Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC is extremely slow. Virus?


  • Please log in to reply
11 replies to this topic

#1 ppppesto

ppppesto

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 25 December 2013 - 10:49 AM

Hello, 

 

My parents' PC is running extremely slowly. I've run Malwarebytes Anti-Malware and Spybot but neither of them has picked up malware. Still, I'm wondering if there might be a virus.

 

Please help! Thank you.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 25 December 2013 - 10:55 AM

While we work on your machine and before you do anything below please remove Spybot from the machine it can cause issues during malware removal.

 

 

 

 

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

 


Download Security Check by screen317 from here.


  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

 

 


Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Post the log here,

  • Please download Adware cleaner from the link below.
  • http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
  • Save it to your desktop.
  • Right click run as admin.
  • Hit the scan button.
  • Allow completion.
  • Make sure all items are ticked.
  • Hit the clean button.
  • Even if no items are displayed to be ticked hit the clean button anyway.
  • The machine will reboot this is normal.
  • Post the log in your next reply.

 

Please download JRT from here & double click to start the program.

  1. Hit any key when prompted and allow it to run through it's process.

    H2HaYv4.png
  2. Post the log when it's finished.


#3 ppppesto

ppppesto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 25 December 2013 - 01:16 PM

MiniToolBox:


 

nytMiniToolBox by Farbar  Version: 18-12-2013

Ran by Administrator (administrator) on 25-12-2013 at 12:49:34
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
 
There are 15471 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Intel® PRO/1000 MT Network Connection = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : obasan
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Mixed
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection
 
        Physical Address. . . . . . . . . : 00-0D-56-87-A8-64
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.2
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
        Lease Obtained. . . . . . . . . . : Wednesday, December 25, 2013 7:49:18 AM
 
        Lease Expires . . . . . . . . . . : Thursday, December 26, 2013 7:49:18 AM
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  167.206.245.247, 167.206.245.232, 167.206.245.212, 167.206.245.222
 167.206.245.246, 167.206.245.242, 167.206.245.221, 167.206.245.227, 167.206.245.241
 167.206.245.231, 167.206.245.226, 167.206.245.216, 167.206.245.217, 167.206.245.236
 167.206.245.251, 167.206.245.237
 
 
 
Pinging google.com [167.206.245.212] with 32 bytes of data:
 
 
 
Reply from 167.206.245.212: bytes=32 time=9ms TTL=59
 
Reply from 167.206.245.212: bytes=32 time=9ms TTL=59
 
 
 
Ping statistics for 167.206.245.212:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 9ms, Maximum = 9ms, Average = 9ms
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24
 
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
 
 
 
Reply from 98.138.253.109: bytes=32 time=74ms TTL=48
 
Reply from 98.138.253.109: bytes=32 time=103ms TTL=48
 
 
 
Ping statistics for 98.138.253.109:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 74ms, Maximum = 103ms, Average = 88ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56 87 a8 64 ...... Intel® PRO/1000 MT Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.2  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      169.254.0.0      255.255.0.0      192.168.1.2     192.168.1.2  20
      192.168.1.0    255.255.255.0      192.168.1.2     192.168.1.2  20
      192.168.1.2  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255      192.168.1.2     192.168.1.2  20
        224.0.0.0        240.0.0.0      192.168.1.2     192.168.1.2  20
  255.255.255.255  255.255.255.255      192.168.1.2     192.168.1.2  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/25/2013 00:37:47 PM) (Source: Bonjour Service) (User: )
Description: 244: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
 
Error: (12/25/2013 00:37:04 PM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/25/2013 00:06:05 PM) (Source: MsiInstaller) (User: OBASAN)
Description: Product: ESSgui -- Error 1905.Module C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.
 
Error: (12/25/2013 00:05:41 PM) (Source: MsiInstaller) (User: OBASAN)
Description: Product: ESScore -- Error 1905.Module C:\Program Files\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.
 
Error: (12/25/2013 00:05:41 PM) (Source: MsiInstaller) (User: OBASAN)
Description: Product: ESScore -- Error 1905.Module C:\Program Files\Kodak\Kodak EasyShare software\bin\vdt.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.
 
Error: (12/25/2013 10:31:06 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 passthrough, P4 1.1.10201.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (12/25/2013 10:31:05 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.10201.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (12/25/2013 10:31:05 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.10201.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (12/25/2013 10:31:03 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.10201.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (12/25/2013 10:31:01 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.10201.0, P5 fixed, P6 1 _ 1024, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
 
System errors:
=============
Error: (12/25/2013 00:06:02 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll.
Reference error message: The operation completed successfully.
.
 
Error: (12/25/2013 00:06:02 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFC.
Reference error message: The referenced assembly is not installed on your system.
.
 
Error: (12/25/2013 00:06:02 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
 
Error: (12/25/2013 00:06:02 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll.
Reference error message: The operation completed successfully.
.
 
Error: (12/25/2013 00:06:02 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFC.
Reference error message: The referenced assembly is not installed on your system.
.
 
Error: (12/25/2013 00:06:02 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
 
Error: (12/25/2013 00:04:54 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll.
Reference error message: The operation completed successfully.
.
 
Error: (12/25/2013 00:04:54 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.ATL.
Reference error message: The referenced assembly is not installed on your system.
.
 
Error: (12/25/2013 00:04:54 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.ATL could not be found and Last Error was The referenced assembly is not installed on your system.
 
Error: (12/25/2013 00:04:54 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Kodak\Kodak EasyShare software\bin\vdt.dll.
Reference error message: The operation completed successfully.
.
 
 
Microsoft Office Sessions:
=========================
Error: (12/25/2013 00:37:47 PM) (Source: Bonjour Service)(User: )
Description: 244: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
 
Error: (12/25/2013 00:37:04 PM) (Source: Application Hang)(User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000
 
Error: (12/25/2013 00:06:05 PM) (Source: MsiInstaller)(User: OBASAN)
Description: Product: ESSgui -- Error 1905.Module C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.(NULL)(NULL)(NULL)
 
Error: (12/25/2013 00:05:41 PM) (Source: MsiInstaller)(User: OBASAN)
Description: Product: ESScore -- Error 1905.Module C:\Program Files\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.(NULL)(NULL)(NULL)
 
Error: (12/25/2013 00:05:41 PM) (Source: MsiInstaller)(User: OBASAN)
Description: Product: ESScore -- Error 1905.Module C:\Program Files\Kodak\Kodak EasyShare software\bin\vdt.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.(NULL)(NULL)(NULL)
 
Error: (12/25/2013 10:31:06 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.4.304.0passthrough1.1.10201.0fixed1 _ 10245 _ not bootNILNILNIL
 
Error: (12/25/2013 10:31:05 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.4.304.0timeout1.1.10201.0fixed1 _ 10245 _ not bootNILNILNIL
 
Error: (12/25/2013 10:31:05 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.4.304.0timeout1.1.10201.0fixed1 _ 10245 _ not bootNILNILNIL
 
Error: (12/25/2013 10:31:03 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.4.304.0timeout1.1.10201.0fixed1 _ 10245 _ not bootNILNILNIL
 
Error: (12/25/2013 10:31:01 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.4.304.0timeout1.1.10201.0fixed1 _ 10245 _ not bootNILNILNIL
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat 9 Pro (Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Air Video Server 2.4.3 (Version: 2.4.3)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Bonjour (Version: 2.0.2.0)
Bonjour Print Services (Version: 2.0.2.0)
CCleaner (Version: 3.12)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dell ResourceCD
Google Chrome (Version: 31.0.1650.63)
Google Talk Plugin (Version: 4.9.1.16010)
Google Update Helper (Version: 1.3.22.3)
Intel® PRO Network Adapters and Drivers
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 2.1.121.2)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Windows 2000/XP Display Drivers
PowerDVD
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
RealUpgrade 1.1 (Version: 1.1.0)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.11 (Version: 6.11.102)
SoundMAX
Symantec Endpoint Protection (Version: 11.0.6005.562)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
 
