Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Connection very slow possible csrss.exe?

Started by WalkerPF , Nov 24 2011 04:57 PM

  • Please log in to reply

#1
WalkerPF
Posted 24 November 2011 - 04:57 PM

WalkerPF

    New Member

  • Member
  • Pip
  • 3 posts
Hi Guys,

My internet connection and computer have been running slightly sluggishly and slowly for the last week or so. It took me aout 4 attempts to try and download and run the OTL programme and when doing that it kept saying it was 'Not Responding'. This has also been happening with various other programmes like Firefox. I checked differnet applications that were running and csrss.exe appeared to be using a lot of memory.

OTL logfile created on: 24/11/2011 22:21:22 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.71% Memory free
4.23 Gb Paging File | 2.80 Gb Available in Paging File | 66.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54.42 Gb Total Space | 22.81 Gb Free Space | 41.90% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/22 15:07:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/04/27 14:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/05/21 00:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/11 13:18:35 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/10/14 12:37:40 | 000,110,592 | ---- | M] () -- C:\Windows\ATK0100\HControl.exe
PRC - [2006/08/10 17:08:04 | 002,379,776 | ---- | M] () -- C:\Windows\ATK0100\ATKOSD.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/02/09 09:55:54 | 000,166,400 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2006/10/14 12:37:40 | 000,110,592 | ---- | M] () -- C:\Windows\ATK0100\HControl.exe
MOD - [2006/08/10 17:08:04 | 002,379,776 | ---- | M] () -- C:\Windows\ATK0100\ATKOSD.exe
MOD - [2004/05/28 05:13:10 | 000,057,344 | ---- | M] () -- C:\Windows\ATK0100\CMSSC.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/24 21:31:42 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{76646A49-850D-46FB-90D1-CF21A9B91397}\MpKsl1a0f6c56.sys -- (MpKsl1a0f6c56)
DRV - [2011/05/27 18:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2008/10/29 08:29:54 | 000,043,520 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/08/28 09:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 07:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 51 13 A6 B6 9F CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/15 10:06:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 22:45:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 22:45:20 | 000,000,000 | ---D | M]

[2011/02/09 09:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/11/24 21:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hgqtzo5x.default\extensions
[2011/04/05 11:52:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\hgqtzo5x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/20 17:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 14:33:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/20 17:03:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/15 10:06:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/03 08:28:39 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/03 08:28:39 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/03 08:28:39 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/03/03 08:28:39 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HControl] C:\Windows\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10q_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87F81EDA-ACAB-429D-8D70-6D59576410CA}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\Summer 2009\Lake Superior.JPG
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\Summer 2009\Lake Superior.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/22 15:06:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/11/19 14:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/11/19 14:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/11/19 11:51:35 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/11/16 14:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/16 14:15:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2011/11/16 14:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/11/14 08:08:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/24 22:28:33 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 22:28:33 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/24 22:13:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/24 21:17:20 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{150496EC-7101-4AED-A69A-61B84D6CE69B}.job
[2011/11/24 10:41:02 | 138,902,140 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/22 15:07:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.scr
[2011/11/21 22:07:58 | 000,611,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/21 22:07:58 | 000,109,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/21 10:03:45 | 000,017,516 | ---- | M] () -- C:\Users\Owner\Desktop\Timetable.ods
[2011/11/19 18:24:29 | 000,228,771 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/11/19 14:01:01 | 000,075,794 | ---- | M] () -- C:\Users\Owner\Documents\cc_20111119_140034.reg
[2011/11/16 14:18:26 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/14 08:10:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 20:24:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/19 14:00:46 | 000,075,794 | ---- | C] () -- C:\Users\Owner\Documents\cc_20111119_140034.reg
[2011/11/16 14:18:26 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/02 20:24:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/08/10 10:38:17 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 10:31:30 | 000,011,460 | -HS- | C] () -- C:\Users\Owner\AppData\Local\o6b3o1nmmnenrt3n4
[2011/04/05 10:31:30 | 000,011,460 | -HS- | C] () -- C:\ProgramData\o6b3o1nmmnenrt3n4
[2011/02/07 14:45:20 | 000,005,760 | ---- | C] () -- C:\Windows\System32\drivers\ATKACPI.sys
[2009/04/11 13:18:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 13:18:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 13:18:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 12:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:44:53 | 000,252,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 10:33:01 | 000,611,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,109,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/02/09 10:11:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
[2011/02/09 09:56:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2011/11/10 09:00:40 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/24 21:17:20 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{150496EC-7101-4AED-A69A-61B84D6CE69B}.job

========== Purity Check ==========



< End of report >


Thanks for any help you guys can give me


Many Thanks


Walker
  • 0

Advertisements

#2
RKinner
Posted 25 November 2011 - 12:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You have two anti-viruses running. AVG and Microsoft Security Essentials. Uninstall one.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Ron
  • 0

#3
WalkerPF
Posted 02 December 2011 - 06:51 AM

WalkerPF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ron,

I've now run all those scans, however when I click on various desktop programs they say 'illegal operation attempted on a registery key that has been marked for deletion'. This is also preventing me from opening the logs that I saved onto my desktop. To open them I had to open Notepad and then open them through that, rather than just double clicking them.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8289

