aspnet_state - ok
20:42:19.0656 0x09c4  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:42:19.0656 0x09c4  aswFsBlk - ok
20:42:19.0703 0x09c4  [ EA235FC109D9B9FA7A602BA30888B2B9 ] aswFW           C:\WINDOWS\system32\drivers\aswFW.sys
20:42:19.0734 0x09c4  aswFW - ok
20:42:19.0859 0x09c4  [ 3FCA5C1A8F33CF9857220CC3A3076A3E ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
20:42:19.0875 0x09c4  aswKbd - ok
20:42:20.0000 0x09c4  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
20:42:20.0015 0x09c4  aswMonFlt - ok
20:42:20.0093 0x09c4  [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis         C:\WINDOWS\system32\DRIVERS\aswNdis.sys
20:42:20.0140 0x09c4  aswNdis - ok
20:42:20.0343 0x09c4  [ 47DA17FD9C2F8B1B62A06DFB7AFDC8CA ] aswNdis2        C:\WINDOWS\system32\drivers\aswNdis2.sys
20:42:20.0390 0x09c4  aswNdis2 - ok
20:42:20.0468 0x09c4  [ 7B43265F92257A21CBFD88E7A651044C ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
20:42:20.0484 0x09c4  AswRdr - ok
20:42:20.0593 0x09c4  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
20:42:20.0640 0x09c4  aswRvrt - ok
20:42:20.0750 0x09c4  [ CCD565A8A72AF7D45F9A242013870926 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
20:42:20.0796 0x09c4  aswSnx - ok
20:42:20.0906 0x09c4  [ 937300BC7C4CDF7576BCCE44E19BBB9D ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
20:42:20.0921 0x09c4  aswSP - ok
20:42:21.0000 0x09c4  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
20:42:21.0015 0x09c4  aswTdi - ok
20:42:21.0171 0x09c4  [ 8CFAA2B965773A653F48F1207A9CB9C4 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
20:42:21.0218 0x09c4  aswVmm - ok
20:42:21.0281 0x09c4  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:42:21.0296 0x09c4  AsyncMac - ok
20:42:21.0343 0x09c4  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:42:21.0343 0x09c4  atapi - ok
20:42:21.0375 0x09c4  Atdisk - ok
20:42:21.0406 0x09c4  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:42:21.0421 0x09c4  Atmarpc - ok
20:42:21.0484 0x09c4  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:42:21.0500 0x09c4  AudioSrv - ok
20:42:21.0546 0x09c4  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:42:21.0546 0x09c4  audstub - ok
20:42:21.0640 0x09c4  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:42:21.0640 0x09c4  avast! Antivirus - ok
20:42:21.0703 0x09c4  [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
20:42:21.0828 0x09c4  avast! Firewall - ok
20:42:21.0906 0x09c4  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:42:21.0921 0x09c4  Beep - ok
20:42:22.0015 0x09c4  [ DEFCE42FE9EED1A0DC4A28FDDFF603C9 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
20:42:22.0031 0x09c4  Belkin Local Backup Service - ok
20:42:22.0078 0x09c4  [ E23AF2900A4E3CA7FF22F1C80A013305 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
20:42:22.0078 0x09c4  Belkin Network USB Helper - ok
20:42:22.0203 0x09c4  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:42:22.0437 0x09c4  BITS - ok
20:42:22.0531 0x09c4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:42:22.0562 0x09c4  Bonjour Service - ok
20:42:22.0609 0x09c4  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
20:42:22.0625 0x09c4  Browser - ok
20:42:22.0750 0x09c4  catchme - ok
20:42:22.0812 0x09c4  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:42:22.0828 0x09c4  cbidf2k - ok
20:42:22.0843 0x09c4  cd20xrnt - ok
20:42:22.0906 0x09c4  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:42:22.0906 0x09c4  Cdaudio - ok
20:42:22.0968 0x09c4  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:42:22.0984 0x09c4  Cdfs - ok
20:42:23.0031 0x09c4  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:42:23.0031 0x09c4  Cdrom - ok
20:42:23.0062 0x09c4  Changer - ok
20:42:23.0109 0x09c4  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:42:23.0109 0x09c4  CiSvc - ok
20:42:23.0156 0x09c4  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:42:23.0171 0x09c4  ClipSrv - ok
20:42:23.0281 0x09c4  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:42:23.0421 0x09c4  clr_optimization_v2.0.50727_32 - ok
20:42:23.0515 0x09c4  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:42:23.0515 0x09c4  clr_optimization_v4.0.30319_32 - ok
20:42:23.0546 0x09c4  CmdIde - ok
20:42:23.0578 0x09c4  COMSysApp - ok
20:42:23.0640 0x09c4  Cpqarray - ok
20:42:23.0718 0x09c4  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:42:23.0734 0x09c4  CryptSvc - ok
20:42:23.0765 0x09c4  dac2w2k - ok
20:42:23.0781 0x09c4  dac960nt - ok
20:42:24.0046 0x09c4  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:42:24.0093 0x09c4  DcomLaunch - ok
