Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

googleupdate.exe Trojan


  • Please log in to reply
6 replies to this topic

#1 Rico24

Rico24

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 04 November 2013 - 07:37 PM

My parents have recently installed a google chrome "update" without knowing it was a virus. I am unable to remove it on their laptop. Help would be greatly appreciated.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:17 PM

Posted 04 November 2013 - 10:38 PM

Hello Rico, please run these next.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Rico24

Rico24
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 05 November 2013 - 01:59 AM

Running the MiniToolBox i had this error. "The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll" So i unchecked List IP configuration and restarted it.

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Admin (administrator) on 05-11-2013 at 00:52:30
Running from "E:\trojan fix"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1       localhost

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 02 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 03 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 06 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 07 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 08 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 09 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 10 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 11 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 12 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 13 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 14 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 15 mswsock.dll [File not found] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/03/2013 06:29:28 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2013 04:37:28 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2013 04:37:22 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2013 04:32:58 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2013 04:31:10 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2013 04:31:06 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2013 03:43:42 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2013 03:41:39 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2013 03:35:43 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/03/2013 03:24:40 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/05/2013 00:40:20 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/05/2013 00:40:20 AM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%1053

Error: (11/05/2013 00:40:20 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the SeaPort service to connect.

Error: (11/04/2013 07:49:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/04/2013 07:49:11 PM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%1053

Error: (11/04/2013 07:49:11 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the SeaPort service to connect.

Error: (11/04/2013 07:46:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/04/2013 07:22:33 PM) (Source: DCOM) (User: RICK)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (11/04/2013 07:12:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/04/2013 07:12:41 PM) (Source: DCOM) (User: RICK)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================
Error: (10/11/2013 07:31:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 20581 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (08/08/2013 07:45:01 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6903 seconds with 2520 seconds of active time.  This session ended with a crash.

Error: (08/08/2013 05:46:32 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 66694 seconds with 9600 seconds of active time.  This session ended with a crash.

Error: (08/07/2013 11:14:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5958 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (12/29/2012 07:07:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9427 seconds with 300 seconds of active time.  This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader 8.3.1 (Version: 8.3.1)
AIO_Scan (Version: 90.0.222.000)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
Asus ACPI Driver (Version: 6.1.1.1008)
ASUSUpdate for Eee PC
Atheros Client Installation Program (Version: 7.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.16)
avast! Free Antivirus (Version: 8.0.1489.0)
Azurewave Wireless LAN Card (Version: 1.0.7.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Data Sync (Version: 1.0.2)
Eee Docking 1.3.1.0 (Version: 1.3.1.0)
EeePC_1005HA Screen Saver
EeeSplendid (Version: 5.1.1.0020)
FontResizer (Version: 1.00.0010)
Google Update Helper (Version: 1.3.21.165)
HP Photosmart All-In-One Software 9.0 (Version: 9.0)
HP Photosmart Essential (Version: 1.9.1.2)
Intel® Graphics Media Accelerator Driver
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 14.0.8117.416)
MahJong Suite 2009 v6.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Location Finder (Version: 1.2.0)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Streets & Trips 2006 with GPS Locator (Version: 13.00.09.0200)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PS_AIO_Software_min (Version: 90.0.222.000)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 5.10.0.5841)
Rogers Servicepoint Agent 3.7.44 (Version: 3.7.44)
RPS CRT (Version: 9.0.58)
Scan (Version: 9.0.0.0)
Segoe UI (Version: 14.0.4327.805)
Super Hybrid Engine (Version: 1.18)
Synaptics Pointing Device Driver (Version: 12.2.8.0)
Toolbox (Version: 90.0.146.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB953356) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB2.0 UVC Camera Device (Version: 0.1.0.0)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.20 (32-bit) (Version: 4.20.0)

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 1015.17 MB
Available physical RAM: 674.14 MB
Total Pagefile: 2441.7 MB
Available Pagefile: 2187.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.01 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:72.06 GB) (Free:49.09 GB) NTFS
2 Drive d: () (Fixed) (Total:72.05 GB) (Free:71.95 GB) NTFS
3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.03 GB) FAT32

========================= Users: ========================================

User accounts for \\RICK

Admin                    Administrator            ASPNET                   
Guest                    HelpAssistant            SUPPORT_388945a0         


**** End of log ****
 

 

 

 

 

 

 

 

 

 

 

 

