Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No internet connection- "Idle" Rootkit detected


  • Please log in to reply
8 replies to this topic

#1 bammageinc

bammageinc

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 21 December 2013 - 10:40 PM

Hello, a few days ago I lost connection to the internet on my desktop (Win XP, SP3). At first I figured it was a short outage or something that could be fixed fairly easily by resetting my modem. However, after contacting my ISP (AT&T) and running through all of the troubleshooting options with them, the issue remained. I have determined that the modem and router are not the problem, as I am currently connected on my laptop. I then suspected the ethernet adapter. I updated drivers for the adapter, but still could not connect. Then, I purchased a new PCIe ethernet adapter, but I still get the same problem. Device manager says the devices are working fine. It's as if my desktop is just not communicating with my modem, even though it acknowledges that the ethernet cord is connected (the icon in Network Connections shows a "!" instead of an "X"). Going to command prompt and typing ipconfig yields an IP that does not match the modem IP. I worked through several steps with my ISP to release, renew the IP as well as try to manually set the IP, subnet mask, default gateway, and preferred DNS server. I also tried adjusting the speed/duplex settings on the network adapter as suggested by my ISP. None of this worked.

 

Virus Detection:

 

In the process of troubleshooting, I opened Internet Explorer, to try to type in the modem configuration page (192.168.0.1), but noticed that Internet Explorer crashes every time shortly after opening. I did a full system scan with AVG and it found one threat, a rootkit named "Idle". AVG was unable to delete the threat, saying, "Cannot be removed. The data is invalid." I am wondering if this rootkit may be the cause of the internet connection problems I am having? How can I remove this threat and repair any damage that it may have caused?

 

Thanks very much to anyone who is kind enough to offer me their help.


Edited by bammageinc, 21 December 2013 - 10:41 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 21 December 2013 - 10:57 PM

Hello, that is very possible.
For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

If needed : type these one line at a time, press enter after each line. See if it works after each.


netsh interface ipv4 reset
netsh interface ipv6 reset
ipconfig /flushdns



If no joy see if you can download these to a USB or CD from another computer.and run them.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
>>>>>

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bammageinc

bammageinc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 21 December 2013 - 11:21 PM

WOW! That first command you had me type worked! I have had many people tell me many things to try to type into the command box and nothing worked. But this did: netsh winsock reset

Cannot believe it! Thank you so much. Now I will download those items you suggested and report back as soon as I can if you wouldn't mind continuing to help me in removing that rootkit.



#4 bammageinc

bammageinc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 21 December 2013 - 11:55 PM

As I said in the previous post, my internet connection has been restored, but I thought I would post this info anyway in case there are some underlying issues that caused the problem in the first place.

 

MiniToolBox log:

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Rebeccah (administrator) on 21-12-2013 at 20:44:20
Running from "C:\Documents and Settings\Rebeccah\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : Den

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

        Physical Address. . . . . . . . . : 00-E0-4D-C6-BA-4F

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 10.0.0.8

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 10.0.0.1

        DHCP Server . . . . . . . . . . . : 10.0.0.1

        DNS Servers . . . . . . . . . . . : 10.0.0.1

        Lease Obtained. . . . . . . . . . : Saturday, December 21, 2013 8:09:16 PM

        Lease Expires . . . . . . . . . . : Sunday, December 22, 2013 8:09:16 PM



Ethernet adapter Local Area Connection 2:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

        Physical Address. . . . . . . . . : 64-66-B3-05-7D-61

Server:  UnKnown
Address:  10.0.0.1

Name:    google.com
Addresses:  74.125.239.133, 74.125.239.132, 74.125.239.137, 74.125.239.136
      74.125.239.129, 74.125.239.135, 74.125.239.131, 74.125.239.142, 74.125.239.130
      74.125.239.134, 74.125.239.128



Pinging google.com [74.125.239.132] with 32 bytes of data:



Reply from 74.125.239.132: bytes=32 time=48ms TTL=54

Reply from 74.125.239.132: bytes=32 time=48ms TTL=54



Ping statistics for 74.125.239.132:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 48ms, Maximum = 48ms, Average = 48ms

Server:  UnKnown
Address:  10.0.0.1

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=123ms TTL=49

Reply from 98.138.253.109: bytes=32 time=100ms TTL=49



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 100ms, Maximum = 123ms, Average = 111ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 e0 4d c6 ba 4f ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
0x3 ...64 66 b3 05 7d 61 ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.8      10
         10.0.0.0    255.255.255.0         10.0.0.8        10.0.0.8      10
         10.0.0.8  255.255.255.255        127.0.0.1       127.0.0.1      10
   10.255.255.255  255.255.255.255         10.0.0.8        10.0.0.8      10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0         10.0.0.8        10.0.0.8      20
        224.0.0.0        240.0.0.0         10.0.0.8        10.0.0.8      10
  255.255.255.255  255.255.255.255         10.0.0.8        10.0.0.8      1
  255.255.255.255  255.255.255.255         10.0.0.8               3      1
Default Gateway:          10.0.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/21/2013 08:11:03 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (12/21/2013 08:11:03 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (12/21/2013 07:01:22 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/21/2013 06:27:30 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/21/2013 06:15:30 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module iecore.dll, version 0.0.0.0, fault address 0x000015e5.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/21/2013 04:56:54 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/20/2013 01:41:09 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/20/2013 01:00:24 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/19/2013 11:23:16 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/19/2013 09:50:21 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)


System errors:
=============
Error: (12/21/2013 07:12:34 PM) (Source: DCOM) (User: DEN)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (12/21/2013 07:12:05 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).

Error: (12/21/2013 07:01:41 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952506

Error: (12/21/2013 07:01:41 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%10106

Error: (12/21/2013 07:01:41 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (12/21/2013 07:01:41 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).

Error: (12/21/2013 06:36:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/21/2013 06:35:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/21/2013 06:34:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/21/2013 06:34:05 PM) (Source: DCOM) (User: DEN)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================
Error: (12/21/2013 08:11:03 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (12/21/2013 08:11:03 PM) (Source: LoadPerf)(User: )
Description: Performance

Error: (12/21/2013 07:01:22 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/21/2013 06:27:30 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/21/2013 06:15:30 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702iecore.dll0.0.0.0000015e5

Error: (12/21/2013 04:56:54 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/20/2013 01:41:09 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/20/2013 01:00:24 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/19/2013 11:23:16 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)

Error: (12/19/2013 09:50:21 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10106)


