Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe I may have a bug of some sort


  • This topic is locked This topic is locked
20 replies to this topic

#1 dan47

dan47

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 23 September 2013 - 08:57 AM

G'day, I believe I may have a bug of some sort, I'm not computer wise so as such I do not know what sort of bug my Pc has encountered all I can do is give a brief description of the problems I'm having,

The first thing I noticed several months ago was an internet connection problem mainly with E-bay, The message I keep receiving is: The Connection to the server was reset while the page was loading, This message/problem has become worse over time, This is not the only problem I am having I have lost the control of my 3 Rom drives, they use to start automaticly, but now I have to start them manualy when I place a DVD or CD in their drive, My Pc also seems to have changed a lot of settings which I have not done, I also found that within regedit & gpedit.msc that there was nothing configured, I have also lost the Administration rights, When I use to start Windows it started as the Admin, Now the Pc starts up with my name with Admin privilages, I have tried to run the DDS program 6 times for this posting but my pc freezers after only a few seconds and I have to force shutdown the pc.

 

Now a brief description of my pc & what I have done to try and resolve all my Pc's problem's.

My OS is Windows XP Pro SP3, I'm running Trend Micro Internet Security 2013 as my AV and Malwarebytes Anti-Malware Pro not yet registered.

 

I have been looking at the forums and have tried some of the suggestions but with luck, I have tried a number of Anit root kit scans like trend root kit buster and Trends house call, I have also tried Malwarebytes Anti root kit scanner, tried Tdsskiller, Roguekiller which did find some things & I deleted.

If someone can Please give me instructions on which software program's to use so I can send a log text for your perusal, Sorry I could not send a DDS log, And Please be patient as with a reply to any answers to this post there is a 15 hour's time difference from the US to Australia. Thank You for your time and efforts on this matter.

 

Dan.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 AM

Posted 23 September 2013 - 09:15 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

which did find some things & I deleted.

 

 

Nice - and how shall I now know WHAT has been removed? o.O

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 dan47

dan47
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 25 September 2013 - 08:47 PM

Hello Marius, Farbar files as requested, I've also added some of the Rogue Killer files.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2013
Ran by Danny (administrator) on DANNYCOM1 on 26-09-2013 11:05:01
Running from C:\Documents and Settings\Danny\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTHELPER.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OE\TMAS_OEMon.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
(Creative Technology Ltd) C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTSched.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [577536 2007-04-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EPSON Stylus Photo R230 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE [98304 2005-03-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5955000 2012-04-27] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1171304 2012-04-27] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [403112 2012-04-27] (Acronis)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2010-03-18] (Creative Technology Ltd)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [InstallerLauncher] - "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1374328 2013-05-30] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [132920 2013-02-05] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro BTC] - C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [1320768 2013-03-02] (Trend Micro Inc.)
HKLM\...\Run: [OE] - C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OE\TMAS_OEMon.exe [68824 2012-07-26] (Trend Micro Inc.)
HKLM\...\Run: [WLM] - C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe [39528 2013-02-01] (Trend Micro Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [CTDVDDET] - C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE [45056 2003-06-18] (Creative Technology Ltd)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKCU\...\Run: [CreativeTaskScheduler] - C:\Program Files\Creative\Shared Files\CTSched.exe [53341 2006-11-17] (Creative Technology Ltd)
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2008-01-22] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2008-01-22] (Nero AG)
Startup: C:\Documents and Settings\Danny\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKCU - No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\4gs8l57a.default
FF Homepage: hxxp://www.google.com.au/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1136\7.5.1136\firefoxextension
FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [821016 2012-04-27] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-06-02] (Acronis)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [5914912 2012-04-27] (Acronis)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)
R1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 COMMONFX; C:\Windows\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
R3 COMMONFX.SYS; C:\Windows\System32\drivers\COMMONFX.SYS [99416 2010-03-18] (Creative Technology Ltd)
S3 CTAUDFX; C:\Windows\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
R3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347144 2010-03-18] (Creative Technology Ltd)
S3 CTERFXFX; C:\Windows\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
S3 CTERFXFX.SYS; C:\Windows\System32\drivers\CTERFXFX.SYS [100952 2010-03-18] (Creative Technology Ltd)
S3 CTSBLFX; C:\Windows\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
R3 CTSBLFX.SYS; C:\Windows\System32\drivers\CTSBLFX.SYS [566360 2010-03-18] (Creative Technology Ltd)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [798808 2010-03-18] (Creative Technology Ltd)
R3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [162904 2010-03-18] (Creative Technology Ltd)
S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189528 2010-03-18] (Creative Technology Ltd)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 npusbio; C:\Windows\System32\Drivers\npusbio.sys [30208 2012-07-09] ()
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
R0 nvraid; C:\Windows\System32\DRIVERS\nvraid4.sys [82944 2006-04-25] (NVIDIA Corporation)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [459520 2008-01-15] (Ralink Technology, Corp.)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [775232 2012-06-02] (Acronis)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [96248 2012-12-21] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [258976 2012-12-21] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [38328 2012-08-24] (Trend Micro Inc.)
R1 tmeext; C:\Windows\System32\DRIVERS\tmeext.sys [90808 2012-07-11] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [76648 2012-12-21] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [171064 2012-07-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-03] (Trend Micro Inc.)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126880 2012-06-02] (Acronis)
R0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-06-02] (Acronis)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19336 2009-01-13] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29192 2009-01-13] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14728 2009-01-13] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [49160 2009-01-13] (Logitech Inc.)
S3 COMMONFX.DLL; system32\COMMONFX.DLL [x]
S3 CT20XUT.DLL; system32\CT20XUT.DLL [x]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [x]
S3 CTEAPSFX.DLL; system32\CTEAPSFX.DLL [x]
S3 CTEDSPFX.DLL; system32\CTEDSPFX.DLL [x]
S3 CTEDSPIO.DLL; system32\CTEDSPIO.DLL [x]
S3 CTEDSPSY.DLL; system32\CTEDSPSY.DLL [x]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [x]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [x]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [x]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U2 TMAgent;
U3 tmeevw;
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-26 11:04 - 2013-09-26 11:04 - 00000000 ____D C:\FRST
2013-09-26 11:02 - 2013-09-26 11:02 - 01089329 _____ (Farbar) C:\Documents and Settings\Danny\Desktop\FRST.exe
2013-09-23 17:58 - 2013-09-23 17:58 - 00000000 ____D C:\Program Files\Tweaking.com
2013-09-23 17:58 - 2013-09-23 17:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2013-09-23 17:54 - 2013-09-23 17:54 - 05369204 _____ C:\Documents and Settings\Danny\Desktop\tweaking.com_windows_repair_aio_setup.exe
2013-09-21 19:45 - 2013-09-21 19:47 - 00020426 _____ C:\Documents and Settings\Danny\kl_uninstall.txt
2013-09-21 19:43 - 2013-09-21 19:47 - 07799950 _____ C:\Documents and Settings\Danny\kavremvr 2013-09-21 19-43-58 (pid 2040).log
2013-09-20 08:40 - 2013-09-20 08:41 - 00002038 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-09-20_08-40-03.txt
2013-09-20 08:28 - 2013-09-20 08:28 - 02748256 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Danny\Desktop\tdsskiller.exe
2013-09-20 07:14 - 2013-09-20 07:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 09:56 - 2013-09-17 09:56 - 00131801 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-17 09:54 - 2013-09-17 09:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-17 09:54 - 2013-09-17 09:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-17 09:54 - 2013-09-17 09:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-17 09:44 - 2013-09-17 09:55 - 00130009 _____ C:\WINDOWS\KB2876315.log
2013-09-17 09:44 - 2013-09-17 09:54 - 00129503 _____ C:\WINDOWS\KB2864063.log
2013-09-17 09:44 - 2013-09-17 09:54 - 00129035 _____ C:\WINDOWS\KB2876217.log
2013-09-17 09:28 - 2013-09-17 09:28 - 00000000 _____ C:\WINDOWS\DCEBOOT.LOG
2013-09-17 09:25 - 2013-09-17 09:25 - 00181808 _____ C:\WINDOWS\RegBootClean.exe
2013-09-17 09:25 - 2013-09-17 09:25 - 00022064 _____ C:\WINDOWS\DCEBoot.exe
2013-09-17 09:24 - 2013-09-17 12:06 - 00000000 ____D C:\Documents and Settings\Danny\Desktop\RK_Quarantine
2013-09-14 07:59 - 2013-09-14 07:59 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-14 07:59 - 2013-09-14 07:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-14 07:59 - 2013-09-14 07:59 - 00000000 ____D C:\Documents and Settings\Danny\Application Data\Malwarebytes
2013-09-14 07:59 - 2013-09-14 07:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-14 07:59 - 2013-09-14 07:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-09-14 07:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-14 07:35 - 2013-09-14 07:36 - 00080456 _____ (Malwarebytes Corporation) C:\Documents and Settings\Danny\Desktop\mbam-clean-1.60.2.0003.exe
2013-09-13 10:48 - 2013-09-13 10:48 - 00000000 ____D C:\Documents and Settings\Danny\My Documents\My Received Files
2013-09-13 08:40 - 2013-09-13 08:40 - 00059248 _____ (Malwarebytes Corporation) C:\Documents and Settings\Danny\Desktop\mbam-grabfiles-1.0.0.1000.exe
2013-09-12 10:38 - 2013-09-12 10:38 - 00353352 _____ (Malwarebytes Corporation) C:\Documents and Settings\Danny\Desktop\mbam-check-2.0.0.1000.exe
2013-09-12 09:26 - 2013-09-20 06:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-12 09:24 - 2013-09-20 06:36 - 00000000 ____D C:\Documents and Settings\Danny\Desktop\mbar
2013-09-12 09:23 - 2013-09-12 09:23 - 12907592 _____ (Malwarebytes Corp.) C:\Documents and Settings\Danny\Desktop\mbar-1.07.0.1005.exe
2013-09-11 17:33 - 2013-09-11 17:33 - 00000552 _____ C:\WINDOWS\system32\d3d8caps.dat
2013-09-05 16:14 - 2013-09-05 16:14 - 00012960 _____ C:\WINDOWS\KB2834902-v2.log
2013-09-05 16:14 - 2013-09-05 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834902-v2_WM10$
2013-09-05 16:10 - 2013-09-05 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-09-05 16:02 - 2013-09-05 16:03 - 00011251 _____ C:\WINDOWS\KB2863058.log
2013-09-05 16:02 - 2013-09-05 16:02 - 00013269 _____ C:\WINDOWS\KB2862772-IE8.log
2013-09-05 16:02 - 2013-09-05 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-09-05 16:01 - 2013-09-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-09-05 16:01 - 2013-09-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-09-05 16:00 - 2013-09-17 09:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-09-05 15:59 - 2013-09-17 10:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-05 15:59 - 2013-09-05 15:59 - 00308938 _____ C:\WINDOWS\msxml4-KB973688-enu.LOG
2013-09-05 15:59 - 2013-09-05 15:59 - 00303454 _____ C:\WINDOWS\msxml4-KB954430-enu.LOG
2013-09-05 15:59 - 2013-09-05 15:59 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-09-05 14:12 - 2013-09-05 14:14 - 30573928 _____ C:\Documents and Settings\Danny\Desktop\OJP8600_N911g-n_R1322C.exe
2013-09-04 11:52 - 2013-09-04 12:12 - 00000000 ____D C:\Documents and Settings\Danny\My Documents\Nero Home
2013-09-04 11:32 - 2008-05-14 09:34 - 01000744 _____ (Nero AG) C:\WINDOWS\system32\ShellManager10E2D762.dll
2013-09-04 11:32 - 2008-04-10 19:52 - 00648192 _____ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2013-09-04 11:07 - 2013-09-04 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Nero 7 Essentials
2013-09-04 11:07 - 2013-09-04 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ahead
2013-09-04 09:58 - 2005-01-24 17:47 - 01746360 ____N C:\WINDOWS\system32\CTAA1.DAT
2013-09-04 09:57 - 2008-06-13 11:13 - 00065536 ____N (Creative Technology Ltd) C:\WINDOWS\system32\ctdvda32.dll
2013-09-02 19:42 - 2013-09-02 19:42 - 00001945 _____ C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk
2013-09-02 19:42 - 2013-09-02 19:42 - 00000897 _____ C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
2013-09-02 19:42 - 2012-10-17 04:04 - 00580712 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM5912.dll
2013-09-02 19:42 - 2012-06-19 01:54 - 01979280 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanTRDrv_OJ8600.dll
2013-09-02 19:42 - 2012-06-19 01:54 - 00529808 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinksts5912.dll
2013-09-02 19:42 - 2012-06-19 01:54 - 00495504 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPWia1_OJ8600.dll
2013-09-02 19:42 - 2012-06-19 01:54 - 00268688 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinksts5912LM.dll
2013-09-02 19:42 - 2012-06-19 01:54 - 00220560 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkcoi5912.dll
2013-09-02 19:42 - 2012-06-19 01:21 - 02216336 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinkins5912.exe
2013-09-02 17:29 - 2013-09-02 20:36 - 00001669 _____ C:\Documents and Settings\Danny\Desktop\HPPSDr.lnk
2013-09-02 17:14 - 2013-09-02 17:14 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2013-09-02 13:45 - 2012-07-11 18:35 - 00090808 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmeext.sys
2013-09-02 13:45 - 2012-07-06 13:33 - 00171064 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmnciesc.sys
2013-09-02 13:14 - 2013-09-02 13:14 - 00000000 ___HD C:\TMRescueDisk
2013-09-02 13:12 - 2013-09-02 13:12 - 00000932 _____ C:\Documents and Settings\Danny\Desktop\Trend Micro Titanium Internet Security.lnk
2013-09-02 13:12 - 2013-09-02 13:12 - 00000000 ____D C:\Documents and Settings\Danny\Start Menu\Programs\Trend Micro Titanium Internet Security
2013-09-02 13:12 - 2013-09-02 13:12 - 00000000 ____D C:\Documents and Settings\Danny\Local Settings\Application Data\Trend Micro
2013-09-02 13:11 - 2012-12-21 19:50 - 00258976 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2013-09-02 13:11 - 2012-12-21 19:50 - 00096248 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmactmon.sys
2013-09-02 13:11 - 2012-12-21 19:50 - 00076648 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmevtmgr.sys
2013-09-02 13:11 - 2012-08-24 23:06 - 00038328 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMEBC32.sys
2013-09-02 13:11 - 2012-05-03 05:27 - 00092304 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmtdi.sys
2013-09-02 13:04 - 2013-09-02 13:04 - 00000059 _____ C:\WINDOWS\system32\SupportTool.exe.bat
2013-09-02 13:01 - 2013-09-02 13:02 - 00000000 ____D C:\Program Files\Trend Micro
2013-09-02 13:00 - 2013-09-21 13:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Trend Micro
2013-09-02 12:58 - 2013-09-13 13:18 - 00000036 _____ C:\Documents and Settings\Danny\Local Settings\Application Data\housecall.guid.cache
2013-08-30 17:17 - 2013-08-30 17:17 - 00002038 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-17-24.txt
2013-08-30 17:14 - 2013-08-30 17:14 - 00000530 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-14-12.txt
2013-08-30 17:12 - 2013-08-30 17:12 - 00000530 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-12-11.txt
2013-08-30 17:11 - 2013-08-30 17:11 - 00002038 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-11-22.txt
2013-08-30 17:08 - 2013-08-30 17:08 - 00000530 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-08-05.txt
2013-08-30 17:07 - 2013-08-30 17:07 - 00002038 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-07-33.txt
2013-08-30 17:07 - 2013-08-30 17:02 - 00078160 _____ (Microsoft Corporation) C:\Documents and Settings\Danny\Desktop\AutoFix.exe
2013-08-29 17:44 - 2013-08-29 17:44 - 00000452 __RSH C:\Documents and Settings\Danny\ntuser.pol
2013-08-29 17:43 - 2013-08-29 17:43 - 00000452 __RSH C:\Documents and Settings\All Users\ntuser.pol
2013-08-27 19:26 - 2013-08-27 19:26 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