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

02/12/2011 11:17:57
mbam-log-2011-12-02 (11-17-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 225340
Time elapsed: 47 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFix 11-12-01.03 - Owner 02/12/2011 11:41:13.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2039.989 [GMT 0:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 11:46 . 2011-12-02 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-02 11:37 . 2011-12-02 11:37 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4E6471-39F3-4A63-820B-E1015DC5AC9A}\MpKsl94a6af34.sys
2011-12-02 11:37 . 2011-12-02 11:36 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35436548-29F7-4A9F-B9CB-A10C3146046F}\gapaengine.dll
2011-12-02 11:36 . 2011-12-02 11:36 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4E6471-39F3-4A63-820B-E1015DC5AC9A}\offreg.dll
2011-12-02 11:36 . 2011-11-21 02:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4E6471-39F3-4A63-820B-E1015DC5AC9A}\mpengine.dll
2011-12-02 11:34 . 2011-12-02 11:35 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-02 10:08 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 10:08 . 2011-12-02 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-19 14:25 . 2011-11-19 14:25 -------- d-----w- c:\programdata\IObit
2011-11-19 14:24 . 2011-11-19 14:24 -------- d-----w- c:\program files\IObit
2011-11-16 14:18 . 2011-11-16 14:18 -------- d-----w- c:\program files\CCleaner
2011-11-16 14:15 . 2011-11-19 15:28 -------- d-----w- c:\program files\Google
2011-11-16 14:15 . 2011-11-19 14:28 -------- d-----w- c:\users\Owner\AppData\Local\Google
2011-11-14 08:08 . 2011-11-14 08:08 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-11-09 13:24 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 13:24 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:24 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 13:23 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 23:06 . 2011-10-12 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-12 17:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 17:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 17:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:01 . 2011-10-12 17:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 22:07 . 2011-10-12 17:11 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-12 17:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 17:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-12 17:12 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1411" [?]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0044d1e9;MpKsl0044d1e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DC6C7B0-086E-4952-A831-DF01F58C9C0B}\MpKsl0044d1e9.sys [x]
R1 MpKsl08d40fd9;MpKsl08d40fd9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{87DE838E-4B06-4793-9753-4B62D6B3F6AE}\MpKsl08d40fd9.sys [x]
R1 MpKsl0d4d3be6;MpKsl0d4d3be6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E86DB84-5CA8-4084-A6FC-4719AF66593E}\MpKsl0d4d3be6.sys [x]
R1 MpKsl1af5c9d7;MpKsl1af5c9d7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24686C9C-C9E5-4B1A-88C7-DEADDDCEEDD9}\MpKsl1af5c9d7.sys [x]
R1 MpKsl1ce2e852;MpKsl1ce2e852;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3FFA10C-36DD-473C-B361-761A09C58791}\MpKsl1ce2e852.sys [x]
R1 MpKsl1dd3e568;MpKsl1dd3e568;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A77BE38-DA78-418A-AFB2-38ADD1CDD9E3}\MpKsl1dd3e568.sys [x]
R1 MpKsl20508384;MpKsl20508384;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5312552-260F-4C11-8BA9-579CB511FC33}\MpKsl20508384.sys [x]
R1 MpKsl36f16b2c;MpKsl36f16b2c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D5D0976-1A82-481F-98F3-A6650F149908}\MpKsl36f16b2c.sys [x]
R1 MpKsl39e9e392;MpKsl39e9e392;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0487EB9F-C863-4A61-8244-03B7610988F1}\MpKsl39e9e392.sys [x]
R1 MpKsl3acafed2;MpKsl3acafed2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A01D4FE8-BAE7-413B-86DE-8746FFA15341}\MpKsl3acafed2.sys [x]
R1 MpKsl47e373e3;MpKsl47e373e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EEA7379-B24A-4370-9D90-521E254A309F}\MpKsl47e373e3.sys [x]
R1 MpKsl4f2c59fd;MpKsl4f2c59fd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24686C9C-C9E5-4B1A-88C7-DEADDDCEEDD9}\MpKsl4f2c59fd.sys [x]
R1 MpKsl66da1f3e;MpKsl66da1f3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFE5A55D-04AF-4417-B83B-B72880FEEBBE}\MpKsl66da1f3e.sys [x]
R1 MpKsl67ea0c0e;MpKsl67ea0c0e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C9058B1-4EED-4033-BBCC-274B5570B712}\MpKsl67ea0c0e.sys [x]
R1 MpKsl7e948ba0;MpKsl7e948ba0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFE5A55D-04AF-4417-B83B-B72880FEEBBE}\MpKsl7e948ba0.sys [x]
R1 MpKsl7ff6515e;MpKsl7ff6515e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23B88A42-0356-48FC-85EF-E0661FE8A2EE}\MpKsl7ff6515e.sys [x]
R1 MpKsl8c2fa109;MpKsl8c2fa109;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEF3FAD6-9260-4125-8451-8E190E6C9870}\MpKsl8c2fa109.sys [x]
R1 MpKsl965f7add;MpKsl965f7add;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A77BE38-DA78-418A-AFB2-38ADD1CDD9E3}\MpKsl965f7add.sys [x]
R1 MpKsl988c9ddd;MpKsl988c9ddd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5E679E7-372B-4AF1-AA95-8A3794B8EE73}\MpKsl988c9ddd.sys [x]
R1 MpKsl99932166;MpKsl99932166;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24686C9C-C9E5-4B1A-88C7-DEADDDCEEDD9}\MpKsl99932166.sys [x]
R1 MpKsla8baa7a6;MpKsla8baa7a6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7B8C8F3-C14F-4AFF-901C-FAF070B21A3A}\MpKsla8baa7a6.sys [x]
R1 MpKslb1694f2b;MpKslb1694f2b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B30F4CBA-1DFD-469C-97F6-180197E33FAD}\MpKslb1694f2b.sys [x]
R1 MpKslb67be5a1;MpKslb67be5a1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E406B14-C83E-499E-9048-D8419B7BD8AB}\MpKslb67be5a1.sys [x]
R1 MpKslb6b84aca;MpKslb6b84aca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B776A00-A25E-4E3C-9039-D62DED5ACF01}\MpKslb6b84aca.sys [x]
R1 MpKslbd308c3d;MpKslbd308c3d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA20B8E8-08F2-4E84-AD22-F46B8AA27601}\MpKslbd308c3d.sys [x]
R1 MpKslc4d420a4;MpKslc4d420a4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D11F4A44-034F-4730-BD2A-C726C2F87BAA}\MpKslc4d420a4.sys [x]
R1 MpKsle0b334a0;MpKsle0b334a0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{177B0832-7E84-40E7-8B31-A04D836B598C}\MpKsle0b334a0.sys [x]
R1 MpKslf0164148;MpKslf0164148;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D49BBDF1-3053-4623-A0A6-D27DE1676CB2}\MpKslf0164148.sys [x]
R1 MpKslf9747765;MpKslf9747765;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EAA18E13-05AA-46F9-80C0-5523E2A4CD52}\MpKslf9747765.sys [x]
R1 MpKslfd4b7232;MpKslfd4b7232;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D49BBDF1-3053-4623-A0A6-D27DE1676CB2}\MpKslfd4b7232.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl94a6af34;MpKsl94a6af34;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4E6471-39F3-4A63-820B-E1015DC5AC9A}\MpKsl94a6af34.sys [2011-12-02 29904]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSL0714E8A6
*NewlyCreated* - MPKSL94A6AF34
*Deregistered* - MpKsl0714e8a6
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-02 c:\windows\Tasks\User_Feed_Synchronization-{150496EC-7101-4AED-A69A-61B84D6CE69B}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hgqtzo5x.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-02 11:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-12-02 11:48:35
ComboFix-quarantined-files.txt 2011-12-02 11:48
.
Pre-Run: 25,191,948,288 bytes free
Post-Run: 25,312,452,608 bytes free
.
- - End Of File - - EEFC4D69FA3FE55797E203CEB63C688F