20:42:24.0171 0x09c4  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:42:24.0218 0x09c4  Dhcp - ok
20:42:24.0265 0x09c4  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:42:24.0265 0x09c4  Disk - ok
20:42:24.0281 0x09c4  dmadmin - ok
20:42:24.0406 0x09c4  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:42:24.0437 0x09c4  dmboot - ok
20:42:24.0484 0x09c4  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:42:24.0484 0x09c4  dmio - ok
20:42:24.0515 0x09c4  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:42:24.0515 0x09c4  dmload - ok
20:42:24.0578 0x09c4  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:42:24.0578 0x09c4  dmserver - ok
20:42:24.0609 0x09c4  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:42:24.0609 0x09c4  DMusic - ok
20:42:24.0687 0x09c4  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:42:24.0687 0x09c4  Dnscache - ok
20:42:24.0781 0x09c4  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:42:24.0796 0x09c4  Dot3svc - ok
20:42:24.0828 0x09c4  dpti2o - ok
20:42:24.0875 0x09c4  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:42:24.0875 0x09c4  drmkaud - ok
20:42:24.0968 0x09c4  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:42:24.0968 0x09c4  EapHost - ok
20:42:25.0015 0x09c4  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:42:25.0015 0x09c4  ERSvc - ok
20:42:25.0078 0x09c4  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
20:42:25.0093 0x09c4  Eventlog - ok
20:42:25.0156 0x09c4  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
20:42:25.0171 0x09c4  EventSystem - ok
20:42:25.0218 0x09c4  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:42:25.0234 0x09c4  Fastfat - ok
20:42:25.0281 0x09c4  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:42:25.0296 0x09c4  FastUserSwitchingCompatibility - ok
20:42:25.0343 0x09c4  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:42:25.0359 0x09c4  Fdc - ok
20:42:25.0406 0x09c4  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:42:25.0406 0x09c4  Fips - ok
20:42:25.0453 0x09c4  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
20:42:25.0468 0x09c4  Flpydisk - ok
20:42:25.0515 0x09c4  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:42:25.0546 0x09c4  FltMgr - ok
20:42:25.0640 0x09c4  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:42:25.0640 0x09c4  FontCache3.0.0.0 - ok
20:42:25.0843 0x09c4  [ C0504D5561D4E3872BCBA47531E2763B ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
20:42:25.0890 0x09c4  FreeAgentGoNext Service - ok
20:42:25.0937 0x09c4  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:42:25.0937 0x09c4  Fs_Rec - ok
20:42:25.0968 0x09c4  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:42:25.0984 0x09c4  Ftdisk - ok
20:42:26.0062 0x09c4  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:42:26.0078 0x09c4  GEARAspiWDM - ok
20:42:26.0125 0x09c4  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:42:26.0140 0x09c4  Gpc - ok
20:42:26.0218 0x09c4  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:42:26.0234 0x09c4  helpsvc - ok
20:42:26.0281 0x09c4  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
20:42:26.0281 0x09c4  HidServ - ok
20:42:26.0406 0x09c4  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:42:26.0406 0x09c4  HidUsb - ok
20:42:26.0484 0x09c4  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:42:26.0500 0x09c4  hkmsvc - ok
20:42:26.0531 0x09c4  hpn - ok
20:42:26.0593 0x09c4  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:42:26.0609 0x09c4  HTTP - ok
20:42:26.0671 0x09c4  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:42:26.0703 0x09c4  HTTPFilter - ok
20:42:26.0750 0x09c4  i2omgmt - ok
20:42:26.0781 0x09c4  i2omp - ok
20:42:26.0796 0x09c4  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:42:26.0828 0x09c4  i8042prt - ok
20:42:26.0921 0x09c4  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:42:26.0953 0x09c4  idsvc - ok
20:42:27.0000 0x09c4  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:42:27.0015 0x09c4  Imapi - ok
20:42:27.0062 0x09c4  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:42:27.0062 0x09c4  ImapiService - ok
20:42:27.0109 0x09c4  ini910u - ok
20:42:27.0140 0x09c4  IntelIde - ok
20:42:27.0234 0x09c4  [ 4BEFE7B88F963DCC4B302ADF60D47E4F ] Intels51        C:\WINDOWS\system32\DRIVERS\Intels51.sys
20:42:27.0312 0x09c4  Intels51 - ok
20:42:27.0421 0x09c4  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:42:27.0421 0x09c4  ip6fw - ok
20:42:27.0468 0x09c4  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:42:27.0468 0x09c4  IpFilterDriver - ok