==================== One Month Modified Files and Folders =======

2013-09-26 11:04 - 2013-09-26 11:04 - 00000000 ____D C:\FRST
2013-09-26 11:04 - 2012-04-26 18:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-26 11:02 - 2013-09-26 11:02 - 01089329 _____ (Farbar) C:\Documents and Settings\Danny\Desktop\FRST.exe
2013-09-26 10:49 - 2012-03-25 11:01 - 01172718 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-26 10:45 - 2012-04-23 20:02 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-09-26 10:45 - 2012-04-23 20:02 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-09-26 10:45 - 2004-08-04 22:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-26 10:44 - 2012-03-25 11:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-24 00:03 - 2012-03-25 11:06 - 00000178 ___SH C:\Documents and Settings\Danny\ntuser.ini
2013-09-24 00:03 - 2012-03-25 11:05 - 00032534 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-24 00:02 - 2012-07-31 21:38 - 04933838 _____ C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.BAK
2013-09-24 00:02 - 2012-07-31 21:34 - 04933838 _____ C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF
2013-09-23 18:11 - 2012-04-24 17:19 - 00000000 ____D C:\Program Files\CCleaner
2013-09-23 17:58 - 2013-09-23 17:58 - 00000000 ____D C:\Program Files\Tweaking.com
2013-09-23 17:58 - 2013-09-23 17:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2013-09-23 17:54 - 2013-09-23 17:54 - 05369204 _____ C:\Documents and Settings\Danny\Desktop\tweaking.com_windows_repair_aio_setup.exe
2013-09-21 19:47 - 2013-09-21 19:45 - 00020426 _____ C:\Documents and Settings\Danny\kl_uninstall.txt
2013-09-21 19:47 - 2013-09-21 19:43 - 07799950 _____ C:\Documents and Settings\Danny\kavremvr 2013-09-21 19-43-58 (pid 2040).log
2013-09-21 19:47 - 2012-03-25 11:06 - 00000000 ____D C:\Documents and Settings\Danny
2013-09-21 13:30 - 2013-09-02 13:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Trend Micro
2013-09-20 08:41 - 2013-09-20 08:40 - 00002038 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-09-20_08-40-03.txt
2013-09-20 08:34 - 2012-06-08 15:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-20 08:28 - 2013-09-20 08:28 - 02748256 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Danny\Desktop\tdsskiller.exe
2013-09-20 07:15 - 2013-09-20 07:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-20 06:36 - 2013-09-12 09:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-20 06:36 - 2013-09-12 09:24 - 00000000 ____D C:\Documents and Settings\Danny\Desktop\mbar
2013-09-20 06:04 - 2012-04-26 18:16 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-20 06:04 - 2012-03-25 11:43 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-17 12:06 - 2013-09-17 09:24 - 00000000 ____D C:\Documents and Settings\Danny\Desktop\RK_Quarantine
2013-09-17 10:00 - 2013-09-05 15:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-17 10:00 - 2012-03-25 20:48 - 00238352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-17 09:56 - 2013-09-17 09:56 - 00131801 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-17 09:56 - 2012-04-23 16:42 - 00041315 _____ C:\WINDOWS\updspapi.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00580709 _____ C:\WINDOWS\iis6.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00537931 _____ C:\WINDOWS\FaxSetup.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00257172 _____ C:\WINDOWS\ocgen.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00245456 _____ C:\WINDOWS\tsoc.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00179082 _____ C:\WINDOWS\comsetup.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00164042 _____ C:\WINDOWS\msmqinst.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00108432 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00094221 _____ C:\WINDOWS\netfxocm.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00036975 _____ C:\WINDOWS\MedCtrOC.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00029754 _____ C:\WINDOWS\ocmsn.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00027057 _____ C:\WINDOWS\tabletoc.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00026883 _____ C:\WINDOWS\msgsocm.log
2013-09-17 09:56 - 2012-03-25 14:54 - 00001374 _____ C:\WINDOWS\imsins.log
2013-09-17 09:55 - 2013-09-17 09:44 - 00130009 _____ C:\WINDOWS\KB2876315.log
2013-09-17 09:55 - 2012-03-25 14:54 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-17 09:54 - 2013-09-17 09:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-17 09:54 - 2013-09-17 09:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-17 09:54 - 2013-09-17 09:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-17 09:54 - 2013-09-17 09:44 - 00129503 _____ C:\WINDOWS\KB2864063.log
2013-09-17 09:54 - 2013-09-17 09:44 - 00129035 _____ C:\WINDOWS\KB2876217.log
2013-09-17 09:50 - 2013-09-05 16:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-09-17 09:50 - 2013-08-01 11:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-17 09:47 - 2012-03-25 10:32 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-17 09:28 - 2013-09-17 09:28 - 00000000 _____ C:\WINDOWS\DCEBOOT.LOG
2013-09-17 09:25 - 2013-09-17 09:25 - 00181808 _____ C:\WINDOWS\RegBootClean.exe
2013-09-17 09:25 - 2013-09-17 09:25 - 00022064 _____ C:\WINDOWS\DCEBoot.exe
2013-09-16 18:08 - 2012-03-25 20:42 - 00000000 ____D C:\WINDOWS\Help
2013-09-14 07:59 - 2013-09-14 07:59 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-14 07:59 - 2013-09-14 07:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-14 07:59 - 2013-09-14 07:59 - 00000000 ____D C:\Documents and Settings\Danny\Application Data\Malwarebytes
2013-09-14 07:59 - 2013-09-14 07:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-14 07:59 - 2013-09-14 07:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-09-14 07:36 - 2013-09-14 07:35 - 00080456 _____ (Malwarebytes Corporation) C:\Documents and Settings\Danny\Desktop\mbam-clean-1.60.2.0003.exe
2013-09-13 13:18 - 2013-09-02 12:58 - 00000036 _____ C:\Documents and Settings\Danny\Local Settings\Application Data\housecall.guid.cache
2013-09-13 10:48 - 2013-09-13 10:48 - 00000000 ____D C:\Documents and Settings\Danny\My Documents\My Received Files
2013-09-13 08:40 - 2013-09-13 08:40 - 00059248 _____ (Malwarebytes Corporation) C:\Documents and Settings\Danny\Desktop\mbam-grabfiles-1.0.0.1000.exe
2013-09-13 08:18 - 2013-08-16 12:12 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-09-12 14:25 - 2013-08-06 00:54 - 00000237 ___SH C:\boot.ini
2013-09-12 14:25 - 2004-08-04 22:00 - 00000461 _____ C:\WINDOWS\win.ini
2013-09-12 14:25 - 2004-08-04 22:00 - 00000227 ____N C:\WINDOWS\system.ini
2013-09-12 10:38 - 2013-09-12 10:38 - 00353352 _____ (Malwarebytes Corporation) C:\Documents and Settings\Danny\Desktop\mbam-check-2.0.0.1000.exe
2013-09-12 09:23 - 2013-09-12 09:23 - 12907592 _____ (Malwarebytes Corp.) C:\Documents and Settings\Danny\Desktop\mbar-1.07.0.1005.exe
2013-09-11 17:33 - 2013-09-11 17:33 - 00000552 _____ C:\WINDOWS\system32\d3d8caps.dat
2013-09-06 19:33 - 2013-08-01 11:42 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-09-05 16:14 - 2013-09-05 16:14 - 00012960 _____ C:\WINDOWS\KB2834902-v2.log
2013-09-05 16:14 - 2013-09-05 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834902-v2_WM10$
2013-09-05 16:10 - 2013-09-05 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-09-05 16:10 - 2013-08-16 11:59 - 00018725 _____ C:\WINDOWS\KB2850869.log
2013-09-05 16:10 - 2012-03-25 20:49 - 00551784 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-05 16:03 - 2013-09-05 16:02 - 00011251 _____ C:\WINDOWS\KB2863058.log
2013-09-05 16:03 - 2012-03-25 10:31 - 00027806 _____ C:\WINDOWS\system32\TZLog.log
2013-09-05 16:02 - 2013-09-05 16:02 - 00013269 _____ C:\WINDOWS\KB2862772-IE8.log
2013-09-05 16:02 - 2013-09-05 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-09-05 16:02 - 2013-08-16 11:59 - 00010779 _____ C:\WINDOWS\KB2859537.log
2013-09-05 16:01 - 2013-09-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-09-05 16:01 - 2013-09-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-09-05 15:59 - 2013-09-05 15:59 - 00308938 _____ C:\WINDOWS\msxml4-KB973688-enu.LOG
2013-09-05 15:59 - 2013-09-05 15:59 - 00303454 _____ C:\WINDOWS\msxml4-KB954430-enu.LOG
2013-09-05 15:59 - 2013-09-05 15:59 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-09-05 14:14 - 2013-09-05 14:12 - 30573928 _____ C:\Documents and Settings\Danny\Desktop\OJP8600_N911g-n_R1322C.exe
2013-09-04 12:12 - 2013-09-04 11:52 - 00000000 ____D C:\Documents and Settings\Danny\My Documents\Nero Home
2013-09-04 11:07 - 2013-09-04 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Nero 7 Essentials
2013-09-04 11:07 - 2013-09-04 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ahead
2013-09-04 11:06 - 2012-03-25 13:52 - 00000000 ____D C:\Program Files\Common Files\Ahead
2013-09-04 10:00 - 2012-07-31 21:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Creative
2013-09-04 09:59 - 2012-04-05 15:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-04 09:58 - 2012-07-23 17:37 - 00000000 ____D C:\Program Files\Creative
2013-09-04 09:02 - 2013-07-25 08:51 - 00000000 ____D C:\Documents and Settings\Danny\Application Data\HpUpdate
2013-09-04 08:21 - 2012-03-25 14:54 - 00134460 _____ C:\WINDOWS\setupapi.log
2013-09-04 08:21 - 2012-03-25 10:57 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2013-09-02 20:36 - 2013-09-02 17:29 - 00001669 _____ C:\Documents and Settings\Danny\Desktop\HPPSDr.lnk
2013-09-02 19:42 - 2013-09-02 19:42 - 00001945 _____ C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk
2013-09-02 19:42 - 2013-09-02 19:42 - 00000897 _____ C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
2013-09-02 19:42 - 2013-07-25 08:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP
2013-09-02 19:42 - 2013-07-25 08:43 - 00000000 ____D C:\Program Files\HP
2013-09-02 19:42 - 2012-06-03 12:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2013-09-02 19:42 - 2012-03-25 20:42 - 00000000 ____D C:\WINDOWS\twain_32
2013-09-02 18:51 - 2012-03-25 11:06 - 00001599 _____ C:\Documents and Settings\Danny\Start Menu\Programs\Remote Assistance.lnk
2013-09-02 17:14 - 2013-09-02 17:14 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2013-09-02 13:14 - 2013-09-02 13:14 - 00000000 ___HD C:\TMRescueDisk
2013-09-02 13:12 - 2013-09-02 13:12 - 00000932 _____ C:\Documents and Settings\Danny\Desktop\Trend Micro Titanium Internet Security.lnk
2013-09-02 13:12 - 2013-09-02 13:12 - 00000000 ____D C:\Documents and Settings\Danny\Start Menu\Programs\Trend Micro Titanium Internet Security
2013-09-02 13:12 - 2013-09-02 13:12 - 00000000 ____D C:\Documents and Settings\Danny\Local Settings\Application Data\Trend Micro
2013-09-02 13:04 - 2013-09-02 13:04 - 00000059 _____ C:\WINDOWS\system32\SupportTool.exe.bat
2013-09-02 13:02 - 2013-09-02 13:01 - 00000000 ____D C:\Program Files\Trend Micro
2013-08-30 18:27 - 2012-04-24 15:13 - 00000148 _____ C:\Documents and Settings\Danny\default.pls
2013-08-30 18:26 - 2012-04-24 14:50 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-08-30 17:17 - 2013-08-30 17:17 - 00002038 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-17-24.txt
2013-08-30 17:14 - 2013-08-30 17:14 - 00000530 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-14-12.txt
2013-08-30 17:12 - 2013-08-30 17:12 - 00000530 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-12-11.txt
2013-08-30 17:11 - 2013-08-30 17:11 - 00002038 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-11-22.txt
2013-08-30 17:08 - 2013-08-30 17:08 - 00000530 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-08-05.txt
2013-08-30 17:07 - 2013-08-30 17:07 - 00002038 _____ C:\Documents and Settings\Danny\My Documents\AutoFix_2013-08-30_17-07-33.txt
2013-08-30 17:02 - 2013-08-30 17:07 - 00078160 _____ (Microsoft Corporation) C:\Documents and Settings\Danny\Desktop\AutoFix.exe
2013-08-30 16:38 - 2012-03-25 10:59 - 00000000 ____D C:\WINDOWS\Registration
2013-08-29 17:44 - 2013-08-29 17:44 - 00000452 __RSH C:\Documents and Settings\Danny\ntuser.pol
2013-08-29 17:43 - 2013-08-29 17:43 - 00000452 __RSH C:\Documents and Settings\All Users\ntuser.pol
2013-08-27 19:26 - 2013-08-27 19:26 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2013-08-27 19:26 - 2012-03-25 11:06 - 00000738 _____ C:\Documents and Settings\Danny\Start Menu\Programs\Outlook Express.lnk
2013-08-27 19:26 - 2012-03-25 10:59 - 00000785 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
2013-08-27 19:22 - 2012-03-25 11:02 - 00001563 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2013-08-27 17:50 - 2013-02-24 14:36 - 00000000 ____D C:\Documents and Settings\Danny\My Documents\Safely remove fix
2013-08-27 17:37 - 2012-06-08 19:34 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-08-27 09:56 - 2012-03-25 20:42 - 00000000 ____D C:\WINDOWS\security
2013-08-27 09:42 - 2013-08-01 15:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy

Some content of TEMP:
====================
C:\Documents and Settings\Danny\Local Settings\Temp\FMS3A8.tmp.exe
C:\Documents and Settings\Danny\Local Settings\Temp\HitmanPro.exe
C:\Documents and Settings\Danny\Local Settings\Temp\MSN64.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2013
Ran by Danny at 2013-09-26 11:05:30
Running from C:\Documents and Settings\Danny\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {7D2296BC-32CC-4519-917E-52E652474AF5}

==================== Installed Programs ======================

Acronis True Image Home 2012 (Version: 15.0.7119)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.04) (Version: 11.0.04)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.05)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Creative Audio Console (Version: 1.33)
Creative MediaSource 5 (Version: 5.26)
Creative MediaSource DVD-Audio Player
Creative Software AutoUpdate (Version: 1.40)
Creative WaveStudio 7 (Version: 7.14)
EPSON Easy Photo Print (Version: 1.2.0.0)
EPSON File Manager (Version: 1.1.0.0)
EPSON Print CD (Version: 1.40.000)
EPSON Printer Software
ESPR230 User's Guide
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0)
HP Officejet Pro 8600 Help (Version: 28.0.0)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NaturalPoint USB Drivers x32 (Version: 2.50.0000)
Nero 7 Essentials (Version: 7.03.1152)
neroxml (Version: 1.0.0)
NVIDIA Drivers (Version: 1.10.57.35)
OOo-dev 3.4 (Version: 3.4.9583)
PIF DESIGNER
RealFlight 6 R/C Simulator
Realtek AC'97 Audio
TrackIR 5 (Version: 5.2.0100)
Trend Micro Titanium (Version: 6.00)
Trend Micro Titanium Internet Security (Version: 6.0)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.18)
Ubuntu (Version: 10.10-rev197)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format Runtime
Windows XP Service Pack 3 (Version: 20080414.031525)

==================== Restore Points  =========================

04-07-2013 23:33:40 System Checkpoint
09-07-2013 08:17:00 System Checkpoint
11-07-2013 00:09:48 Software Distribution Service 3.0
12-07-2013 02:02:00 System Checkpoint
13-07-2013 05:59:33 System Checkpoint
15-07-2013 03:11:56 System Checkpoint
16-07-2013 08:45:15 System Checkpoint
17-07-2013 08:51:57 System Checkpoint
20-07-2013 01:26:07 System Checkpoint
23-07-2013 01:03:56 System Checkpoint
23-07-2013 02:05:11 Removed HP Officejet Pro 8500 A910 Basic Device Software
23-07-2013 02:07:08 Removed HP Officejet Pro 8500 A910 Help
23-07-2013 02:12:58 1: 1717 2: Marketsplash Shortcuts
24-07-2013 02:22:01 System Checkpoint
25-07-2013 02:29:34 System Checkpoint
26-07-2013 03:14:05 System Checkpoint
29-07-2013 04:04:57 System Checkpoint
31-07-2013 00:56:58 System Checkpoint
31-07-2013 09:33:01 Removed Kaspersky PURE.
01-08-2013 00:58:06 Installed Windows XP Wdf01009.
01-08-2013 01:42:08 Software Distribution Service 3.0
01-08-2013 02:38:20 Software Distribution Service 3.0
01-08-2013 05:03:02 Software Distribution Service 3.0
01-08-2013 05:21:10 Software Distribution Service 3.0
01-08-2013 05:34:30 Removed Adobe Reader X (10.1.7).
01-08-2013 05:49:03 Software Distribution Service 3.0
04-08-2013 23:56:35 System Checkpoint
06-08-2013 22:11:42 System Checkpoint
09-08-2013 07:58:33 Restore Operation
09-08-2013 08:03:12 Restore Operation
15-08-2013 02:46:14 Restore Operation
15-08-2013 02:51:54 Restore Operation
15-08-2013 02:56:52 Restore Operation
15-08-2013 03:01:01 Restore Operation
15-08-2013 03:05:40 Restore Operation
20-08-2013 08:21:49 System Checkpoint
20-08-2013 10:01:36 Update to an unsigned driver
27-08-2013 08:10:39 System Checkpoint
30-08-2013 07:49:02 System Checkpoint
02-09-2013 02:11:11 System Checkpoint
02-09-2013 08:59:37 Removed HP Officejet Pro 8600 Basic Device Software
03-09-2013 22:47:46 System Checkpoint
03-09-2013 23:57:32 Installed Creative MediaSource DVD-Audio Player
04-09-2013 00:00:10 Installed WaveStudio 7
04-09-2013 00:40:21 Removed Nero 7 Essentials
04-09-2013 01:05:42 Installed Nero 7 Essentials
05-09-2013 04:47:48 System Checkpoint
05-09-2013 05:59:05 Software Distribution Service 3.0
14-09-2013 02:41:55 System Checkpoint
16-09-2013 23:47:28 Software Distribution Service 3.0
18-09-2013 15:57:34 System Checkpoint
19-09-2013 21:00:30 System Checkpoint
21-09-2013 08:47:21 Installed Microsoft Fix it 50191
23-09-2013 08:34:58 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 22:00 - 2013-09-17 10:19 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-25 10:58 - 2008-04-14 10:12 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbem\wbemcons.dll
2012-04-23 19:53 - 2003-06-18 17:31 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
2013-08-01 11:46 - 2008-07-06 22:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2012-04-27 19:09 - 2012-04-27 19:09 - 00018784 _____ () C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
2012-07-26 01:53 - 2012-07-26 01:53 - 00020496 ____N () C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OE\TMAS_OEHook.dll
2010-03-18 19:17 - 2010-03-18 19:17 - 00131072 _____ (Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL
2010-03-18 19:17 - 2010-03-18 19:17 - 00047104 _____ (Creative Technology Ltd) C:\WINDOWS\system32\ctspkhlp.dll
2010-03-18 19:17 - 2010-03-18 19:17 - 00330752 _____ (Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTDC0001.DLL
2010-03-18 19:03 - 2010-03-18 19:03 - 00069632 _____ (Creative Technology Ltd) C:\WINDOWS\SYSTEM32\ctosuser.dll
2010-03-18 19:04 - 2010-03-18 19:04 - 00049152 _____ (Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTDPROXY.DLL
2010-03-18 19:17 - 2010-03-18 19:17 - 00010240 _____ (Creative Technology Ltd) C:\WINDOWS\CTDCRES.DLL
2010-03-18 19:03 - 2010-03-18 19:03 - 00064512 _____ (Creative Technology Ltd) C:\WINDOWS\SYSTEM32\PIAPROXY.DLL
2012-02-20 21:28 - 2012-02-20 21:28 - 00053608 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-02 13:55 - 2013-02-01 03:35 - 00719256 _____ () C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\WLMailApiCore.dll
2008-05-14 09:34 - 2008-05-14 09:34 - 03077416 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll
2008-01-22 11:13 - 2008-01-22 11:13 - 00059176 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll
2008-01-22 11:13 - 2008-01-22 11:13 - 00020264 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll
2008-01-22 11:13 - 2008-01-22 11:13 - 02721064 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll
2007-11-06 19:00 - 2007-11-06 19:00 - 00385024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi.dll
2012-04-27 18:33 - 2012-04-27 18:33 - 00435552 _____ () C:\Program Files\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2008-01-22 11:13 - 2008-01-22 11:13 - 00054056 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll
2008-01-22 11:12 - 2008-01-22 11:12 - 00742696 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll
2008-01-22 11:14 - 2008-01-22 11:14 - 00320808 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll
2008-01-22 11:13 - 2008-01-22 11:13 - 00541992 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll
2008-01-22 11:13 - 2008-01-22 11:13 - 00107816 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll
2008-01-22 11:13 - 2008-01-22 11:13 - 00181544 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll
2008-01-22 11:13 - 2008-01-22 11:13 - 00181544 _____ (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll
2013-09-20 07:14 - 2013-09-20 07:15 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3F30E778
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:69E87FA2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:838D4792
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DEDD192D