========================= Devices: ================================
 
Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 48%
Total physical RAM: 1022.98 MB
Available physical RAM: 525.34 MB
Total Pagefile: 2461.56 MB
Available Pagefile: 1829.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.02 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:111.76 GB) (Free:73.55 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\PPPPESTO
 
Administrator            Guest                    HelpAssistant            
ppppesto                    SUPPORT_388945a0         
 
 
**** End of log ****
 

 

checkup.txt from Security Check:


 

Results of screen317's Security Check version 0.99.77  

 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
Symantec Endpoint Protection    
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 45  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````
 Norton ccSvcHst.exe 
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

Autoruns.txt (it wouldn't let me post any attachments to my reply):

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "11/24/2011 6:33 PM"

+ "ccApp" "Symantec User Session" "Symantec Corporation" "c:\program files\common files\symantec shared\ccapp.exe" "1/25/2010 2:51 PM"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe" "10/23/2013 4:54 PM"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll" "4/24/2003 7:38 PM"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Oracle Corporation" "c:\program files\common files\java\java update\jusched.exe" "7/2/2013 11:16 AM"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files\real\realplayer\update\realsched.exe" "8/14/2013 7:12 PM"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" "" "8/17/2013 1:29 PM"
+ "McAfee Security Scan Plus.lnk" "McAfee Security Scanner Scheduler" "McAfee, Inc." "c:\program files\mcafee security scan\2.1.121\ssscheduler.exe" "3/8/2010 7:53 AM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "9/6/2010 2:06 PM"
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe" "4/13/2008 1:30 PM"
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" "12/3/2013 8:54 PM"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe" "4/13/2008 1:30 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "5/27/2012 8:48 PM"
+ "AirVideoServer" "" "" "c:\program files\airvideoserver\airvideoserver.exe" "2/25/2009 11:47 AM"
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe" "4/13/2008 1:34 PM"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "9/6/2010 2:06 PM"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll" "4/13/2007 5:22 PM"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" "" "9/6/2010 2:06 PM"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll" "3/24/2009 7:45 PM"
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll" "5/14/2013 8:25 AM"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll" "2/26/2013 5:25 AM"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" "" "9/6/2010 3:23 PM"
+ "0" "" "" "File not found: About:Home" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "9/6/2010 9:54 AM"
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll" "5/8/2013 6:08 AM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "10/23/2013 4:54 PM"
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\vpshell2.dll" "4/23/2010 2:37 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "9/16/2008 9:18 AM"
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "9/6/2010 7:00 PM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "10/23/2013 4:54 PM"
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\vpshell2.dll" "4/23/2010 2:37 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "9/6/2010 2:06 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 3:39 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "9/6/2010 7:00 PM"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll" "10/23/2013 4:54 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "9/16/2008 9:18 AM"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "9/6/2010 7:00 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "9/16/2008 9:18 AM"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "9/6/2010 2:06 PM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll" "5/8/2013 5:17 AM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "9/6/2010 2:06 PM"
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll" "5/8/2013 6:08 AM"
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\vpshell2.dll" "4/23/2010 2:37 AM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 3:39 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "9/16/2008 9:18 AM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "9/6/2010 2:06 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "9/16/2008 9:18 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "9/6/2010 7:42 PM"
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll" "5/8/2013 5:09 AM"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll" "5/8/2013 4:58 AM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll" "10/8/2013 9:43 AM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll" "10/8/2013 9:43 AM"
+ "RealNetworks Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealDownloader" "c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll" "8/14/2013 5:21 PM"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll" "5/14/2013 8:25 AM"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll" "5/8/2013 5:09 AM"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" "" "12/13/2013 1:49 PM"
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll" "5/8/2013 5:09 AM"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "12/13/2013 1:49 PM"
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll" "5/14/2013 8:25 AM"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe" "4/13/2008 1:34 PM"
"Task Scheduler" "" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.9 r900" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "12/1/2013 1:09 PM"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
+ "GoogleUpdateTaskUserS-1-5-21-1935655697-1336601894-1417001333-500Core.job" "Google Installer" "Google Inc." "c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
+ "GoogleUpdateTaskUserS-1-5-21-1935655697-1336601894-1417001333-500UA.job" "Google Installer" "Google Inc." "c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe" "10/23/2013 4:53 PM"
+ "MpIdleTask.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe" "10/23/2013 4:53 PM"
+ "RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1336601894-1417001333-500.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe" "8/14/2013 7:13 PM"
+ "RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-1336601894-1417001333-500.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe" "8/14/2013 7:13 PM"
+ "RealUpgradeLogonTaskS-1-5-21-1935655697-1336601894-1417001333-500.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe" "8/14/2013 7:13 PM"
+ "RealUpgradeScheduledTaskS-1-5-21-1935655697-1336601894-1417001333-500.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe" "8/14/2013 7:13 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "9/6/2010 9:55 AM"
+ "ACDaemon" "ArcSoft Connect Service" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acservice.exe" "3/17/2010 10:01 PM"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "12/1/2013 1:09 PM"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe" "9/6/2011 8:55 PM"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe" "5/18/2010 6:28 PM"
+ "ccEvtMgr" "Event propagation and logging service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsvchst.exe" "1/25/2010 2:49 PM"
+ "ccSetMgr" "Settings storage and management service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsvchst.exe" "1/25/2010 2:49 PM"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" "11/27/2007 2:30 PM"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe" "10/8/2013 9:29 AM"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files\symantec\liveupdate\lucomserver_3_3.exe" "2/17/2010 1:49 PM"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files\mcafee security scan\2.1.121\mcchsvc.exe" "3/8/2010 7:52 AM"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe" "10/23/2013 4:53 PM"
+ "NVSvc" "NVIDIA Driver Helper Service, Version 43.54" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe" "4/24/2003 7:46 PM"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe" "7/27/2003 11:52 AM"
+ "RealNetworks Downloader Resolver Service" "Manage different Downloader versions in RealNetworks' products." "" "c:\program files\realnetworks\realdownloader\rndlresolversvc.exe" "8/14/2013 5:19 PM"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe" "9/5/2013 4:31 AM"
+ "SmcService" "Provides communication with the Symantec Endpoint Protection Manager. It also provides network threat protection and application and device control for the client." "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\smc.exe" "4/16/2010 10:17 PM"
+ "Symantec AntiVirus" "Provides virus-scanning for Symantec Endpoint Protection." "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\rtvscan.exe" "4/23/2010 1:39 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "9/6/2010 9:55 AM"
+ "aeaudio" "Andrea Audio Stub Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys" "4/1/2002 9:39 AM"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys" ""
+ "E1000" "Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1000325.sys" "3/8/2003 6:51 PM"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys" "10/9/2013 3:46 PM"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys" "10/9/2013 3:46 PM"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys" ""
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys" ""
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20131224.018\naveng.sys" "8/22/2013 2:59 PM"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20131224.018\navex15.sys" "8/22/2013 2:57 PM"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 43.54 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys" "4/24/2003 7:31 PM"
+ "OMCI" "OMCI Device Driver" "Dell Computer Corporation" "c:\windows\system32\drivers\omci.sys" "8/22/2001 11:42 AM"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys" ""
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys" ""
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys" ""
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys" ""
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys" ""
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys" "8/17/2001 3:49 PM"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "9/13/2006 8:18 AM"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys" "5/6/2003 8:14 AM"
+ "SPBBCDrv" "SPBBC Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys" "12/14/2009 11:39 PM"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtsp.sys" "3/4/2010 10:15 PM"
+ "SRTSPL" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspl.sys" "3/4/2010 10:15 PM"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspx.sys" "3/4/2010 10:15 PM"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent.sys" "6/24/2009 3:14 PM"
+ "SYMREDRV" "Redirector Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symredrv.sys" "6/17/2009 4:11 PM"
+ "SYMTDI" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\symtdi.sys" "6/17/2009 4:11 PM"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys" "4/28/2011 1:25 PM"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "12/25/2013 12:41 PM"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax" "4/13/2008 7:09 PM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "1/29/2010 9:43 AM"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm" "4/13/2008 7:11 PM"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm" "8/18/2001 12:35 AM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll" "6/17/2010 9:03 AM"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll" "8/18/2001 12:33 AM"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll" "8/18/2001 12:33 AM"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "4/13/2008 7:10 PM"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "4/13/2008 7:10 PM"
"HKLM\Software\Classes\Filter" "" "" "" "12/25/2013 12:36 PM"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "4/13/2008 7:10 PM"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "4/13/2008 7:10 PM"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "4/13/2008 7:10 PM"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "4/13/2008 7:10 PM"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "9/6/2010 7:42 PM"
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax" "8/18/2001 12:35 AM"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "CyberLink Audio Decoder for Dell" "CyberLink Audio Filter for Dell" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\claud.ax" "12/3/2002 11:52 AM"
+ "CyberLink DVD Navigator for Dell" "CyberLink DVD Navigation Filter for Dell" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\clnav.ax" "12/3/2002 11:33 AM"
+ "CyberLink DxVA Filter" "" "" "c:\program files\cyberlink\powerdvd\cldxva.ax" "12/4/2002 7:59 AM"
+ "CyberLink Line21 Decoder Filter for Dell" "CyberLink Line21 Decoder Filter for Dell" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\clline21.ax" "12/3/2002 11:29 AM"
+ "CyberLink Video/SP Decoder for Dell" "CyberLink Video/SP Filter for Dell" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\clvsd.ax" "12/5/2002 4:14 AM"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax" "4/13/2008 7:09 PM"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "4/13/2008 7:10 PM"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "4/13/2008 7:10 PM"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax" "6/15/2010 11:17 AM"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll" "8/14/2013 7:14 PM"
+ "RealPlayer Mp3 Transform Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll" "8/14/2013 7:14 PM"
+ "RealPlayer MPEG4 Transform Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll" "8/14/2013 7:14 PM"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll" "8/14/2013 7:14 PM"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll" "8/14/2013 7:14 PM"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "Snapshot" "Arcsoft Snapshot Filter 1.0" "Arcsoft Corporation" "c:\program files\common files\arcsoft\mpeg engine\arcsnap.ax" "10/17/2005 11:57 PM"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax" "8/18/2001 12:35 AM"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll" "4/13/2008 7:11 PM"
"HKLM\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" "" "9/6/2010 7:43 PM"
+ "{584FDB1D-51C4-4A1D-B674-D548D915EE01}" "" "" "File not found: C:\Program Files\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll" ""
+ "{6DDC8FCE-C470-444A-9425-8EAC662A99F7}" "" "" "File not found: C:\Program Files\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll" ""
+ "{821C65A9-C22B-4387-9503-265472E25544}" "" "" "File not found: C:\Program Files\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll" ""
+ "{90F5AF52-6D6C-4C83-8A7D-1C12923A1022}" "" "" "File not found: C:\Program Files\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll" ""
+ "{C73B6814-9FF3-4D10-A5C0-678904F869E9}" "" "" "File not found: C:\Program Files\Common Files\Kodak\WIC_Support\MetadataWicMetadataHandler-PlatOpt.dll" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "11/26/2011 12:18 AM"
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "5/18/2010 6:30 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "12/25/2013 12:39 PM"
+ "Adobe PDF Port Monitor" "Adobe PDF Port  Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll" "8/19/2009 4:46 AM"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" "" "9/6/2010 7:23 PM"
+ "SnacNp" "Symantec SNAC Network Provider" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\snacnp.dll" "4/1/2010 10:46 PM"
 