=========================== Installed Programs ============================

7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD AVIVO Codecs (Version: 10.0.0.40103)
AMD Catalyst Install Manager (Version: 8.0.881.0)
Apple Application Support (Version: 1.3.0)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.1.116)
AVG 2014 (Version: 14.0.3658)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
AVG Security Toolbar (Version: 17.2.0.38)
BlackBerry Desktop Software 7.0 (Version: 7.0.0.59)
Bonjour (Version: 2.0.2.0)
Canon iP1800 series User Registration
Canon My Printer
Canon Utilities Easy-LayoutPrint
Canon Utilities Easy-PhotoPrint
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0727.2122.36516)
Catalyst Control Center Graphics Previews Common (Version: 2012.0727.2122.36516)
Catalyst Control Center InstallProxy (Version: 2012.0727.2122.36516)
Catalyst Control Center Localization All (Version: 2012.0727.2122.36516)
CCC Help Chinese Standard (Version: 2012.0727.2121.36516)
CCC Help Chinese Traditional (Version: 2012.0727.2121.36516)
CCC Help Czech (Version: 2012.0727.2121.36516)
CCC Help Danish (Version: 2012.0727.2121.36516)
CCC Help Dutch (Version: 2012.0727.2121.36516)
CCC Help English (Version: 2012.0727.2121.36516)
CCC Help Finnish (Version: 2012.0727.2121.36516)
CCC Help French (Version: 2012.0727.2121.36516)
CCC Help German (Version: 2012.0727.2121.36516)
CCC Help Greek (Version: 2012.0727.2121.36516)
CCC Help Hungarian (Version: 2012.0727.2121.36516)
CCC Help Italian (Version: 2012.0727.2121.36516)
CCC Help Japanese (Version: 2012.0727.2121.36516)
CCC Help Korean (Version: 2012.0727.2121.36516)
CCC Help Norwegian (Version: 2012.0727.2121.36516)
CCC Help Polish (Version: 2012.0727.2121.36516)
CCC Help Portuguese (Version: 2012.0727.2121.36516)
CCC Help Russian (Version: 2012.0727.2121.36516)
CCC Help Spanish (Version: 2012.0727.2121.36516)
CCC Help Swedish (Version: 2012.0727.2121.36516)
CCC Help Thai (Version: 2012.0727.2121.36516)
CCC Help Turkish (Version: 2012.0727.2121.36516)
ccc-utility (Version: 2012.0727.2122.36516)
CodonCode Aligner (Version: 4.0.4)
Crystal Reports 10 Support Files (Version: 1.00.0000)
Curse Client (Version: 5.1.1.792)
DesignPro 5 (Version: 5.5.708)
DivX Setup (Version: 2.6.1.8)
Epson Event Manager (Version: 2.30.01)
Epson FAX Utility (Version: 1.00.01)
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 610 Series Printer Uninstall
eReg (Version: 1.20.138.34)
Facebook Plug-In
FlightGear 2.10.0.3
Fraps
Google Chrome (Version: 31.0.1650.63)
Google Earth Plug-in (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.3)
Hawaiian Explorer Lost Island 1.0.0.9
Hawaiian Explorer Pearl Harbor 1.0.0.30
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
iWin Games (remove only)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 37 (Version: 6.0.370)
Java™ 6 Update 7 (Version: 1.6.0.70)
K-Lite Codec Pack 8.0.0 (Full) (Version: 8.0.0)
Level Quality Watcher (Version: v1.01)
Logitech SetPoint 6.32 (Version: 6.32.20)
Mah Jong Quest (remove only)
McAfee Security Scan Plus (Version: 3.8.130.8)
Medisoft Advanced Demo 14
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2 (Version: 9.00.3821)
Microsoft Office 2000 SR-1 Professional (Version: 9.00.3821)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Picture It! Photo 7.0 (Version: 7.0.0.0000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Move Media Player
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NVIDIA Display Control Panel (Version: 6.14.11.9745)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA nView Desktop Manager (Version: 6.14.10.12561)
NVIDIA PhysX (Version: 9.10.0129)
Octoshape add-in for Adobe Flash Player
OpenAL
PIXMA Extended Survey Program
PokerStars.net
Protected Toolbar for IE (Version: 6.17.2.8)
QuickTime (Version: 7.74.80.86)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5397)
RealUpgrade 1.1 (Version: 1.1.0)
ScorpionSaver (Version: 1.0.0.0)
ScorpionSaver Services (Version: 1.0.0.0)
Skype™ 6.6 (Version: 6.6.106)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
TeamViewer 8 (Version: 8.0.18051)
The Ur-Quan Masters 0.7.0 (Version: 0.7.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.5)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.1.2 (Version: 2.1.2)
WavePad Sound Editor
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
World of Warcraft (Version: 5.4.0.17399)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 3327.23 MB
Available physical RAM: 2663.55 MB
Total Pagefile: 5210.67 MB
Available Pagefile: 4601.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.97 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.04 GB) (Free:81.33 GB) NTFS
3 Drive d: (CD069A6) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
5 Drive f: () (Fixed) (Total:114.48 GB) (Free:32.32 GB) NTFS

========================= Users: ========================================

User accounts for \\DEN

Administrator            Guest                    HelpAssistant            
Randy                    Rebeccah                 Robby                    
Sherrie                  SUPPORT_388945a0         


**** End of log ****

 

TDSSKiller log:Found nothing, no reboot

 