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\74208891.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\74208891.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2013 08:53:50 AM) (Source: Application Error) (User: )
Description: Faulting application msimn.exe, version 6.0.2900.5512, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x00008aa0.
Processing media-specific event for [msimn.exe!ws!]

Error: (09/05/2013 04:20:28 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/04/2013 11:45:42 AM) (Source: Application Error) (User: )
Description: Faulting application nmindexstoresvr.exe, version 2.0.17.0, faulting module neroipp.dll, version 4.11.3.7, fault address 0x00070e1e.
Processing media-specific event for [nmindexstoresvr.exe!ws!]

Error: (09/04/2013 10:37:57 AM) (Source: MsiInstaller) (User: DANNYCOM1)
Description: Product: Nero 7 Essentials -- Error 2228.Database: . Unknown table 'ComponentCT' in SQL query: SELECT Component.Component, Component.ComponentId, Component.Directory_, Component.Attributes, Component.Condition, Component.KeyPath, ComponentCT.Misc, ComponentCT.OrigName, File.File, File.FileName, File.FileSize, File.Version, File.Language, File.Attributes, File.Sequence, FileCT.MD5  FROM Component, ComponentCT, File, FileCT WHERE( (Component.Component = File.Component_) AND (Component.Component = ComponentCT.Component) AND (File.File = FileCT.File)) ORDER BY Component.Component.

Error: (08/30/2013 05:06:16 PM) (Source: Application Error) (User: )
Description: Faulting application trueimage.exe, version 15.0.0.7119, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [trueimage.exe!ws!]

Error: (08/05/2013 08:41:59 AM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/05/2013 08:39:17 AM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/20/2013 08:35:41 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
nvraid

Error: (09/17/2013 09:28:35 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (09/12/2013 02:25:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/12/2013 02:25:29 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
AmdPPM
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
tmactmon
tmcomm
tmeext
tmevtmgr
tmtdi

Error: (09/12/2013 02:25:29 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (09/12/2013 02:25:29 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (09/12/2013 02:25:29 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (09/12/2013 02:25:29 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (09/12/2013 02:25:29 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (09/12/2013 02:25:29 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (09/14/2013 08:53:50 AM) (Source: Application Error)(User: )
Description: msimn.exe6.0.2900.5512msvcr80.dll8.0.50727.619500008aa0

Error: (09/05/2013 04:20:28 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/04/2013 11:45:42 AM) (Source: Application Error)(User: )
Description: nmindexstoresvr.exe2.0.17.0neroipp.dll4.11.3.700070e1e

Error: (09/04/2013 10:37:57 AM) (Source: MsiInstaller)(User: DANNYCOM1)
Description: Product: Nero 7 Essentials -- Error 2228.Database: . Unknown table 'ComponentCT' in SQL query: SELECT Component.Component, Component.ComponentId, Component.Directory_, Component.Attributes, Component.Condition, Component.KeyPath, ComponentCT.Misc, ComponentCT.OrigName, File.File, File.FileName, File.FileSize, File.Version, File.Language, File.Attributes, File.Sequence, FileCT.MD5  FROM Component, ComponentCT, File, FileCT WHERE( (Component.Component = File.Component_) AND (Component.Component = ComponentCT.Component) AND (File.File = FileCT.File)) ORDER BY Component.Component.(NULL)(NULL)(NULL)

Error: (08/30/2013 05:06:16 PM) (Source: Application Error)(User: )
Description: trueimage.exe15.0.0.7119ntdll.dll5.1.2600.60550000100b

Error: (08/05/2013 08:41:59 AM) (Source: Application Hang)(User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (08/05/2013 08:39:17 AM) (Source: Application Hang)(User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 3071.48 MB
Available physical RAM: 2271.85 MB
Total Pagefile: 4955.73 MB
Available Pagefile: 4359.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:394.78 GB) (Free:323.05 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (BackUp Drive) (Fixed) (Total:465.76 GB) (Free:397.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 5592F681)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 3F80BDD6)
Partition 1: (Active) - (Size=395 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=71 GB) - (Type=05)

==================== End Of Log ============================

 

RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Danny [Admin rights]
Mode : Remove -- Date : 09/17/2013 10:22:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[41] : NtCreateKey @ 0x8061AF8C -> HOOKED (Unknown @ 0x89EA56D4)
[Address] SSDT[43] : NtCreateMutant @ 0x8060E4BA -> HOOKED (Unknown @ 0x8A5797D4)
[Address] SSDT[47] : NtCreateProcess @ 0x805C76A6 -> HOOKED (Unknown @ 0x89EB56D4)
[Address] SSDT[48] : NtCreateProcessEx @ 0x805C75F0 -> HOOKED (Unknown @ 0x89EB46D4)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805B97FE -> HOOKED (Unknown @ 0x8A374254)
[Address] SSDT[53] : NtCreateThread @ 0x805C748E -> HOOKED (Unknown @ 0x896A57E4)
[Address] SSDT[63] : NtDeleteKey @ 0x8061B428 -> HOOKED (Unknown @ 0x89E996D4)
[Address] SSDT[65] : NtDeleteValueKey @ 0x8061B5F8 -> HOOKED (Unknown @ 0x896947E4)
[Address] SSDT[68] : NtDuplicateObject @ 0x805B3AB8 -> HOOKED (Unknown @ 0x89697664)
[Address] SSDT[97] : NtLoadDriver @ 0x80579794 -> HOOKED (Unknown @ 0x89623A8C)
[Address] SSDT[122] : NtOpenProcess @ 0x805C1512 -> HOOKED (Unknown @ 0x89EA96D4)
[Address] SSDT[125] : NtOpenSection @ 0x8059F962 -> HOOKED (Unknown @ 0x896997E4)
[Address] SSDT[128] : NtOpenThread @ 0x805C179E -> HOOKED (Unknown @ 0x89EA86D4)
[Address] SSDT[192] : NtRenameKey @ 0x8061A9AE -> HOOKED (Unknown @ 0x89691734)
[Address] SSDT[204] : NtRestoreKey @ 0x8061C96C -> HOOKED (Unknown @ 0x895F9B84)
[Address] SSDT[240] : NtSetSystemInformation @ 0x80606B80 -> HOOKED (Unknown @ 0x895D95FC)
[Address] SSDT[247] : NtSetValueKey @ 0x806194FE -> HOOKED (Unknown @ 0x8A3856B4)
[Address] SSDT[257] : NtTerminateProcess @ 0x805C879A -> HOOKED (Unknown @ 0x89EA76D4)
[Address] SSDT[258] : NtTerminateThread @ 0x805C8994 -> HOOKED (Unknown @ 0x8A39F10C)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805A9A7A -> HOOKED (Unknown @ 0x895F8414)
[Address] Shadow SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x8927C874)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8950320C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] 90c4eaf7533e1d5461a5d56fef6ce734
[BSP] f4175dd88495b1790bd8f8bbdb0d1d69 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST500DM002-1BD142 +++++
--- User ---
[MBR] 080cfebd2e7317651eb3593a8410a4b9
[BSP] e68ab30ace4f195b507f8a8e99868d33 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 404249 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 827904000 | Size: 72688 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_09172013_102259.txt >>
RKreport[0]_H_09172013_101957.txt;RKreport[0]_S_09172013_101501.txt

 

 

 

RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Danny [Admin rights]
Mode : HOSTSFix -- Date : 09/17/2013 10:19:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1    localhost


Finished : << RKreport[0]_H_09172013_101957.txt >>
RKreport[0]_S_09172013_101501.txt


 

RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Danny [Admin rights]
Mode : Scan -- Date : 09/17/2013 10:25:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[41] : NtCreateKey @ 0x8061AF8C -> HOOKED (Unknown @ 0x89EA56D4)
[Address] SSDT[43] : NtCreateMutant @ 0x8060E4BA -> HOOKED (Unknown @ 0x8A5797D4)
[Address] SSDT[47] : NtCreateProcess @ 0x805C76A6 -> HOOKED (Unknown @ 0x89EB56D4)
[Address] SSDT[48] : NtCreateProcessEx @ 0x805C75F0 -> HOOKED (Unknown @ 0x89EB46D4)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805B97FE -> HOOKED (Unknown @ 0x8A374254)
[Address] SSDT[53] : NtCreateThread @ 0x805C748E -> HOOKED (Unknown @ 0x896A57E4)
[Address] SSDT[63] : NtDeleteKey @ 0x8061B428 -> HOOKED (Unknown @ 0x89E996D4)
[Address] SSDT[65] : NtDeleteValueKey @ 0x8061B5F8 -> HOOKED (Unknown @ 0x896947E4)
[Address] SSDT[68] : NtDuplicateObject @ 0x805B3AB8 -> HOOKED (Unknown @ 0x89697664)
[Address] SSDT[97] : NtLoadDriver @ 0x80579794 -> HOOKED (Unknown @ 0x89623A8C)
[Address] SSDT[122] : NtOpenProcess @ 0x805C1512 -> HOOKED (Unknown @ 0x89EA96D4)
[Address] SSDT[125] : NtOpenSection @ 0x8059F962 -> HOOKED (Unknown @ 0x896997E4)
[Address] SSDT[128] : NtOpenThread @ 0x805C179E -> HOOKED (Unknown @ 0x89EA86D4)
[Address] SSDT[192] : NtRenameKey @ 0x8061A9AE -> HOOKED (Unknown @ 0x89691734)
[Address] SSDT[204] : NtRestoreKey @ 0x8061C96C -> HOOKED (Unknown @ 0x895F9B84)
[Address] SSDT[240] : NtSetSystemInformation @ 0x80606B80 -> HOOKED (Unknown @ 0x895D95FC)
[Address] SSDT[247] : NtSetValueKey @ 0x806194FE -> HOOKED (Unknown @ 0x8A3856B4)
[Address] SSDT[257] : NtTerminateProcess @ 0x805C879A -> HOOKED (Unknown @ 0x89EA76D4)
[Address] SSDT[258] : NtTerminateThread @ 0x805C8994 -> HOOKED (Unknown @ 0x8A39F10C)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805A9A7A -> HOOKED (Unknown @ 0x895F8414)
[Address] Shadow SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x8927C874)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8950320C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] 90c4eaf7533e1d5461a5d56fef6ce734
[BSP] f4175dd88495b1790bd8f8bbdb0d1d69 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST500DM002-1BD142 +++++
--- User ---
[MBR] 080cfebd2e7317651eb3593a8410a4b9
[BSP] e68ab30ace4f195b507f8a8e99868d33 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 404249 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 827904000 | Size: 72688 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09172013_102545.txt >>
RKreport[0]_D_09172013_102259.txt;RKreport[0]_H_09172013_101957.txt;RKreport[0]_S_09172013_101501.txt