 

 

Malwarebytes log:


 

 

 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.24.07
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PPPPESTO [administrator]
 
12/24/2013 8:50:38 PM
mbam-log-2013-12-24 (20-50-38).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 309149
Time elapsed: 2 hour(s), 45 minute(s), 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Wed 12/25/2013 at 13:35:41.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/25/2013 at 13:48:51.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 


Edited by ppppesto, 25 December 2013 - 01:49 PM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 25 December 2013 - 01:27 PM

You have two antivirus applications running on this machine .

 

Microsoft Security Essentials   
Symantec Endpoint Protection  
 
I would like you to decide which one you would like to keep and remove the other and then run its  removal tool and reboot.
 


#5 ppppesto

ppppesto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 25 December 2013 - 02:00 PM

Thanks for your reply. I've removed Symantec Endpoint Protection. I also edited my previous post and finished posting all my logs.



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 25 December 2013 - 02:16 PM

Where is the Adware Cleaner log?

 

It can be found by:

Hit start

My computer

C: drive.

 

Please download FarbarServiceScanner and run it on the computer with the issue.


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

___________________-

 

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe


Right Click it Run As Admin xp users double click . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results

 

___________________________________________-
 

 

Download, & save & then run the MS Safety scanner
Run a Full Scan
http://www.microsoft.com/security/scanner/en-us/default.aspx
Post. the result.

The safety scanner log should be called msert.txt
It should be located in the same folder as where you had msert.exe
If not there, then look for it under c:\windows

 

 

 

____________________________________________-

 

Run a scan with Eset. You will need to disable your antivirus during this scan.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.


Tell me how the machine is running now.



#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 25 December 2013 - 02:21 PM

After you do the above please remove the program below.

 

 

McAfee Security Scan Plus (Version: 2.1.121.2)

 

You have Ccleaner installed open it hit the tools button then the start up button and disable all items except Your antivirus.

 

Close Ccleaner.

 

Open Autoruns and un-tick the items below.

 

 

These are under the "Task Scheduler" Tab
 
 
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.9 r900" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "12/1/2013 1:09 PM"
 
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
 
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
 
+ "GoogleUpdateTaskUserS-1-5-21-1935655697-1336601894-1417001333-500Core.job" "Google Installer" "Google Inc.""c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
 
+ "GoogleUpdateTaskUserS-1-5-21-1935655697-1336601894-1417001333-500UA.job" "Google Installer" "Google Inc." "c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe" "3/9/2010 1:10 AM"
 
+ "RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1336601894-1417001333-500.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe" "8/14/2013 7:13 PM"
 
+ "RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-1336601894-1417001333-500.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe" "8/14/2013 7:13 PM"
 
+ "RealUpgradeLogonTaskS-1-5-21-1935655697-1336601894-1417001333-500.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe" "8/14/2013 7:13 PM"
 
+ "RealUpgradeScheduledTaskS-1-5-21-1935655697-1336601894-1417001333-500.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe" "8/14/2013 7:13 PM"
 
 
Now Close Autoruns.
 
  • Hit the Start button then.
  • Right Click My computer
  • Properties
  • Harwdare Tab
  • Device Manager.
  • Scroll down to the IDE ATA/ATAPI Controlers Left click the + to the left of the drivers.
  • Right Click and uninstall all of your Primary IDE drivers.
  • There most likely will be more than one of the Primary IDE Drivers!!
  • Make sure and un-install All of them prior to rebooting.
  • Make sure that you only remove the Primary IDE Drivers nothing else
  • Reboot the machine.
  • Another request will be made to reboot after the initial.
  • Reboot again.