20:26:44.0640 0x00c0  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
20:26:49.0046 0x00c0  ============================================================
20:26:49.0046 0x00c0  Current date / time: 2013/12/21 20:26:49.0046
20:26:49.0046 0x00c0  SystemInfo:
20:26:49.0046 0x00c0  
20:26:49.0046 0x00c0  OS Version: 5.1.2600 ServicePack: 3.0
20:26:49.0046 0x00c0  Product type: Workstation
20:26:49.0046 0x00c0  ComputerName: DEN
20:26:49.0046 0x00c0  UserName: Rebeccah
20:26:49.0046 0x00c0  Windows directory: C:\WINDOWS
20:26:49.0046 0x00c0  System windows directory: C:\WINDOWS
20:26:49.0046 0x00c0  Processor architecture: Intel x86
20:26:49.0046 0x00c0  Number of processors: 4
20:26:49.0046 0x00c0  Page size: 0x1000
20:26:49.0046 0x00c0  Boot type: Normal boot
20:26:49.0046 0x00c0  ============================================================
20:26:51.0937 0x00c0  KLMD registered as C:\WINDOWS\system32\drivers\69027007.sys
20:26:52.0187 0x00c0  System UUID: {3C8F77B6-6275-6FEF-C0B2-392A9FA6E805}
20:26:52.0921 0x00c0  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:26:52.0921 0x00c0  Drive \Device\Harddisk1\DR1 - Size: 0x1C9FDE7E00 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3A62, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:26:52.0937 0x00c0  ============================================================
20:26:52.0937 0x00c0  \Device\Harddisk0\DR0:
20:26:52.0937 0x00c0  MBR partitions:
20:26:52.0937 0x00c0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
20:26:52.0937 0x00c0  \Device\Harddisk1\DR1:
20:26:52.0937 0x00c0  MBR partitions:
20:26:52.0937 0x00c0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE4F80E2
20:26:52.0937 0x00c0  ============================================================
20:26:52.0953 0x00c0  C: <-> \Device\Harddisk0\DR0\Partition1
20:26:52.0984 0x00c0  F: <-> \Device\Harddisk1\DR1\Partition1
20:26:52.0984 0x00c0  ============================================================
20:26:52.0984 0x00c0  Initialize success
20:26:52.0984 0x00c0  ============================================================
20:27:37.0515 0x0228  ============================================================
20:27:37.0515 0x0228  Scan started
20:27:37.0515 0x0228  Mode: Manual;
20:27:37.0515 0x0228  ============================================================
20:27:37.0515 0x0228  KSN ping started
20:27:40.0062 0x0228  KSN ping finished: true
20:27:40.0750 0x0228  ================ Scan system memory ========================
20:27:40.0750 0x0228  System memory - ok
20:27:40.0750 0x0228  ================ Scan services =============================
20:27:40.0843 0x0228  Abiosdsk - ok
20:27:40.0859 0x0228  abp480n5 - ok
20:27:40.0906 0x0228  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:27:40.0906 0x0228  ACPI - ok
20:27:41.0046 0x0228  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:27:41.0109 0x0228  ACPIEC - ok
20:27:41.0187 0x0228  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:27:41.0203 0x0228  AdobeFlashPlayerUpdateSvc - ok
20:27:41.0203 0x0228  adpu160m - ok
20:27:41.0234 0x0228  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:27:41.0250 0x0228  aec - ok
20:27:41.0281 0x0228  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:27:41.0296 0x0228  AFD - ok
20:27:41.0296 0x0228  Aha154x - ok
20:27:41.0296 0x0228  aic78u2 - ok
20:27:41.0296 0x0228  aic78xx - ok
20:27:41.0343 0x0228  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:27:41.0343 0x0228  Alerter - ok
20:27:41.0390 0x0228  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
20:27:41.0390 0x0228  ALG - ok
20:27:41.0406 0x0228  AliIde - ok
20:27:41.0406 0x0228  amsint - ok
20:27:41.0500 0x0228  [ 2E3E53A6AEF23E24F402C7855B9B1542, 0327D3609B2EA3705B35875A68C0EA3281983091B8BA56CF7CC0686E6CEFD495 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:27:41.0500 0x0228  Apple Mobile Device - ok
20:27:41.0562 0x0228  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:27:41.0593 0x0228  AppMgmt - ok
20:27:41.0593 0x0228  asc - ok
20:27:41.0593 0x0228  asc3350p - ok
20:27:41.0593 0x0228  asc3550 - ok
20:27:41.0703 0x0228  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:27:41.0734 0x0228  aspnet_state - ok
20:27:41.0765 0x0228  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:27:41.0765 0x0228  AsyncMac - ok
20:27:41.0796 0x0228  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:27:41.0796 0x0228  atapi - ok
20:27:41.0812 0x0228  Atdisk - ok
20:27:41.0875 0x0228  [ 7EEB8386F9AC3721EDAD9B21E5C2F2D4, 09A811AC15606A590A9F58331304EEDDC4E4A77E53FC9ACFB91A8E815A7F4E5D ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:27:41.0921 0x0228  Ati HotKey Poller - ok
20:27:42.0250 0x0228  [ 28F1B6CCD2E0A184DA7D9F266BFEB267, 13FD89048DEB57CBB24B96F7DAD0BE386F9E50870F0312CE7AFCEA852CCFAC94 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:27:42.0453 0x0228  ati2mtag - ok
20:27:42.0500 0x0228  [ 924971A182E07463765EF9FA8876F24F, 62B849254390411AB33B2F0E209971970ADDD95D176803ADD9AFD19C493B3228 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
20:27:42.0500 0x0228  AtiHDAudioService - ok
20:27:42.0531 0x0228  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:27:42.0546 0x0228  Atmarpc - ok
20:27:42.0578 0x0228  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:27:42.0578 0x0228  AudioSrv - ok
20:27:42.0625 0x0228  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:27:42.0625 0x0228  audstub - ok
20:27:42.0671 0x0228  [ 9C7C45DE9E167F6268D32D6D10133F7D, 58005B49AE6D5CABB3ECEFF0D800F53D6E81A67B5EFE25E9374EC061FEC5601F ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
20:27:42.0671 0x0228  Avgdiskx - ok
20:27:42.0875 0x0228  [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
20:27:43.0015 0x0228  AVGIDSAgent - ok
20:27:43.0062 0x0228  [ C66B17D93F94622293608C2FB91C5806, 5BA6948A5328D73B1BAF6DACC7B2A842FD0072246DD416DE39F6993EAABC2997 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
20:27:43.0062 0x0228  AVGIDSDriver - ok
20:27:43.0078 0x0228  [ 0C70FAB4B08DC1FF6612AA3F352CFCA9, 6991B6A9E5063611C280968F758E6B0F431E19EB8539808531C6293A0F313C47 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
20:27:43.0078 0x0228  AVGIDSHX - ok
20:27:43.0093 0x0228  [ 4118A9D326A76D485713A36988102C3E, 10C494165258D091AB31533C37FA05C29013471D5B2D6BDA60F731715FA02248 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
20:27:43.0093 0x0228  AVGIDSShim - ok
20:27:43.0140 0x0228  [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:27:43.0156 0x0228  Avgldx86 - ok
20:27:43.0156 0x0228  [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
20:27:43.0171 0x0228  Avglogx - ok
20:27:43.0171 0x0228  [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:27:43.0187 0x0228  Avgmfx86 - ok
20:27:43.0187 0x0228  [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:27:43.0187 0x0228  Avgrkx86 - ok
20:27:43.0218 0x0228  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:27:43.0234 0x0228  Avgtdix - ok
20:27:43.0281 0x0228  [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
20:27:43.0281 0x0228  avgtp - ok
20:27:43.0328 0x0228  [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
20:27:43.0343 0x0228  avgwd - ok
20:27:43.0390 0x0228  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:27:43.0390 0x0228  Beep - ok
20:27:43.0453 0x0228  [ BE5D50529799B9BAB6BE879EC768B6CF, 7110AFC1E16584C8C194EE0DE9D779A159D1AD2553EA650324F16C3DA847DE72 ] BIOS            C:\WINDOWS\system32\drivers\BIOS.sys
20:27:43.0484 0x0228  BIOS - ok
20:27:43.0531 0x0228  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:27:43.0593 0x0228  BITS - ok
20:27:43.0671 0x0228  [ 5AB58C337AC65837FE404462AD6265AB, F7E145F5D8DB1017D5B7B9D5380100F170FE5CC2050B5F7346A521B7B72D2166 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:27:43.0687 0x0228  Bonjour Service - ok
20:27:43.0734 0x0228  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
20:27:43.0734 0x0228  Browser - ok
20:27:43.0781 0x0228  [ 248DFA5762DDE38DFDDBBD44149E9D7A, D696D5698B7B5B331A6ED39172015349685450D10F63B1E4D4112199198FA5C7 ] BVRPMPR5        C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
20:27:43.0781 0x0228  BVRPMPR5 - ok
20:27:43.0812 0x0228  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:27:43.0812 0x0228  cbidf2k - ok
20:27:43.0812 0x0228  cd20xrnt - ok
20:27:43.0875 0x0228  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:27:43.0875 0x0228  Cdaudio - ok
20:27:43.0921 0x0228  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:27:43.0921 0x0228  Cdfs - ok
20:27:43.0968 0x0228  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:27:43.0968 0x0228  Cdrom - ok
20:27:43.0968 0x0228  Changer - ok
20:27:44.0031 0x0228  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:27:44.0031 0x0228  CiSvc - ok
20:27:44.0078 0x0228  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:27:44.0078 0x0228  ClipSrv - ok
20:27:44.0109 0x0228  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:27:44.0156 0x0228  clr_optimization_v2.0.50727_32 - ok
20:27:44.0156 0x0228  CmdIde - ok
20:27:44.0156 0x0228  COMSysApp - ok
20:27:44.0203 0x0228  Cpqarray - ok
20:27:44.0218 0x0228  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:27:44.0218 0x0228  CryptSvc - ok
20:27:44.0250 0x0228  dac2w2k - ok
20:27:44.0250 0x0228  dac960nt - ok
20:27:44.0296 0x0228  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:27:44.0343 0x0228  DcomLaunch - ok
20:27:44.0375 0x0228  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:27:44.0375 0x0228  Dhcp - ok
20:27:44.0406 0x0228  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:27:44.0406 0x0228  Disk - ok
20:27:44.0406 0x0228  dmadmin - ok
20:27:44.0468 0x0228  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:27:44.0500 0x0228  dmboot - ok
20:27:44.0515 0x0228  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:27:44.0515 0x0228  dmio - ok
20:27:44.0531 0x0228  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:27:44.0531 0x0228  dmload - ok
20:27:44.0562 0x0228  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:27:44.0562 0x0228  dmserver - ok
20:27:44.0578 0x0228  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:27:44.0578 0x0228  DMusic - ok
20:27:44.0625 0x0228  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:27:44.0640 0x0228  Dnscache - ok
20:27:44.0687 0x0228  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:27:44.0687 0x0228  Dot3svc - ok
20:27:44.0703 0x0228  dpti2o - ok
20:27:44.0734 0x0228  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:27:44.0734 0x0228  drmkaud - ok
20:27:44.0781 0x0228  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:27:44.0781 0x0228  EapHost - ok
20:27:44.0796 0x0228  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:27:44.0796 0x0228  ERSvc - ok
20:27:44.0843 0x0228  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
20:27:44.0843 0x0228  Eventlog - ok
20:27:44.0890 0x0228  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\System32\es.dll
20:27:44.0906 0x0228  EventSystem - ok
20:27:44.0953 0x0228  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:27:44.0953 0x0228  Fastfat - ok
20:27:45.0000 0x0228  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:27:45.0000 0x0228  FastUserSwitchingCompatibility - ok
20:27:45.0046 0x0228  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:27:45.0046 0x0228  Fdc - ok
20:27:45.0093 0x0228  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:27:45.0093 0x0228  Fips - ok
20:27:45.0109 0x0228  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:27:45.0109 0x0228  Flpydisk - ok
20:27:45.0156 0x0228  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:27:45.0171 0x0228  FltMgr - ok
20:27:45.0281 0x0228  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:27:45.0296 0x0228  FontCache3.0.0.0 - ok
20:27:45.0312 0x0228  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:27:45.0312 0x0228  Fs_Rec - ok
20:27:45.0312 0x0228  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:27:45.0328 0x0228  Ftdisk - ok
20:27:45.0359 0x0228  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:27:45.0375 0x0228  GEARAspiWDM - ok
20:27:45.0421 0x0228  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:27:45.0421 0x0228  Gpc - ok