 

RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Danny [Admin rights]
Mode : Remove -- Date : 09/17/2013 10:27:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[41] : NtCreateKey @ 0x8061AF8C -> HOOKED (Unknown @ 0x89EA56D4)
[Address] SSDT[43] : NtCreateMutant @ 0x8060E4BA -> HOOKED (Unknown @ 0x8A5797D4)
[Address] SSDT[47] : NtCreateProcess @ 0x805C76A6 -> HOOKED (Unknown @ 0x89EB56D4)
[Address] SSDT[48] : NtCreateProcessEx @ 0x805C75F0 -> HOOKED (Unknown @ 0x89EB46D4)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805B97FE -> HOOKED (Unknown @ 0x8A374254)
[Address] SSDT[53] : NtCreateThread @ 0x805C748E -> HOOKED (Unknown @ 0x896A57E4)
[Address] SSDT[63] : NtDeleteKey @ 0x8061B428 -> HOOKED (Unknown @ 0x89E996D4)
[Address] SSDT[65] : NtDeleteValueKey @ 0x8061B5F8 -> HOOKED (Unknown @ 0x896947E4)
[Address] SSDT[68] : NtDuplicateObject @ 0x805B3AB8 -> HOOKED (Unknown @ 0x89697664)
[Address] SSDT[97] : NtLoadDriver @ 0x80579794 -> HOOKED (Unknown @ 0x89623A8C)
[Address] SSDT[122] : NtOpenProcess @ 0x805C1512 -> HOOKED (Unknown @ 0x89EA96D4)
[Address] SSDT[125] : NtOpenSection @ 0x8059F962 -> HOOKED (Unknown @ 0x896997E4)
[Address] SSDT[128] : NtOpenThread @ 0x805C179E -> HOOKED (Unknown @ 0x89EA86D4)
[Address] SSDT[192] : NtRenameKey @ 0x8061A9AE -> HOOKED (Unknown @ 0x89691734)
[Address] SSDT[204] : NtRestoreKey @ 0x8061C96C -> HOOKED (Unknown @ 0x895F9B84)
[Address] SSDT[240] : NtSetSystemInformation @ 0x80606B80 -> HOOKED (Unknown @ 0x895D95FC)
[Address] SSDT[247] : NtSetValueKey @ 0x806194FE -> HOOKED (Unknown @ 0x8A3856B4)
[Address] SSDT[257] : NtTerminateProcess @ 0x805C879A -> HOOKED (Unknown @ 0x89EA76D4)
[Address] SSDT[258] : NtTerminateThread @ 0x805C8994 -> HOOKED (Unknown @ 0x8A39F10C)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805A9A7A -> HOOKED (Unknown @ 0x895F8414)
[Address] Shadow SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x8927C874)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8950320C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] 90c4eaf7533e1d5461a5d56fef6ce734
[BSP] f4175dd88495b1790bd8f8bbdb0d1d69 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST500DM002-1BD142 +++++
--- User ---
[MBR] 080cfebd2e7317651eb3593a8410a4b9
[BSP] e68ab30ace4f195b507f8a8e99868d33 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 404249 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 827904000 | Size: 72688 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_09172013_102730.txt >>
RKreport[0]_D_09172013_102259.txt;RKreport[0]_H_09172013_101957.txt;RKreport[0]_S_09172013_101501.txt
RKreport[0]_S_09172013_102545.txt


 

RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Danny [Admin rights]
Mode : Scan -- Date : 09/17/2013 10:15:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[41] : NtCreateKey @ 0x8061AF8C -> HOOKED (Unknown @ 0x89EA56D4)
[Address] SSDT[43] : NtCreateMutant @ 0x8060E4BA -> HOOKED (Unknown @ 0x8A5797D4)
[Address] SSDT[47] : NtCreateProcess @ 0x805C76A6 -> HOOKED (Unknown @ 0x89EB56D4)
[Address] SSDT[48] : NtCreateProcessEx @ 0x805C75F0 -> HOOKED (Unknown @ 0x89EB46D4)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805B97FE -> HOOKED (Unknown @ 0x8A374254)
[Address] SSDT[53] : NtCreateThread @ 0x805C748E -> HOOKED (Unknown @ 0x896A57E4)
[Address] SSDT[63] : NtDeleteKey @ 0x8061B428 -> HOOKED (Unknown @ 0x89E996D4)
[Address] SSDT[65] : NtDeleteValueKey @ 0x8061B5F8 -> HOOKED (Unknown @ 0x896947E4)
[Address] SSDT[68] : NtDuplicateObject @ 0x805B3AB8 -> HOOKED (Unknown @ 0x89697664)
[Address] SSDT[97] : NtLoadDriver @ 0x80579794 -> HOOKED (Unknown @ 0x89623A8C)
[Address] SSDT[122] : NtOpenProcess @ 0x805C1512 -> HOOKED (Unknown @ 0x89EA96D4)
[Address] SSDT[125] : NtOpenSection @ 0x8059F962 -> HOOKED (Unknown @ 0x896997E4)
[Address] SSDT[128] : NtOpenThread @ 0x805C179E -> HOOKED (Unknown @ 0x89EA86D4)
[Address] SSDT[192] : NtRenameKey @ 0x8061A9AE -> HOOKED (Unknown @ 0x89691734)
[Address] SSDT[204] : NtRestoreKey @ 0x8061C96C -> HOOKED (Unknown @ 0x895F9B84)
[Address] SSDT[240] : NtSetSystemInformation @ 0x80606B80 -> HOOKED (Unknown @ 0x895D95FC)
[Address] SSDT[247] : NtSetValueKey @ 0x806194FE -> HOOKED (Unknown @ 0x8A3856B4)
[Address] SSDT[257] : NtTerminateProcess @ 0x805C879A -> HOOKED (Unknown @ 0x89EA76D4)
[Address] SSDT[258] : NtTerminateThread @ 0x805C8994 -> HOOKED (Unknown @ 0x8A39F10C)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805A9A7A -> HOOKED (Unknown @ 0x895F8414)
[Address] Shadow SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x8927C874)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8950320C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] 90c4eaf7533e1d5461a5d56fef6ce734
[BSP] f4175dd88495b1790bd8f8bbdb0d1d69 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST500DM002-1BD142 +++++
--- User ---
[MBR] 080cfebd2e7317651eb3593a8410a4b9
[BSP] e68ab30ace4f195b507f8a8e99868d33 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 404249 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 827904000 | Size: 72688 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09172013_101501.txt >>



 

Sorry if I have got this wrong, And again Thank You for your time.

Dan.


 

 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 AM

Posted 26 September 2013 - 06:30 AM

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 dan47

dan47
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 26 September 2013 - 06:37 PM

Hello Marius, Here are the files as requested:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-27 07:02:21
-----------------------------
07:02:21.000    OS Version: Windows 5.1.2600 Service Pack 3
07:02:21.000    Number of processors: 1 586 0xF00
07:02:21.000    ComputerName: DANNYCOM1  UserName: Danny
07:02:21.578    Initialize success
07:10:18.328    AVAST engine defs: 13092601
07:15:06.500    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-19
07:15:06.500    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476938MB BusType: 3
07:15:06.500    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-26
07:15:06.500    Disk 1 Vendor: ST500DM002-1BC142 JC4B Size: 476938MB BusType: 3
07:15:06.625    Disk 1 MBR read successfully
07:15:06.625    Disk 1 MBR scan
07:15:06.625    Disk 1 unknown MBR code
07:15:06.625    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       404249 MB offset 63
07:15:06.625    Disk 1 Partition - 00     05     Extended             72688 MB offset 827904000
07:15:06.656    Disk 1 Partition 2 00     83        Linux             71152 MB offset 827906048
07:15:06.656    Disk 1 Partition - 00     05     Extended              1535 MB offset 973625344
07:15:06.671    Disk 1 scanning sectors +976771055
07:15:06.703    Disk 1 scanning C:\WINDOWS\system32\drivers
07:15:18.156    Service scanning
07:15:35.281    Modules scanning
07:15:39.250    Disk 1 trace - called modules:
07:15:39.281    ntkrnlpa.exe fltsrv.sys hal.dll tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
07:15:39.281    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ab46ab8]
07:15:39.281    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8ac339c8]
07:15:39.281    5 vsflt67.sys[b9f604bb] -> nt!IofCallDriver -> \Device\0000008a[0x8ac98258]
07:15:39.281    7 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-26[0x8ab48940]
07:15:48.125    AVAST engine scan C:\
09:19:49.218    Scan finished successfully
09:21:31.140    Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Danny\Desktop\MBR.dat"
09:21:31.140    The log file has been saved successfully to "C:\Documents and Settings\Danny\Desktop\aswMBR.txt"

 