00:56:52.0203 0x0f10  TDSS rootkit removing tool 3.0.0.16 Nov  1 2013 15:53:38
00:57:08.0031 0x0f10  ============================================================
00:57:08.0031 0x0f10  Current date / time: 2013/11/05 00:57:08.0031
00:57:08.0031 0x0f10  SystemInfo:
00:57:08.0031 0x0f10  
00:57:08.0031 0x0f10  OS Version: 5.1.2600 ServicePack: 3.0
00:57:08.0031 0x0f10  Product type: Workstation
00:57:08.0031 0x0f10  ComputerName: RICK
00:57:08.0031 0x0f10  UserName: Admin
00:57:08.0031 0x0f10  Windows directory: C:\WINDOWS
00:57:08.0031 0x0f10  System windows directory: C:\WINDOWS
00:57:08.0031 0x0f10  Processor architecture: Intel x86
00:57:08.0031 0x0f10  Number of processors: 2
00:57:08.0031 0x0f10  Page size: 0x1000
00:57:08.0031 0x0f10  Boot type: Normal boot
00:57:08.0031 0x0f10  ============================================================
00:57:09.0203 0x0f10  System UUID: {E3C729A8-6738-B8C2-9A62-3C72BF1C3CB0}
00:57:10.0578 0x0f10  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:57:10.0578 0x0f10  Drive \Device\Harddisk1\DR5 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:57:10.0578 0x0f10  ============================================================
00:57:10.0578 0x0f10  \Device\Harddisk0\DR0:
00:57:10.0578 0x0f10  MBR partitions:
00:57:10.0578 0x0f10  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x901F5C0
00:57:10.0578 0x0f10  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x901F5FF, BlocksNum 0x901B73E
00:57:10.0578 0x0f10  \Device\Harddisk1\DR5:
00:57:10.0578 0x0f10  MBR partitions:
00:57:10.0578 0x0f10  \Device\Harddisk1\DR5\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
00:57:10.0578 0x0f10  ============================================================
00:57:10.0609 0x0f10  C: <-> \Device\Harddisk0\DR0\Partition1
00:57:10.0656 0x0f10  D: <-> \Device\Harddisk0\DR0\Partition2
00:57:10.0656 0x0f10  ============================================================
00:57:10.0656 0x0f10  Initialize success
00:57:10.0656 0x0f10  ============================================================
00:57:13.0531 0x0c8c  ============================================================
00:57:13.0531 0x0c8c  Scan started
00:57:13.0531 0x0c8c  Mode: Manual;
00:57:13.0531 0x0c8c  ============================================================
00:57:13.0531 0x0c8c  KSN ping started
00:58:17.0515 0x0c8c  KSN ping finished: false
00:58:17.0781 0x0c8c  ================ Scan system memory ========================
00:58:17.0781 0x0c8c  System memory - ok
00:58:17.0781 0x0c8c  ================ Scan services =============================
00:58:17.0890 0x0c8c  Abiosdsk - ok
00:58:17.0906 0x0c8c  abp480n5 - ok
00:58:17.0953 0x0c8c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:58:17.0953 0x0c8c  ACPI - ok
00:58:18.0171 0x0c8c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:58:18.0187 0x0c8c  ACPIEC - ok
00:58:18.0281 0x0c8c  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:58:18.0312 0x0c8c  AdobeFlashPlayerUpdateSvc - ok
00:58:18.0328 0x0c8c  adpu160m - ok
00:58:18.0390 0x0c8c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
00:58:18.0406 0x0c8c  aec - ok
00:58:18.0484 0x0c8c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
00:58:18.0500 0x0c8c  AFD - ok
00:58:18.0515 0x0c8c  Aha154x - ok
00:58:18.0531 0x0c8c  aic78u2 - ok
00:58:18.0546 0x0c8c  aic78xx - ok
00:58:18.0593 0x0c8c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
00:58:18.0593 0x0c8c  Alerter - ok
00:58:18.0625 0x0c8c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
00:58:18.0640 0x0c8c  ALG - ok
00:58:18.0656 0x0c8c  AliIde - ok
00:58:18.0859 0x0c8c  [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
00:58:19.0015 0x0c8c  Ambfilt - ok
00:58:19.0031 0x0c8c  amsint - ok
00:58:19.0062 0x0c8c  AppMgmt - ok
00:58:19.0250 0x0c8c  [ E0EE769D14128014965E03B433F5F46E, 94B4383B0D965364D0F94F00DF7E04085714CA2F9C491CC6597FAB4E38EB7BAC ] AR5416          C:\WINDOWS\system32\DRIVERS\athw.sys
00:58:19.0343 0x0c8c  AR5416 - ok
00:58:19.0375 0x0c8c  asc - ok
00:58:19.0390 0x0c8c  asc3350p - ok
00:58:19.0406 0x0c8c  asc3550 - ok
00:58:19.0562 0x0c8c  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:58:19.0593 0x0c8c  aspnet_state - ok
00:58:19.0625 0x0c8c  [ 12415A4B61DED200FE9932B47A35FA42, EA9D32CCD98990F6F20412F919B0477D63771E631755CC593E2CD9B8D70A8E25 ] AsusACPI        C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
00:58:19.0625 0x0c8c  AsusACPI - ok
00:58:19.0671 0x0c8c  [ 4AF5F360BA1E8794D32B366E45A64A0A, 6AF5410168E06A6895237183AA9769576031FAF412ABFC46572A013432BE1F86 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
00:58:19.0671 0x0c8c  aswFsBlk - ok
00:58:19.0703 0x0c8c  [ 1F7094D4268D46F718C51286DC189791, 4820C1417876C45EBC1C33C66265AC16A6A016599256DDBA45D4D6E147DDE8A0 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
00:58:19.0718 0x0c8c  aswMonFlt - ok
00:58:19.0750 0x0c8c  [ 7B43265F92257A21CBFD88E7A651044C, E01A0E5BB3621CDEA906B63992A0258AC2BC79C487D128551153563FE1CBE819 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
00:58:19.0750 0x0c8c  AswRdr - ok
00:58:19.0765 0x0c8c  [ B680134BA1813B78B47FDD1DFF223CA5, 51B749766B8D1E75F8D652A9BDB8839A95A2637B05E1B2BFF4FF8B0E77A02D50 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
00:58:19.0765 0x0c8c  aswRvrt - ok
00:58:19.0843 0x0c8c  [ CCD565A8A72AF7D45F9A242013870926, 7E5A0EA32C5BAEA25C093A270CFEEE21E57272BC79221BDA58DDBF1CD9E9868C ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
00:58:19.0890 0x0c8c  aswSnx - ok
00:58:19.0937 0x0c8c  [ 937300BC7C4CDF7576BCCE44E19BBB9D, 2275DE904940042421D8A33ACC8C0E1C7FAED7E59FA4658938FB8DBE6D624634 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
00:58:19.0953 0x0c8c  aswSP - ok
00:58:20.0000 0x0c8c  [ 1F71F170D90E42EFDE9633D81D5E12DC, 62053E412F8269B4E906E482B905CADCFEA0D3296B525C1141944D5EA9B227A8 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
00:58:20.0000 0x0c8c  aswTdi - ok
00:58:20.0031 0x0c8c  [ 8CFAA2B965773A653F48F1207A9CB9C4, A4A58FAF10BB174A0400F3A25912A497300E5EEDF54B93B44FA67CA191047D06 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