11:50:11.0279 0428 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
11:50:11.0310 0428 ============================================================
11:50:11.0310 0428 Current date / time: 2011/12/02 11:50:11.0310
11:50:11.0310 0428 SystemInfo:
11:50:11.0310 0428
11:50:11.0310 0428 OS Version: 6.0.6002 ServicePack: 2.0
11:50:11.0310 0428 Product type: Workstation
11:50:11.0310 0428 ComputerName: OWNER-PC
11:50:11.0310 0428 UserName: Owner
11:50:11.0310 0428 Windows directory: C:\Windows
11:50:11.0310 0428 System windows directory: C:\Windows
11:50:11.0310 0428 Processor architecture: Intel x86
11:50:11.0310 0428 Number of processors: 2
11:50:11.0310 0428 Page size: 0x1000
11:50:11.0310 0428 Boot type: Normal boot
11:50:11.0310 0428 ============================================================
11:50:14.0040 0428 Initialize success
11:50:21.0497 3680 ============================================================
11:50:21.0497 3680 Scan started
11:50:21.0497 3680 Mode: Manual;
11:50:21.0497 3680 ============================================================
11:50:23.0291 3680 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:50:23.0291 3680 ACPI - ok
11:50:23.0369 3680 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:50:23.0369 3680 adp94xx - ok
11:50:23.0525 3680 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:50:23.0525 3680 adpahci - ok
11:50:23.0634 3680 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:50:23.0634 3680 adpu160m - ok
11:50:23.0790 3680 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:50:23.0790 3680 adpu320 - ok
11:50:23.0946 3680 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:50:23.0946 3680 AFD - ok
11:50:24.0133 3680 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
11:50:24.0149 3680 AgereSoftModem - ok
11:50:24.0273 3680 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:50:24.0273 3680 agp440 - ok
11:50:24.0367 3680 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:50:24.0367 3680 aic78xx - ok
11:50:24.0414 3680 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:50:24.0414 3680 aliide - ok
11:50:24.0461 3680 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:50:24.0461 3680 amdagp - ok
11:50:24.0492 3680 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:50:24.0492 3680 amdide - ok
11:50:24.0585 3680 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:50:24.0585 3680 AmdK7 - ok
11:50:24.0648 3680 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:50:24.0648 3680 AmdK8 - ok
11:50:24.0757 3680 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:50:24.0773 3680 arc - ok
11:50:24.0819 3680 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:50:24.0819 3680 arcsas - ok
11:50:24.0882 3680 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:50:24.0944 3680 AsyncMac - ok
11:50:25.0022 3680 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:50:25.0022 3680 atapi - ok
11:50:25.0116 3680 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
11:50:25.0131 3680 athr - ok
11:50:25.0350 3680 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:50:25.0350 3680 Beep - ok
11:50:25.0412 3680 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:50:25.0412 3680 blbdrive - ok
11:50:25.0475 3680 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:50:25.0475 3680 bowser - ok
11:50:25.0537 3680 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:50:25.0537 3680 BrFiltLo - ok
11:50:25.0646 3680 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:50:25.0646 3680 BrFiltUp - ok
11:50:25.0802 3680 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:50:25.0818 3680 Brserid - ok
11:50:25.0849 3680 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:50:25.0849 3680 BrSerWdm - ok
11:50:25.0880 3680 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:50:25.0896 3680 BrUsbMdm - ok
11:50:25.0927 3680 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:50:25.0927 3680 BrUsbSer - ok
11:50:25.0958 3680 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:50:25.0958 3680 BTHMODEM - ok
11:50:26.0036 3680 catchme - ok
11:50:26.0208 3680 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:50:26.0223 3680 cdfs - ok
11:50:26.0255 3680 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:50:26.0255 3680 cdrom - ok
11:50:26.0301 3680 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:50:26.0301 3680 circlass - ok
11:50:26.0364 3680 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:50:26.0364 3680 CLFS - ok
11:50:26.0613 3680 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:50:26.0613 3680 CmBatt - ok
11:50:26.0645 3680 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:50:26.0645 3680 cmdide - ok
11:50:26.0676 3680 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:50:26.0676 3680 Compbatt - ok
11:50:26.0707 3680 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:50:26.0707 3680 crcdisk - ok
11:50:26.0738 3680 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:50:26.0738 3680 Crusoe - ok
11:50:26.0801 3680 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:50:26.0801 3680 DfsC - ok
11:50:27.0035 3680 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:50:27.0035 3680 disk - ok
11:50:27.0113 3680 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:50:27.0113 3680 drmkaud - ok
11:50:27.0159 3680 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:50:27.0175 3680 DXGKrnl - ok
11:50:27.0331 3680 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:50:27.0331 3680 E1G60 - ok
11:50:27.0425 3680 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:50:27.0425 3680 Ecache - ok
11:50:27.0471 3680 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:50:27.0487 3680 elxstor - ok
11:50:27.0549 3680 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys
11:50:27.0549 3680 ErrDev - ok
11:50:27.0721 3680 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:50:27.0737 3680 exfat - ok
11:50:27.0768 3680 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:50:27.0768 3680 fastfat - ok
11:50:27.0815 3680 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:50:27.0815 3680 fdc - ok
11:50:27.0877 3680 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:50:27.0877 3680 FileInfo - ok
11:50:27.0908 3680 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:50:27.0908 3680 Filetrace - ok
11:50:27.0986 3680 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:50:27.0986 3680 flpydisk - ok
11:50:28.0049 3680 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:50:28.0064 3680 FltMgr - ok
11:50:28.0142 3680 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:50:28.0142 3680 Fs_Rec - ok
11:50:28.0173 3680 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:50:28.0173 3680 gagp30kx - ok
11:50:28.0236 3680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:50:28.0236 3680 GEARAspiWDM - ok
11:50:28.0329 3680 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
11:50:28.0329 3680 HdAudAddService - ok
11:50:28.0439 3680 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:50:28.0470 3680 HDAudBus - ok
11:50:28.0501 3680 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:50:28.0501 3680 HidBth - ok
11:50:28.0532 3680 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:50:28.0532 3680 HidIr - ok
11:50:28.0595 3680 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:50:28.0595 3680 HidUsb - ok
11:50:28.0657 3680 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys
11:50:28.0657 3680 HpCISSs - ok
11:50:28.0751 3680 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
11:50:28.0766 3680 HTTP - ok
11:50:28.0829 3680 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:50:28.0829 3680 i2omp - ok
11:50:28.0922 3680 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:50:28.0922 3680 i8042prt - ok
11:50:29.0094 3680 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:50:29.0109 3680 ialm - ok
11:50:29.0265 3680 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:50:29.0265 3680 iaStorV - ok
11:50:29.0437 3680 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:50:29.0453 3680 igfx - ok
11:50:29.0577 3680 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:50:29.0577 3680 iirsp - ok
11:50:29.0624 3680 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:50:29.0624 3680 intelide - ok
11:50:29.0671 3680 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:50:29.0671 3680 intelppm - ok
11:50:29.0718 3680 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:50:29.0718 3680 IpFilterDriver - ok
11:50:29.0733 3680 IpInIp - ok
11:50:29.0765 3680 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys
11:50:29.0765 3680 IPMIDRV - ok
11:50:29.0796 3680 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:50:29.0796 3680 IPNAT - ok
11:50:29.0921 3680 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:50:29.0921 3680 IRENUM - ok
11:50:29.0967 3680 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:50:29.0967 3680 isapnp - ok
11:50:30.0077 3680 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:50:30.0077 3680 iScsiPrt - ok
11:50:30.0123 3680 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:50:30.0123 3680 iteatapi - ok
11:50:30.0155 3680 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:50:30.0155 3680 iteraid - ok
11:50:30.0201 3680 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:50:30.0201 3680 kbdclass - ok
11:50:30.0326 3680 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
11:50:30.0326 3680 kbdhid - ok
11:50:30.0435 3680 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
11:50:30.0435 3680 KSecDD - ok
11:50:30.0498 3680 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:50:30.0498 3680 lltdio - ok
11:50:30.0529 3680 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:50:30.0545 3680 LSI_FC - ok
11:50:30.0591 3680 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:50:30.0591 3680 LSI_SAS - ok
11:50:30.0669 3680 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:50:30.0669 3680 LSI_SCSI - ok
11:50:30.0701 3680 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:50:30.0701 3680 luafv - ok
11:50:30.0747 3680 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:50:30.0747 3680 megasas - ok
11:50:30.0794 3680 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:50:30.0810 3680 MegaSR - ok
11:50:30.0857 3680 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:50:30.0857 3680 Modem - ok
11:50:30.0966 3680 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:50:30.0966 3680 monitor - ok
11:50:31.0013 3680 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:50:31.0013 3680 mouclass - ok
11:50:31.0075 3680 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:50:31.0075 3680 mouhid - ok
11:50:31.0122 3680 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:50:31.0122 3680 MountMgr - ok
11:50:31.0184 3680 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
11:50:31.0184 3680 MpFilter - ok
11:50:31.0262 3680 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys
11:50:31.0262 3680 mpio - ok
11:50:31.0340 3680 MpKsl0044d1e9 - ok
11:50:31.0356 3680 MpKsl08d40fd9 - ok
11:50:31.0387 3680 MpKsl0d4d3be6 - ok
11:50:31.0387 3680 MpKsl1af5c9d7 - ok
11:50:31.0403 3680 MpKsl1ce2e852 - ok
11:50:31.0418 3680 MpKsl1dd3e568 - ok
11:50:31.0434 3680 MpKsl20508384 - ok
11:50:31.0481 3680 MpKsl36f16b2c - ok
11:50:31.0512 3680 MpKsl39e9e392 - ok
11:50:31.0512 3680 MpKsl3acafed2 - ok
11:50:31.0527 3680 MpKsl47e373e3 - ok
11:50:31.0527 3680 MpKsl4f2c59fd - ok
11:50:31.0543 3680 MpKsl66da1f3e - ok
11:50:31.0543 3680 MpKsl67ea0c0e - ok
11:50:31.0590 3680 MpKsl7e948ba0 - ok
11:50:31.0605 3680 MpKsl7ff6515e - ok
11:50:31.0621 3680 MpKsl8c2fa109 - ok
11:50:31.0683 3680 MpKsl94a6af34 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D4E6471-39F3-4A63-820B-E1015DC5AC9A}\MpKsl94a6af34.sys
11:50:31.0683 3680 MpKsl94a6af34 - ok
11:50:31.0730 3680 MpKsl965f7add - ok
11:50:31.0730 3680 MpKsl988c9ddd - ok
11:50:31.0761 3680 MpKsl99932166 - ok
11:50:31.0761 3680 MpKsla8baa7a6 - ok
11:50:31.0808 3680 MpKslb1694f2b - ok
11:50:31.0824 3680 MpKslb67be5a1 - ok
11:50:31.0871 3680 MpKslb6b84aca - ok
11:50:31.0886 3680 MpKslbd308c3d - ok
11:50:31.0886 3680 MpKslc4d420a4 - ok
11:50:31.0917 3680 MpKsle0b334a0 - ok
11:50:31.0933 3680 MpKslf0164148 - ok
11:50:31.0949 3680 MpKslf9747765 - ok
11:50:31.0964 3680 MpKslfd4b7232 - ok
11:50:32.0073 3680 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:50:32.0073 3680 MpNWMon - ok
11:50:32.0105 3680 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:50:32.0105 3680 mpsdrv - ok
11:50:32.0151 3680 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:50:32.0151 3680 Mraid35x - ok
11:50:32.0198 3680 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:50:32.0198 3680 MRxDAV - ok
11:50:32.0261 3680 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:50:32.0276 3680 mrxsmb - ok
11:50:32.0354 3680 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:50:32.0354 3680 mrxsmb10 - ok
11:50:32.0479 3680 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:50:32.0479 3680 mrxsmb20 - ok
11:50:32.0541 3680 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