09:24:01.0406 4696  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:24:02.0765 4696  ============================================================
09:24:02.0765 4696  Current date / time: 2013/09/27 09:24:02.0765
09:24:02.0765 4696  SystemInfo:
09:24:02.0765 4696  
09:24:02.0765 4696  OS Version: 5.1.2600 ServicePack: 3.0
09:24:02.0765 4696  Product type: Workstation
09:24:02.0765 4696  ComputerName: DANNYCOM1
09:24:02.0765 4696  UserName: Danny
09:24:02.0765 4696  Windows directory: C:\WINDOWS
09:24:02.0765 4696  System windows directory: C:\WINDOWS
09:24:02.0765 4696  Processor architecture: Intel x86
09:24:02.0765 4696  Number of processors: 1
09:24:02.0765 4696  Page size: 0x1000
09:24:02.0765 4696  Boot type: Normal boot
09:24:02.0765 4696  ============================================================
09:24:03.0968 4696  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:24:03.0984 4696  Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:24:04.0046 4696  ============================================================
09:24:04.0046 4696  \Device\Harddisk0\DR0:
09:24:04.0046 4696  MBR partitions:
09:24:04.0046 4696  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:24:04.0046 4696  \Device\Harddisk1\DR1:
09:24:04.0062 4696  MBR partitions:
09:24:04.0062 4696  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3158CFC1
09:24:04.0093 4696  ============================================================
09:24:04.0140 4696  C: <-> \Device\Harddisk1\DR1\Partition1
09:24:04.0156 4696  G: <-> \Device\Harddisk0\DR0\Partition1
09:24:04.0156 4696  ============================================================
09:24:04.0156 4696  Initialize success
09:24:04.0156 4696  ============================================================
09:25:06.0906 3236  ============================================================
09:25:06.0906 3236  Scan started
09:25:06.0906 3236  Mode: Manual;
09:25:06.0906 3236  ============================================================
09:25:08.0234 3236  ================ Scan system memory ========================
09:25:08.0234 3236  System memory - ok
09:25:08.0234 3236  ================ Scan services =============================
09:25:08.0359 3236  Abiosdsk - ok
09:25:08.0375 3236  abp480n5 - ok
09:25:08.0421 3236  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:25:08.0421 3236  ACPI - ok
09:25:08.0468 3236  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
09:25:08.0468 3236  ACPIEC - ok
09:25:08.0578 3236  [ B0406CA173F5DDCBFA713AE83B181BBC ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
09:25:08.0593 3236  AcrSch2Svc - ok
09:25:08.0687 3236  [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:25:08.0687 3236  AdobeFlashPlayerUpdateSvc - ok
09:25:08.0703 3236  adpu160m - ok
09:25:08.0765 3236  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
09:25:08.0765 3236  aec - ok
09:25:08.0828 3236  [ 158ED54CE49CF828C1E46A811FFF8804 ] afcdp           C:\WINDOWS\system32\DRIVERS\afcdp.sys
09:25:08.0828 3236  afcdp - ok
09:25:08.0906 3236  [ 5555E5CE43DE53FE4C2F19A1163C49A0 ] afcdpsrv        C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
09:25:08.0968 3236  afcdpsrv - ok
09:25:09.0015 3236  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
09:25:09.0015 3236  AFD - ok
09:25:09.0031 3236  Aha154x - ok
09:25:09.0031 3236  aic78u2 - ok
09:25:09.0046 3236  aic78xx - ok
09:25:09.0156 3236  [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:25:09.0234 3236  ALCXWDM - ok
09:25:09.0265 3236  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
09:25:09.0265 3236  Alerter - ok
09:25:09.0312 3236  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
09:25:09.0312 3236  ALG - ok
09:25:09.0328 3236  AliIde - ok
09:25:09.0359 3236  [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
09:25:09.0375 3236  AmdPPM - ok
09:25:09.0375 3236  amsint - ok
09:25:09.0453 3236  [ F52603B708438E39FF38475807A01CBC ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
09:25:09.0468 3236  Amsp - ok
09:25:09.0546 3236  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:25:09.0546 3236  Apple Mobile Device - ok
09:25:09.0593 3236  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
09:25:09.0593 3236  AppMgmt - ok
09:25:09.0625 3236  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:25:09.0625 3236  Arp1394 - ok
09:25:09.0640 3236  asc - ok
09:25:09.0640 3236  asc3350p - ok
09:25:09.0656 3236  asc3550 - ok
09:25:09.0750 3236  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:25:09.0750 3236  aspnet_state - ok
09:25:09.0765 3236  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:25:09.0765 3236  AsyncMac - ok
09:25:09.0796 3236  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
09:25:09.0796 3236  atapi - ok
09:25:09.0796 3236  Atdisk - ok
09:25:09.0828 3236  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:25:09.0828 3236  Atmarpc - ok
09:25:09.0843 3236  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:25:09.0843 3236  AudioSrv - ok
09:25:09.0890 3236  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
09:25:09.0906 3236  audstub - ok
09:25:09.0921 3236  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:25:09.0921 3236  Beep - ok
09:25:09.0953 3236  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
09:25:09.0968 3236  BITS - ok
09:25:10.0031 3236  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:25:10.0031 3236  Bonjour Service - ok
09:25:10.0078 3236  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
09:25:10.0078 3236  Browser - ok
09:25:10.0093 3236  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
09:25:10.0093 3236  cbidf2k - ok
09:25:10.0109 3236  cd20xrnt - ok
09:25:10.0125 3236  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
09:25:10.0125 3236  Cdaudio - ok
09:25:10.0156 3236  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
09:25:10.0156 3236  Cdfs - ok
09:25:10.0187 3236  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:25:10.0187 3236  Cdrom - ok
09:25:10.0203 3236  Changer - ok
09:25:10.0234 3236  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
09:25:10.0234 3236  CiSvc - ok
09:25:10.0265 3236  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
09:25:10.0265 3236  ClipSrv - ok
09:25:10.0265 3236  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:25:10.0265 3236  clr_optimization_v2.0.50727_32 - ok
09:25:10.0343 3236  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:25:10.0343 3236  clr_optimization_v4.0.30319_32 - ok
09:25:10.0359 3236  CmdIde - ok
09:25:10.0390 3236  [ EF44C32B1AEF62380426B260BF2C66F1 ] COMMONFX        C:\WINDOWS\system32\drivers\COMMONFX.SYS
09:25:10.0390 3236  COMMONFX - ok
09:25:10.0406 3236  COMMONFX.DLL - ok
09:25:10.0421 3236  [ EF44C32B1AEF62380426B260BF2C66F1 ] COMMONFX.SYS    C:\WINDOWS\System32\drivers\COMMONFX.SYS
09:25:10.0421 3236  COMMONFX.SYS - ok
09:25:10.0421 3236  COMSysApp - ok
09:25:10.0437 3236  Cpqarray - ok
09:25:10.0468 3236  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
09:25:10.0468 3236  Creative Audio Engine Licensing Service - ok
09:25:10.0500 3236  [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
09:25:10.0500 3236  Creative Service for CDROM Access - ok
09:25:10.0515 3236  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
09:25:10.0515 3236  CryptSvc - ok
09:25:10.0531 3236  CT20XUT.DLL - ok
09:25:10.0562 3236  [ 357C534B38019B597F51C8BF7186C118 ] ctac32k         C:\WINDOWS\system32\drivers\ctac32k.sys
09:25:10.0562 3236  ctac32k - ok
09:25:10.0593 3236  [ 691F8259A1F9C983356D8DB2CDE8043C ] ctaud2k         C:\WINDOWS\system32\drivers\ctaud2k.sys
09:25:10.0609 3236  ctaud2k - ok
09:25:10.0640 3236  [ 7FC78AA6521EF3D9F16E51EFAB0BF13B ] CTAUDFX         C:\WINDOWS\system32\drivers\CTAUDFX.SYS
09:25:10.0656 3236  CTAUDFX - ok
09:25:10.0656 3236  CTAUDFX.DLL - ok
09:25:10.0687 3236  [ 7FC78AA6521EF3D9F16E51EFAB0BF13B ] CTAUDFX.SYS     C:\WINDOWS\System32\drivers\CTAUDFX.SYS
09:25:10.0687 3236  CTAUDFX.SYS - ok
09:25:10.0765 3236  [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
09:25:10.0765 3236  CTAudSvcService - ok
09:25:10.0812 3236  [ 8545D70B0335A05498F34E7E3F8CA9A2 ] ctdvda2k        C:\WINDOWS\system32\drivers\ctdvda2k.sys
09:25:10.0812 3236  ctdvda2k - ok
09:25:10.0828 3236  CTEAPSFX.DLL - ok
09:25:10.0828 3236  CTEDSPFX.DLL - ok
09:25:10.0843 3236  CTEDSPIO.DLL - ok
09:25:10.0843 3236  CTEDSPSY.DLL - ok
09:25:10.0875 3236  [ 16F448354067914E7DEAEA709011BD60 ] CTERFXFX        C:\WINDOWS\system32\drivers\CTERFXFX.SYS
09:25:10.0875 3236  CTERFXFX - ok
09:25:10.0875 3236  CTERFXFX.DLL - ok
09:25:10.0890 3236  [ 16F448354067914E7DEAEA709011BD60 ] CTERFXFX.SYS    C:\WINDOWS\System32\drivers\CTERFXFX.SYS
09:25:10.0890 3236  CTERFXFX.SYS - ok
09:25:10.0906 3236  CTEXFIFX.DLL - ok
09:25:10.0921 3236  CTHWIUT.DLL - ok
09:25:10.0937 3236  [ 4D71541283AEA28FB839007BE90B5FC7 ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
09:25:10.0937 3236  ctprxy2k - ok
09:25:10.0968 3236  [ 64C83684661BE137023F5186A612CF34 ] CTSBLFX         C:\WINDOWS\system32\drivers\CTSBLFX.SYS
09:25:10.0968 3236  CTSBLFX - ok
09:25:10.0984 3236  CTSBLFX.DLL - ok
09:25:11.0000 3236  [ 64C83684661BE137023F5186A612CF34 ] CTSBLFX.SYS     C:\WINDOWS\System32\drivers\CTSBLFX.SYS
09:25:11.0000 3236  CTSBLFX.SYS - ok
09:25:11.0031 3236  [ 632194572EBDE8D461728CF382A7E964 ] ctsfm2k         C:\WINDOWS\system32\drivers\ctsfm2k.sys
09:25:11.0031 3236  ctsfm2k - ok
09:25:11.0046 3236  dac2w2k - ok
09:25:11.0062 3236  dac960nt - ok
09:25:11.0093 3236  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:25:11.0109 3236  DcomLaunch - ok
09:25:11.0156 3236  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
09:25:11.0156 3236  Dhcp - ok
09:25:11.0171 3236  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
09:25:11.0171 3236  Disk - ok
09:25:11.0187 3236  dmadmin - ok
09:25:11.0218 3236  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
09:25:11.0234 3236  dmboot - ok
09:25:11.0250 3236  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
09:25:11.0250 3236  dmio - ok
09:25:11.0265 3236  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
09:25:11.0265 3236  dmload - ok
09:25:11.0281 3236  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
09:25:11.0281 3236  dmserver - ok
09:25:11.0312 3236  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
09:25:11.0312 3236  DMusic - ok
09:25:11.0359 3236  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:25:11.0359 3236  Dnscache - ok
09:25:11.0375 3236  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
09:25:11.0375 3236  Dot3svc - ok
09:25:11.0390 3236  dpti2o - ok
09:25:11.0406 3236  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
09:25:11.0406 3236  drmkaud - ok
09:25:11.0421 3236  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
09:25:11.0421 3236  EapHost - ok
09:25:11.0437 3236  [ BACD9CC06D7A787E529E7EBF56B671AA ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
09:25:11.0453 3236  emupia - ok
09:25:11.0468 3236  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
09:25:11.0468 3236  ERSvc - ok
09:25:11.0500 3236  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
09:25:11.0500 3236  Eventlog - ok
09:25:11.0546 3236  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
09:25:11.0562 3236  EventSystem - ok
09:25:11.0578 3236  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
09:25:11.0578 3236  Fastfat - ok
09:25:11.0625 3236  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:25:11.0640 3236  FastUserSwitchingCompatibility - ok
09:25:11.0671 3236  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
09:25:11.0671 3236  Fdc - ok
09:25:11.0671 3236  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
09:25:11.0671 3236  Fips - ok
09:25:11.0687 3236  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:25:11.0687 3236  Flpydisk - ok
09:25:11.0734 3236  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
09:25:11.0734 3236  FltMgr - ok
09:25:11.0765 3236  [ 17119D86FB4A43A99BF5242DD3038394 ] fltsrv          C:\WINDOWS\system32\DRIVERS\fltsrv.sys
09:25:11.0765 3236  fltsrv - ok
09:25:11.0812 3236  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:25:11.0812 3236  FontCache3.0.0.0 - ok
09:25:11.0843 3236  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:25:11.0843 3236  Fs_Rec - ok
09:25:11.0859 3236  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:25:11.0859 3236  Ftdisk - ok
09:25:11.0875 3236  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:25:11.0875 3236  gameenum - ok
09:25:11.0906 3236  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:25:11.0906 3236  GEARAspiWDM - ok
09:25:11.0937 3236  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:25:11.0937 3236  Gpc - ok
09:25:11.0968 3236  [ 70606233F3ED0E53CB3EA17F846D6A4F ] ha10kx2k        C:\WINDOWS\system32\drivers\ha10kx2k.sys
09:25:11.0984 3236  ha10kx2k - ok
09:25:12.0015 3236  [ A0C69AD2A61E576B0207ACDD9626E167 ] hap16v2k        C:\WINDOWS\system32\drivers\hap16v2k.sys
09:25:12.0015 3236  hap16v2k - ok
09:25:12.0031 3236  [ 2EE89452C574D259ADA4FC9FC1C07243 ] hap17v2k        C:\WINDOWS\system32\drivers\hap17v2k.sys
09:25:12.0046 3236  hap17v2k - ok
09:25:12.0109 3236  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:25:12.0109 3236  helpsvc - ok
09:25:12.0140 3236  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
09:25:12.0140 3236  HidServ - ok
09:25:12.0171 3236  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:25:12.0171 3236  hidusb - ok
09:25:12.0203 3236  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
09:25:12.0203 3236  hkmsvc - ok
09:25:12.0203 3236  hpn - ok
09:25:12.0250 3236  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
09:25:12.0250 3236  HTTP - ok
09:25:12.0265 3236  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
09:25:12.0281 3236  HTTPFilter - ok
09:25:12.0281 3236  i2omgmt - ok
09:25:12.0296 3236  i2omp - ok
09:25:12.0328 3236  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:25:12.0328 3236  i8042prt - ok
09:25:12.0500 3236  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:25:12.0515 3236  idsvc - ok
09:25:12.0531 3236  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
09:25:12.0546 3236  Imapi - ok
09:25:12.0578 3236  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
09:25:12.0578 3236  ImapiService - ok
09:25:12.0593 3236  ini910u - ok
09:25:12.0609 3236  IntelIde - ok
09:25:12.0640 3236  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
09:25:12.0640 3236  Ip6Fw - ok
09:25:12.0671 3236  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:25:12.0671 3236  IpFilterDriver - ok
09:25:12.0687 3236  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:25:12.0687 3236  IpInIp - ok
09:25:12.0703 3236  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:25:12.0703 3236  IpNat - ok
09:25:12.0750 3236  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:25:12.0765 3236  iPod Service - ok
09:25:12.0796 3236  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:25:12.0796 3236  IPSec - ok
09:25:12.0812 3236  [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
09:25:12.0812 3236  irda - ok
09:25:12.0843 3236  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:25:12.0843 3236  IRENUM - ok
09:25:12.0859 3236  [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon           C:\WINDOWS\System32\irmon.dll
09:25:12.0859 3236  Irmon - ok
09:25:12.0890 3236  [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir           C:\WINDOWS\system32\DRIVERS\irsir.sys
09:25:12.0890 3236  irsir - ok
09:25:12.0921 3236  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:25:12.0921 3236  isapnp - ok
09:25:13.0000 3236  [ 4F4D4AA1E0849FECC0CF5AACD59030B5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
09:25:13.0000 3236  JavaQuickStarterService - ok
09:25:13.0031 3236  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:25:13.0031 3236  Kbdclass - ok
09:25:13.0046 3236  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:25:13.0046 3236  kbdhid - ok
09:25:13.0078 3236  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:25:13.0078 3236  kmixer - ok
09:25:13.0109 3236  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:25:13.0109 3236  KSecDD - ok
09:25:13.0140 3236  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
09:25:13.0140 3236  lanmanserver - ok
09:25:13.0156 3236  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:25:13.0171 3236  lanmanworkstation - ok
09:25:13.0171 3236  lbrtfdc - ok
09:25:13.0203 3236  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:25:13.0203 3236  LmHosts - ok
09:25:13.0234 3236  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
09:25:13.0234 3236  MBAMProtector - ok
09:25:13.0265 3236  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:25:13.0281 3236  MBAMScheduler - ok
09:25:13.0312 3236  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:25:13.0328 3236  MBAMService - ok
09:25:13.0359 3236  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
09:25:13.0359 3236  Messenger - ok
09:25:13.0390 3236  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
09:25:13.0390 3236  mnmdd - ok
09:25:13.0421 3236  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
09:25:13.0421 3236  mnmsrvc - ok
09:25:13.0453 3236  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
09:25:13.0453 3236  Modem - ok
09:25:13.0468 3236  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:25:13.0468 3236  Mouclass - ok
09:25:13.0484 3236  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:25:13.0484 3236  mouhid - ok
09:25:13.0531 3236  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:25:13.0531 3236  MountMgr - ok
09:25:13.0578 3236  [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:25:13.0593 3236  MozillaMaintenance - ok
09:25:13.0593 3236  mraid35x - ok
09:25:13.0609 3236  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:25:13.0609 3236  MRxDAV - ok
09:25:13.0640 3236  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:25:13.0640 3236  MRxSmb - ok
09:25:13.0671 3236  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
09:25:13.0671 3236  MSDTC - ok
09:25:13.0703 3236  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:25:13.0703 3236  Msfs - ok
09:25:13.0703 3236  MSIServer - ok
09:25:13.0734 3236  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:25:13.0734 3236  MSKSSRV - ok
09:25:13.0765 3236  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:25:13.0765 3236  MSPCLOCK - ok
09:25:13.0781 3236  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:25:13.0781 3236  MSPQM - ok