20:42:27.0500 0x09c4  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:42:27.0500 0x09c4  IpInIp - ok
20:42:27.0546 0x09c4  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:42:27.0562 0x09c4  IpNat - ok
20:42:27.0671 0x09c4  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:42:27.0687 0x09c4  iPod Service - ok
20:42:27.0718 0x09c4  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:42:27.0718 0x09c4  IPSec - ok
20:42:27.0781 0x09c4  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:42:27.0812 0x09c4  IRENUM - ok
20:42:27.0859 0x09c4  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:42:27.0875 0x09c4  isapnp - ok
20:42:28.0031 0x09c4  [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:42:28.0062 0x09c4  JavaQuickStarterService - ok
20:42:28.0109 0x09c4  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:42:28.0109 0x09c4  Kbdclass - ok
20:42:28.0171 0x09c4  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:42:28.0171 0x09c4  kbdhid - ok
20:42:28.0203 0x09c4  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:42:28.0218 0x09c4  kmixer - ok
20:42:28.0265 0x09c4  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:42:28.0265 0x09c4  KSecDD - ok
20:42:28.0390 0x09c4  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:42:28.0406 0x09c4  lanmanserver - ok
20:42:28.0500 0x09c4  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:42:28.0515 0x09c4  lanmanworkstation - ok
20:42:28.0546 0x09c4  lbrtfdc - ok
20:42:28.0625 0x09c4  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:42:28.0625 0x09c4  LmHosts - ok
20:42:28.0687 0x09c4  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
20:42:28.0687 0x09c4  MBAMProtector - ok
20:42:28.0937 0x09c4  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\mymbamAnti-Malware\mbamscheduler.exe
20:42:28.0984 0x09c4  MBAMScheduler - ok
20:42:29.0046 0x09c4  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\mymbamAnti-Malware\mbamservice.exe
20:42:29.0062 0x09c4  MBAMService - ok
20:42:29.0109 0x09c4  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:42:29.0125 0x09c4  Messenger - ok
20:42:29.0171 0x09c4  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:42:29.0171 0x09c4  mnmdd - ok
20:42:29.0234 0x09c4  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
20:42:29.0250 0x09c4  mnmsrvc - ok
20:42:29.0296 0x09c4  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:42:29.0296 0x09c4  Modem - ok
20:42:29.0359 0x09c4  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:42:29.0375 0x09c4  MODEMCSA - ok
20:42:29.0406 0x09c4  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:42:29.0406 0x09c4  Mouclass - ok
20:42:29.0468 0x09c4  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:42:29.0468 0x09c4  mouhid - ok
20:42:29.0531 0x09c4  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:42:29.0531 0x09c4  MountMgr - ok
20:42:29.0546 0x09c4  mraid35x - ok
20:42:29.0656 0x09c4  [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5         C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
20:42:29.0671 0x09c4  MREMPR5 - ok
20:42:29.0718 0x09c4  [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5        C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
20:42:29.0734 0x09c4  MRENDIS5 - ok
20:42:29.0796 0x09c4  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:42:29.0796 0x09c4  MRxDAV - ok
20:42:29.0906 0x09c4  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:42:29.0937 0x09c4  MRxSmb - ok
20:42:29.0984 0x09c4  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
20:42:29.0984 0x09c4  MSDTC - ok
20:42:30.0031 0x09c4  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:42:30.0031 0x09c4  Msfs - ok
20:42:30.0046 0x09c4  MSIServer - ok
20:42:30.0093 0x09c4  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:42:30.0093 0x09c4  MSKSSRV - ok
20:42:30.0140 0x09c4  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:42:30.0140 0x09c4  MSPCLOCK - ok
20:42:30.0171 0x09c4  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:42:30.0171 0x09c4  MSPQM - ok
20:42:30.0218 0x09c4  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:42:30.0218 0x09c4  mssmbios - ok
20:42:30.0296 0x09c4  [ 33F438BD66F2877BBB5567E49208A346 ] Mtlmnt5         C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
20:42:30.0343 0x09c4  Mtlmnt5 - ok
20:42:30.0484 0x09c4  [ 4D98402AE75097E362CC8ED94079D94C ] Mtlstrm         C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
20:42:30.0562 0x09c4  Mtlstrm - ok
20:42:30.0609 0x09c4  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:42:30.0609 0x09c4  Mup - ok