00:58:20.0046 0x0c8c  aswVmm - ok
00:58:20.0093 0x0c8c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:58:20.0093 0x0c8c  AsyncMac - ok
00:58:20.0125 0x0c8c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
00:58:20.0140 0x0c8c  atapi - ok
00:58:20.0156 0x0c8c  Atdisk - ok
00:58:20.0171 0x0c8c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:58:20.0171 0x0c8c  Atmarpc - ok
00:58:20.0218 0x0c8c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
00:58:20.0218 0x0c8c  AudioSrv - ok
00:58:20.0265 0x0c8c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
00:58:20.0265 0x0c8c  audstub - ok
00:58:20.0359 0x0c8c  [ 28D6701C710AD7BA3CB95E75F8F1A9AA, 66EE8BC56E5043B5A84E1BA37D591EAD132BD949F03CA8092FDCC3E196AB39D0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:58:20.0359 0x0c8c  avast! Antivirus - ok
00:58:20.0406 0x0c8c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
00:58:20.0406 0x0c8c  Beep - ok
00:58:20.0468 0x0c8c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
00:58:20.0468 0x0c8c  Browser - ok
00:58:20.0484 0x0c8c  btaudio - ok
00:58:20.0500 0x0c8c  BTDriver - ok
00:58:20.0515 0x0c8c  BTWDNDIS - ok
00:58:20.0531 0x0c8c  btwhid - ok
00:58:20.0546 0x0c8c  BTWUSB - ok
00:58:20.0593 0x0c8c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
00:58:20.0593 0x0c8c  cbidf2k - ok
00:58:20.0625 0x0c8c  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:58:20.0625 0x0c8c  CCDECODE - ok
00:58:20.0640 0x0c8c  cd20xrnt - ok
00:58:20.0671 0x0c8c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
00:58:20.0671 0x0c8c  Cdaudio - ok
00:58:20.0703 0x0c8c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
00:58:20.0703 0x0c8c  Cdfs - ok
00:58:20.0750 0x0c8c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:58:20.0765 0x0c8c  Cdrom - ok
00:58:20.0781 0x0c8c  Changer - ok
00:58:20.0812 0x0c8c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
00:58:20.0812 0x0c8c  CiSvc - ok
00:58:20.0843 0x0c8c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
00:58:20.0859 0x0c8c  ClipSrv - ok
00:58:20.0906 0x0c8c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:58:20.0968 0x0c8c  clr_optimization_v2.0.50727_32 - ok
00:58:21.0015 0x0c8c  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:58:21.0031 0x0c8c  CmBatt - ok
00:58:21.0046 0x0c8c  CmdIde - ok
00:58:21.0062 0x0c8c  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:58:21.0078 0x0c8c  Compbatt - ok
00:58:21.0093 0x0c8c  COMSysApp - ok
00:58:21.0125 0x0c8c  Cpqarray - ok
00:58:21.0187 0x0c8c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
00:58:21.0203 0x0c8c  CryptSvc - ok
00:58:21.0218 0x0c8c  dac2w2k - ok
00:58:21.0234 0x0c8c  dac960nt - ok
00:58:21.0328 0x0c8c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
00:58:21.0390 0x0c8c  DcomLaunch - ok
00:58:21.0453 0x0c8c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
00:58:21.0484 0x0c8c  Dhcp - ok
00:58:21.0531 0x0c8c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
00:58:21.0546 0x0c8c  Disk - ok
00:58:21.0562 0x0c8c  dmadmin - ok
00:58:21.0703 0x0c8c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
00:58:21.0781 0x0c8c  dmboot - ok
00:58:21.0843 0x0c8c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
00:58:21.0843 0x0c8c  dmio - ok
00:58:21.0890 0x0c8c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
00:58:21.0890 0x0c8c  dmload - ok
00:58:21.0921 0x0c8c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
00:58:21.0921 0x0c8c  dmserver - ok
00:58:21.0968 0x0c8c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
00:58:21.0968 0x0c8c  DMusic - ok
00:58:22.0015 0x0c8c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
00:58:22.0031 0x0c8c  Dnscache - ok
00:58:22.0078 0x0c8c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
00:58:22.0093 0x0c8c  Dot3svc - ok
00:58:22.0109 0x0c8c  dpti2o - ok
00:58:22.0125 0x0c8c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
00:58:22.0125 0x0c8c  drmkaud - ok
00:58:22.0156 0x0c8c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
00:58:22.0156 0x0c8c  EapHost - ok
00:58:22.0187 0x0c8c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
00:58:22.0203 0x0c8c  ERSvc - ok
00:58:22.0250 0x0c8c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
00:58:22.0281 0x0c8c  Eventlog - ok
00:58:22.0328 0x0c8c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
00:58:22.0359 0x0c8c  EventSystem - ok
00:58:22.0421 0x0c8c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
00:58:22.0437 0x0c8c  Fastfat - ok
00:58:22.0500 0x0c8c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:58:22.0531 0x0c8c  FastUserSwitchingCompatibility - ok
00:58:22.0593 0x0c8c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
00:58:22.0593 0x0c8c  Fdc - ok
00:58:22.0640 0x0c8c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
00:58:22.0640 0x0c8c  Fips - ok
00:58:22.0687 0x0c8c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
00:58:22.0687 0x0c8c  Flpydisk - ok
00:58:22.0734 0x0c8c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:58:22.0750 0x0c8c  FltMgr - ok
00:58:22.0812 0x0c8c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:58:22.0812 0x0c8c  FontCache3.0.0.0 - ok
00:58:22.0859 0x0c8c  [ C6EE3A87FE609D3E1DB9DBD072A248DE, 9C2189FA09A9E1DC39F9AB8F0C9C0B44BE0E11FC3165BCD0813DFA85EA62907C ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
00:58:22.0875 0x0c8c  fssfltr - ok
00:58:23.0046 0x0c8c  [ 45B52394F9624237F33A8A3D73C0B221, AC3E26F9D0E8A91164C54E87C9C8BFCF824A14C80D4CEF3255C6127A482F25FE ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:58:23.0109 0x0c8c  fsssvc - ok
00:58:23.0171 0x0c8c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:58:23.0171 0x0c8c  Fs_Rec - ok
00:58:23.0234 0x0c8c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:58:23.0250 0x0c8c  Ftdisk - ok
00:58:23.0296 0x0c8c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:58:23.0296 0x0c8c  Gpc - ok
00:58:23.0375 0x0c8c  gusvc - ok
00:58:23.0437 0x0c8c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:58:23.0453 0x0c8c  HDAudBus - ok
00:58:23.0546 0x0c8c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:58:23.0562 0x0c8c  helpsvc - ok