09:25:13.0796 3236  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:25:13.0796 3236  mssmbios - ok
09:25:13.0828 3236  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
09:25:13.0828 3236  Mup - ok
09:25:13.0875 3236  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
09:25:13.0875 3236  napagent - ok
09:25:13.0984 3236  [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
09:25:14.0000 3236  NBService - ok
09:25:14.0015 3236  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:25:14.0031 3236  NDIS - ok
09:25:14.0046 3236  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:25:14.0046 3236  NdisTapi - ok
09:25:14.0078 3236  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:25:14.0078 3236  Ndisuio - ok
09:25:14.0093 3236  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:25:14.0093 3236  NdisWan - ok
09:25:14.0125 3236  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:25:14.0125 3236  NDProxy - ok
09:25:14.0140 3236  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:25:14.0140 3236  NetBIOS - ok
09:25:14.0156 3236  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:25:14.0156 3236  NetBT - ok
09:25:14.0187 3236  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:25:14.0187 3236  NetDDE - ok
09:25:14.0203 3236  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:25:14.0203 3236  NetDDEdsdm - ok
09:25:14.0234 3236  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:25:14.0234 3236  Netlogon - ok
09:25:14.0265 3236  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
09:25:14.0265 3236  Netman - ok
09:25:14.0343 3236  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:25:14.0343 3236  NetTcpPortSharing - ok
09:25:14.0375 3236  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:25:14.0375 3236  NIC1394 - ok
09:25:14.0406 3236  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
09:25:14.0421 3236  Nla - ok
09:25:14.0468 3236  [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
09:25:14.0484 3236  NMIndexingService - ok
09:25:14.0531 3236  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:25:14.0531 3236  Npfs - ok
09:25:14.0562 3236  [ 1B619DDDE8BA58E8D6572A3F70ECFA9D ] npusbio         C:\WINDOWS\system32\Drivers\npusbio.sys
09:25:14.0562 3236  npusbio - ok
09:25:14.0593 3236  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:25:14.0593 3236  Ntfs - ok
09:25:14.0625 3236  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
09:25:14.0625 3236  NtLmSsp - ok
09:25:14.0671 3236  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
09:25:14.0671 3236  NtmsSvc - ok
09:25:14.0687 3236  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:25:14.0687 3236  Null - ok
09:25:14.0875 3236  [ 3712D332633B853101AB786380C969EC ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:25:14.0984 3236  nv - ok
09:25:15.0015 3236  [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:25:15.0031 3236  NVENETFD - ok
09:25:15.0078 3236  [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:25:15.0078 3236  nvnetbus - ok
09:25:15.0109 3236  [ B65CE56C36F573113FF2F6D0F07B7563 ] nvraid          C:\WINDOWS\system32\DRIVERS\nvraid4.sys
09:25:15.0125 3236  nvraid - ok
09:25:15.0156 3236  [ 357CDE6C24EB15888E810C6D2787C238 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
09:25:15.0156 3236  NVSvc - ok
09:25:15.0203 3236  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:25:15.0203 3236  NwlnkFlt - ok
09:25:15.0218 3236  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:25:15.0218 3236  NwlnkFwd - ok
09:25:15.0218 3236  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:25:15.0234 3236  ohci1394 - ok
09:25:15.0281 3236  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:25:15.0296 3236  ose - ok
09:25:15.0312 3236  [ AE896073E1BBF98FEFC2EC52F62C0FBA ] ossrv           C:\WINDOWS\system32\drivers\ctoss2k.sys
09:25:15.0312 3236  ossrv - ok
09:25:15.0343 3236  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
09:25:15.0343 3236  Parport - ok
09:25:15.0359 3236  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:25:15.0359 3236  PartMgr - ok
09:25:15.0406 3236  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:25:15.0406 3236  ParVdm - ok
09:25:15.0437 3236  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
09:25:15.0437 3236  PCI - ok
09:25:15.0437 3236  PCIDump - ok
09:25:15.0453 3236  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
09:25:15.0453 3236  PCIIde - ok
09:25:15.0484 3236  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
09:25:15.0484 3236  Pcmcia - ok
09:25:15.0500 3236  PDCOMP - ok
09:25:15.0515 3236  PDFRAME - ok
09:25:15.0515 3236  PDRELI - ok
09:25:15.0531 3236  PDRFRAME - ok
09:25:15.0546 3236  perc2 - ok
09:25:15.0546 3236  perc2hib - ok
09:25:15.0609 3236  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
09:25:15.0609 3236  PLFlash DeviceIoControl Service - ok
09:25:15.0625 3236  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
09:25:15.0625 3236  PlugPlay - ok
09:25:15.0640 3236  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
09:25:15.0640 3236  PolicyAgent - ok
09:25:15.0671 3236  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:25:15.0671 3236  PptpMiniport - ok
09:25:15.0687 3236  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
09:25:15.0687 3236  Processor - ok
09:25:15.0703 3236  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:25:15.0703 3236  ProtectedStorage - ok
09:25:15.0718 3236  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:25:15.0718 3236  PSched - ok
09:25:15.0750 3236  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:25:15.0750 3236  Ptilink - ok
09:25:15.0765 3236  ql1080 - ok
09:25:15.0781 3236  Ql10wnt - ok
09:25:15.0796 3236  ql12160 - ok
09:25:15.0796 3236  ql1240 - ok
09:25:15.0812 3236  ql1280 - ok
09:25:15.0828 3236  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:25:15.0828 3236  RasAcd - ok
09:25:15.0843 3236  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:25:15.0859 3236  RasAuto - ok
09:25:15.0875 3236  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:25:15.0875 3236  Rasirda - ok
09:25:15.0890 3236  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:25:15.0890 3236  Rasl2tp - ok
09:25:15.0921 3236  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:25:15.0921 3236  RasMan - ok
09:25:15.0937 3236  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:25:15.0937 3236  RasPppoe - ok
09:25:15.0953 3236  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:25:15.0953 3236  Raspti - ok
09:25:15.0968 3236  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:25:15.0984 3236  Rdbss - ok
09:25:16.0000 3236  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:25:16.0000 3236  RDPCDD - ok
09:25:16.0046 3236  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:25:16.0046 3236  rdpdr - ok
09:25:16.0093 3236  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:25:16.0093 3236  RDPWD - ok
09:25:16.0125 3236  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
09:25:16.0125 3236  RDSessMgr - ok
09:25:16.0140 3236  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
09:25:16.0156 3236  redbook - ok
09:25:16.0171 3236  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:25:16.0171 3236  RemoteAccess - ok
09:25:16.0187 3236  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
09:25:16.0187 3236  RemoteRegistry - ok
09:25:16.0203 3236  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
09:25:16.0203 3236  RpcLocator - ok
09:25:16.0250 3236  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
09:25:16.0250 3236  RpcSs - ok
09:25:16.0281 3236  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
09:25:16.0281 3236  RSVP - ok
09:25:16.0328 3236  [ C7BCF9808E2A1B4CABE16FF7FBCE5FAB ] RT73            C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
09:25:16.0343 3236  RT73 - ok
09:25:16.0359 3236  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
09:25:16.0359 3236  SamSs - ok
09:25:16.0375 3236  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:25:16.0375 3236  SCardSvr - ok
09:25:16.0421 3236  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:25:16.0421 3236  Schedule - ok
09:25:16.0437 3236  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:25:16.0437 3236  Secdrv - ok
09:25:16.0484 3236  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:25:16.0484 3236  seclogon - ok
09:25:16.0500 3236  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
09:25:16.0515 3236  SENS - ok
09:25:16.0531 3236  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
09:25:16.0531 3236  serenum - ok
09:25:16.0546 3236  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
09:25:16.0546 3236  Serial - ok
09:25:16.0578 3236  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
09:25:16.0578 3236  Sfloppy - ok
09:25:16.0609 3236  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:25:16.0609 3236  SharedAccess - ok
09:25:16.0640 3236  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:25:16.0640 3236  ShellHWDetection - ok
09:25:16.0656 3236  Simbad - ok
09:25:16.0718 3236  [ 1BC68A9A70F92D5EFFBF0700AE2D7432 ] snapman         C:\WINDOWS\system32\DRIVERS\snapman.sys
09:25:16.0718 3236  snapman - ok
09:25:16.0734 3236  Sparrow - ok
09:25:16.0781 3236  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:25:16.0781 3236  splitter - ok
09:25:16.0828 3236  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
09:25:16.0828 3236  Spooler - ok
09:25:16.0843 3236  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:25:16.0843 3236  sr - ok
09:25:16.0875 3236  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
09:25:16.0875 3236  srservice - ok
09:25:16.0906 3236  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:25:16.0906 3236  Srv - ok
09:25:16.0921 3236  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:25:16.0937 3236  SSDPSRV - ok
09:25:16.0968 3236  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
09:25:16.0968 3236  StillCam - ok
09:25:17.0000 3236  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:25:17.0015 3236  stisvc - ok
09:25:17.0046 3236  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:25:17.0046 3236  swenum - ok
09:25:17.0078 3236  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:25:17.0078 3236  swmidi - ok
09:25:17.0078 3236  SwPrv - ok
09:25:17.0093 3236  symc810 - ok
09:25:17.0109 3236  symc8xx - ok
09:25:17.0109 3236  sym_hi - ok
09:25:17.0125 3236  sym_u3 - ok
09:25:17.0265 3236  [ CAAEB44422474ED5C13D988AE7CA4A1C ] syncagentsrv    C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
09:25:17.0390 3236  syncagentsrv - ok
09:25:17.0406 3236  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:25:17.0406 3236  sysaudio - ok
09:25:17.0437 3236  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:25:17.0437 3236  SysmonLog - ok
09:25:17.0468 3236  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:25:17.0468 3236  TapiSrv - ok
09:25:17.0500 3236  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:25:17.0500 3236  Tcpip - ok
09:25:17.0531 3236  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:25:17.0531 3236  TDPIPE - ok
09:25:17.0578 3236  [ E04AB70501B2AD59DA3612C175AFD5D7 ] tdrpman         C:\WINDOWS\system32\DRIVERS\tdrpman.sys
09:25:17.0593 3236  tdrpman - ok
09:25:17.0625 3236  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
09:25:17.0625 3236  TDTCP - ok
09:25:17.0640 3236  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:25:17.0640 3236  TermDD - ok
09:25:17.0687 3236  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
09:25:17.0687 3236  TermService - ok
09:25:17.0718 3236  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:25:17.0718 3236  Themes - ok
09:25:17.0734 3236  [ 4E4BA74565E8300596025FDF8B271CD1 ] timounter       C:\WINDOWS\system32\DRIVERS\timntr.sys
09:25:17.0750 3236  timounter - ok
09:25:17.0765 3236  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
09:25:17.0781 3236  TlntSvr - ok
09:25:17.0796 3236  [ 883B3052721452E8667F5597AD2C5379 ] tmactmon        C:\WINDOWS\system32\DRIVERS\tmactmon.sys
09:25:17.0796 3236  tmactmon - ok
09:25:17.0843 3236  [ F33C3F08536F988AAC84D72D83B139A6 ] tmcomm          C:\WINDOWS\system32\DRIVERS\tmcomm.sys
09:25:17.0843 3236  tmcomm - ok
09:25:17.0859 3236  [ 21992E703051934DCFA6D1477B12FC41 ] TMEBC           C:\WINDOWS\system32\DRIVERS\TMEBC32.sys
09:25:17.0859 3236  TMEBC - ok
09:25:17.0906 3236  [ 7AC66D3A5BA87C6CD16B457A3786DF64 ] tmeext          C:\WINDOWS\system32\DRIVERS\tmeext.sys
09:25:17.0906 3236  tmeext - ok
09:25:17.0921 3236  [ 8FE7172FF137249BEA4EBC750EF90093 ] tmevtmgr        C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
09:25:17.0921 3236  tmevtmgr - ok
09:25:17.0968 3236  [ 0C40396F071A8092964C8DC951F62B17 ] tmnciesc        C:\WINDOWS\system32\DRIVERS\tmnciesc.sys
09:25:17.0968 3236  tmnciesc - ok
09:25:17.0984 3236  [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] tmtdi           C:\WINDOWS\system32\DRIVERS\tmtdi.sys
09:25:17.0984 3236  tmtdi - ok
09:25:18.0000 3236  TosIde - ok
09:25:18.0031 3236  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:25:18.0031 3236  TrkWks - ok
09:25:18.0046 3236  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:25:18.0046 3236  Udfs - ok
09:25:18.0062 3236  ultra - ok
09:25:18.0109 3236  [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
09:25:18.0109 3236  UMWdf - ok
09:25:18.0156 3236  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:25:18.0171 3236  Update - ok
09:25:18.0187 3236  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:25:18.0187 3236  upnphost - ok
09:25:18.0218 3236  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
09:25:18.0218 3236  UPS - ok
09:25:18.0250 3236  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:25:18.0250 3236  usbccgp - ok
09:25:18.0265 3236  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:25:18.0265 3236  usbehci - ok
09:25:18.0296 3236  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:25:18.0296 3236  usbhub - ok
09:25:18.0312 3236  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:25:18.0312 3236  usbohci - ok
09:25:18.0328 3236  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:25:18.0328 3236  usbprint - ok
09:25:18.0359 3236  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:25:18.0359 3236  USBSTOR - ok
09:25:18.0375 3236  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
09:25:18.0375 3236  VgaSave - ok
09:25:18.0390 3236  ViaIde - ok
09:25:18.0421 3236  [ 9D71C424898E029E316FA93AD494950E ] vididr          C:\WINDOWS\system32\DRIVERS\vididr.sys
09:25:18.0421 3236  vididr - ok
09:25:18.0437 3236  [ 47AB6AC7635E40F3C55C5A32CC4B86A8 ] vidsflt67       C:\WINDOWS\system32\DRIVERS\vsflt67.sys
09:25:18.0437 3236  vidsflt67 - ok
09:25:18.0453 3236  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:25:18.0453 3236  VolSnap - ok
09:25:18.0515 3236  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
09:25:18.0515 3236  VSS - ok
09:25:18.0546 3236  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
09:25:18.0546 3236  W32Time - ok
09:25:18.0578 3236  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:25:18.0578 3236  Wanarp - ok
09:25:18.0609 3236  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
09:25:18.0609 3236  Wdf01000 - ok
09:25:18.0625 3236  WDICA - ok
09:25:18.0656 3236  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:25:18.0656 3236  wdmaud - ok
09:25:18.0687 3236  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:25:18.0687 3236  WebClient - ok
09:25:18.0765 3236  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:25:18.0765 3236  winmgmt - ok
09:25:18.0812 3236  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
09:25:18.0843 3236  WinRM - ok
09:25:18.0890 3236  [ 59C90BC8317BD3F6E5559A4DEAF35090 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
09:25:18.0890 3236  WmBEnum - ok
09:25:18.0906 3236  [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
09:25:18.0921 3236  WmdmPmSN - ok
09:25:18.0953 3236  [ 999A4539AD634A741AFD357E290BD461 ] WmFilter        C:\WINDOWS\system32\drivers\WmFilter.sys
09:25:18.0953 3236  WmFilter - ok
09:25:19.0000 3236  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
09:25:19.0015 3236  Wmi - ok
09:25:19.0078 3236  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:25:19.0078 3236  WmiApSrv - ok
09:25:19.0109 3236  [ 0B8C64B13776F17537F0705FE62799C6 ] WmVirHid        C:\WINDOWS\system32\drivers\WmVirHid.sys
09:25:19.0109 3236  WmVirHid - ok
09:25:19.0125 3236  [ 8D388AEB1A12C1192AA9B4EBCEABCBA6 ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
09:25:19.0125 3236  WmXlCore - ok
09:25:19.0218 3236  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:25:19.0234 3236  WPFFontCache_v0400 - ok
09:25:19.0296 3236  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:25:19.0296 3236  wscsvc - ok
09:25:19.0328 3236  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:25:19.0328 3236  wuauserv - ok
09:25:19.0375 3236  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:25:19.0375 3236  WZCSVC - ok
09:25:19.0421 3236  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
09:25:19.0421 3236  xmlprov - ok
09:25:19.0437 3236  ================ Scan global ===============================
09:25:19.0484 3236  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:25:19.0515 3236  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
09:25:19.0531 3236  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
09:25:19.0562 3236  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:25:19.0562 3236  [Global] - ok
09:25:19.0562 3236  ================ Scan MBR ==================================
09:25:19.0578 3236  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:25:19.0578 3236  \Device\Harddisk0\DR0 - ok
09:25:19.0609 3236  [ 10AE9EB13951B8E206480773F877A330 ] \Device\Harddisk1\DR1
09:25:19.0609 3236  \Device\Harddisk1\DR1 - ok
09:25:19.0625 3236  ================ Scan VBR ==================================
09:25:19.0625 3236  [ CF58FDA24C6E76FCDEDA2CE87452D840 ] \Device\Harddisk0\DR0\Partition1
09:25:19.0625 3236  \Device\Harddisk0\DR0\Partition1 - ok
09:25:19.0640 3236  [ E48E6CEAFAF66E571BD94893C03A0EED ] \Device\Harddisk1\DR1\Partition1
09:25:19.0640 3236  \Device\Harddisk1\DR1\Partition1 - ok
09:25:19.0640 3236  ============================================================
09:25:19.0640 3236  Scan finished
09:25:19.0640 3236  ============================================================
09:25:19.0656 1992  Detected object count: 0
09:25:19.0656 1992  Actual detected object count: 0
09:27:05.0656 5536  Deinitialize success
 