20:42:30.0718 0x09c4  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:42:30.0750 0x09c4  napagent - ok
20:42:30.0796 0x09c4  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:42:30.0812 0x09c4  NDIS - ok
20:42:30.0859 0x09c4  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:42:30.0859 0x09c4  NdisTapi - ok
20:42:30.0906 0x09c4  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:42:30.0921 0x09c4  Ndisuio - ok
20:42:30.0953 0x09c4  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:42:30.0953 0x09c4  NdisWan - ok
20:42:31.0000 0x09c4  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:42:31.0000 0x09c4  NDProxy - ok
20:42:31.0031 0x09c4  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:42:31.0046 0x09c4  NetBIOS - ok
20:42:31.0078 0x09c4  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:42:31.0078 0x09c4  NetBT - ok
20:42:31.0156 0x09c4  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:42:31.0156 0x09c4  NetDDE - ok
20:42:31.0187 0x09c4  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:42:31.0203 0x09c4  NetDDEdsdm - ok
20:42:31.0250 0x09c4  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:42:31.0250 0x09c4  Netlogon - ok
20:42:31.0296 0x09c4  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
20:42:31.0312 0x09c4  Netman - ok
20:42:31.0406 0x09c4  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:42:31.0421 0x09c4  NetTcpPortSharing - ok
20:42:31.0468 0x09c4  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:42:31.0484 0x09c4  Nla - ok
20:42:31.0531 0x09c4  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:42:31.0546 0x09c4  Npfs - ok
20:42:31.0593 0x09c4  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:42:31.0609 0x09c4  Ntfs - ok
20:42:31.0656 0x09c4  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
20:42:31.0656 0x09c4  NtLmSsp - ok
20:42:31.0718 0x09c4  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:42:31.0750 0x09c4  NtmsSvc - ok
20:42:31.0812 0x09c4  [ 6AF0557BBFFDDE15B985F2C1B82D43E0 ] NtMtlFax        C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
20:42:31.0828 0x09c4  NtMtlFax - ok
20:42:31.0937 0x09c4  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:42:32.0000 0x09c4  Null - ok
20:42:32.0140 0x09c4  [ 71DBDC08DF86B80511E72953FA1AD6B0 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:42:32.0171 0x09c4  nv - ok
20:42:32.0234 0x09c4  [ C940418D48B98359E9CCBAD695E5F530 ] nvax            C:\WINDOWS\system32\drivers\nvax.sys
20:42:32.0250 0x09c4  nvax - ok
20:42:32.0312 0x09c4  [ 5155E22DA2F2E1CA4023D00F6EB31B5E ] NVENET          C:\WINDOWS\system32\DRIVERS\NVENET.sys
20:42:32.0343 0x09c4  NVENET - ok
20:42:32.0437 0x09c4  [ B000A8B4946F786A56C7B020620B3A46 ] nvnforce        C:\WINDOWS\system32\drivers\nvapu.sys
20:42:32.0453 0x09c4  nvnforce - ok
20:42:32.0484 0x09c4  [ 5ED834603C36414B579979B3A9C90F54 ] NVSvc           C:\WINDOWS\System32\nvsvc32.exe
20:42:32.0500 0x09c4  NVSvc - ok
20:42:32.0562 0x09c4  [ 29291C3A7256337327051CC37E4FC09A ] nv_agp          C:\WINDOWS\system32\DRIVERS\nv_agp.sys
20:42:32.0562 0x09c4  nv_agp - ok
20:42:32.0625 0x09c4  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:42:32.0625 0x09c4  NwlnkFlt - ok
20:42:32.0656 0x09c4  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:42:32.0656 0x09c4  NwlnkFwd - ok
20:42:32.0734 0x09c4  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:42:32.0734 0x09c4  Parport - ok
20:42:32.0765 0x09c4  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:42:32.0781 0x09c4  PartMgr - ok
20:42:32.0828 0x09c4  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:42:32.0843 0x09c4  ParVdm - ok
20:42:32.0859 0x09c4  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:42:32.0875 0x09c4  PCI - ok
20:42:32.0890 0x09c4  PCIDump - ok
20:42:32.0953 0x09c4  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:42:32.0953 0x09c4  PCIIde - ok
20:42:33.0015 0x09c4  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:42:33.0031 0x09c4  Pcmcia - ok
20:42:33.0046 0x09c4  PDCOMP - ok
20:42:33.0078 0x09c4  PDFRAME - ok
20:42:33.0109 0x09c4  PDRELI - ok
20:42:33.0125 0x09c4  PDRFRAME - ok
20:42:33.0156 0x09c4  perc2 - ok
20:42:33.0187 0x09c4  perc2hib - ok
20:42:33.0296 0x09c4  [ 6C1618A07B49E3873582B6449E744088 ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
20:42:33.0312 0x09c4  pfc - ok
20:42:33.0343 0x09c4  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:42:33.0359 0x09c4  PlugPlay - ok
20:42:33.0453 0x09c4  [ B4F59A953EF9E507F0D00C3A68580B8B ] Point32         C:\WINDOWS\system32\DRIVERS\point32.sys