11:50:32.0541 3680 msahci - ok
11:50:32.0588 3680 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys
11:50:32.0588 3680 msdsm - ok
11:50:32.0635 3680 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:50:32.0635 3680 Msfs - ok
11:50:32.0682 3680 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:50:32.0682 3680 msisadrv - ok
11:50:32.0713 3680 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:50:32.0713 3680 MSKSSRV - ok
11:50:32.0838 3680 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:50:32.0838 3680 MSPCLOCK - ok
11:50:32.0931 3680 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:50:32.0931 3680 MSPQM - ok
11:50:32.0994 3680 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:50:32.0994 3680 MsRPC - ok
11:50:33.0041 3680 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:50:33.0041 3680 mssmbios - ok
11:50:33.0072 3680 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:50:33.0072 3680 MSTEE - ok
11:50:33.0119 3680 MTsensor (1c0f480b7c6136ddb5fb909995af014a) C:\Windows\system32\DRIVERS\ATKACPI.sys
11:50:33.0119 3680 MTsensor - ok
11:50:33.0259 3680 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:50:33.0259 3680 Mup - ok
11:50:33.0321 3680 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:50:33.0321 3680 NativeWifiP - ok
11:50:33.0431 3680 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:50:33.0431 3680 NDIS - ok
11:50:33.0493 3680 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:50:33.0493 3680 NdisTapi - ok
11:50:33.0618 3680 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:50:33.0618 3680 Ndisuio - ok
11:50:33.0665 3680 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:50:33.0665 3680 NdisWan - ok
11:50:33.0727 3680 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:50:33.0727 3680 NDProxy - ok
11:50:33.0774 3680 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:50:33.0774 3680 NetBIOS - ok
11:50:33.0805 3680 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:50:33.0805 3680 netbt - ok
11:50:33.0867 3680 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:50:33.0867 3680 nfrd960 - ok
11:50:33.0977 3680 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:50:33.0977 3680 NisDrv - ok
11:50:34.0023 3680 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:50:34.0023 3680 Npfs - ok
11:50:34.0055 3680 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:50:34.0055 3680 nsiproxy - ok
11:50:34.0148 3680 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:50:34.0164 3680 Ntfs - ok
11:50:34.0273 3680 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:50:34.0273 3680 ntrigdigi - ok
11:50:34.0289 3680 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:50:34.0289 3680 Null - ok
11:50:34.0320 3680 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:50:34.0320 3680 nvraid - ok
11:50:34.0351 3680 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:50:34.0351 3680 nvstor - ok
11:50:34.0367 3680 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:50:34.0367 3680 nv_agp - ok
11:50:34.0382 3680 NwlnkFlt - ok
11:50:34.0413 3680 NwlnkFwd - ok
11:50:34.0476 3680 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:50:34.0476 3680 ohci1394 - ok
11:50:34.0554 3680 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:50:34.0554 3680 Parport - ok
11:50:34.0616 3680 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
11:50:34.0616 3680 partmgr - ok
11:50:34.0663 3680 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:50:34.0663 3680 Parvdm - ok
11:50:34.0710 3680 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:50:34.0710 3680 pci - ok
11:50:34.0772 3680 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
11:50:34.0772 3680 pciide - ok
11:50:34.0819 3680 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
11:50:34.0819 3680 pcmcia - ok
11:50:34.0975 3680 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:50:34.0991 3680 PEAUTH - ok
11:50:35.0100 3680 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:50:35.0100 3680 PptpMiniport - ok
11:50:35.0147 3680 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:50:35.0147 3680 Processor - ok
11:50:35.0256 3680 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:50:35.0256 3680 PSched - ok
11:50:35.0349 3680 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:50:35.0349 3680 ql2300 - ok
11:50:35.0443 3680 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:50:35.0443 3680 ql40xx - ok
11:50:35.0505 3680 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:50:35.0505 3680 QWAVEdrv - ok
11:50:35.0537 3680 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:50:35.0552 3680 RasAcd - ok
11:50:35.0583 3680 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:50:35.0583 3680 Rasl2tp - ok
11:50:35.0630 3680 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:50:35.0630 3680 RasPppoe - ok
11:50:35.0661 3680 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:50:35.0661 3680 RasSstp - ok
11:50:35.0693 3680 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:50:35.0693 3680 rdbss - ok
11:50:35.0802 3680 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:50:35.0802 3680 RDPCDD - ok
11:50:35.0880 3680 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\drivers\rdpdr.sys
11:50:35.0880 3680 rdpdr - ok
11:50:35.0895 3680 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:50:35.0895 3680 RDPENCDD - ok
11:50:35.0942 3680 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
11:50:35.0942 3680 RDPWD - ok
11:50:35.0989 3680 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:50:35.0989 3680 rspndr - ok
11:50:36.0036 3680 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
11:50:36.0036 3680 RTL8023xp - ok
11:50:36.0114 3680 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:50:36.0114 3680 sbp2port - ok
11:50:36.0223 3680 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:50:36.0223 3680 secdrv - ok
11:50:36.0270 3680 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:50:36.0270 3680 Serenum - ok
11:50:36.0301 3680 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:50:36.0301 3680 Serial - ok
11:50:36.0348 3680 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:50:36.0348 3680 sermouse - ok
11:50:36.0395 3680 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:50:36.0395 3680 sffdisk - ok
11:50:36.0426 3680 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys
11:50:36.0426 3680 sffp_mmc - ok
11:50:36.0504 3680 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\drivers\sffp_sd.sys
11:50:36.0504 3680 sffp_sd - ok
11:50:36.0597 3680 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:50:36.0597 3680 sfloppy - ok
11:50:36.0644 3680 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:50:36.0644 3680 sisagp - ok
11:50:36.0691 3680 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:50:36.0691 3680 SiSRaid2 - ok
11:50:36.0738 3680 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:50:36.0738 3680 SiSRaid4 - ok
11:50:36.0800 3680 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:50:36.0800 3680 Smb - ok
11:50:36.0847 3680 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:50:36.0863 3680 spldr - ok
11:50:36.0956 3680 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:50:36.0956 3680 srv - ok
11:50:37.0034 3680 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:50:37.0034 3680 srv2 - ok
11:50:37.0081 3680 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:50:37.0081 3680 srvnet - ok
11:50:37.0112 3680 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:50:37.0112 3680 swenum - ok
11:50:37.0175 3680 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:50:37.0175 3680 Symc8xx - ok
11:50:37.0206 3680 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:50:37.0206 3680 Sym_hi - ok
11:50:37.0268 3680 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:50:37.0268 3680 Sym_u3 - ok
11:50:37.0362 3680 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
11:50:37.0377 3680 Tcpip - ok
11:50:37.0487 3680 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
11:50:37.0487 3680 Tcpip6 - ok
11:50:37.0549 3680 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
11:50:37.0549 3680 tcpipreg - ok
11:50:37.0611 3680 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:50:37.0627 3680 TDPIPE - ok
11:50:37.0658 3680 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:50:37.0689 3680 TDTCP - ok
11:50:37.0721 3680 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:50:37.0721 3680 tdx - ok
11:50:37.0736 3680 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:50:37.0752 3680 TermDD - ok
11:50:37.0830 3680 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:50:37.0830 3680 tssecsrv - ok
11:50:37.0892 3680 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:50:37.0892 3680 tunmp - ok
11:50:37.0955 3680 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
11:50:37.0955 3680 tunnel - ok
11:50:38.0001 3680 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:50:38.0001 3680 uagp35 - ok
11:50:38.0048 3680 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:50:38.0064 3680 udfs - ok
11:50:38.0111 3680 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:50:38.0111 3680 uliagpkx - ok
11:50:38.0173 3680 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:50:38.0189 3680 uliahci - ok
11:50:38.0267 3680 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:50:38.0267 3680 UlSata - ok
11:50:38.0376 3680 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:50:38.0376 3680 ulsata2 - ok
11:50:38.0423 3680 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:50:38.0423 3680 umbus - ok
11:50:38.0469 3680 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
11:50:38.0469 3680 USBAAPL - ok
11:50:38.0516 3680 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
11:50:38.0532 3680 usbaudio - ok
11:50:38.0610 3680 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:50:38.0610 3680 usbccgp - ok
11:50:38.0703 3680 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:50:38.0703 3680 usbcir - ok
11:50:38.0750 3680 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:50:38.0750 3680 usbehci - ok
11:50:38.0844 3680 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:50:38.0859 3680 usbhub - ok
11:50:38.0891 3680 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:50:38.0891 3680 usbohci - ok
11:50:38.0937 3680 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:50:38.0937 3680 usbprint - ok
11:50:39.0015 3680 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:50:39.0031 3680 USBSTOR - ok
11:50:39.0093 3680 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:50:39.0093 3680 usbuhci - ok
11:50:39.0140 3680 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:50:39.0140 3680 vga - ok
11:50:39.0187 3680 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:50:39.0203 3680 VgaSave - ok
11:50:39.0249 3680 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:50:39.0249 3680 viaagp - ok
11:50:39.0296 3680 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:50:39.0296 3680 ViaC7 - ok
11:50:39.0327 3680 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:50:39.0327 3680 viaide - ok
11:50:39.0374 3680 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:50:39.0374 3680 volmgr - ok
11:50:39.0421 3680 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:50:39.0421 3680 volmgrx - ok
11:50:39.0515 3680 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:50:39.0530 3680 volsnap - ok
11:50:39.0577 3680 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:50:39.0577 3680 vsmraid - ok
11:50:39.0639 3680 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:50:39.0639 3680 WacomPen - ok
11:50:39.0671 3680 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:50:39.0671 3680 Wanarp - ok
11:50:39.0686 3680 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:50:39.0686 3680 Wanarpv6 - ok
11:50:39.0733 3680 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:50:39.0733 3680 Wd - ok
11:50:39.0780 3680 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:50:39.0811 3680 Wdf01000 - ok
11:50:39.0951 3680 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
11:50:39.0951 3680 WmiAcpi - ok
11:50:40.0014 3680 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:50:40.0014 3680 WpdUsb - ok
11:50:40.0092 3680 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:50:40.0092 3680 ws2ifsl - ok
11:50:40.0154 3680 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:50:40.0154 3680 WUDFRd - ok
11:50:40.0248 3680 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:50:40.0295 3680 \Device\Harddisk0\DR0 - ok
11:50:40.0295 3680 Boot (0x1200) (fd91bea584d87d0fc125f68f87b7f6ae) \Device\Harddisk0\DR0\Partition0
11:50:40.0295 3680 \Device\Harddisk0\DR0\Partition0 - ok
11:50:40.0295 3680 ============================================================
11:50:40.0295 3680 Scan finished
11:50:40.0295 3680 ============================================================
11:50:40.0310 2256 Detected object count: 0
11:50:40.0310 2256 Actual detected object count: 0
11:50:52.0962 1404 Deinitialize success