20:27:45.0484 0x0228  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:27:45.0484 0x0228  gupdate - ok
20:27:45.0500 0x0228  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:27:45.0500 0x0228  gupdatem - ok
20:27:45.0531 0x0228  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:27:45.0531 0x0228  HDAudBus - ok
20:27:45.0625 0x0228  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:27:45.0625 0x0228  helpsvc - ok
20:27:45.0671 0x0228  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
20:27:45.0671 0x0228  HidServ - ok
20:27:45.0687 0x0228  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:27:45.0687 0x0228  hidusb - ok
20:27:45.0718 0x0228  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:27:45.0734 0x0228  hkmsvc - ok
20:27:45.0734 0x0228  hpn - ok
20:27:45.0781 0x0228  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:27:45.0796 0x0228  HTTP - ok
20:27:45.0828 0x0228  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:27:45.0828 0x0228  HTTPFilter - ok
20:27:45.0843 0x0228  i2omgmt - ok
20:27:45.0843 0x0228  i2omp - ok
20:27:45.0875 0x0228  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:27:45.0875 0x0228  i8042prt - ok
20:27:45.0984 0x0228  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:27:46.0140 0x0228  idsvc - ok
20:27:46.0234 0x0228  [ 78DF31CDD3A380E7F9CFCC8B4E24813C, 8EA190D5773908D820C584F99AE5270112558D83B664846A102124DE9B070D01 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
20:27:46.0234 0x0228  IJPLMSVC - ok
20:27:46.0265 0x0228  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:27:46.0281 0x0228  Imapi - ok
20:27:46.0328 0x0228  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\System32\imapi.exe
20:27:46.0328 0x0228  ImapiService - ok
20:27:46.0343 0x0228  ini910u - ok
20:27:46.0562 0x0228  [ CDFD5A68A2E1CAA89C5C0E0B3CB98731, 32CE18E6009E17DC2F49C473333F920000193F6A72F1F53F4E61113A4577470B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:27:46.0656 0x0228  IntcAzAudAddService - ok
20:27:46.0671 0x0228  IntelIde - ok
20:27:46.0687 0x0228  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:27:46.0687 0x0228  ip6fw - ok
20:27:46.0718 0x0228  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:27:46.0718 0x0228  IpFilterDriver - ok
20:27:46.0718 0x0228  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:27:46.0718 0x0228  IpInIp - ok
20:27:46.0765 0x0228  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:27:46.0765 0x0228  IpNat - ok
20:27:46.0812 0x0228  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:27:46.0812 0x0228  IPSec - ok
20:27:46.0859 0x0228  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:27:46.0859 0x0228  IRENUM - ok
20:27:46.0906 0x0228  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:27:46.0906 0x0228  isapnp - ok
20:27:46.0968 0x0228  [ FE1A970E7CE330BB844E333C374C6599, E63387A285C8B6D54963B6BD71FF5A9584E3B68E5E382AE4FB088BA3D9407A82 ] iWinTrusted     C:\Program Files\iWin Games\iWinTrusted.exe
20:27:46.0968 0x0228  iWinTrusted - ok
20:27:47.0031 0x0228  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:27:47.0031 0x0228  JavaQuickStarterService - ok
20:27:47.0062 0x0228  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:27:47.0078 0x0228  Kbdclass - ok
20:27:47.0093 0x0228  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:27:47.0093 0x0228  kbdhid - ok
20:27:47.0109 0x0228  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:27:47.0125 0x0228  kmixer - ok
20:27:47.0140 0x0228  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:27:47.0156 0x0228  KSecDD - ok
20:27:47.0156 0x0228  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:27:47.0171 0x0228  lanmanserver - ok
20:27:47.0187 0x0228  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:27:47.0203 0x0228  lanmanworkstation - ok
20:27:47.0250 0x0228  [ BE2DC24D403643A2D1D98F33C7087B38, 0E72CAABFD41A30E6BD8E8EC7C75CAC6F96C4C32D578B58913686F1326116678 ] LBeepKE         C:\WINDOWS\system32\Drivers\LBeepKE.sys
20:27:47.0250 0x0228  LBeepKE - ok
20:27:47.0250 0x0228  lbrtfdc - ok
20:27:47.0375 0x0228  [ 910344E2A984010435AE84783B25E5EB, 0A547AA691EE89383A8DDF5191943C9AB4021BFD55B51504E81308C52EBE5130 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:27:47.0390 0x0228  LBTServ - ok
20:27:47.0406 0x0228  Level Quality Watcher - ok
20:27:47.0437 0x0228  [ 01CC7FB6E790EF044B411377F3A1FF41, A935C0C45F7A8EA7D6A462064928B6F982709FB33C21DE6424232297F3A1948B ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:27:47.0437 0x0228  LHidFilt - ok
20:27:47.0484 0x0228  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:27:47.0484 0x0228  LmHosts - ok
20:27:47.0500 0x0228  [ A2E7EAE8898D7B4B8C302B8F4E836BB5, 1F3C1228891C90B4567DE07AD8A9EF1F5005ED74A71EC5E814906FEF44D02ADC ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:27:47.0500 0x0228  LMouFilt - ok
20:27:47.0531 0x0228  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:27:47.0531 0x0228  Messenger - ok
20:27:47.0562 0x0228  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:27:47.0562 0x0228  mnmdd - ok
20:27:47.0609 0x0228  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
20:27:47.0625 0x0228  mnmsrvc - ok
20:27:47.0671 0x0228  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:27:47.0671 0x0228  Modem - ok
20:27:47.0687 0x0228  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:27:47.0687 0x0228  Mouclass - ok
20:27:47.0718 0x0228  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:27:47.0718 0x0228  mouhid - ok
20:27:47.0765 0x0228  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:27:47.0765 0x0228  MountMgr - ok
20:27:47.0828 0x0228  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:27:47.0828 0x0228  MozillaMaintenance - ok
20:27:47.0843 0x0228  mraid35x - ok
20:27:47.0875 0x0228  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:27:47.0875 0x0228  MRxDAV - ok
20:27:47.0921 0x0228  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:27:47.0968 0x0228  MRxSmb - ok
20:27:48.0000 0x0228  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
20:27:48.0000 0x0228  MSDTC - ok
20:27:48.0015 0x0228  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:27:48.0015 0x0228  Msfs - ok
20:27:48.0031 0x0228  MSICDSetup - ok
20:27:48.0031 0x0228  MSIServer - ok
20:27:48.0062 0x0228  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:27:48.0062 0x0228  MSKSSRV - ok
20:27:48.0062 0x0228  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:27:48.0062 0x0228  MSPCLOCK - ok
20:27:48.0078 0x0228  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:27:48.0078 0x0228  MSPQM - ok
20:27:48.0125 0x0228  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:27:48.0125 0x0228  mssmbios - ok
20:27:48.0140 0x0228  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:27:48.0140 0x0228  Mup - ok
20:27:48.0218 0x0228  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:27:48.0250 0x0228  napagent - ok
20:27:48.0265 0x0228  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:27:48.0265 0x0228  NDIS - ok
20:27:48.0296 0x0228  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:27:48.0296 0x0228  NdisTapi - ok
20:27:48.0312 0x0228  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:27:48.0312 0x0228  Ndisuio - ok
20:27:48.0359 0x0228  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:27:48.0359 0x0228  NdisWan - ok
20:27:48.0406 0x0228  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:27:48.0406 0x0228  NDProxy - ok
20:27:48.0453 0x0228  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:27:48.0453 0x0228  NetBIOS - ok
20:27:48.0468 0x0228  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:27:48.0468 0x0228  NetBT - ok
20:27:48.0515 0x0228  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:27:48.0531 0x0228  NetDDE - ok
20:27:48.0531 0x0228  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:27:48.0531 0x0228  NetDDEdsdm - ok
20:27:48.0578 0x0228  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\System32\lsass.exe
20:27:48.0578 0x0228  Netlogon - ok
20:27:48.0625 0x0228  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
20:27:48.0640 0x0228  Netman - ok
20:27:48.0671 0x0228  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:27:48.0671 0x0228  NetTcpPortSharing - ok
20:27:48.0703 0x0228  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:27:48.0718 0x0228  Nla - ok
20:27:48.0765 0x0228  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:27:48.0765 0x0228  Npfs - ok
20:27:48.0828 0x0228  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:27:48.0843 0x0228  Ntfs - ok
20:27:48.0843 0x0228  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
20:27:48.0843 0x0228  NtLmSsp - ok
20:27:48.0875 0x0228  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:27:48.0921 0x0228  NtmsSvc - ok
20:27:48.0953 0x0228  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:27:48.0953 0x0228  Null - ok
20:27:49.0359 0x0228  [ 30913CBF518396912E54C2C9F1DD0F09, 4B16EED1A26CF7D31AED1DA252E05615AC0F85E71D336D4F1D98498ACCF7168B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:27:49.0718 0x0228  nv - ok
20:27:49.0781 0x0228  [ C0204C1A7A2D2433D48F49E4ECC09AB6, CC6CC0B97D0469C0D72C74AE1F8A5577201872B724ED411AC2309C77A182A4F2 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
20:27:49.0781 0x0228  NVSvc - ok
20:27:49.0812 0x0228  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:27:49.0812 0x0228  NwlnkFlt - ok
20:27:49.0828 0x0228  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:27:49.0828 0x0228  NwlnkFwd - ok
20:27:49.0843 0x0228  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:27:49.0843 0x0228  Parport - ok
20:27:49.0875 0x0228  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:27:49.0875 0x0228  PartMgr - ok
20:27:49.0906 0x0228  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:27:49.0906 0x0228  ParVdm - ok
20:27:49.0937 0x0228  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:27:49.0937 0x0228  PCI - ok
20:27:49.0953 0x0228  PCIDump - ok
20:27:49.0953 0x0228  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:27:49.0968 0x0228  PCIIde - ok
20:27:49.0984 0x0228  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:27:50.0000 0x0228  Pcmcia - ok
20:27:50.0000 0x0228  PDCOMP - ok
20:27:50.0000 0x0228  PDFRAME - ok
20:27:50.0000 0x0228  PDRELI - ok
20:27:50.0000 0x0228  PDRFRAME - ok
20:27:50.0015 0x0228  perc2 - ok
20:27:50.0015 0x0228  perc2hib - ok
20:27:50.0046 0x0228  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:27:50.0046 0x0228  PlugPlay - ok
20:27:50.0078 0x0228  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
20:27:50.0078 0x0228  PolicyAgent - ok
20:27:50.0125 0x0228  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:27:50.0140 0x0228  PptpMiniport - ok
20:27:50.0171 0x0228  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
20:27:50.0171 0x0228  Processor - ok
20:27:50.0187 0x0228  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:27:50.0187 0x0228  ProtectedStorage - ok
20:27:50.0187 0x0228  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:27:50.0187 0x0228  PSched - ok
20:27:50.0203 0x0228  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:27:50.0203 0x0228  Ptilink - ok
20:27:50.0218 0x0228  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:27:50.0218 0x0228  PxHelp20 - ok
20:27:50.0234 0x0228  ql1080 - ok
20:27:50.0250 0x0228  Ql10wnt - ok
20:27:50.0250 0x0228  ql12160 - ok
20:27:50.0250 0x0228  ql1240 - ok
20:27:50.0250 0x0228  ql1280 - ok
20:27:50.0281 0x0228  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:27:50.0281 0x0228  RasAcd - ok
20:27:50.0312 0x0228  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:27:50.0328 0x0228  RasAuto - ok
20:27:50.0343 0x0228  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:27:50.0359 0x0228  Rasl2tp - ok
20:27:50.0406 0x0228  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:27:50.0406 0x0228  RasMan - ok
20:27:50.0453 0x0228  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:27:50.0453 0x0228  RasPppoe - ok
20:27:50.0453 0x0228  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:27:50.0453 0x0228  Raspti - ok