00:58:23.0593 0x0c8c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
00:58:23.0609 0x0c8c  HidServ - ok
00:58:23.0640 0x0c8c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:58:23.0656 0x0c8c  HidUsb - ok
00:58:23.0687 0x0c8c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
00:58:23.0718 0x0c8c  hkmsvc - ok
00:58:23.0734 0x0c8c  hpn - ok
00:58:23.0843 0x0c8c  [ A30E97371E38EF45B0757561B2796733, 729044939EB962B9347B2DA7BB9C756A87BFBA445E9A64BD2CFEC2B7403CFC91 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:58:23.0875 0x0c8c  hpqcxs08 - ok
00:58:23.0921 0x0c8c  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:58:23.0937 0x0c8c  HPZid412 - ok
00:58:23.0968 0x0c8c  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:58:23.0968 0x0c8c  HPZipr12 - ok
00:58:24.0031 0x0c8c  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:58:24.0046 0x0c8c  HPZius12 - ok
00:58:24.0109 0x0c8c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
00:58:24.0156 0x0c8c  HTTP - ok
00:58:24.0203 0x0c8c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
00:58:24.0250 0x0c8c  HTTPFilter - ok
00:58:24.0265 0x0c8c  i2omgmt - ok
00:58:24.0281 0x0c8c  i2omp - ok
00:58:24.0343 0x0c8c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:58:24.0359 0x0c8c  i8042prt - ok
00:58:24.0937 0x0c8c  [ 0F68E2EC713F132FFB19E45415B09679, B1439A5D157F9FF54E803581D2B86411DB079242D837617021A4A0BC195E67BB ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
00:58:25.0343 0x0c8c  ialm - ok
00:58:25.0437 0x0c8c  [ 8EF427C54497C5F8A7A645990E4278C7, 3890391A489DAAFE155345C2E16BE17DF1E3E23DEE73EE849A7F96132AE65417 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
00:58:25.0453 0x0c8c  iaStor - ok
00:58:25.0562 0x0c8c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:58:25.0671 0x0c8c  idsvc - ok
00:58:25.0734 0x0c8c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
00:58:25.0734 0x0c8c  Imapi - ok
00:58:25.0765 0x0c8c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
00:58:25.0796 0x0c8c  ImapiService - ok
00:58:25.0812 0x0c8c  ini910u - ok
00:58:26.0312 0x0c8c  [ 9037C8BD3E896D7F2803A171FDEAEEF4, 4D52DE2D22CC74584E2C54C4E18FAA688072B719091040A4B14FE88CE9FBF1F7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:58:26.0578 0x0c8c  IntcAzAudAddService - ok
00:58:26.0609 0x0c8c  IntelIde - ok
00:58:26.0656 0x0c8c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:58:26.0656 0x0c8c  intelppm - ok
00:58:26.0687 0x0c8c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:58:26.0687 0x0c8c  Ip6Fw - ok
00:58:26.0703 0x0c8c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:58:26.0718 0x0c8c  IpFilterDriver - ok
00:58:26.0734 0x0c8c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:58:26.0734 0x0c8c  IpInIp - ok
00:58:26.0765 0x0c8c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:58:26.0781 0x0c8c  IpNat - ok
00:58:26.0843 0x0c8c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:58:26.0843 0x0c8c  IPSec - ok
00:58:26.0875 0x0c8c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
00:58:26.0875 0x0c8c  IRENUM - ok
00:58:26.0937 0x0c8c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:58:26.0937 0x0c8c  isapnp - ok
00:58:27.0015 0x0c8c  [ 5739F2821D49975CEDE6BF0153D0CF01, DF45BD1A9F6DDB893C99F28C3730C50C61A612C4297A4B00D857533FC0973CD9 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
00:58:27.0031 0x0c8c  JavaQuickStarterService - ok
00:58:27.0078 0x0c8c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:58:27.0078 0x0c8c  Kbdclass - ok
00:58:27.0125 0x0c8c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:58:27.0125 0x0c8c  kbdhid - ok
00:58:27.0187 0x0c8c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
00:58:27.0218 0x0c8c  kmixer - ok
00:58:27.0281 0x0c8c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
00:58:27.0296 0x0c8c  KSecDD - ok
00:58:27.0312 0x0c8c  [ 6C8658587E91EA25B0FD2E71781AD228, EFD9D5E73264175C7E598D8B2DB2CE44A70A0D8B18290338E4FBDE585AA607AF ] L1c             C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
00:58:27.0328 0x0c8c  L1c - ok
00:58:27.0390 0x0c8c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
00:58:27.0421 0x0c8c  LanmanServer - ok
00:58:27.0484 0x0c8c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:58:27.0546 0x0c8c  lanmanworkstation - ok
00:58:27.0562 0x0c8c  lbrtfdc - ok
00:58:27.0609 0x0c8c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
00:58:27.0625 0x0c8c  LmHosts - ok
00:58:27.0671 0x0c8c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
00:58:27.0687 0x0c8c  Messenger - ok
00:58:27.0734 0x0c8c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
00:58:27.0734 0x0c8c  mnmdd - ok
00:58:27.0796 0x0c8c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
00:58:27.0828 0x0c8c  mnmsrvc - ok
00:58:27.0859 0x0c8c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
00:58:27.0875 0x0c8c  Modem - ok
00:58:28.0062 0x0c8c  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
00:58:28.0218 0x0c8c  Monfilt - ok
00:58:28.0265 0x0c8c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:58:28.0265 0x0c8c  Mouclass - ok
00:58:28.0312 0x0c8c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:58:28.0312 0x0c8c  mouhid - ok
00:58:28.0343 0x0c8c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
00:58:28.0343 0x0c8c  MountMgr - ok
00:58:28.0359 0x0c8c  mraid35x - ok
00:58:28.0390 0x0c8c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:58:28.0406 0x0c8c  MRxDAV - ok
00:58:28.0484 0x0c8c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:58:28.0515 0x0c8c  MRxSmb - ok
00:58:28.0562 0x0c8c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
00:58:28.0562 0x0c8c  MSDTC - ok
00:58:28.0609 0x0c8c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
00:58:28.0609 0x0c8c  Msfs - ok
00:58:28.0625 0x0c8c  MSIServer - ok
00:58:28.0656 0x0c8c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:58:28.0656 0x0c8c  MSKSSRV - ok
00:58:28.0671 0x0c8c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:58:28.0671 0x0c8c  MSPCLOCK - ok
00:58:28.0687 0x0c8c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