#8 ppppesto

ppppesto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 27 December 2013 - 12:12 AM

Adware cleaner log:

 

# AdwCleaner v3.016 - Report created 25/12/2013 at 13:27:45

# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - PPPPESTO
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1544 octets] - [25/12/2013 13:12:44]
AdwCleaner[S0].txt - [1477 octets] - [25/12/2013 13:27:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1537 octets] ##########

 

FSS.txt:

 

Farbar Service Scanner Version: 05-12-2013

Ran by Administrator (administrator) on 25-12-2013 at 17:58:45
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****

 

 

tdss killer report:

 

18:00:37.0484 0x0c38  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50

18:00:41.0859 0x0c38  ============================================================
18:00:41.0859 0x0c38  Current date / time: 2013/12/25 18:00:41.0859
18:00:41.0859 0x0c38  SystemInfo:
18:00:41.0859 0x0c38  
18:00:41.0859 0x0c38  OS Version: 5.1.2600 ServicePack: 3.0
18:00:41.0859 0x0c38  Product type: Workstation
18:00:41.0859 0x0c38  ComputerName: PPPPESTO
18:00:41.0859 0x0c38  UserName: Administrator
18:00:41.0859 0x0c38  Windows directory: C:\WINDOWS
18:00:41.0859 0x0c38  System windows directory: C:\WINDOWS
18:00:41.0859 0x0c38  Processor architecture: Intel x86
18:00:41.0859 0x0c38  Number of processors: 1
18:00:41.0859 0x0c38  Page size: 0x1000
18:00:41.0859 0x0c38  Boot type: Normal boot
18:00:41.0859 0x0c38  ============================================================
18:00:47.0296 0x0c38  KLMD registered as C:\WINDOWS\system32\drivers\42262454.sys
18:00:48.0812 0x0c38  System UUID: {289D31C6-CAFF-D969-C3FD-44D0E2FB2342}
18:00:50.0671 0x0c38  Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:00:50.0703 0x0c38  ============================================================
18:00:50.0703 0x0c38  \Device\Harddisk0\DR0:
18:00:50.0703 0x0c38  MBR partitions:
18:00:50.0703 0x0c38  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF83C7E
18:00:50.0703 0x0c38  ============================================================
18:00:50.0750 0x0c38  C: <-> \Device\Harddisk0\DR0\Partition1
18:00:50.0750 0x0c38  ============================================================
18:00:50.0750 0x0c38  Initialize success
18:00:50.0750 0x0c38  ============================================================
18:02:27.0562 0x06b0  ============================================================
18:02:27.0562 0x06b0  Scan started
18:02:27.0562 0x06b0  Mode: Manual; TDLFS; 
18:02:27.0562 0x06b0  ============================================================
18:02:27.0562 0x06b0  KSN ping started
18:02:30.0062 0x06b0  KSN ping finished: true
18:02:30.0625 0x06b0  ================ Scan system memory ========================
18:02:30.0625 0x06b0  System memory - ok
18:02:30.0625 0x06b0  ================ Scan services =============================
18:02:30.0765 0x06b0  Abiosdsk - ok
18:02:30.0765 0x06b0  abp480n5 - ok
18:02:30.0906 0x06b0  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:02:30.0921 0x06b0  ACDaemon - ok
18:02:31.0109 0x06b0  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:02:31.0125 0x06b0  ACPI - ok
18:02:31.0171 0x06b0  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
18:02:31.0171 0x06b0  ACPIEC - ok
18:02:31.0265 0x06b0  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:02:31.0281 0x06b0  AdobeFlashPlayerUpdateSvc - ok
18:02:31.0296 0x06b0  adpu160m - ok
18:02:31.0343 0x06b0  [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
18:02:31.0343 0x06b0  aeaudio - ok
18:02:31.0375 0x06b0  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
18:02:31.0375 0x06b0  aec - ok
18:02:31.0421 0x06b0  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
18:02:31.0437 0x06b0  AFD - ok
18:02:31.0468 0x06b0  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
18:02:31.0468 0x06b0  agp440 - ok
18:02:31.0484 0x06b0  Aha154x - ok
18:02:31.0484 0x06b0  aic78u2 - ok
18:02:31.0500 0x06b0  aic78xx - ok
18:02:31.0546 0x06b0  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
18:02:31.0546 0x06b0  Alerter - ok
18:02:31.0578 0x06b0  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
18:02:31.0578 0x06b0  ALG - ok
18:02:31.0578 0x06b0  AliIde - ok
18:02:31.0593 0x06b0  amsint - ok
18:02:31.0656 0x06b0  [ 3DEBBECF665DCDDE3A95D9B902010817, F56F4A7A36FAF5FC2306E108A24E75E13EE1F2D1002D9CB71E3327A55F8694CE ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:02:31.0656 0x06b0  Apple Mobile Device - ok
18:02:31.0703 0x06b0  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
18:02:31.0718 0x06b0  AppMgmt - ok
18:02:31.0734 0x06b0  asc - ok
18:02:31.0734 0x06b0  asc3350p - ok
18:02:31.0750 0x06b0  asc3550 - ok
18:02:31.0843 0x06b0  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:02:31.0890 0x06b0  aspnet_state - ok
18:02:31.0906 0x06b0  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:02:31.0906 0x06b0  AsyncMac - ok
18:02:31.0937 0x06b0  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
18:02:31.0953 0x06b0  atapi - ok
18:02:31.0953 0x06b0  Atdisk - ok
18:02:31.0968 0x06b0  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:02:31.0968 0x06b0  Atmarpc - ok
18:02:32.0046 0x06b0  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
18:02:32.0046 0x06b0  AudioSrv - ok
18:02:32.0093 0x06b0  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
18:02:32.0093 0x06b0  audstub - ok
18:02:32.0140 0x06b0  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:02:32.0140 0x06b0  Beep - ok
18:02:32.0171 0x06b0  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
18:02:32.0187 0x06b0  BITS - ok
18:02:32.0281 0x06b0  [ 5AB58C337AC65837FE404462AD6265AB, F7E145F5D8DB1017D5B7B9D5380100F170FE5CC2050B5F7346A521B7B72D2166 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:02:32.0312 0x06b0  Bonjour Service - ok
18:02:32.0359 0x06b0  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
18:02:32.0359 0x06b0  Browser - ok
18:02:32.0406 0x06b0  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
18:02:32.0406 0x06b0  cbidf2k - ok
18:02:32.0437 0x06b0  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:02:32.0437 0x06b0  CCDECODE - ok
18:02:32.0453 0x06b0  cd20xrnt - ok
18:02:32.0484 0x06b0  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
18:02:32.0484 0x06b0  Cdaudio - ok
18:02:32.0515 0x06b0  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
18:02:32.0515 0x06b0  Cdfs - ok
18:02:32.0578 0x06b0  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:02:32.0578 0x06b0  Cdrom - ok
18:02:32.0593 0x06b0  Changer - ok
18:02:32.0625 0x06b0  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
18:02:32.0625 0x06b0  CiSvc - ok
18:02:32.0671 0x06b0  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
18:02:32.0671 0x06b0  ClipSrv - ok
18:02:32.0718 0x06b0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:02:32.0812 0x06b0  clr_optimization_v2.0.50727_32 - ok
18:02:32.0828 0x06b0  CmdIde - ok
18:02:32.0843 0x06b0  COMSysApp - ok
18:02:32.0859 0x06b0  Cpqarray - ok
18:02:32.0890 0x06b0  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
18:02:32.0890 0x06b0  CryptSvc - ok
18:02:32.0906 0x06b0  dac2w2k - ok
18:02:32.0921 0x06b0  dac960nt - ok
18:02:32.0984 0x06b0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:02:33.0000 0x06b0  DcomLaunch - ok
18:02:33.0046 0x06b0  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
18:02:33.0046 0x06b0  Dhcp - ok
18:02:33.0125 0x06b0  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
18:02:33.0125 0x06b0  Disk - ok
18:02:33.0125 0x06b0  dmadmin - ok
18:02:33.0203 0x06b0  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
18:02:33.0250 0x06b0  dmboot - ok
18:02:33.0265 0x06b0  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
18:02:33.0265 0x06b0  dmio - ok
18:02:33.0296 0x06b0  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
18:02:33.0296 0x06b0  dmload - ok
18:02:33.0328 0x06b0  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
18:02:33.0328 0x06b0  dmserver - ok
18:02:33.0343 0x06b0  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