20:27:50.0484 0x0228  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:27:50.0500 0x0228  Rdbss - ok
20:27:50.0500 0x0228  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:27:50.0500 0x0228  RDPCDD - ok
20:27:50.0546 0x0228  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:27:50.0546 0x0228  rdpdr - ok
20:27:50.0593 0x0228  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:27:50.0593 0x0228  RDPWD - ok
20:27:50.0640 0x0228  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:27:50.0640 0x0228  RDSessMgr - ok
20:27:50.0734 0x0228  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
20:27:50.0734 0x0228  RealNetworks Downloader Resolver Service - ok
20:27:50.0781 0x0228  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:27:50.0781 0x0228  redbook - ok
20:27:50.0812 0x0228  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:27:50.0828 0x0228  RemoteAccess - ok
20:27:50.0859 0x0228  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:27:50.0859 0x0228  RemoteRegistry - ok
20:27:50.0906 0x0228  [ 4F4A4C09CC5BE58A76CAC1C337E004E6, 5DFFB1C60709A80DAC46BCBB9BA76408332A681EFA6ABB330CD74236109F4296 ] RimUsb          C:\WINDOWS\system32\Drivers\RimUsb.sys
20:27:50.0906 0x0228  RimUsb - ok
20:27:50.0953 0x0228  [ 3A5633AD615E2B15291BD0B1B97CCD8A, 17E6FE788E8FBC6CB84B68F49FAFB4F63398EA97D89AACF677B338464B68E2AD ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:27:50.0968 0x0228  RimVSerPort - ok
20:27:51.0015 0x0228  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
20:27:51.0015 0x0228  ROOTMODEM - ok
20:27:51.0015 0x0228  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\System32\locator.exe
20:27:51.0031 0x0228  RpcLocator - ok
20:27:51.0078 0x0228  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:27:51.0078 0x0228  RpcSs - ok
20:27:51.0093 0x0228  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
20:27:51.0093 0x0228  RSVP - ok
20:27:51.0156 0x0228  [ 9E66148B3F27EE5D88DC13F9DAD5A9AB, 10BF3CF3A8819BE47475103FE563405D15C2A48A7E2BE7106C0C8E64153538D0 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:27:51.0156 0x0228  RTLE8023xp - ok
20:27:51.0187 0x0228  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:27:51.0187 0x0228  SamSs - ok
20:27:51.0203 0x0228  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:27:51.0203 0x0228  SCardSvr - ok
20:27:51.0250 0x0228  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:27:51.0250 0x0228  Schedule - ok
20:27:51.0296 0x0228  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:27:51.0328 0x0228  Secdrv - ok
20:27:51.0359 0x0228  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:27:51.0359 0x0228  seclogon - ok
20:27:51.0390 0x0228  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
20:27:51.0390 0x0228  SENS - ok
20:27:51.0437 0x0228  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:27:51.0437 0x0228  serenum - ok
20:27:51.0453 0x0228  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:27:51.0453 0x0228  Serial - ok
20:27:51.0500 0x0228  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:27:51.0500 0x0228  Sfloppy - ok
20:27:51.0546 0x0228  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:27:51.0593 0x0228  SharedAccess - ok
20:27:51.0640 0x0228  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:27:51.0640 0x0228  ShellHWDetection - ok
20:27:51.0640 0x0228  Simbad - ok
20:27:51.0703 0x0228  [ 3E587DBBDFF938DDE5D4CE4047BE9041, CA13B2C50FB09365362077AEC4B25120CF09F8C35702F645922D618FE57B5E05 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
20:27:51.0703 0x0228  SkypeUpdate - ok
20:27:51.0718 0x0228  Sparrow - ok
20:27:51.0750 0x0228  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:27:51.0750 0x0228  splitter - ok
20:27:51.0796 0x0228  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:27:51.0812 0x0228  Spooler - ok
20:27:51.0859 0x0228  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:27:51.0859 0x0228  sr - ok
20:27:51.0906 0x0228  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\System32\srsvc.dll
20:27:51.0921 0x0228  srservice - ok
20:27:51.0953 0x0228  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:27:51.0968 0x0228  Srv - ok
20:27:52.0000 0x0228  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:27:52.0015 0x0228  SSDPSRV - ok
20:27:52.0062 0x0228  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:27:52.0109 0x0228  stisvc - ok
20:27:52.0156 0x0228  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:27:52.0156 0x0228  swenum - ok
20:27:52.0203 0x0228  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:27:52.0203 0x0228  swmidi - ok
20:27:52.0203 0x0228  SwPrv - ok
20:27:52.0218 0x0228  symc810 - ok
20:27:52.0218 0x0228  symc8xx - ok
20:27:52.0218 0x0228  sym_hi - ok
20:27:52.0218 0x0228  sym_u3 - ok
20:27:52.0250 0x0228  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:27:52.0250 0x0228  sysaudio - ok
20:27:52.0296 0x0228  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:27:52.0296 0x0228  SysmonLog - ok
20:27:52.0343 0x0228  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:27:52.0359 0x0228  TapiSrv - ok
20:27:52.0406 0x0228  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:27:52.0421 0x0228  Tcpip - ok
20:27:52.0468 0x0228  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:27:52.0468 0x0228  TDPIPE - ok
20:27:52.0500 0x0228  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:27:52.0500 0x0228  TDTCP - ok
20:27:52.0703 0x0228  [ 7C8DD5576695B3362202EF09B20C425E, 694A89D6578652A5AFA6C0331A3D76D74C1151BA60FC5B783B2E090BA90FD0CD ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
20:27:52.0781 0x0228  TeamViewer8 - ok
20:27:52.0812 0x0228  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:27:52.0828 0x0228  TermDD - ok
20:27:52.0875 0x0228  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:27:52.0890 0x0228  TermService - ok
20:27:52.0921 0x0228  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:27:52.0937 0x0228  Themes - ok
20:27:52.0984 0x0228  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
20:27:52.0984 0x0228  TlntSvr - ok
20:27:52.0984 0x0228  TosIde - ok
20:27:53.0015 0x0228  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:27:53.0015 0x0228  TrkWks - ok
20:27:53.0062 0x0228  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:27:53.0062 0x0228  Udfs - ok
20:27:53.0062 0x0228  ultra - ok
20:27:53.0109 0x0228  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:27:53.0171 0x0228  Update - ok
20:27:53.0203 0x0228  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:27:53.0203 0x0228  upnphost - ok
20:27:53.0218 0x0228  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
20:27:53.0218 0x0228  UPS - ok
20:27:53.0250 0x0228  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
20:27:53.0250 0x0228  usbaudio - ok
20:27:53.0296 0x0228  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:27:53.0296 0x0228  usbccgp - ok
20:27:53.0328 0x0228  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:27:53.0328 0x0228  usbehci - ok
20:27:53.0390 0x0228  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:27:53.0390 0x0228  usbhub - ok
20:27:53.0437 0x0228  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:27:53.0437 0x0228  usbohci - ok
20:27:53.0468 0x0228  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:27:53.0468 0x0228  usbprint - ok
20:27:53.0500 0x0228  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:27:53.0500 0x0228  usbscan - ok
20:27:53.0531 0x0228  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:27:53.0531 0x0228  USBSTOR - ok
20:27:53.0546 0x0228  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:27:53.0546 0x0228  VgaSave - ok
20:27:53.0546 0x0228  ViaIde - ok
20:27:53.0578 0x0228  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:27:53.0578 0x0228  VolSnap - ok
20:27:53.0609 0x0228  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:27:53.0640 0x0228  VSS - ok
20:27:53.0734 0x0228  [ FC449AC1571F39B961CF401FA6C55F47, 6395B47B128C6888DF6D252843ADA13652AF3F0C3C0F3DA34A8FDD64CA6F705E ] vToolbarUpdater17.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
20:27:53.0812 0x0228  vToolbarUpdater17.2.0 - ok
20:27:53.0843 0x0228  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\System32\w32time.dll
20:27:53.0843 0x0228  W32Time - ok
20:27:53.0875 0x0228  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:27:53.0875 0x0228  Wanarp - ok
20:27:53.0921 0x0228  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
20:27:53.0937 0x0228  Wdf01000 - ok
20:27:53.0937 0x0228  WDICA - ok
20:27:53.0984 0x0228  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:27:53.0984 0x0228  wdmaud - ok
20:27:54.0015 0x0228  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:27:54.0031 0x0228  WebClient - ok
20:27:54.0125 0x0228  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:27:54.0125 0x0228  winmgmt - ok
20:27:54.0171 0x0228  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:27:54.0171 0x0228  WmdmPmSN - ok
20:27:54.0234 0x0228  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:27:54.0281 0x0228  Wmi - ok
20:27:54.0312 0x0228  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:27:54.0312 0x0228  WmiAcpi - ok
20:27:54.0359 0x0228  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:27:54.0375 0x0228  WmiApSrv - ok
20:27:54.0484 0x0228  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
20:27:54.0546 0x0228  WMPNetworkSvc - ok
20:27:54.0593 0x0228  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:27:54.0593 0x0228  WS2IFSL - ok
20:27:54.0656 0x0228  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:27:54.0656 0x0228  wscsvc - ok
20:27:54.0703 0x0228  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:27:54.0703 0x0228  wuauserv - ok
20:27:54.0750 0x0228  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:27:54.0765 0x0228  WudfPf - ok
20:27:54.0796 0x0228  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:27:54.0796 0x0228  WudfRd - ok
20:27:54.0828 0x0228  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:27:54.0828 0x0228  WudfSvc - ok
20:27:54.0875 0x0228  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:27:54.0921 0x0228  WZCSVC - ok
20:27:55.0000 0x0228  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:27:55.0015 0x0228  xmlprov - ok
20:27:55.0031 0x0228  ================ Scan global ===============================
20:27:55.0062 0x0228  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
20:27:55.0109 0x0228  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:27:55.0140 0x0228  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:27:55.0171 0x0228  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
20:27:55.0171 0x0228  [ Global ] - ok
20:27:55.0171 0x0228  ================ Scan MBR ==================================
20:27:55.0203 0x0228  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:27:55.0406 0x0228  \Device\Harddisk0\DR0 - ok
20:27:55.0406 0x0228  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:27:55.0531 0x0228  \Device\Harddisk1\DR1 - ok
20:27:55.0531 0x0228  ================ Scan VBR ==================================
20:27:55.0531 0x0228  [ EE106E9737A926BE72ED8BB8C69D48C5 ] \Device\Harddisk0\DR0\Partition1
20:27:55.0531 0x0228  \Device\Harddisk0\DR0\Partition1 - ok
20:27:55.0546 0x0228  [ B880DE740E4214013087F5F2BA1058AD ] \Device\Harddisk1\DR1\Partition1
20:27:55.0546 0x0228  \Device\Harddisk1\DR1\Partition1 - ok
20:27:55.0546 0x0228  Waiting for KSN requests completion. In queue: 194
20:27:56.0546 0x0228  Waiting for KSN requests completion. In queue: 194
20:27:57.0546 0x0228  Waiting for KSN requests completion. In queue: 194
20:27:58.0546 0x0228  Waiting for KSN requests completion. In queue: 194
20:27:59.0578 0x0228  AV detected via SS1: AVG AntiVirus Free Edition 2014, 2014.0, enabled, updated
20:27:59.0578 0x0228  Win FW state via NFM: enabled
20:28:02.0171 0x0228  ============================================================
20:28:02.0171 0x0228  Scan finished
20:28:02.0171 0x0228  ============================================================
20:28:02.0171 0x0310  Detected object count: 0
20:28:02.0171 0x0310  Actual detected object count: 0
20:38:27.0953 0x0988  Deinitialize success