11:50:11.0279 0428 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
11:50:11.0310 0428 ============================================================
11:50:11.0310 0428 Current date / time: 2011/12/02 11:50:11.0310
11:50:11.0310 0428 SystemInfo:
11:50:11.0310 0428
11:50:11.0310 0428 OS Version: 6.0.6002 ServicePack: 2.0
11:50:11.0310 0428 Product type: Workstation
11:50:11.0310 0428 ComputerName: OWNER-PC
11:50:11.0310 0428 UserName: Owner
11:50:11.0310 0428 Windows directory: C:\Windows
11:50:11.0310 0428 System windows directory: C:\Windows
11:50:11.0310 0428 Processor architecture: Intel x86
11:50:11.0310 0428 Number of processors: 2
11:50:11.0310 0428 Page size: 0x1000
11:50:11.0310 0428 Boot type: Normal boot
11:50:11.0310 0428 ============================================================
11:50:14.0040 0428 Initialize success
11:50:21.0497 3680 ============================================================
11:50:21.0497 3680 Scan started
11:50:21.0497 3680 Mode: Manual;
11:50:21.0497 3680 ============================================================
11:50:23.0291 3680 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:50:23.0291 3680 ACPI - ok
11:50:23.0369 3680 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:50:23.0369 3680 adp94xx - ok
11:50:23.0525 3680 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:50:23.0525 3680 adpahci - ok
11:50:23.0634 3680 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:50:23.0634 3680 adpu160m - ok
11:50:23.0790 3680 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:50:23.0790 3680 adpu320 - ok
11:50:23.0946 3680 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:50:23.0946 3680 AFD - ok
11:50:24.0133 3680 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
11:50:24.0149 3680 AgereSoftModem - ok
11:50:24.0273 3680 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:50:24.0273 3680 agp440 - ok
11:50:24.0367 3680 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:50:24.0367 3680 aic78xx - ok
11:50:24.0414 3680 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:50:24.0414 3680 aliide - ok
11:50:24.0461 3680 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:50:24.0461 3680 amdagp - ok
11:50:24.0492 3680 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:50:24.0492 3680 amdide - ok
11:50:24.0585 3680 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:50:24.0585 3680 AmdK7 - ok
11:50:24.0648 3680 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:50:24.0648 3680 AmdK8 - ok
11:50:24.0757 3680 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:50:24.0773 3680 arc - ok
11:50:24.0819 3680 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:50:24.0819 3680 arcsas - ok
11:50:24.0882 3680 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:50:24.0944 3680 AsyncMac - ok
11:50:25.0022 3680 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:50:25.0022 3680 atapi - ok
11:50:25.0116 3680 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
11:50:25.0131 3680 athr - ok
11:50:25.0350 3680 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:50:25.0350 3680 Beep - ok
11:50:25.0412 3680 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:50:25.0412 3680 blbdrive - ok
11:50:25.0475 3680 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:50:25.0475 3680 bowser - ok
11:50:25.0537 3680 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:50:25.0537 3680 BrFiltLo - ok
11:50:25.0646 3680 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:50:25.0646 3680 BrFiltUp - ok
11:50:25.0802 3680 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:50:25.0818 3680 Brserid - ok
11:50:25.0849 3680 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:50:25.0849 3680 BrSerWdm - ok
11:50:25.0880 3680 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:50:25.0896 3680 BrUsbMdm - ok
11:50:25.0927 3680 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:50:25.0927 3680 BrUsbSer - ok
11:50:25.0958 3680 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:50:25.0958 3680 BTHMODEM - ok
11:50:26.0036 3680 catchme - ok
11:50:26.0208 3680 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:50:26.0223 3680 cdfs - ok
11:50:26.0255 3680 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:50:26.0255 3680 cdrom - ok
11:50:26.0301 3680 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:50:26.0301 3680 circlass - ok
11:50:26.0364 3680 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:50:26.0364 3680 CLFS - ok
11:50:26.0613 3680 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:50:26.0613 3680 CmBatt - ok
11:50:26.0645 3680 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:50:26.0645 3680 cmdide - ok
11:50:26.0676 3680 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:50:26.0676 3680 Compbatt - ok
11:50:26.0707 3680 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:50:26.0707 3680 crcdisk - ok
11:50:26.0738 3680 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:50:26.0738 3680 Crusoe - ok
11:50:26.0801 3680 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:50:26.0801 3680 DfsC - ok
11:50:27.0035 3680 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:50:27.0035 3680 disk - ok
11:50:27.0113 3680 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:50:27.0113 3680 drmkaud - ok
11:50:27.0159 3680 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:50:27.0175 3680 DXGKrnl - ok
11:50:27.0331 3680 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:50:27.0331 3680 E1G60 - ok
11:50:27.0425 3680 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:50:27.0425 3680 Ecache - ok
11:50:27.0471 3680 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:50:27.0487 3680 elxstor - ok
11:50:27.0549 3680 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys
11:50:27.0549 3680 ErrDev - ok
11:50:27.0721 3680 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:50:27.0737 3680 exfat - ok
11:50:27.0768 3680 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:50:27.0768 3680 fastfat - ok
11:50:27.0815 3680 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:50:27.0815 3680 fdc - ok
11:50:27.0877 3680 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:50:27.0877 3680 FileInfo - ok
11:50:27.0908 3680 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:50:27.0908 3680 Filetrace - ok
11:50:27.0986 3680 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:50:27.0986 3680 flpydisk - ok
11:50:28.0049 3680 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:50:28.0064 3680 FltMgr - ok
11:50:28.0142 3680 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:50:28.0142 3680 Fs_Rec - ok
11:50:28.0173 3680 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:50:28.0173 3680 gagp30kx - ok
11:50:28.0236 3680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:50:28.0236 3680 GEARAspiWDM - ok
11:50:28.0329 3680 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
11:50:28.0329 3680 HdAudAddService - ok
11:50:28.0439 3680 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:50:28.0470 3680 HDAudBus - ok
11:50:28.0501 3680 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:50:28.0501 3680 HidBth - ok
11:50:28.0532 3680 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:50:28.0532 3680 HidIr - ok
11:50:28.0595 3680 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:50:28.0595 3680 HidUsb - ok
11:50:28.0657 3680 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys
11:50:28.0657 3680 HpCISSs - ok
11:50:28.0751 3680 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
11:50:28.0766 3680 HTTP - ok
11:50:28.0829 3680 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:50:28.0829 3680 i2omp - ok
11:50:28.0922 3680 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:50:28.0922 3680 i8042prt - ok
11:50:29.0094 3680 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:50:29.0109 3680 ialm - ok
11:50:29.0265 3680 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:50:29.0265 3680 iaStorV - ok
11:50:29.0437 3680 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:50:29.0453 3680 igfx - ok
11:50:29.0577 3680 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:50:29.0577 3680 iirsp - ok
11:50:29.0624 3680 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:50:29.0624 3680 intelide - ok
11:50:29.0671 3680 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:50:29.0671 3680 intelppm - ok
11:50:29.0718 3680 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:50:29.0718 3680 IpFilterDriver - ok
11:50:29.0733 3680 IpInIp - ok
11:50:29.0765 3680 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys
11:50:29.0765 3680 IPMIDRV - ok
11:50:29.0796 3680 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:50:29.0796 3680 IPNAT - ok