18:02:33.0343 0x06b0  DMusic - ok
18:02:33.0390 0x06b0  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:02:33.0390 0x06b0  Dnscache - ok
18:02:33.0453 0x06b0  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:02:33.0453 0x06b0  Dot3svc - ok
18:02:33.0468 0x06b0  dpti2o - ok
18:02:33.0484 0x06b0  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:02:33.0484 0x06b0  drmkaud - ok
18:02:33.0531 0x06b0  [ A97B4360ACC61D9D3CAE50CD155EF02C, E039B539E730B8B5BB73E556330DEE27C645F0BB1636F12FFACD12D38DCAAF4B ] E1000           C:\WINDOWS\system32\DRIVERS\e1000325.sys
18:02:33.0546 0x06b0  E1000 - ok
18:02:33.0562 0x06b0  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
18:02:33.0578 0x06b0  EapHost - ok
18:02:33.0593 0x06b0  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
18:02:33.0593 0x06b0  ERSvc - ok
18:02:33.0656 0x06b0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
18:02:33.0656 0x06b0  Eventlog - ok
18:02:33.0781 0x06b0  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
18:02:33.0796 0x06b0  EventSystem - ok
18:02:33.0812 0x06b0  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
18:02:33.0828 0x06b0  Fastfat - ok
18:02:33.0875 0x06b0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:02:33.0875 0x06b0  FastUserSwitchingCompatibility - ok
18:02:33.0890 0x06b0  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
18:02:33.0906 0x06b0  Fdc - ok
18:02:33.0937 0x06b0  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
18:02:33.0937 0x06b0  Fips - ok
18:02:34.0000 0x06b0  [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:02:34.0046 0x06b0  FLEXnet Licensing Service - ok
18:02:34.0078 0x06b0  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:02:34.0078 0x06b0  Flpydisk - ok
18:02:34.0156 0x06b0  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:02:34.0156 0x06b0  FltMgr - ok
18:02:34.0250 0x06b0  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:02:34.0250 0x06b0  FontCache3.0.0.0 - ok
18:02:34.0281 0x06b0  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:02:34.0281 0x06b0  Fs_Rec - ok
18:02:34.0328 0x06b0  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:02:34.0328 0x06b0  Ftdisk - ok
18:02:34.0359 0x06b0  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:02:34.0359 0x06b0  Gpc - ok
18:02:34.0453 0x06b0  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:02:34.0453 0x06b0  gupdate - ok
18:02:34.0468 0x06b0  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:02:34.0468 0x06b0  gupdatem - ok
18:02:34.0546 0x06b0  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:02:34.0546 0x06b0  helpsvc - ok
18:02:34.0562 0x06b0  HidServ - ok
18:02:34.0578 0x06b0  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:02:34.0593 0x06b0  hidusb - ok
18:02:34.0640 0x06b0  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
18:02:34.0640 0x06b0  hkmsvc - ok
18:02:34.0656 0x06b0  hpn - ok
18:02:34.0703 0x06b0  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
18:02:34.0718 0x06b0  HTTP - ok
18:02:34.0765 0x06b0  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
18:02:34.0765 0x06b0  HTTPFilter - ok
18:02:34.0781 0x06b0  i2omgmt - ok
18:02:34.0796 0x06b0  i2omp - ok
18:02:34.0906 0x06b0  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:02:34.0953 0x06b0  idsvc - ok
18:02:34.0984 0x06b0  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
18:02:34.0984 0x06b0  Imapi - ok
18:02:35.0031 0x06b0  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
18:02:35.0046 0x06b0  ImapiService - ok
18:02:35.0062 0x06b0  ini910u - ok
18:02:35.0093 0x06b0  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
18:02:35.0093 0x06b0  IntelIde - ok
18:02:35.0140 0x06b0  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:02:35.0140 0x06b0  intelppm - ok
18:02:35.0171 0x06b0  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
18:02:35.0187 0x06b0  Ip6Fw - ok
18:02:35.0218 0x06b0  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:02:35.0234 0x06b0  IpFilterDriver - ok
18:02:35.0250 0x06b0  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:02:35.0250 0x06b0  IpInIp - ok
18:02:35.0281 0x06b0  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:02:35.0296 0x06b0  IpNat - ok
18:02:35.0312 0x06b0  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:02:35.0312 0x06b0  IPSec - ok
18:02:35.0343 0x06b0  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
18:02:35.0343 0x06b0  IRENUM - ok
18:02:35.0359 0x06b0  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:02:35.0359 0x06b0  isapnp - ok
18:02:35.0453 0x06b0  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:02:35.0468 0x06b0  JavaQuickStarterService - ok
18:02:35.0484 0x06b0  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:02:35.0484 0x06b0  Kbdclass - ok
18:02:35.0515 0x06b0  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:02:35.0515 0x06b0  kbdhid - ok
18:02:35.0546 0x06b0  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
18:02:35.0546 0x06b0  kmixer - ok
18:02:35.0578 0x06b0  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
18:02:35.0578 0x06b0  KSecDD - ok
18:02:35.0625 0x06b0  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
18:02:35.0625 0x06b0  lanmanserver - ok
18:02:35.0671 0x06b0  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:02:35.0671 0x06b0  lanmanworkstation - ok
18:02:35.0687 0x06b0  lbrtfdc - ok
18:02:35.0718 0x06b0  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
18:02:35.0718 0x06b0  LmHosts - ok
18:02:35.0796 0x06b0  [ FD3AD5E1ECDAA94A89D6697F5C5465D6, 63DA8E601B90DA558F0B089E89DD559C3C930430270D85CACAC0C0C8D08E5BB2 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
18:02:35.0828 0x06b0  McComponentHostService - ok
18:02:35.0859 0x06b0  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
18:02:35.0859 0x06b0  Messenger - ok
18:02:35.0906 0x06b0  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
18:02:35.0906 0x06b0  mnmdd - ok
18:02:35.0953 0x06b0  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
18:02:35.0953 0x06b0  mnmsrvc - ok
18:02:35.0984 0x06b0  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
18:02:35.0984 0x06b0  Modem - ok
18:02:36.0015 0x06b0  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:02:36.0015 0x06b0  Mouclass - ok
18:02:36.0031 0x06b0  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:02:36.0031 0x06b0  mouhid - ok
18:02:36.0062 0x06b0  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
18:02:36.0078 0x06b0  MountMgr - ok
18:02:36.0125 0x06b0  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:02:36.0140 0x06b0  MpFilter - ok
18:02:36.0140 0x06b0  mraid35x - ok
18:02:36.0171 0x06b0  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:02:36.0171 0x06b0  MRxDAV - ok
18:02:36.0265 0x06b0  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:02:36.0281 0x06b0  MRxSmb - ok
18:02:36.0312 0x06b0  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
18:02:36.0312 0x06b0  MSDTC - ok
18:02:36.0343 0x06b0  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:02:36.0359 0x06b0  Msfs - ok
18:02:36.0359 0x06b0  MSIServer - ok
18:02:36.0375 0x06b0  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:02:36.0390 0x06b0  MSKSSRV - ok
18:02:36.0421 0x06b0  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:02:36.0437 0x06b0  MsMpSvc - ok
18:02:36.0453 0x06b0  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:02:36.0453 0x06b0  MSPCLOCK - ok
18:02:36.0468 0x06b0  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:02:36.0484 0x06b0  MSPQM - ok
18:02:36.0500 0x06b0  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:02:36.0500 0x06b0  mssmbios - ok
18:02:36.0531 0x06b0  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:02:36.0531 0x06b0  MSTEE - ok
18:02:36.0578 0x06b0  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
18:02:36.0578 0x06b0  Mup - ok
18:02:36.0609 0x06b0  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:02:36.0609 0x06b0  NABTSFEC - ok
18:02:36.0671 0x06b0  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
18:02:36.0687 0x06b0  napagent - ok
18:02:36.0734 0x06b0  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