 

aswMBR log: also found nothing
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-21 20:40:19
-----------------------------
20:40:19.328    OS Version: Windows 5.1.2600 Service Pack 3
20:40:19.328    Number of processors: 4 586 0x203
20:40:19.328    ComputerName: DEN  UserName:
20:40:20.312    Initialize success
20:40:32.875    AVAST engine download error: 0
20:40:38.718    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:40:38.718    Disk 0 Vendor: WDC_WD1600AAJS-60M0A0 02.03E02 Size: 152627MB BusType: 3
20:40:38.718    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-19
20:40:38.718    Disk 1 Vendor: Maxtor_6Y120P0 YAR41BW0 Size: 117245MB BusType: 3
20:40:38.875    Disk 0 MBR read successfully
20:40:38.875    Disk 0 MBR scan
20:40:38.875    Disk 0 Windows XP default MBR code
20:40:38.890    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 63
20:40:38.890    Disk 0 scanning sectors +312560640
20:40:38.968    Disk 0 scanning C:\WINDOWS\system32\drivers
20:40:46.890    Service scanning
20:40:57.750    Modules scanning
20:41:03.375    Disk 0 trace - called modules:
20:41:03.375    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:41:03.375    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b1b5ab8]
20:41:03.375    3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000071[0x8b1ba9e8]
20:41:03.375    5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b1a8d98]
20:41:03.375    Scan finished successfully
20:42:10.421    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rebeccah\Desktop\MBR.dat"
20:42:10.437    The log file has been saved successfully to "C:\Documents and Settings\Rebeccah\Desktop\aswMBR.txt"