11:50:29.0921 3680 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:50:29.0921 3680 IRENUM - ok
11:50:29.0967 3680 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:50:29.0967 3680 isapnp - ok
11:50:30.0077 3680 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:50:30.0077 3680 iScsiPrt - ok
11:50:30.0123 3680 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:50:30.0123 3680 iteatapi - ok
11:50:30.0155 3680 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:50:30.0155 3680 iteraid - ok
11:50:30.0201 3680 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:50:30.0201 3680 kbdclass - ok
11:50:30.0326 3680 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
11:50:30.0326 3680 kbdhid - ok
11:50:30.0435 3680 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
11:50:30.0435 3680 KSecDD - ok
11:50:30.0498 3680 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:50:30.0498 3680 lltdio - ok
11:50:30.0529 3680 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:50:30.0545 3680 LSI_FC - ok
11:50:30.0591 3680 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:50:30.0591 3680 LSI_SAS - ok
11:50:30.0669 3680 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:50:30.0669 3680 LSI_SCSI - ok
11:50:30.0701 3680 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:50:30.0701 3680 luafv - ok
11:50:30.0747 3680 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:50:30.0747 3680 megasas - ok
11:50:30.0794 3680 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:50:30.0810 3680 MegaSR - ok
11:50:30.0857 3680 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:50:30.0857 3680 Modem - ok
11:50:30.0966 3680 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:50:30.0966 3680 monitor - ok
11:50:31.0013 3680 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:50:31.0013 3680 mouclass - ok
11:50:31.0075 3680 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:50:31.0075 3680 mouhid - ok
11:50:31.0122 3680 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:50:31.0122 3680 MountMgr - ok
11:50:31.0184 3680 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
11:50:31.0184 3680 MpFilter - ok
11:50:31.0262 3680 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys
11:50:31.0262 3680 mpio - ok
11:50:31.0340 3680 MpKsl0044d1e9 - ok
11:50:31.0356 3680 MpKsl08d40fd9 - ok
11:50:31.0387 3680 MpKsl0d4d3be6 - ok
11:50:31.0387 3680 MpKsl1af5c9d7 - ok
11:50:31.0403 3680 MpKsl1ce2e852 - ok
11:50:31.0418 3680 MpKsl1dd3e568 - ok
11:50:31.0434 3680 MpKsl20508384 - ok
11:50:31.0481 3680 MpKsl36f16b2c - ok
11:50:31.0512 3680 MpKsl39e9e392 - ok
11:50:31.0512 3680 MpKsl3acafed2 - ok
11:50:31.0527 3680 MpKsl47e373e3 - ok
11:50:31.0527 3680 MpKsl4f2c59fd - ok
11:50:31.0543 3680 MpKsl66da1f3e - ok
11:50:31.0543 3680 MpKsl67ea0c0e - ok
11:50:31.0590 3680 MpKsl7e948ba0 - ok
11:50:31.0605 3680 MpKsl7ff6515e - ok
11:50:31.0621 3680 MpKsl8c2fa109 - ok
11:50:31.0683 3680 MpKsl94a6af34 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D4E6471-39F3-4A63-820B-E1015DC5AC9A}\MpKsl94a6af34.sys
11:50:31.0683 3680 MpKsl94a6af34 - ok
11:50:31.0730 3680 MpKsl965f7add - ok
11:50:31.0730 3680 MpKsl988c9ddd - ok
11:50:31.0761 3680 MpKsl99932166 - ok
11:50:31.0761 3680 MpKsla8baa7a6 - ok
11:50:31.0808 3680 MpKslb1694f2b - ok
11:50:31.0824 3680 MpKslb67be5a1 - ok
11:50:31.0871 3680 MpKslb6b84aca - ok
11:50:31.0886 3680 MpKslbd308c3d - ok
11:50:31.0886 3680 MpKslc4d420a4 - ok
11:50:31.0917 3680 MpKsle0b334a0 - ok
11:50:31.0933 3680 MpKslf0164148 - ok
11:50:31.0949 3680 MpKslf9747765 - ok
11:50:31.0964 3680 MpKslfd4b7232 - ok
11:50:32.0073 3680 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
11:50:32.0073 3680 MpNWMon - ok
11:50:32.0105 3680 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:50:32.0105 3680 mpsdrv - ok
11:50:32.0151 3680 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:50:32.0151 3680 Mraid35x - ok
11:50:32.0198 3680 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:50:32.0198 3680 MRxDAV - ok
11:50:32.0261 3680 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:50:32.0276 3680 mrxsmb - ok
11:50:32.0354 3680 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:50:32.0354 3680 mrxsmb10 - ok
11:50:32.0479 3680 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:50:32.0479 3680 mrxsmb20 - ok
11:50:32.0541 3680 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
11:50:32.0541 3680 msahci - ok
11:50:32.0588 3680 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys
11:50:32.0588 3680 msdsm - ok
11:50:32.0635 3680 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:50:32.0635 3680 Msfs - ok
11:50:32.0682 3680 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:50:32.0682 3680 msisadrv - ok
11:50:32.0713 3680 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:50:32.0713 3680 MSKSSRV - ok
11:50:32.0838 3680 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:50:32.0838 3680 MSPCLOCK - ok
11:50:32.0931 3680 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:50:32.0931 3680 MSPQM - ok
11:50:32.0994 3680 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:50:32.0994 3680 MsRPC - ok
11:50:33.0041 3680 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:50:33.0041 3680 mssmbios - ok
11:50:33.0072 3680 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:50:33.0072 3680 MSTEE - ok
11:50:33.0119 3680 MTsensor (1c0f480b7c6136ddb5fb909995af014a) C:\Windows\system32\DRIVERS\ATKACPI.sys
11:50:33.0119 3680 MTsensor - ok
11:50:33.0259 3680 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:50:33.0259 3680 Mup - ok
11:50:33.0321 3680 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:50:33.0321 3680 NativeWifiP - ok
11:50:33.0431 3680 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:50:33.0431 3680 NDIS - ok
11:50:33.0493 3680 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:50:33.0493 3680 NdisTapi - ok
11:50:33.0618 3680 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:50:33.0618 3680 Ndisuio - ok
11:50:33.0665 3680 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:50:33.0665 3680 NdisWan - ok
11:50:33.0727 3680 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:50:33.0727 3680 NDProxy - ok
11:50:33.0774 3680 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:50:33.0774 3680 NetBIOS - ok
11:50:33.0805 3680 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:50:33.0805 3680 netbt - ok
11:50:33.0867 3680 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:50:33.0867 3680 nfrd960 - ok
11:50:33.0977 3680 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:50:33.0977 3680 NisDrv - ok
11:50:34.0023 3680 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:50:34.0023 3680 Npfs - ok
11:50:34.0055 3680 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:50:34.0055 3680 nsiproxy - ok
11:50:34.0148 3680 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:50:34.0164 3680 Ntfs - ok
11:50:34.0273 3680 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:50:34.0273 3680 ntrigdigi - ok
11:50:34.0289 3680 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:50:34.0289 3680 Null - ok
11:50:34.0320 3680 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:50:34.0320 3680 nvraid - ok
11:50:34.0351 3680 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:50:34.0351 3680 nvstor - ok
11:50:34.0367 3680 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:50:34.0367 3680 nv_agp - ok
11:50:34.0382 3680 NwlnkFlt - ok
11:50:34.0413 3680 NwlnkFwd - ok
11:50:34.0476 3680 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:50:34.0476 3680 ohci1394 - ok
11:50:34.0554 3680 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:50:34.0554 3680 Parport - ok
11:50:34.0616 3680 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
11:50:34.0616 3680 partmgr - ok
11:50:34.0663 3680 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:50:34.0663 3680 Parvdm - ok
11:50:34.0710 3680 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:50:34.0710 3680 pci - ok
11:50:34.0772 3680 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
11:50:34.0772 3680 pciide - ok
11:50:34.0819 3680 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
11:50:34.0819 3680 pcmcia - ok
11:50:34.0975 3680 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:50:34.0991 3680 PEAUTH - ok
11:50:35.0100 3680 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:50:35.0100 3680 PptpMiniport - ok
11:50:35.0147 3680 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:50:35.0147 3680 Processor - ok
11:50:35.0256 3680 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:50:35.0256 3680 PSched - ok
11:50:35.0349 3680 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:50:35.0349 3680 ql2300 - ok