00:58:28.0703 0x0c8c  MSPQM - ok
00:58:28.0734 0x0c8c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:58:28.0734 0x0c8c  mssmbios - ok
00:58:28.0781 0x0c8c  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
00:58:28.0781 0x0c8c  MSTEE - ok
00:58:28.0843 0x0c8c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
00:58:28.0843 0x0c8c  Mup - ok
00:58:28.0890 0x0c8c  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:58:28.0890 0x0c8c  NABTSFEC - ok
00:58:28.0937 0x0c8c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
00:58:28.0984 0x0c8c  napagent - ok
00:58:29.0031 0x0c8c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
00:58:29.0046 0x0c8c  NDIS - ok
00:58:29.0078 0x0c8c  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:58:29.0078 0x0c8c  NdisIP - ok
00:58:29.0109 0x0c8c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:58:29.0109 0x0c8c  NdisTapi - ok
00:58:29.0156 0x0c8c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:58:29.0171 0x0c8c  Ndisuio - ok
00:58:29.0187 0x0c8c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:58:29.0203 0x0c8c  NdisWan - ok
00:58:29.0234 0x0c8c  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
00:58:29.0250 0x0c8c  NDProxy - ok
00:58:29.0296 0x0c8c  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
00:58:29.0312 0x0c8c  Net Driver HPZ12 - ok
00:58:29.0328 0x0c8c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
00:58:29.0343 0x0c8c  NetBIOS - ok
00:58:29.0390 0x0c8c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
00:58:29.0406 0x0c8c  NetBT - ok
00:58:29.0453 0x0c8c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
00:58:29.0484 0x0c8c  NetDDE - ok
00:58:29.0500 0x0c8c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
00:58:29.0515 0x0c8c  NetDDEdsdm - ok
00:58:29.0562 0x0c8c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
00:58:29.0578 0x0c8c  Netlogon - ok
00:58:29.0625 0x0c8c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
00:58:29.0671 0x0c8c  Netman - ok
00:58:29.0718 0x0c8c  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:58:29.0734 0x0c8c  NetTcpPortSharing - ok
00:58:29.0812 0x0c8c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
00:58:29.0843 0x0c8c  Nla - ok
00:58:29.0890 0x0c8c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
00:58:29.0890 0x0c8c  Npfs - ok
00:58:30.0000 0x0c8c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
00:58:30.0046 0x0c8c  Ntfs - ok
00:58:30.0093 0x0c8c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
00:58:30.0093 0x0c8c  NtLmSsp - ok
00:58:30.0156 0x0c8c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
00:58:30.0203 0x0c8c  NtmsSvc - ok
00:58:30.0250 0x0c8c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
00:58:30.0250 0x0c8c  Null - ok
00:58:30.0265 0x0c8c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:58:30.0281 0x0c8c  NwlnkFlt - ok
00:58:30.0296 0x0c8c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:58:30.0312 0x0c8c  NwlnkFwd - ok
00:58:30.0421 0x0c8c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:58:30.0453 0x0c8c  odserv - ok
00:58:30.0515 0x0c8c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:58:30.0531 0x0c8c  ose - ok
00:58:30.0562 0x0c8c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
00:58:30.0578 0x0c8c  Parport - ok
00:58:30.0625 0x0c8c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
00:58:30.0640 0x0c8c  PartMgr - ok
00:58:30.0671 0x0c8c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
00:58:30.0671 0x0c8c  ParVdm - ok
00:58:30.0703 0x0c8c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
00:58:30.0718 0x0c8c  PCI - ok
00:58:30.0718 0x0c8c  PCIDump - ok
00:58:30.0734 0x0c8c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
00:58:30.0750 0x0c8c  PCIIde - ok
00:58:30.0781 0x0c8c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
00:58:30.0781 0x0c8c  Pcmcia - ok
00:58:30.0796 0x0c8c  PDCOMP - ok
00:58:30.0812 0x0c8c  PDFRAME - ok
00:58:30.0828 0x0c8c  PDRELI - ok
00:58:30.0843 0x0c8c  PDRFRAME - ok
00:58:30.0859 0x0c8c  perc2 - ok
00:58:30.0875 0x0c8c  perc2hib - ok
00:58:30.0937 0x0c8c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
00:58:30.0953 0x0c8c  PlugPlay - ok
00:58:31.0000 0x0c8c  [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
00:58:31.0000 0x0c8c  Pml Driver HPZ12 - ok
00:58:31.0062 0x0c8c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:58:31.0062 0x0c8c  PptpMiniport - ok
00:58:31.0078 0x0c8c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:58:31.0093 0x0c8c  ProtectedStorage - ok
00:58:31.0109 0x0c8c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
00:58:31.0109 0x0c8c  PSched - ok
00:58:31.0125 0x0c8c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:58:31.0125 0x0c8c  Ptilink - ok
00:58:31.0140 0x0c8c  ql1080 - ok
00:58:31.0156 0x0c8c  Ql10wnt - ok
00:58:31.0171 0x0c8c  ql12160 - ok
00:58:31.0187 0x0c8c  ql1240 - ok
00:58:31.0203 0x0c8c  ql1280 - ok
00:58:31.0218 0x0c8c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:58:31.0234 0x0c8c  RasAcd - ok
00:58:31.0265 0x0c8c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
00:58:31.0281 0x0c8c  RasAuto - ok
00:58:31.0312 0x0c8c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:58:31.0312 0x0c8c  Rasl2tp - ok
00:58:31.0359 0x0c8c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
00:58:31.0375 0x0c8c  RasMan - ok
00:58:31.0390 0x0c8c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:58:31.0406 0x0c8c  RasPppoe - ok
00:58:31.0406 0x0c8c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
00:58:31.0421 0x0c8c  Raspti - ok
00:58:31.0453 0x0c8c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:58:31.0468 0x0c8c  Rdbss - ok
00:58:31.0484 0x0c8c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:58:31.0500 0x0c8c  RDPCDD - ok
00:58:31.0546 0x0c8c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
00:58:31.0562 0x0c8c  RDPWD - ok
00:58:31.0609 0x0c8c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
00:58:31.0640 0x0c8c  RDSessMgr - ok
00:58:31.0656 0x0c8c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
00:58:31.0671 0x0c8c  redbook - ok
00:58:31.0687 0x0c8c  RimUsb - ok
00:58:31.0734 0x0c8c  [ 3A5633AD615E2B15291BD0B1B97CCD8A, 17E6FE788E8FBC6CB84B68F49FAFB4F63398EA97D89AACF677B338464B68E2AD ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial.sys
00:58:31.0734 0x0c8c  RimVSerPort - ok
00:58:31.0765 0x0c8c  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
00:58:31.0781 0x0c8c  ROOTMODEM - ok
00:58:31.0812 0x0c8c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
00:58:31.0828 0x0c8c  RpcLocator - ok
00:58:31.0875 0x0c8c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
00:58:31.0906 0x0c8c  RpcSs - ok
00:58:31.0937 0x0c8c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
00:58:31.0953 0x0c8c  RSVP - ok
00:58:32.0000 0x0c8c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
00:58:32.0015 0x0c8c  SamSs - ok
00:58:32.0046 0x0c8c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
00:58:32.0078 0x0c8c  SCardSvr - ok
00:58:32.0125 0x0c8c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
00:58:32.0156 0x0c8c  Schedule - ok
00:58:32.0250 0x0c8c  [ D358E077A0A05D9B12DA22D137EE8464, 7B6493B199DEF411596B1A6F479F57838202B102C3324333B620E212E0AE9053 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:58:32.0281 0x0c8c  SeaPort - ok
00:58:32.0328 0x0c8c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:58:32.0328 0x0c8c  Secdrv - ok
00:58:32.0359 0x0c8c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
00:58:32.0375 0x0c8c  seclogon - ok
00:58:32.0421 0x0c8c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
00:58:32.0453 0x0c8c  SENS - ok
00:58:32.0484 0x0c8c  [ 227DF2E68510D25462EE80136722374E, 47AC55515DBCA7652502EFB6B2A96B45482EA206CD1D9ED5795B5611E37A2A43 ] ser2plms        C:\WINDOWS\system32\DRIVERS\ser2plms.sys
00:58:32.0484 0x0c8c  ser2plms - ok
00:58:32.0531 0x0c8c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
00:58:32.0531 0x0c8c  Serial - ok
00:58:32.0703 0x0c8c  [ 47C274B918DFA3DE8E25E902568CBEA6, ABECAD43CF0240765AB48321A84FA77F9E852AF553CACC7828D3D5E518A13471 ] ServicepointService C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
00:58:32.0750 0x0c8c  ServicepointService - ok
00:58:32.0781 0x0c8c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
00:58:32.0781 0x0c8c  Sfloppy - ok
00:58:32.0812 0x0c8c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:58:32.0843 0x0c8c  ShellHWDetection - ok
00:58:32.0843 0x0c8c  Simbad - ok
00:58:32.0875 0x0c8c  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:58:32.0875 0x0c8c  SLIP - ok
00:58:32.0906 0x0c8c  Sparrow - ok
00:58:32.0937 0x0c8c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
00:58:32.0953 0x0c8c  splitter - ok
00:58:33.0000 0x0c8c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
00:58:33.0015 0x0c8c  Spooler - ok
00:58:33.0062 0x0c8c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
00:58:33.0062 0x0c8c  sr - ok
00:58:33.0109 0x0c8c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
00:58:33.0125 0x0c8c  srservice - ok
00:58:33.0187 0x0c8c  [ 0BD44AA4743A9DBD2C638D699A7FD438, 311F2326317A8E421B0D438A610D8A66E108E1C48B7D348EDF0A9590DEF464C5 ] SRS_PremiumSound_Service C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
00:58:33.0203 0x0c8c  SRS_PremiumSound_Service - ok
00:58:33.0250 0x0c8c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
00:58:33.0281 0x0c8c  Srv - ok
00:58:33.0328 0x0c8c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
00:58:33.0343 0x0c8c  SSDPSRV - ok
00:58:33.0390 0x0c8c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
00:58:33.0437 0x0c8c  stisvc - ok
00:58:33.0453 0x0c8c  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:58:33.0453 0x0c8c  streamip - ok
00:58:33.0484 0x0c8c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
00:58:33.0484 0x0c8c  swenum - ok
00:58:33.0531 0x0c8c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
00:58:33.0546 0x0c8c  swmidi - ok
00:58:33.0562 0x0c8c  SwPrv - ok
00:58:33.0578 0x0c8c  symc810 - ok
00:58:33.0593 0x0c8c  symc8xx - ok
00:58:33.0609 0x0c8c  sym_hi - ok
00:58:33.0609 0x0c8c  sym_u3 - ok
00:58:33.0671 0x0c8c  [ A10D781153BB23036B474FFEDB448266, 90E5D70110C2C7A4DDE744218B9AD51C233077A4E245359D0D74F65D267386FA ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:58:33.0687 0x0c8c  SynTP - ok
00:58:33.0718 0x0c8c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
00:58:33.0734 0x0c8c  sysaudio - ok
00:58:33.0765 0x0c8c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
00:58:33.0796 0x0c8c  SysmonLog - ok
00:58:33.0843 0x0c8c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
00:58:33.0875 0x0c8c  TapiSrv - ok
00:58:33.0937 0x0c8c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:58:33.0968 0x0c8c  Tcpip - ok
00:58:34.0000 0x0c8c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
00:58:34.0000 0x0c8c  TDPIPE - ok
00:58:34.0015 0x0c8c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
00:58:34.0015 0x0c8c  TDTCP - ok
00:58:34.0078 0x0c8c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
00:58:34.0078 0x0c8c  TermDD - ok
00:58:34.0109 0x0c8c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
00:58:34.0156 0x0c8c  TermService - ok
00:58:34.0187 0x0c8c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
00:58:34.0203 0x0c8c  Themes - ok
00:58:34.0218 0x0c8c  TosIde - ok
00:58:34.0265 0x0c8c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
00:58:34.0296 0x0c8c  TrkWks - ok
00:58:34.0328 0x0c8c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
00:58:34.0343 0x0c8c  Udfs - ok
00:58:34.0359 0x0c8c  ultra - ok
00:58:34.0421 0x0c8c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
00:58:34.0453 0x0c8c  Update - ok
00:58:34.0500 0x0c8c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
00:58:34.0531 0x0c8c  upnphost - ok
00:58:34.0562 0x0c8c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
00:58:34.0578 0x0c8c  UPS - ok
00:58:34.0625 0x0c8c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:58:34.0625 0x0c8c  usbccgp - ok
00:58:34.0656 0x0c8c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:58:34.0656 0x0c8c  usbehci - ok
00:58:34.0703 0x0c8c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:58:34.0718 0x0c8c  usbhub - ok
00:58:34.0750 0x0c8c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:58:34.0750 0x0c8c  usbprint - ok
00:58:34.0796 0x0c8c  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:58:34.0796 0x0c8c  usbscan - ok
00:58:34.0843 0x0c8c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:58:34.0843 0x0c8c  usbstor - ok
00:58:34.0859 0x0c8c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:58:34.0859 0x0c8c  usbuhci - ok
00:58:34.0921 0x0c8c  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
00:58:34.0937 0x0c8c  usbvideo - ok
00:58:34.0968 0x0c8c  [ C019889035CDC1A06F2FEBC93CBB6897, 370FAA64E035967220C0873EB7BDD79A18365DC321FD769B2865BB21CC941A8F ] uvclf           C:\WINDOWS\system32\DRIVERS\uvclf.sys
00:58:34.0984 0x0c8c  uvclf - ok
00:58:35.0015 0x0c8c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
00:58:35.0015 0x0c8c  VgaSave - ok
00:58:35.0031 0x0c8c  ViaIde - ok
00:58:35.0093 0x0c8c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
00:58:35.0093 0x0c8c  VolSnap - ok
00:58:35.0171 0x0c8c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
00:58:35.0203 0x0c8c  VSS - ok
00:58:35.0250 0x0c8c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
00:58:35.0281 0x0c8c  W32Time - ok
00:58:35.0328 0x0c8c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:58:35.0328 0x0c8c  Wanarp - ok
00:58:35.0375 0x0c8c  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
00:58:35.0406 0x0c8c  Wdf01000 - ok
00:58:35.0421 0x0c8c  WDICA - ok
00:58:35.0453 0x0c8c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
00:58:35.0453 0x0c8c  wdmaud - ok
00:58:35.0515 0x0c8c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
00:58:35.0531 0x0c8c  WebClient - ok
00:58:35.0640 0x0c8c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
00:58:35.0656 0x0c8c  winmgmt - ok
00:58:35.0703 0x0c8c  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
00:58:35.0718 0x0c8c  WmdmPmSN - ok
00:58:35.0765 0x0c8c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:58:35.0765 0x0c8c  WmiApSrv - ok
00:58:35.0890 0x0c8c  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
00:58:35.0937 0x0c8c  WMPNetworkSvc - ok
00:58:35.0984 0x0c8c  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:58:35.0984 0x0c8c  WpdUsb - ok
00:58:36.0031 0x0c8c  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:58:36.0031 0x0c8c  WSTCODEC - ok
00:58:36.0078 0x0c8c  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:58:36.0093 0x0c8c  WudfPf - ok
00:58:36.0125 0x0c8c  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:58:36.0125 0x0c8c  WudfRd - ok
00:58:36.0156 0x0c8c  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
00:58:36.0203 0x0c8c  WudfSvc - ok
00:58:36.0265 0x0c8c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
00:58:36.0312 0x0c8c  WZCSVC - ok
00:58:36.0375 0x0c8c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
00:58:36.0406 0x0c8c  xmlprov - ok
00:58:36.0468 0x0c8c  [ 35CD8E2B2479218E888A11A2761385B4, A2F7287AF1D56AA1464ADC20F181BEFEE8D47824DCD9C7974C09A0C6E7A9C0B3 ] etadpug        C:\Program Files\Google\Desktop\Install\{aa5aec23-3e4f-7bde-45b2-cfb77844f9f8}\   \   \ﯹ๛\{aa5aec23-3e4f-7bde-45b2-cfb77844f9f8}\GoogleUpdate.exe
00:58:36.0484 0x0c8c  etadpug - detected Rootkit.Win32.PMax.gen ( 0 )
00:58:46.0765 0x0c8c  etadpug ( Rootkit.Win32.PMax.gen ) - infected
00:58:46.0765 0x0c8c  Force sending object to P2P due to detect: C:\Program Files\Google\Desktop\Install\{aa5aec23-3e4f-7bde-45b2-cfb77844f9f8}\   \   \ﯹ๛\{aa5aec23-3e4f-7bde-45b2-cfb77844f9f8}\GoogleUpdate.exe
00:59:10.0734 0x0c8c  Object send P2P result: false
00:59:10.0734 0x0c8c  ================ Scan global ===============================
00:59:10.0906 0x0c8c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
00:59:10.0968 0x0c8c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
00:59:11.0046 0x0c8c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
00:59:11.0109 0x0c8c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
00:59:11.0125 0x0c8c  [ Global ] - ok
00:59:11.0125 0x0c8c  ================ Scan MBR ==================================
00:59:11.0156 0x0c8c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
00:59:11.0406 0x0c8c  \Device\Harddisk0\DR0 - ok
00:59:11.0421 0x0c8c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR5
00:59:11.0437 0x0c8c  \Device\Harddisk1\DR5 - ok
00:59:11.0437 0x0c8c  ================ Scan VBR ==================================
00:59:11.0437 0x0c8c  [ E7EF906C163494EF19C26705C1D14E0E ] \Device\Harddisk0\DR0\Partition1
00:59:11.0453 0x0c8c  \Device\Harddisk0\DR0\Partition1 - ok
00:59:11.0468 0x0c8c  [ 23D9801DF2BAD941DF900C69868DB793 ] \Device\Harddisk0\DR0\Partition2
00:59:11.0484 0x0c8c  \Device\Harddisk0\DR0\Partition2 - ok
00:59:11.0484 0x0c8c  [ 4A0DBEDA295EFC8DFE21F4035FAF89FB ] \Device\Harddisk1\DR5\Partition1
00:59:11.0484 0x0c8c  \Device\Harddisk1\DR5\Partition1 - ok
00:59:11.0578 0x0c8c  AV detected via SS1: avast! Antivirus, 5.0.134219217, enabled, updated
00:59:11.0593 0x0c8c  ============================================================
00:59:11.0593 0x0c8c  Scan finished
00:59:11.0593 0x0c8c  ============================================================
00:59:11.0609 0x0bf0  Detected object count: 1
00:59:11.0609 0x0bf0  Actual detected object count: 1
01:00:12.0515 0x0bf0  C:\Program Files\Google\Desktop\Install\{aa5aec23-3e4f-7bde-45b2-cfb77844f9f8}\   \   \ﯹ๛\{aa5aec23-3e4f-7bde-45b2-cfb77844f9f8}\GoogleUpdate.exe - copied to quarantine
01:00:16.0218 0x0bf0  HKLM\SYSTEM\ControlSet001\services\etadpug - will be deleted on reboot
01:00:16.0218 0x0bf0  HKLM\SYSTEM\ControlSet002\services\etadpug - will be deleted on reboot
01:00:16.0265 0x0bf0  C:\Program Files\Google\Desktop\Install\{aa5aec23-3e4f-7bde-45b2-cfb77844f9f8}\   \   \ﯹ๛\{aa5aec23-3e4f-7bde-45b2-cfb77844f9f8}\GoogleUpdate.exe - will be deleted on reboot
01:00:16.0265 0x0bf0  etadpug ( Rootkit.Win32.PMax.gen ) - User select action: Delete
01:00:38.0921 0x0bb4  Deinitialize success
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