 

 

I scanned with AVG again just to see if the threat was still there, but it failed to identify the Idle rootkit again. I'm confused because I am positive that it told me that the threat was not taken care of when I initially discovered it.

 



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 22 December 2013 - 12:04 AM

No problem we should also these. . I'll look back in the morning.

ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 bammageinc

bammageinc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 22 December 2013 - 04:07 AM

Here are the logs. Quite a few things were found with these tools.

 

AdwCleaner Report:

 

# AdwCleaner v3.015 - Report created 21/12/2013 at 21:14:23
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Rebeccah - DEN
# Running from : C:\Documents and Settings\Rebeccah\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Level Quality Watcher

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\ScorpionSaver Services
Folder Deleted : C:\Program Files\Protected
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\NativeMessaging
Folder Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Protected
Folder Deleted : C:\DOCUME~1\Rebeccah\LOCALS~1\Temp\Conduit
Folder Deleted : C:\Documents and Settings\Rebeccah\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Rebeccah\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Rebeccah\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Rebeccah\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\Randy\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Randy\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Randy\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Sherrie\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Sherrie\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Sherrie\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Robby\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Robby\Application Data\AVG Secure Search
[!] Folder Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[!] Folder Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\knhpkjjdbjjchglnophlnghcdefpanlc
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\AdpeakProxy.ini
File Deleted : C:\WINDOWS\system32\AdpeakProxyOff.ini
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\sweettunes_search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
File Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\knhpkjjdbjjchglnophlnghcdefpanlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\knhpkjjdbjjchglnophlnghcdefpanlc
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309762
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{93C6C05B-ED21-428B-9006-5E627B4AAA97}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{93C6C05B-ED21-428B-9006-5E627B4AAA97}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47083EF8-0FAA-4A75-AA61-1BB1A0B90504}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{739C0F75-B11B-4273-88A6-E5BB5B9960AA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\iWin Games\iWinGames.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\iWin Games\WebUpdater.exe]
Key Deleted : HKCU\Software\Adpeak, Inc.
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Protected
Key Deleted : HKLM\Software\Adpeak, Inc.
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\Scorpion Saver
Key Deleted : HKLM\Software\Protected
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Rebeccah\Application Data\Mozilla\Firefox\Profiles\wik3koad.default-1387020096750\prefs.js ]


[ File : C:\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\lt95x9m2.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\FireFoxExt\\17.2.0.38");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={9EE45527-4155-4E30-A311-D81401C66ADA}&mid=55b2a121cb82c19707b8ea865e7bfbe0-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&p[...]