18:02:36.0734 0x06b0  NDIS - ok
18:02:36.0765 0x06b0  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:02:36.0765 0x06b0  NdisIP - ok
18:02:36.0812 0x06b0  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:02:36.0812 0x06b0  NdisTapi - ok
18:02:36.0843 0x06b0  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:02:36.0843 0x06b0  Ndisuio - ok
18:02:36.0859 0x06b0  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:02:36.0859 0x06b0  NdisWan - ok
18:02:36.0906 0x06b0  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:02:36.0906 0x06b0  NDProxy - ok
18:02:36.0921 0x06b0  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:02:36.0921 0x06b0  NetBIOS - ok
18:02:36.0953 0x06b0  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:02:36.0953 0x06b0  NetBT - ok
18:02:37.0000 0x06b0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
18:02:37.0015 0x06b0  NetDDE - ok
18:02:37.0015 0x06b0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
18:02:37.0031 0x06b0  NetDDEdsdm - ok
18:02:37.0062 0x06b0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:02:37.0062 0x06b0  Netlogon - ok
18:02:37.0125 0x06b0  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
18:02:37.0125 0x06b0  Netman - ok
18:02:37.0156 0x06b0  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:02:37.0171 0x06b0  NetTcpPortSharing - ok
18:02:37.0203 0x06b0  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
18:02:37.0203 0x06b0  Nla - ok
18:02:37.0218 0x06b0  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:02:37.0218 0x06b0  Npfs - ok
18:02:37.0296 0x06b0  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:02:37.0328 0x06b0  Ntfs - ok
18:02:37.0343 0x06b0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
18:02:37.0343 0x06b0  NtLmSsp - ok
18:02:37.0390 0x06b0  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
18:02:37.0437 0x06b0  NtmsSvc - ok
18:02:37.0468 0x06b0  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:02:37.0468 0x06b0  Null - ok
18:02:37.0578 0x06b0  [ B93EE8E8AD859DD1890CD5177C49017D, 4820ADC961AA34B754CDFA1E62DDD08FF785A5982FF3B8E80A98917B054E7760 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:02:37.0687 0x06b0  nv - ok
18:02:37.0750 0x06b0  [ 7B9F149AC69B67D235829DB601F1C526, D54DEC560256EEC1DDA738FBE4369DDC7D9CE2628A05D66AA41F3AE134AD941A ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
18:02:37.0765 0x06b0  NVSvc - ok
18:02:37.0796 0x06b0  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:02:37.0796 0x06b0  NwlnkFlt - ok
18:02:37.0812 0x06b0  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:02:37.0828 0x06b0  NwlnkFwd - ok
18:02:37.0859 0x06b0  [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI            C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
18:02:37.0953 0x06b0  OMCI - ok
18:02:38.0015 0x06b0  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:02:38.0031 0x06b0  ose - ok
18:02:38.0062 0x06b0  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
18:02:38.0062 0x06b0  Parport - ok
18:02:38.0109 0x06b0  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
18:02:38.0109 0x06b0  PartMgr - ok
18:02:38.0156 0x06b0  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
18:02:38.0156 0x06b0  ParVdm - ok
18:02:38.0203 0x06b0  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
18:02:38.0218 0x06b0  PCI - ok
18:02:38.0218 0x06b0  PCIDump - ok
18:02:38.0296 0x06b0  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
18:02:38.0296 0x06b0  PCIIde - ok
18:02:38.0328 0x06b0  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
18:02:38.0343 0x06b0  Pcmcia - ok
18:02:38.0359 0x06b0  PDCOMP - ok
18:02:38.0390 0x06b0  PDFRAME - ok
18:02:38.0390 0x06b0  PDRELI - ok
18:02:38.0390 0x06b0  PDRFRAME - ok
18:02:38.0406 0x06b0  perc2 - ok
18:02:38.0421 0x06b0  perc2hib - ok
18:02:38.0468 0x06b0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
18:02:38.0468 0x06b0  PlugPlay - ok
18:02:38.0484 0x06b0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
18:02:38.0484 0x06b0  PolicyAgent - ok
18:02:38.0500 0x06b0  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:02:38.0515 0x06b0  PptpMiniport - ok
18:02:38.0515 0x06b0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:02:38.0515 0x06b0  ProtectedStorage - ok
18:02:38.0531 0x06b0  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
18:02:38.0546 0x06b0  PSched - ok
18:02:38.0578 0x06b0  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:02:38.0578 0x06b0  Ptilink - ok
18:02:38.0593 0x06b0  ql1080 - ok
18:02:38.0593 0x06b0  Ql10wnt - ok
18:02:38.0609 0x06b0  ql12160 - ok
18:02:38.0609 0x06b0  ql1240 - ok
18:02:38.0625 0x06b0  ql1280 - ok
18:02:38.0640 0x06b0  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:02:38.0640 0x06b0  RasAcd - ok
18:02:38.0687 0x06b0  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:02:38.0687 0x06b0  RasAuto - ok
18:02:38.0718 0x06b0  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:02:38.0718 0x06b0  Rasl2tp - ok
18:02:38.0781 0x06b0  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:02:38.0796 0x06b0  RasMan - ok
18:02:38.0812 0x06b0  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:02:38.0812 0x06b0  RasPppoe - ok
18:02:38.0828 0x06b0  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
18:02:38.0828 0x06b0  Raspti - ok
18:02:38.0859 0x06b0  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:02:38.0875 0x06b0  Rdbss - ok
18:02:38.0906 0x06b0  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:02:38.0906 0x06b0  RDPCDD - ok
18:02:38.0937 0x06b0  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:02:38.0953 0x06b0  rdpdr - ok
18:02:39.0015 0x06b0  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
18:02:39.0031 0x06b0  RDPWD - ok
18:02:39.0093 0x06b0  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
18:02:39.0140 0x06b0  RDSessMgr - ok
18:02:39.0218 0x06b0  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
18:02:39.0218 0x06b0  RealNetworks Downloader Resolver Service - ok
18:02:39.0234 0x06b0  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
18:02:39.0234 0x06b0  redbook - ok
18:02:39.0281 0x06b0  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:02:39.0281 0x06b0  RemoteAccess - ok
18:02:39.0312 0x06b0  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:02:39.0312 0x06b0  RemoteRegistry - ok
18:02:39.0359 0x06b0  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:02:39.0359 0x06b0  RpcLocator - ok
18:02:39.0421 0x06b0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
18:02:39.0437 0x06b0  RpcSs - ok
18:02:39.0484 0x06b0  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
18:02:39.0515 0x06b0  RSVP - ok
18:02:39.0531 0x06b0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
18:02:39.0531 0x06b0  SamSs - ok
18:02:39.0562 0x06b0  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
18:02:39.0562 0x06b0  SCardSvr - ok
18:02:39.0625 0x06b0  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:02:39.0640 0x06b0  Schedule - ok
18:02:39.0687 0x06b0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:02:39.0687 0x06b0  Secdrv - ok
18:02:39.0718 0x06b0  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
18:02:39.0734 0x06b0  seclogon - ok
18:02:39.0750 0x06b0  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
18:02:39.0765 0x06b0  SENS - ok
18:02:39.0765 0x06b0  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
18:02:39.0765 0x06b0  serenum - ok
18:02:39.0828 0x06b0  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
18:02:39.0828 0x06b0  Serial - ok
18:02:39.0859 0x06b0  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
18:02:39.0859 0x06b0  Sfloppy - ok
18:02:39.0921 0x06b0  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:02:39.0937 0x06b0  SharedAccess - ok
18:02:39.0953 0x06b0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:02:39.0953 0x06b0  ShellHWDetection - ok
18:02:39.0968 0x06b0  Simbad - ok
18:02:40.0031 0x06b0  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:02:40.0031 0x06b0  SkypeUpdate - ok
18:02:40.0062 0x06b0  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:02:40.0062 0x06b0  SLIP - ok
18:02:40.0296 0x06b0  [ 0DC94380BE7D36AE241029C72807692E, 93A8281660D274AD4455714DBAA87B2528A8E4B54F5C9F24FDFCA53EE82F0202 ] SmcService      C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
18:02:40.0500 0x06b0  SmcService - ok
18:02:40.0640 0x06b0  [ 5018A9DB5EB62E3EDB3110F82F556285, 5C90FF4609F6FC77C91FD820DF73C43A7FD72533B8522C78067E7F1EBB09FA65 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
18:02:40.0703 0x06b0  smwdm - ok
18:02:40.0750 0x06b0  [ 65E1EBF379856B677979802C8D5BCD87, 84642C52B578248CE2EAF6C572CA081F11EA6B9A3630642A938639E50376AF77 ] SNAC            C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
18:02:40.0765 0x06b0  SNAC - ok
18:02:40.0781 0x06b0  Sparrow - ok
18:02:40.0875 0x06b0  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
18:02:40.0890 0x06b0  splitter - ok
18:02:40.0937 0x06b0  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
18:02:40.0937 0x06b0  Spooler - ok
18:02:40.0968 0x06b0  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
18:02:40.0968 0x06b0  sr - ok
18:02:41.0031 0x06b0  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
18:02:41.0046 0x06b0  srservice - ok
18:02:41.0312 0x06b0  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:02:41.0484 0x06b0  Srv - ok
18:02:41.0609 0x06b0  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:02:41.0609 0x06b0  SSDPSRV - ok
18:02:41.0843 0x06b0  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
18:02:41.0890 0x06b0  stisvc - ok
18:02:42.0000 0x06b0  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:02:42.0218 0x06b0  streamip - ok
18:02:42.0296 0x06b0  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
18:02:42.0390 0x06b0  swenum - ok
18:02:42.0453 0x06b0  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
18:02:42.0453 0x06b0  swmidi - ok
18:02:42.0468 0x06b0  SwPrv - ok
18:02:42.0484 0x06b0  symc810 - ok
18:02:42.0500 0x06b0  symc8xx - ok
18:02:42.0515 0x06b0  sym_hi - ok
18:02:42.0531 0x06b0  sym_u3 - ok
18:02:42.0671 0x06b0  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
18:02:42.0828 0x06b0  sysaudio - ok
18:02:42.0953 0x06b0  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
18:02:42.0968 0x06b0  SysmonLog - ok
18:02:43.0031 0x06b0  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:02:43.0062 0x06b0  TapiSrv - ok
18:02:43.0281 0x06b0  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:02:43.0328 0x06b0  Tcpip - ok
18:02:43.0421 0x06b0  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
18:02:43.0468 0x06b0  TDPIPE - ok
18:02:43.0500 0x06b0  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
18:02:43.0531 0x06b0  TDTCP - ok
18:02:43.0562 0x06b0  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
18:02:43.0578 0x06b0  TermDD - ok
18:02:43.0687 0x06b0  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
18:02:43.0734 0x06b0  TermService - ok
18:02:43.0765 0x06b0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
18:02:43.0781 0x06b0  Themes - ok
18:02:43.0828 0x06b0  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
18:02:43.0828 0x06b0  TlntSvr - ok
18:02:43.0843 0x06b0  TosIde - ok
18:02:43.0890 0x06b0  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
18:02:43.0890 0x06b0  TrkWks - ok
18:02:43.0937 0x06b0  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
18:02:43.0937 0x06b0  Udfs - ok
18:02:43.0953 0x06b0  ultra - ok
18:02:44.0015 0x06b0  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
18:02:44.0062 0x06b0  Update - ok
18:02:44.0093 0x06b0  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:02:44.0109 0x06b0  upnphost - ok
18:02:44.0140 0x06b0  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
18:02:44.0140 0x06b0  UPS - ok
18:02:44.0187 0x06b0  [ 83CAFCB53201BBAC04D822F32438E244, E3F6FDE4D429FB630B19417DD9752A2CE9F6C9FD58918D714B5438A3D4136853 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
18:02:44.0203 0x06b0  USBAAPL - ok
18:02:44.0234 0x06b0  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
18:02:44.0265 0x06b0  usbaudio - ok
18:02:44.0281 0x06b0  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:02:44.0281 0x06b0  usbccgp - ok
18:02:44.0328 0x06b0  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:02:44.0328 0x06b0  usbehci - ok
18:02:44.0359 0x06b0  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:02:44.0375 0x06b0  usbhub - ok
18:02:44.0406 0x06b0  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:02:44.0406 0x06b0  usbscan - ok
18:02:44.0437 0x06b0  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:02:44.0453 0x06b0  USBSTOR - ok
18:02:44.0484 0x06b0  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:02:44.0484 0x06b0  usbuhci - ok
18:02:44.0531 0x06b0  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
18:02:44.0531 0x06b0  usbvideo - ok
18:02:44.0562 0x06b0  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
18:02:44.0562 0x06b0  VgaSave - ok
18:02:44.0578 0x06b0  ViaIde - ok
18:02:44.0593 0x06b0  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
18:02:44.0609 0x06b0  VolSnap - ok
18:02:44.0656 0x06b0  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
18:02:44.0671 0x06b0  VSS - ok
18:02:44.0718 0x06b0  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
18:02:44.0718 0x06b0  W32Time - ok
18:02:44.0734 0x06b0  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:02:44.0750 0x06b0  Wanarp - ok
18:02:44.0750 0x06b0  WDICA - ok
18:02:44.0781 0x06b0  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
18:02:44.0781 0x06b0  wdmaud - ok
18:02:44.0812 0x06b0  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:02:44.0828 0x06b0  WebClient - ok
18:02:44.0906 0x06b0  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:02:44.0906 0x06b0  winmgmt - ok
18:02:44.0968 0x06b0  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
18:02:44.0968 0x06b0  WmdmPmSN - ok
18:02:45.0031 0x06b0  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
18:02:45.0078 0x06b0  Wmi - ok
18:02:45.0109 0x06b0  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:02:45.0125 0x06b0  WmiApSrv - ok
18:02:45.0171 0x06b0  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
18:02:45.0171 0x06b0  wscsvc - ok
18:02:45.0203 0x06b0  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:02:45.0203 0x06b0  WSTCODEC - ok
18:02:45.0250 0x06b0  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
18:02:45.0250 0x06b0  wuauserv - ok
18:02:45.0312 0x06b0  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
18:02:45.0328 0x06b0  WZCSVC - ok
18:02:45.0359 0x06b0  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
18:02:45.0359 0x06b0  xmlprov - ok
18:02:45.0375 0x06b0  ================ Scan global ===============================
18:02:45.0515 0x06b0  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
18:02:45.0593 0x06b0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
18:02:45.0640 0x06b0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
18:02:45.0656 0x06b0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
18:02:45.0656 0x06b0  [ Global ] - ok
18:02:45.0671 0x06b0  ================ Scan MBR ==================================
18:02:45.0687 0x06b0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:02:46.0062 0x06b0  \Device\Harddisk0\DR0 - ok
18:02:46.0062 0x06b0  ================ Scan VBR ==================================
18:02:46.0078 0x06b0  [ BA320F8DC3D0CDC93EB361D3E1F16BA0 ] \Device\Harddisk0\DR0\Partition1
18:02:46.0078 0x06b0  \Device\Harddisk0\DR0\Partition1 - ok
18:02:46.0078 0x06b0  Waiting for KSN requests completion. In queue: 170
18:02:47.0109 0x06b0  Waiting for KSN requests completion. In queue: 170
18:02:48.0109 0x06b0  Waiting for KSN requests completion. In queue: 170
18:02:49.0750 0x06b0  AV detected via SS1: Microsoft Security Essentials, 4.4.0304.0, enabled, updated
18:02:49.0953 0x06b0  Win FW state via NFM: enabled
18:02:52.0781 0x06b0  ============================================================
18:02:52.0781 0x06b0  Scan finished
18:02:52.0781 0x06b0  ============================================================
18:02:52.0796 0x0ab4  Detected object count: 0
18:02:52.0796 0x0ab4  Actual detected object count: 0
 

 

I searched through my entire computer but could not find msert.txt. But it did not detect any threats.

I wasn't able to copy the Eset log before closing it, but it also did not detect any threats.

 

The machine is running much faster now!



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 28 December 2013 - 12:02 PM

Now that we are done we need to clean up the disinfection tools we used along the way.
Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)

Put a check mark next the items below:

 

 

  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button.
Allow the program to complete its work.
All the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt



#10 ppppesto

ppppesto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 04 January 2014 - 01:43 PM

Sorry for the late reply. Here is DelFix.txt:

 

 

# DelFix v10.6 - Logfile created 04/01/2014 at 13:41:51
# Updated 11/11/2013 by Xplode
# Username : Administrator - ppppesto
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.2.8.16.0_25.12.2013_18.00.04_log.txt
Deleted : C:\TDSSKiller.3.0.0.19_25.12.2013_18.00.37_log.txt
Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\FSS.txt
Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\MiniToolBox.exe
Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\Result.txt
Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\SecurityCheck.exe
Deleted : C:\Documents and Settings\Administrator\My Documents\Downloads\tdsskiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #812 [Software Distribution Service 3.0 | 10/01/2013 17:20:45]
Deleted : RP #813 [Software Distribution Service 3.0 | 10/04/2013 13:36:43]
Deleted : RP #814 [Software Distribution Service 3.0 | 10/05/2013 14:36:13]
Deleted : RP #815 [Software Distribution Service 3.0 | 10/06/2013 05:38:57]
Deleted : RP #816 [System Checkpoint | 10/07/2013 06:01:36]
Deleted : RP #817 [Software Distribution Service 3.0 | 10/07/2013 14:08:49]
Deleted : RP #818 [System Checkpoint | 10/08/2013 14:13:32]
Deleted : RP #819 [Software Distribution Service 3.0 | 10/08/2013 20:19:19]
Deleted : RP #820 [Software Distribution Service 3.0 | 10/10/2013 17:39:58]
Deleted : RP #821 [Software Distribution Service 3.0 | 10/11/2013 13:21:17]
Deleted : RP #822 [Software Distribution Service 3.0 | 10/12/2013 13:20:06]
Deleted : RP #823 [Software Distribution Service 3.0 | 10/12/2013 13:56:11]
Deleted : RP #824 [Software Distribution Service 3.0 | 10/13/2013 14:46:43]
Deleted : RP #825 [Software Distribution Service 3.0 | 10/13/2013 17:23:42]
Deleted : RP #826 [Software Distribution Service 3.0 | 10/14/2013 20:12:31]
Deleted : RP #827 [Software Distribution Service 3.0 | 10/15/2013 23:47:38]
Deleted : RP #828 [Software Distribution Service 3.0 | 10/16/2013 13:35:26]
Deleted : RP #829 [Software Distribution Service 3.0 | 10/16/2013 15:05:00]
Deleted : RP #830 [Software Distribution Service 3.0 | 10/18/2013 14:25:14]
Deleted : RP #831 [Software Distribution Service 3.0 | 10/19/2013 18:40:45]
Deleted : RP #832 [System Checkpoint | 10/20/2013 18:59:04]
Deleted : RP #833 [Software Distribution Service 3.0 | 10/21/2013 13:56:01]
Deleted : RP #834 [Software Distribution Service 3.0 | 10/23/2013 13:45:21]
Deleted : RP #835 [Installed Java 7 Update 45 | 10/23/2013 14:02:59]
Deleted : RP #836 [Software Distribution Service 3.0 | 10/25/2013 21:05:47]
Deleted : RP #837 [Software Distribution Service 3.0 | 10/27/2013 15:29:17]
Deleted : RP #838 [System Checkpoint | 10/28/2013 15:43:55]
Deleted : RP #839 [Software Distribution Service 3.0 | 10/29/2013 14:49:43]
Deleted : RP #840 [Software Distribution Service 3.0 | 10/30/2013 17:18:39]
Deleted : RP #841 [Software Distribution Service 3.0 | 11/01/2013 14:21:14]
Deleted : RP #842 [Software Distribution Service 3.0 | 11/02/2013 15:27:19]
Deleted : RP #843 [Software Distribution Service 3.0 | 11/03/2013 21:06:39]
Deleted : RP #844 [Software Distribution Service 3.0 | 11/04/2013 01:18:00]
Deleted : RP #845 [Software Distribution Service 3.0 | 11/04/2013 14:44:59]
Deleted : RP #846 [Software Distribution Service 3.0 | 11/05/2013 15:28:04]
Deleted : RP #847 [System Checkpoint | 11/06/2013 16:22:20]
Deleted : RP #848 [Software Distribution Service 3.0 | 11/06/2013 20:33:19]
Deleted : RP #849 [Software Distribution Service 3.0 | 11/09/2013 15:30:15]
Deleted : RP #850 [Software Distribution Service 3.0 | 11/10/2013 16:32:18]
Deleted : RP #851 [Software Distribution Service 3.0 | 11/12/2013 01:13:14]
Deleted : RP #852 [Software Distribution Service 3.0 | 11/13/2013 20:51:53]
Deleted : RP #853 [Software Distribution Service 3.0 | 11/14/2013 21:35:13]
Deleted : RP #854 [Software Distribution Service 3.0 | 11/15/2013 14:44:24]
Deleted : RP #855 [Software Distribution Service 3.0 | 11/16/2013 15:41:45]
Deleted : RP #856 [Software Distribution Service 3.0 | 11/18/2013 14:06:46]
Deleted : RP #857 [Software Distribution Service 3.0 | 11/19/2013 15:10:57]
Deleted : RP #858 [Software Distribution Service 3.0 | 11/19/2013 17:05:06]
Deleted : RP #859 [Software Distribution Service 3.0 | 11/21/2013 15:23:39]
Deleted : RP #860 [Software Distribution Service 3.0 | 12/02/2013 14:45:01]
Deleted : RP #861 [Software Distribution Service 3.0 | 12/04/2013 14:48:12]
Deleted : RP #862 [Software Distribution Service 3.0 | 12/05/2013 16:19:46]
Deleted : RP #863 [Software Distribution Service 3.0 | 12/06/2013 18:30:45]
Deleted : RP #864 [Software Distribution Service 3.0 | 12/07/2013 21:42:37]
Deleted : RP #865 [Software Distribution Service 3.0 | 12/09/2013 14:52:29]
Deleted : RP #866 [Software Distribution Service 3.0 | 12/13/2013 17:37:15]
Deleted : RP #867 [Software Distribution Service 3.0 | 12/13/2013 18:20:30]
Deleted : RP #868 [Software Distribution Service 3.0 | 12/14/2013 23:40:55]
Deleted : RP #869 [Software Distribution Service 3.0 | 12/16/2013 17:33:46]
Deleted : RP #870 [Software Distribution Service 3.0 | 12/18/2013 01:23:01]
Deleted : RP #871 [Software Distribution Service 3.0 | 12/21/2013 16:04:02]
Deleted : RP #872 [Software Distribution Service 3.0 | 12/22/2013 17:46:59]
Deleted : RP #873 [Software Distribution Service 3.0 | 12/25/2013 01:33:15]
Deleted : RP #874 [Removed iTunes | 12/25/2013 17:18:35]
Deleted : RP #875 [Removed Symantec Endpoint Protection. | 12/25/2013 18:37:57]
Deleted : RP #876 [System Checkpoint | 12/26/2013 18:42:50]
Deleted : RP #877 [Software Distribution Service 3.0 | 12/26/2013 18:56:23]
Deleted : RP #878 [Removed Apple Mobile Device Support | 12/27/2013 04:26:07]
Deleted : RP #879 [Installed %1 %2. | 12/27/2013 05:02:18]
Deleted : RP #880 [Software Distribution Service 3.0 | 12/27/2013 22:27:21]
Deleted : RP #881 [Software Distribution Service 3.0 | 12/29/2013 17:02:59]
Deleted : RP #882 [System Checkpoint | 01/02/2014 20:06:10]
Deleted : RP #883 [Software Distribution Service 3.0 | 01/02/2014 20:07:45]

New restore point created !

########## - EOF - ##########
 



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 04 January 2014 - 08:29 PM

Ok have a nice day. :)



#12 ppppesto

ppppesto
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 04 January 2014 - 08:31 PM

Thank you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users