# AdwCleaner v3.011 - Report created 05/11/2013 at 01:09:40
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - RICK
# Running from : E:\trojan fix\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\DOCUME~1\Admin\LOCALS~1\Temp\AirInstaller
Folder Deleted : C:\Documents and Settings\Admin\Application Data\Toolbar4

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKLM\Software\FunWebProducts

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [6346 octets] - [05/11/2013 01:05:23]
AdwCleaner[S0].txt - [6313 octets] - [05/11/2013 01:09:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6373 octets] ##########
 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Admin on Tue 11/05/2013 at  1:12:53.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/05/2013 at  1:24:09.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

This is what i have for now, running the ESET online scanner at the moment on laptop.

 

Thanks.

 

 

 

 

 

 

 



#4 Rico24

Rico24
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 05 November 2013 - 03:20 AM

And here is the ESET Scan.

 

C:\Documents and Settings\Admin\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\6\25e71386-41fb9108    a variant of Java/Exploit.Agent.QAS trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Admin\Local Settings\Temp\trzA.tmp    a variant of Win32/Kryptik.BNOS trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Admin\Local Settings\Temp\is754907076\MyBabylonTB.exe    a variant of Win32/Toolbar.Babylon.A application    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.11.2013_00.57.08\pmax0000\svc0000\trzB.tmp    a variant of Win32/Kryptik.BNOS trojan    cleaned by deleting - quarantined
 

 

Thank you.



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:17 PM

Posted 05 November 2013 - 08:43 PM

You're welcome Rico.
Looks like we got it.
 
You need to restart the computer to complete malware removal if you have not yet.
 
You winsock is corrupted.
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
 
 
These are outdated and need to be removed as malware can exploit older versions.
Adobe Reader 8.3.1 (Version: 8.3.1)
Java 7 Update 21 (Version: 7.0.210)

 
Please follow these steps to remove older version Java components and update: [/b]
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit). 64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u45-windows-i586.exe (or jre-7u45-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
Install Version XI (11.0.04)
 
NOTE: When installing apps Uncheck boxes for extra items attempting to be installed.
 

Optional offer:


Yes, install Google Chrome as my default browser and Google Toolbar for Internet Explorer.

google_banner_225x66.png


Edited by boopme, 05 November 2013 - 08:44 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Rico24

Rico24
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 05 November 2013 - 10:21 PM

That has been done. Anything else?



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:17 PM

Posted 05 November 2013 - 10:29 PM

Great job Rico. If there are no further signs of infection,,,,,, Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users