Hope these help.

Thank You

Danny.



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 AM

Posted 27 September 2013 - 04:07 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 dan47

dan47
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 27 September 2013 - 07:53 AM

Hello Marius, here are the next lot of files, No log files for Eset, No virus found.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.27.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Danny :: DANNYCOM1 [administrator]

27/09/2013 7:50:54 PM
mbam-log-2013-09-27 (19-50-54).txt

Scan type: Full scan (C:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293451
Time elapsed: 1 hour(s), 36 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 AM

Posted 27 September 2013 - 08:34 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 dan47

dan47
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 28 September 2013 - 02:55 AM

Hello Marius, Here are the lastest files you requested.

 

# AdwCleaner v3.005 - Report created 28/09/2013 at 17:41:36
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Danny - DANNYCOM1
# Running from : C:\Documents and Settings\Danny\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Danny\Application Data\Mozilla\Firefox\Profiles\4gs8l57a.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [666 octets] - [28/09/2013 17:41:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [725 octets] ##########
 

 

 Results of screen317's Security Check version 0.99.73  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Trend Micro Titanium Internet Security   
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 25  
 Adobe Flash Player     11.8.800.168  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Trend Micro Titanium Plugin TMAS\TMAS_OE\TMAS_OEMon.exe
 Trend Micro Titanium Plugin TMAS\TMAS_WLM\TMAS_WLMMon.exe
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

 

Thank You,

Dan.



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 AM

Posted 28 September 2013 - 11:54 AM

Your system is free of malware! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 dan47

dan47
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 28 September 2013 - 11:26 PM

Hello Marius, You have not instructed me to use Defogger or Combofix are you sure you have not mixed up your job queue, I tried to run Combofix, I let the software run for 1 hour, but it to froze my Pc, As I said in my first post I can not run DDS as this program also freezes my Pc, As this is a constant problem I do strongly believe that my Pc dose have a Trojan of some sort, All software is up to date and up-dated regulary, Would you know why DDS & Combofix freeze my Pc?. Thank You, Dan.



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 AM

Posted 30 September 2013 - 12:41 AM

Yes, I did NOT instruct you to run Combofix - that´s why my job queue for deleting our tools reads "in the case we used Combofix".

As I said in my first post: Read my instructions carefully!

 

I told you that your system is, as far as one could say that from the distance, free of malware. Your issues seem to be caused by a faulty system.

 

If you don´t trust your computer any more, you have to format and reinstall your OS


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 dan47

dan47
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 30 September 2013 - 05:23 AM

Hello Marius, If the problem's are of the OS, Would the software Windows repair All-in-one, From Tweaking.com fix some of these problems,  Can you please suggest any programs that I could try to use to fix these issues.

 

Thank You,

Dan.



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 AM

Posted 30 September 2013 - 05:49 AM

We can give that a try:

 

 

Windows Repair (all-in-one)

Please download Windows Repair (all in one) from here.

Install the program then run it.

Go to step 2 and allow it to run Disk check.

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC by clicking Do it

Capture.gif


On the Start Repairs tab, click Start.
Within the opening window, hit unselect all.
Check only the following:



  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair Windows Firewall
  • Repair Windows Updates


then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 dan47

dan47
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 01 October 2013 - 04:56 AM

Hello Marius, I have run the software and there seems to be problems with the log files, If you could please advise me on the way you might like me to send these files for your perusal. Thank You,

Dan.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users