[ File : C:\Documents and Settings\Sherrie\Application Data\Mozilla\Firefox\Profiles\oi2ciuqu.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\FireFoxExt\\17.2.0.38");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

[ File : C:\Documents and Settings\Robby\Application Data\Mozilla\Firefox\Profiles\uc25lpt7.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\Rebeccah\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [15039 octets] - [21/12/2013 21:11:52]
AdwCleaner[S0].txt - [15040 octets] - [21/12/2013 21:14:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15101 octets] ##########

 

 

Junkware Removal Tool Report:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Rebeccah on Sat 12/21/2013 at 21:24:08.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{997be6aa-a8c0-4099-9c1a-a2ed994b6798}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E2438018-9835-4DC7-9456-42C5E0B5D753}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{997be6aa-a8c0-4099-9c1a-a2ed994b6798}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Rebeccah\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/21/2013 at 21:28:46.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ESET Log:

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\Rebeccah\Application Data\Searchprotect\Res\SPSetup.exe.vir    multiple threats    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Rebeccah\Local Settings\Application Data\Protected\ldrtbProt.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Rebeccah\Local Settings\Application Data\Protected\tbProt.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Rebeccah\Local Settings\Temp\Conduit\mchecktbexist.exe.vir    Win32/Toolbar.Conduit.S application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Rebeccah\Local Settings\Temp\Conduit\mconduitinstaller.exe.vir    Win32/Toolbar.Conduit.S application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir    a variant of Win32/AdWare.Adpeak.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir    a variant of Win64/Adware.Adpeak.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Protected\ldrtbProt.dll.vir    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Protected\tbProt.dll.vir    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Randy\Local Settings\Temp\2EPw3te5.zip.part    a variant of Win32/Kryptik.BMBA trojan    deleted - quarantined
C:\Documents and Settings\Randy\Local Settings\Temp\9SJW_x9m.zip.part    a variant of Win32/Kryptik.BGCH trojan    deleted - quarantined
C:\Documents and Settings\Randy\Local Settings\Temp\ba213nWf.exe.part    a variant of Win32/Kryptik.BIYO trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Randy\Local Settings\Temp\O0TDkTqa.exe.part    Win32/LockScreen.AQD trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Randy\Local Settings\Temp\p1rQzcR3.zip.part    a variant of Win32/Kryptik.BMJV trojan    deleted - quarantined
C:\Documents and Settings\Randy\Local Settings\Temp\ra1GyyZg.exe.part    a variant of Win32/Kryptik.BIYO trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Randy\Local Settings\Temp\WCQAZRc+.exe.part    Win32/LockScreen.AQD trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Randy\Local Settings\Temp\_5xRDyT4.exe.part    a variant of Win32/Kryptik.BMBA trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Rebeccah\Application Data\Sun\Java\Deployment\cache\6.0\10\6a4d710a-7d026e4a    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\Rebeccah\Desktop\DPSetup.exe    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Documents and Settings\Rebeccah\Local Settings\Temp\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\Rebeccah\Local Settings\Temp\ScorpionSaverNew.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\Rebeccah\Local Settings\Temp\bhfiles\BrowserHelper.exe    MSIL/Toolbar.SmileysLove.B application    cleaned by deleting - quarantined
C:\Documents and Settings\Rebeccah\Local Settings\Temp\ct3309762\ieLogic.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\Rebeccah\Local Settings\Temp\ct3309762\sl.exe    Win32/Toolbar.Conduit.S application    cleaned by deleting - quarantined
C:\temp\000.exe    multiple threats    cleaned by deleting - quarantined
C:\temp\scorpionsaver.exe    Win32/AdWare.Adpeak.B application    cleaned by deleting - quarantined
C:\temp\ScorpionSaver.msi    Win32/AdWare.Adpeak.B application    deleted - quarantined
C:\temp\t.msi    Win32/AdWare.Adpeak.B application    cleaned by deleting - quarantined
C:\WINDOWS\Installer\530d0.msi    a variant of Win32/AdWare.Adpeak.B application    deleted - quarantined
F:\Documents and Settings\Aaron A\Local Settings\temp\AAWInstallerTemp\v9.0.7\Ad-Aware.msi    multiple threats    deleted - quarantined
F:\Documents and Settings\Aaron A\Local Settings\temp\AAWInstallerTemp\v9.6.0\Ad-Aware.msi    multiple threats    deleted - quarantined
F:\Documents and Settings\Randy\My Documents\Downloads\WeatherReportSetup.exe    Win32/Toolbar.Inbox.A application    cleaned by deleting - quarantined
F:\Documents and Settings\Sherrie\Local Settings\temp\jar_cache1784973876896926607.tmp    a variant of Java/TrojanDownloader.OpenStream.NBU trojan    cleaned by deleting - quarantined
F:\Documents and Settings\Sherrie\Local Settings\temp\jar_cache7047321175195370199.tmp    a variant of Java/Exploit.CVE-2010-0842.L trojan    cleaned by deleting - quarantined
F:\MGtools\Process.exe    Win32/PrcView application    cleaned by deleting - quarantined
F:\Program Files\3GPConverter\VideoConverter.exe    a variant of Win32/InstallCore.A application    cleaned by deleting - quarantined
F:\Qoobox\Quarantine\C\Documents and Settings\Aaron A\Application Data\Mozilla\Firefox\Profiles\58udvhtu.default\extensions\{f7eebce2-1e4c-4cf6-bc38-6614221aef65}\chrome.manifest.vir    Win32/TrojanDownloader.Tracur.F trojan    cleaned by deleting - quarantined
F:\Qoobox\Quarantine\C\Documents and Settings\Aaron A\Application Data\Mozilla\Firefox\Profiles\58udvhtu.default\extensions\{f7eebce2-1e4c-4cf6-bc38-6614221aef65}\chrome\xulcache.jar.vir    JS/Agent.NCP trojan    deleted - quarantined
F:\Qoobox\Quarantine\C\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\t8ktgmh4.default\extensions\{f7eebce2-1e4c-4cf6-bc38-6614221aef65}\chrome.manifest.vir    Win32/TrojanDownloader.Tracur.F trojan    cleaned by deleting - quarantined
F:\Qoobox\Quarantine\C\Documents and Settings\Randy\Application Data\Mozilla\Firefox\Profiles\t8ktgmh4.default\extensions\{f7eebce2-1e4c-4cf6-bc38-6614221aef65}\chrome\xulcache.jar.vir    JS/Agent.NCP trojan    deleted - quarantined
F:\Qoobox\Quarantine\C\Documents and Settings\Robby\Application Data\Mozilla\Firefox\Profiles\n4m677s9.default\extensions\{f7eebce2-1e4c-4cf6-bc38-6614221aef65}\chrome.manifest.vir    Win32/TrojanDownloader.Tracur.F trojan    cleaned by deleting - quarantined
F:\Qoobox\Quarantine\C\Documents and Settings\Robby\Application Data\Mozilla\Firefox\Profiles\n4m677s9.default\extensions\{f7eebce2-1e4c-4cf6-bc38-6614221aef65}\chrome\xulcache.jar.vir    JS/Agent.NCP trojan    deleted - quarantined
F:\Qoobox\Quarantine\C\Documents and Settings\Sherrie\Application Data\Mozilla\Firefox\Profiles\urld8yxj.default\extensions\{f7eebce2-1e4c-4cf6-bc38-6614221aef65}\chrome.manifest.vir    Win32/TrojanDownloader.Tracur.F trojan    cleaned by deleting - quarantined
F:\Qoobox\Quarantine\C\Documents and Settings\Sherrie\Application Data\Mozilla\Firefox\Profiles\urld8yxj.default\extensions\{f7eebce2-1e4c-4cf6-bc38-6614221aef65}\chrome\xulcache.jar.vir    JS/Agent.NCP trojan    deleted - quarantined
F:\RECYCLER\S-1-5-21-507921405-220523388-725345543-1003\Dc15.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
F:\WINDOWS\Installer\8977a.msi    multiple threats    deleted - quarantined
 



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 23 December 2013 - 09:53 AM

Thanks, looks good now...

last step.. Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 bammageinc

bammageinc
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 24 December 2013 - 02:48 AM

Ok, went ahead and made the new restore point. Everything is running super now! Thank you so much for your help. I really appreciate it. I hope you have a wonderful holiday.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 24 December 2013 - 10:34 PM

Thanks!! you also "santa:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users