11:50:35.0443 3680 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:50:35.0443 3680 ql40xx - ok
11:50:35.0505 3680 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:50:35.0505 3680 QWAVEdrv - ok
11:50:35.0537 3680 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:50:35.0552 3680 RasAcd - ok
11:50:35.0583 3680 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:50:35.0583 3680 Rasl2tp - ok
11:50:35.0630 3680 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:50:35.0630 3680 RasPppoe - ok
11:50:35.0661 3680 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:50:35.0661 3680 RasSstp - ok
11:50:35.0693 3680 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:50:35.0693 3680 rdbss - ok
11:50:35.0802 3680 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:50:35.0802 3680 RDPCDD - ok
11:50:35.0880 3680 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\drivers\rdpdr.sys
11:50:35.0880 3680 rdpdr - ok
11:50:35.0895 3680 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:50:35.0895 3680 RDPENCDD - ok
11:50:35.0942 3680 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
11:50:35.0942 3680 RDPWD - ok
11:50:35.0989 3680 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:50:35.0989 3680 rspndr - ok
11:50:36.0036 3680 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
11:50:36.0036 3680 RTL8023xp - ok
11:50:36.0114 3680 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:50:36.0114 3680 sbp2port - ok
11:50:36.0223 3680 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:50:36.0223 3680 secdrv - ok
11:50:36.0270 3680 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:50:36.0270 3680 Serenum - ok
11:50:36.0301 3680 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:50:36.0301 3680 Serial - ok
11:50:36.0348 3680 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:50:36.0348 3680 sermouse - ok
11:50:36.0395 3680 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:50:36.0395 3680 sffdisk - ok
11:50:36.0426 3680 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys
11:50:36.0426 3680 sffp_mmc - ok
11:50:36.0504 3680 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\drivers\sffp_sd.sys
11:50:36.0504 3680 sffp_sd - ok
11:50:36.0597 3680 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:50:36.0597 3680 sfloppy - ok
11:50:36.0644 3680 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:50:36.0644 3680 sisagp - ok
11:50:36.0691 3680 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:50:36.0691 3680 SiSRaid2 - ok
11:50:36.0738 3680 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:50:36.0738 3680 SiSRaid4 - ok
11:50:36.0800 3680 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:50:36.0800 3680 Smb - ok
11:50:36.0847 3680 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:50:36.0863 3680 spldr - ok
11:50:36.0956 3680 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:50:36.0956 3680 srv - ok
11:50:37.0034 3680 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:50:37.0034 3680 srv2 - ok
11:50:37.0081 3680 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:50:37.0081 3680 srvnet - ok
11:50:37.0112 3680 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:50:37.0112 3680 swenum - ok
11:50:37.0175 3680 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:50:37.0175 3680 Symc8xx - ok
11:50:37.0206 3680 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:50:37.0206 3680 Sym_hi - ok
11:50:37.0268 3680 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:50:37.0268 3680 Sym_u3 - ok
11:50:37.0362 3680 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
11:50:37.0377 3680 Tcpip - ok
11:50:37.0487 3680 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
11:50:37.0487 3680 Tcpip6 - ok
11:50:37.0549 3680 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
11:50:37.0549 3680 tcpipreg - ok
11:50:37.0611 3680 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:50:37.0627 3680 TDPIPE - ok
11:50:37.0658 3680 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:50:37.0689 3680 TDTCP - ok
11:50:37.0721 3680 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:50:37.0721 3680 tdx - ok
11:50:37.0736 3680 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:50:37.0752 3680 TermDD - ok
11:50:37.0830 3680 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:50:37.0830 3680 tssecsrv - ok
11:50:37.0892 3680 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:50:37.0892 3680 tunmp - ok
11:50:37.0955 3680 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
11:50:37.0955 3680 tunnel - ok
11:50:38.0001 3680 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:50:38.0001 3680 uagp35 - ok
11:50:38.0048 3680 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:50:38.0064 3680 udfs - ok
11:50:38.0111 3680 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:50:38.0111 3680 uliagpkx - ok
11:50:38.0173 3680 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:50:38.0189 3680 uliahci - ok
11:50:38.0267 3680 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:50:38.0267 3680 UlSata - ok
11:50:38.0376 3680 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:50:38.0376 3680 ulsata2 - ok
11:50:38.0423 3680 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:50:38.0423 3680 umbus - ok
11:50:38.0469 3680 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
11:50:38.0469 3680 USBAAPL - ok
11:50:38.0516 3680 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
11:50:38.0532 3680 usbaudio - ok
11:50:38.0610 3680 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:50:38.0610 3680 usbccgp - ok
11:50:38.0703 3680 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:50:38.0703 3680 usbcir - ok
11:50:38.0750 3680 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:50:38.0750 3680 usbehci - ok
11:50:38.0844 3680 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:50:38.0859 3680 usbhub - ok
11:50:38.0891 3680 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:50:38.0891 3680 usbohci - ok
11:50:38.0937 3680 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:50:38.0937 3680 usbprint - ok
11:50:39.0015 3680 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:50:39.0031 3680 USBSTOR - ok
11:50:39.0093 3680 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:50:39.0093 3680 usbuhci - ok
11:50:39.0140 3680 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:50:39.0140 3680 vga - ok
11:50:39.0187 3680 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:50:39.0203 3680 VgaSave - ok
11:50:39.0249 3680 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:50:39.0249 3680 viaagp - ok
11:50:39.0296 3680 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:50:39.0296 3680 ViaC7 - ok
11:50:39.0327 3680 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:50:39.0327 3680 viaide - ok
11:50:39.0374 3680 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:50:39.0374 3680 volmgr - ok
11:50:39.0421 3680 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:50:39.0421 3680 volmgrx - ok
11:50:39.0515 3680 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:50:39.0530 3680 volsnap - ok
11:50:39.0577 3680 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:50:39.0577 3680 vsmraid - ok
11:50:39.0639 3680 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:50:39.0639 3680 WacomPen - ok
11:50:39.0671 3680 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:50:39.0671 3680 Wanarp - ok
11:50:39.0686 3680 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:50:39.0686 3680 Wanarpv6 - ok
11:50:39.0733 3680 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:50:39.0733 3680 Wd - ok
11:50:39.0780 3680 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:50:39.0811 3680 Wdf01000 - ok
11:50:39.0951 3680 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
11:50:39.0951 3680 WmiAcpi - ok
11:50:40.0014 3680 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:50:40.0014 3680 WpdUsb - ok
11:50:40.0092 3680 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:50:40.0092 3680 ws2ifsl - ok
11:50:40.0154 3680 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:50:40.0154 3680 WUDFRd - ok
11:50:40.0248 3680 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:50:40.0295 3680 \Device\Harddisk0\DR0 - ok
11:50:40.0295 3680 Boot (0x1200) (fd91bea584d87d0fc125f68f87b7f6ae) \Device\Harddisk0\DR0\Partition0
11:50:40.0295 3680 \Device\Harddisk0\DR0\Partition0 - ok
11:50:40.0295 3680 ============================================================
11:50:40.0295 3680 Scan finished
11:50:40.0295 3680 ============================================================
11:50:40.0310 2256 Detected object count: 0
11:50:40.0310 2256 Actual detected object count: 0
11:50:52.0962 1404 Deinitialize success