20:42:33.0453 0x09c4  Point32 - ok
20:42:33.0515 0x09c4  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:42:33.0531 0x09c4  PolicyAgent - ok
20:42:33.0578 0x09c4  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:42:33.0578 0x09c4  PptpMiniport - ok
20:42:33.0625 0x09c4  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
20:42:33.0625 0x09c4  Processor - ok
20:42:33.0656 0x09c4  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:42:33.0656 0x09c4  ProtectedStorage - ok
20:42:33.0687 0x09c4  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:42:33.0718 0x09c4  PSched - ok
20:42:33.0750 0x09c4  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:42:33.0750 0x09c4  Ptilink - ok
20:42:33.0812 0x09c4  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:42:33.0812 0x09c4  PxHelp20 - ok
20:42:33.0843 0x09c4  ql1080 - ok
20:42:33.0859 0x09c4  Ql10wnt - ok
20:42:33.0906 0x09c4  ql12160 - ok
20:42:33.0937 0x09c4  ql1240 - ok
20:42:33.0968 0x09c4  ql1280 - ok
20:42:34.0031 0x09c4  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:42:34.0046 0x09c4  RasAcd - ok
20:42:34.0109 0x09c4  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:42:34.0140 0x09c4  RasAuto - ok
20:42:34.0187 0x09c4  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:42:34.0187 0x09c4  Rasl2tp - ok
20:42:34.0265 0x09c4  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:42:34.0281 0x09c4  RasMan - ok
20:42:34.0312 0x09c4  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:42:34.0312 0x09c4  RasPppoe - ok
20:42:34.0390 0x09c4  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:42:34.0390 0x09c4  Raspti - ok
20:42:34.0453 0x09c4  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:42:34.0468 0x09c4  Rdbss - ok
20:42:34.0515 0x09c4  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:42:34.0515 0x09c4  RDPCDD - ok
20:42:34.0609 0x09c4  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:42:34.0609 0x09c4  RDPWD - ok
20:42:34.0718 0x09c4  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:42:34.0750 0x09c4  RDSessMgr - ok
20:42:34.0796 0x09c4  [ E9AAA0092D74A9D371659C4C38882E12 ] RecAgent        C:\WINDOWS\system32\DRIVERS\RecAgent.sys
20:42:34.0812 0x09c4  RecAgent - ok
20:42:34.0859 0x09c4  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:42:34.0859 0x09c4  redbook - ok
20:42:34.0906 0x09c4  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:42:34.0921 0x09c4  RemoteAccess - ok
20:42:34.0953 0x09c4  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
20:42:34.0984 0x09c4  RpcLocator - ok
20:42:35.0078 0x09c4  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
20:42:35.0093 0x09c4  RpcSs - ok
20:42:35.0156 0x09c4  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
20:42:35.0171 0x09c4  RSVP - ok
20:42:35.0203 0x09c4  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:42:35.0218 0x09c4  SamSs - ok
20:42:35.0296 0x09c4  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:42:35.0312 0x09c4  SCardSvr - ok
20:42:35.0375 0x09c4  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:42:35.0390 0x09c4  Schedule - ok
20:42:35.0515 0x09c4  [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:42:35.0531 0x09c4  SeaPort - ok
20:42:35.0593 0x09c4  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:42:35.0593 0x09c4  Secdrv - ok
20:42:35.0640 0x09c4  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:42:35.0656 0x09c4  seclogon - ok
20:42:35.0687 0x09c4  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
20:42:35.0703 0x09c4  SENS - ok
20:42:35.0750 0x09c4  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:42:35.0750 0x09c4  serenum - ok
20:42:35.0796 0x09c4  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:42:35.0812 0x09c4  Serial - ok
20:42:35.0890 0x09c4  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:42:35.0906 0x09c4  Sfloppy - ok
20:42:35.0953 0x09c4  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:42:36.0015 0x09c4  SharedAccess - ok
20:42:36.0062 0x09c4  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:42:36.0078 0x09c4  ShellHWDetection - ok
20:42:36.0109 0x09c4  Simbad - ok
20:42:36.0187 0x09c4  [ 769D8F1C7BBDB5C0C1EB157575DAD0BA ] Slntamr         C:\WINDOWS\system32\DRIVERS\slntamr.sys
20:42:36.0203 0x09c4  Slntamr - ok
20:42:36.0250 0x09c4  [ EDD0BCB2B8548A95B2633C249BFAEEC7 ] SlNtHal         C:\WINDOWS\system32\DRIVERS\Slnthal.sys
20:42:36.0281 0x09c4  SlNtHal - ok
20:42:36.0296 0x09c4  SLService - ok
20:42:36.0328 0x09c4  [ 3B4A3B282F62FE5D75127D22B26909ED ] SlWdmSup        C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
20:42:36.0343 0x09c4  SlWdmSup - ok
20:42:36.0421 0x09c4  Sparrow - ok
20:42:36.0453 0x09c4  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:42:36.0468 0x09c4  splitter - ok
20:42:36.0531 0x09c4  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:42:36.0546 0x09c4  Spooler - ok
20:42:36.0593 0x09c4  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:42:36.0593 0x09c4  sr - ok
20:42:36.0656 0x09c4  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:42:36.0687 0x09c4  srservice - ok
20:42:36.0750 0x09c4  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:42:36.0765 0x09c4  Srv - ok
20:42:36.0812 0x09c4  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:42:36.0828 0x09c4  SSDPSRV - ok
20:42:36.0890 0x09c4  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:42:36.0921 0x09c4  stisvc - ok
20:42:36.0968 0x09c4  [ F658D6420B14BEDB49C19E39E7D03594 ] SunkFilt        C:\WINDOWS\System32\Drivers\sunkfilt.sys
20:42:36.0984 0x09c4  SunkFilt - ok
20:42:37.0015 0x09c4  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:42:37.0015 0x09c4  swenum - ok
20:42:37.0046 0x09c4  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:42:37.0062 0x09c4  swmidi - ok
20:42:37.0078 0x09c4  SwPrv - ok
20:42:37.0171 0x09c4  [ C8A43978DADCF12B7E40A0577227DFBC ] sxuptp          C:\WINDOWS\system32\DRIVERS\sxuptp.sys
20:42:37.0203 0x09c4  sxuptp - ok
20:42:37.0218 0x09c4  symc810 - ok
20:42:37.0250 0x09c4  symc8xx - ok
20:42:37.0281 0x09c4  sym_hi - ok
20:42:37.0312 0x09c4  sym_u3 - ok
20:42:37.0359 0x09c4  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:42:37.0359 0x09c4  sysaudio - ok
20:42:37.0437 0x09c4  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:42:37.0468 0x09c4  SysmonLog - ok
20:42:37.0531 0x09c4  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:42:37.0546 0x09c4  TapiSrv - ok
20:42:37.0625 0x09c4  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:42:37.0656 0x09c4  Tcpip - ok
20:42:37.0703 0x09c4  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:42:37.0718 0x09c4  TDPIPE - ok
20:42:37.0750 0x09c4  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:42:37.0750 0x09c4  TDTCP - ok
20:42:37.0796 0x09c4  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:42:37.0796 0x09c4  TermDD - ok
20:42:37.0875 0x09c4  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
20:42:37.0906 0x09c4  TermService - ok
20:42:37.0953 0x09c4  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:42:37.0968 0x09c4  Themes - ok
20:42:38.0031 0x09c4  TosIde - ok
20:42:38.0078 0x09c4  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:42:38.0093 0x09c4  TrkWks - ok
20:42:38.0156 0x09c4  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:42:38.0156 0x09c4  Udfs - ok
20:42:38.0187 0x09c4  ultra - ok
20:42:38.0250 0x09c4  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:42:38.0265 0x09c4  Update - ok
20:42:38.0312 0x09c4  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:42:38.0343 0x09c4  upnphost - ok
20:42:38.0375 0x09c4  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
20:42:38.0406 0x09c4  UPS - ok
20:42:38.0546 0x09c4  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
20:42:38.0546 0x09c4  USBAAPL - ok
20:42:38.0593 0x09c4  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:42:38.0609 0x09c4  usbccgp - ok
20:42:38.0640 0x09c4  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:42:38.0640 0x09c4  usbehci - ok
20:42:38.0671 0x09c4  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:42:38.0687 0x09c4  usbhub - ok
20:42:38.0718 0x09c4  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:42:38.0734 0x09c4  usbohci - ok
20:42:38.0781 0x09c4  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:42:38.0796 0x09c4  usbprint - ok
20:42:38.0859 0x09c4  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:42:38.0859 0x09c4  usbscan - ok
20:42:38.0890 0x09c4  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:42:38.0906 0x09c4  usbstor - ok
20:42:38.0953 0x09c4  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:42:39.0000 0x09c4  VgaSave - ok
20:42:39.0031 0x09c4  ViaIde - ok
20:42:39.0093 0x09c4  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:42:39.0093 0x09c4  VolSnap - ok
20:42:39.0156 0x09c4  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
20:42:39.0187 0x09c4  VSS - ok
20:42:39.0234 0x09c4  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
20:42:39.0265 0x09c4  W32Time - ok
20:42:39.0312 0x09c4  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:42:39.0328 0x09c4  Wanarp - ok
20:42:39.0390 0x09c4  [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw          C:\WINDOWS\system32\DRIVERS\wanatw4.sys
20:42:39.0437 0x09c4  wanatw - ok
20:42:39.0515 0x09c4  [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
20:42:39.0515 0x09c4  wceusbsh - ok
20:42:39.0593 0x09c4  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
20:42:39.0609 0x09c4  Wdf01000 - ok
20:42:39.0640 0x09c4  WDICA - ok
20:42:39.0671 0x09c4  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:42:39.0687 0x09c4  wdmaud - ok
20:42:39.0734 0x09c4  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:42:39.0750 0x09c4  WebClient - ok
20:42:39.0859 0x09c4  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:42:39.0859 0x09c4  winmgmt - ok
20:42:39.0984 0x09c4  [ 668056D5C3C11AB7D266819A96B964E8 ] WMDM PMSP Service C:\WINDOWS\System32\MsPMSPSv.exe
20:42:39.0984 0x09c4  WMDM PMSP Service - ok
20:42:40.0046 0x09c4  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:42:40.0062 0x09c4  WmdmPmSN - ok
20:42:40.0140 0x09c4  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:42:40.0156 0x09c4  WmiApSrv - ok
20:42:40.0265 0x09c4  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
20:42:40.0296 0x09c4  WMPNetworkSvc - ok
20:42:40.0437 0x09c4  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:42:40.0593 0x09c4  WPFFontCache_v0400 - ok
20:42:40.0671 0x09c4  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:42:40.0671 0x09c4  WS2IFSL - ok
20:42:40.0734 0x09c4  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:42:40.0781 0x09c4  wscsvc - ok
20:42:40.0828 0x09c4  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:42:40.0843 0x09c4  wuauserv - ok
20:42:40.0921 0x09c4  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:42:40.0937 0x09c4  WudfPf - ok
20:42:40.0968 0x09c4  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:42:40.0968 0x09c4  WudfRd - ok
20:42:41.0000 0x09c4  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:42:41.0015 0x09c4  WudfSvc - ok
20:42:41.0093 0x09c4  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:42:41.0125 0x09c4  WZCSVC - ok
20:42:41.0203 0x09c4  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:42:41.0218 0x09c4  xmlprov - ok
20:42:41.0453 0x09c4  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
20:42:41.0500 0x09c4  YahooAUService - ok
20:42:41.0531 0x09c4  zumbus - ok
20:42:41.0546 0x09c4  ================ Scan global ===============================
20:42:41.0593 0x09c4  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:42:41.0671 0x09c4  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:42:41.0718 0x09c4  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:42:41.0750 0x09c4  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:42:41.0765 0x09c4  [Global] - ok
20:42:41.0796 0x09c4  ================ Scan MBR ==================================
20:42:41.0812 0x09c4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:42:42.0156 0x09c4  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:42:42.0156 0x09c4  \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:42:42.0156 0x09c4  ================ Scan VBR ==================================
20:42:42.0187 0x09c4  [ E6B2B1F04E34E83F3F13ED4B8AD7F281 ] \Device\Harddisk0\DR0\Partition1
20:42:42.0187 0x09c4  \Device\Harddisk0\DR0\Partition1 - ok
20:42:42.0187 0x09c4  ============================================================
20:42:42.0187 0x09c4  Scan finished
20:42:42.0187 0x09c4  ============================================================
20:42:42.0234 0x0aa8  Detected object count: 1
20:42:42.0234 0x0aa8  Actual detected object count: 1
20:42:55.0171 0x0aa8  \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:42:55.0500 0x0aa8  \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:43:34.0156 0x0aa8  \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:43:34.0484 0x0aa8  \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:43:34.0515 0x0aa8  \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:43:35.0093 0x0aa8  \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:43:38.0828 0x0aa8  \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:43:39.0250 0x0aa8  \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:43:39.0828 0x0aa8  \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:43:39.0843 0x0aa8  \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:43:39.0859 0x0aa8  \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:43:40.0703 0x0aa8  \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:43:41.0078 0x0aa8  \Device\Harddisk0\DR0\TDLFS - deleted
20:43:41.0078 0x0aa8  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
 


When the power of love overcomes the love of power, the world will know peace.


#8 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:59 PM

Posted 02 September 2013 - 09:27 PM

Hi, just tried to download aswMBR again and it is still very slow.  So as you said, I will try again tomorrow.  However, I won't be able to do that until tomorrow evening after I get home from work.  Sorry for the delay.  Thank you very much for your help so far, and I look forward to your continued help.


When the power of love overcomes the love of power, the world will know peace.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:59 PM

Posted 02 September 2013 - 09:42 PM

No problem, you should see some improvement already as we removed all that TDSS infection.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:59 PM

Posted 03 September 2013 - 08:51 PM

Hi.  I wish I could say it was running better.  Unfortunately, it's mostly as bad or worse. . .verrry slow loading and/or refreshing.  Yet every once in a while for a few minutes, it acts kind of peppy. 

 

I have wondered if part of the problem could be that I may have deleted stuff when I did a full Avast virus scan on Friday (which I'd never done a full scan before).  There were only 3 things I deleted because Avast returned the result saying they were high risk threats. . .how would I have known the difference if they were or weren't (hee haw).  But I did write them down, and somehow somewhere between Friday and Saturday before I read your initial instructions, I accidentally deleted my homepage browser (I think it had something to do with the Yahoo toolbar).  Now my internet currently opens to a default browser.  I apologize for being so computer ignorant, but my brain seems wired to resist all things technical. . .give me pictures and explicit explanations and directions and MAYBE I can do something the way it's supposed to be done whether or not I understand it.  And then maybe, if I do it often enough, I will one day say, Ah-ha, now I get it!

 

These were the "high risk" threats from my Avast full scan done on Friday.

1. ChromeRecovery.exe  - (I don't have Google Chrome if that's what this was for)

2. GoogleUpdateSetup.exe - (? Don't know what that is)

3. SafeZonebrowser.exe - (I thought this was something that was in the Avast Antivirus program)

 

Then I did a boot-scan after that and rather than delete the things it found, I moved them to the virus chest so I could decide what to do about them the next day (cause it was late at night and I couldn't stay awake).  But since I really don't know what to do, I just left them in the virus chest.  I think these messages were from the boot-scan too that said Firefox.dll is infected by win32:PUP-gen [PUP].  Again I don't have Firefox either, although at one time I may have tried to used it, but went back to IE. . .that was a few years ago.  I don't know if any of the above information is helpful or not, but there it is.

 

I tried again to download aswMBR and it still says over an hour to download.  Could it possibly my computer?  Is there another tool that you could suggest instead of aswMBR?

 

 


Edited by addygard, 03 September 2013 - 08:53 PM.

When the power of love overcomes the love of power, the world will know peace.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:59 PM

Posted 03 September 2013 - 09:11 PM

Hi, Ok as it was not better than I believe you have a deeper rootkit infection that these tools ill not find. BUT we will, Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:59 PM

Posted 03 September 2013 - 09:54 PM

Just downloaded Cobian Backup 8. . . do you have any idea approximately how many cds I will need?  I won't be able to do a back up tonight, but will get on it after work tomorrow evening.  Will you be helping me when I start a new topic and/or do I need to let you know when I do post?

 

Thank you for your help.  I don't know what people like me would do without the good will and expert assistance of people like you.  Thanks again.


When the power of love overcomes the love of power, the world will know peace.


#13 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:59 PM

Posted 04 September 2013 - 06:31 PM

Hi, well, I'm not able to back up my computer.  Below are the messages when I try to run it.  I tried 3 times and it kept saying one or more of the same messages each time.

 

 

ERR  The engine is not found

Welcome to Cobian Backup Black Moon

Engine Version: 8.4.0.178    OS version: 5.1.2600    Service: No

Use interface ready

The engine has been found.

Checking for new versions. Wait . . .

ERR  Error while checking for new versions: Connect timed out

The task “moms backup” has been modified and saved

The current list have been reloaded

Running the selected tasks

The task “Mom’s backup” is disabled. Skipping it . . .

 

 

Where do I go from here??

 

 

 

 

 


When the power of love overcomes the love of power, the world will know peace.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:59 PM

Posted 04 September 2013 - 08:03 PM

Post the DDS in the new topic
Mention you were unable to perform a backup.

include this link back to here
http://www.bleepingcomputer.com/forums/t/505591/possible-trojan-unable-to-complete-anti-rootkit-scan/#entry3147667
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:06:59 PM

Posted 04 September 2013 - 08:17 PM

Okay.  Thanks!


When the power of love overcomes the love of power, the world will know peace.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users