OTL Extras logfile created on: 02/12/2011 11:59:32 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.74% Memory free
4.23 Gb Paging File | 3.33 Gb Available in Paging File | 78.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54.42 Gb Total Space | 23.40 Gb Free Space | 43.00% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DC1A3F3-4630-462C-9417-25D6711AB464}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{37EF386F-6002-43F3-92D0-9A28D3A2E5DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{86982E11-BC2C-4175-B526-9AE2DD3D88EF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E4AFCFF7-8138-4B03-9860-3F389A5420EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E70A02B7-B706-45B3-BA36-2D18A1B05091}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"HControl" = ATK0100 ACPI UTILITY
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"OEMInformation" = OEM Logo and Information
"VLC media player" = VLC media player 1.1.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/12/2011 18:33:40 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/12/2011 18:33:40 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3479

Error - 01/12/2011 18:33:40 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3479

Error - 01/12/2011 18:56:08 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/12/2011 18:56:09 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1351437

Error - 01/12/2011 18:56:09 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1351437

Error - 01/12/2011 19:22:10 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/12/2011 19:22:10 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4492

Error - 01/12/2011 19:22:10 | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4492

Error - 02/12/2011 07:33:05 | Computer Name = Owner-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF03 Description:Cannot complete the Microsoft Security
Essentials Setup Wizard. An error has prevented the Security Essentials setup wizard
from completing successfully. Please restart your computer and try again. Error
code:0x8004FF03.

[ System Events ]
Error - 31/08/2011 07:03:37 | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 31/08/2011 12:11:12 | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/08/2011 12:36:43 | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 31/08/2011 12:37:46 | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/08/2011 17:43:48 | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 31/08/2011 17:45:21 | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/09/2011 08:35:49 | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 01/09/2011 08:35:53 | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 02/09/2011 03:45:14 | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 08:42:27 on 02/09/2011 was unexpected.

Error - 02/09/2011 03:45:27 | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =


< End of report >


Thanks for your help so far

Walker.
  • 0

#4
RKinner
Posted 02 December 2011 - 09:36 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
'illegal operation attempted on a registery key that has been marked for deletion' should go away with a reboot.
  • 0

#5
RKinner
Posted 02 December 2011 - 09:50 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You have a bad spot on your hard drive. Let's see if we can fix it.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Your MSSE is not working correctly. Let's uninstall it and install the free Avast.


Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall Microsoft Security Essentials

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)



Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.


Ron
  • 0

#6
WalkerPF
Posted 03 December 2011 - 10:01 AM

WalkerPF

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Computer seems to be running a lot better now, thanks for all your help so far!

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 03/12/2011 15:35:51

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/12/2011 15:01:55
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/12/2011 15:00:45
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 126

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/12/2011 15:01:24
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 03/12/2011 14:18:58
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



Vino's Event Viewer v01c run on Windows Vista in English
Report run at 03/12/2011 15:39:12

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Where those the only two logs you needed to see?


Thanks again


Walker
  • 0

#7
RKinner
Posted 03 December 2011 - 01:34 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.


This is usually an overheat condition.

Try speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP