Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP crashes/reboots at random following malware attack [Solved]


  • This topic is locked This topic is locked

#16
NickKeenan

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I did what you suggested - got the system to check for disk errors,
and restarted - and the system did check for errors.

However, that did not seem to make any difference - system still slow.
Just to clarify, I've never received the BSOD, just the blue screen with
the Stop Error and explanatory text.

Should I run TDSSKiller and tell it to Delete TDSS File system on DR0?
I told it to quarantine last time, but made no difference.

We're not stuck, are we..?

/nick
  • 0

Advertisements


#17
NickKeenan

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I did what you suggested - set the system to check for disk errors and restarted.
System did check of disk errors on start-up, but that made no difference - machine is still slow.

Was thinking to run TDSSKiller again and if/when it finds TDSS File System on DR0, I should Delete it.
(I quarantined it last time it was found but that made no difference).
So, should I do this and Delete it?

We're not stuck.. are we?

/nick
  • 0

#18
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
No, we are not stuck. We still have options but we must try first easy steps :).

Please run TDSSKiller and select Delete option for TDSS File System on DR0. Restart your system after this and let me know results.
  • 0

#19
NickKeenan

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
OK - ran TDSSKiller, and this time found 9 suspicious/skip including TDSS File System on DR0 which I Deleted.
I restarted, retested, but no difference - still slow.
I've pasted the log next..
/nick
===============================

15:55:20.0162 3460 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
15:55:22.0162 3460 ============================================================
15:55:22.0162 3460 Current date / time: 2012/03/22 15:55:22.0162
15:55:22.0162 3460 SystemInfo:
15:55:22.0162 3460
15:55:22.0162 3460 OS Version: 5.1.2600 ServicePack: 3.0
15:55:22.0162 3460 Product type: Workstation
15:55:22.0162 3460 ComputerName: GENERALSPECIFIX
15:55:22.0162 3460 UserName: Nick
15:55:22.0162 3460 Windows directory: C:\WINDOWS
15:55:22.0162 3460 System windows directory: C:\WINDOWS
15:55:22.0162 3460 Processor architecture: Intel x86
15:55:22.0162 3460 Number of processors: 1
15:55:22.0162 3460 Page size: 0x1000
15:55:22.0162 3460 Boot type: Normal boot
15:55:22.0162 3460 ============================================================
15:55:24.0022 3460 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:55:24.0022 3460 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:55:24.0022 3460 Drive \Device\Harddisk2\DR9 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:55:24.0053 3460 \Device\Harddisk1\DR1:
15:55:24.0053 3460 MBR used
15:55:24.0053 3460 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
15:55:24.0053 3460 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0xC34F2CC
15:55:24.0053 3460 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1869E598, BlocksNum 0xC34F2CC
15:55:24.0069 3460 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x249ED8A3, BlocksNum 0xC34F28D
15:55:24.0084 3460 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x30D3CB6F, BlocksNum 0x96480D2
15:55:24.0084 3460 \Device\Harddisk0\DR0:
15:55:24.0287 3460 MBR used
15:55:24.0287 3460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
15:55:24.0303 3460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x1267B096
15:55:24.0303 3460 \Device\Harddisk2\DR9:
15:55:24.0303 3460 MBR used
15:55:24.0303 3460 \Device\Harddisk2\DR9\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
15:55:24.0647 3460 Initialize success
15:55:24.0647 3460 ============================================================
15:55:32.0178 2336 ============================================================
15:55:32.0178 2336 Scan started
15:55:32.0178 2336 Mode: Manual; SigCheck; TDLFS;
15:55:32.0178 2336 ============================================================
15:55:32.0600 2336 Abiosdsk - ok
15:55:32.0631 2336 abp480n5 - ok
15:55:32.0678 2336 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:55:33.0194 2336 ACPI - ok
15:55:33.0256 2336 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:55:33.0397 2336 ACPIEC - ok
15:55:33.0444 2336 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:55:33.0490 2336 ADIHdAudAddService - ok
15:55:33.0537 2336 Adobe LM Service (6d182c31acf16213407f2768f1107fe3) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:55:33.0553 2336 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
15:55:33.0553 2336 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
15:55:33.0600 2336 adpu160m - ok
15:55:33.0647 2336 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
15:55:33.0662 2336 AEAudioService - ok
15:55:33.0709 2336 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:55:33.0834 2336 aec - ok
15:55:33.0881 2336 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:55:33.0928 2336 AFD - ok
15:55:33.0944 2336 Aha154x - ok
15:55:33.0959 2336 aic78u2 - ok
15:55:33.0990 2336 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:55:34.0131 2336 aic78xx - ok
15:55:34.0162 2336 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:55:34.0287 2336 Alerter - ok
15:55:34.0303 2336 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:55:34.0412 2336 ALG - ok
15:55:34.0428 2336 AliIde - ok
15:55:34.0475 2336 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:55:34.0490 2336 AmdK8 - ok
15:55:34.0506 2336 amsint - ok
15:55:34.0584 2336 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:55:34.0584 2336 AntiVirSchedulerService - ok
15:55:34.0631 2336 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:55:34.0647 2336 AntiVirService - ok
15:55:34.0678 2336 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:55:34.0803 2336 AppMgmt - ok
15:55:34.0850 2336 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:55:34.0959 2336 Arp1394 - ok
15:55:34.0975 2336 asc - ok
15:55:34.0990 2336 asc3350p - ok
15:55:35.0006 2336 asc3550 - ok
15:55:35.0100 2336 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:55:35.0147 2336 aspnet_state - ok
15:55:35.0178 2336 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:55:35.0303 2336 AsyncMac - ok
15:55:35.0319 2336 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:55:35.0428 2336 atapi - ok
15:55:35.0444 2336 Atdisk - ok
15:55:35.0475 2336 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:55:35.0584 2336 Atmarpc - ok
15:55:35.0615 2336 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:55:35.0740 2336 AudioSrv - ok
15:55:35.0772 2336 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:55:35.0897 2336 audstub - ok
15:55:35.0928 2336 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:55:36.0037 2336 avgntflt - ok
15:55:36.0069 2336 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:55:36.0069 2336 avipbb - ok
15:55:36.0100 2336 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:55:36.0100 2336 avkmgr - ok
15:55:36.0147 2336 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:55:36.0303 2336 Beep - ok
15:55:36.0350 2336 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:55:36.0522 2336 BITS - ok
15:55:36.0569 2336 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:55:36.0678 2336 Browser - ok
15:55:36.0678 2336 catchme - ok
15:55:36.0756 2336 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:55:36.0897 2336 cbidf2k - ok
15:55:36.0928 2336 cd20xrnt - ok
15:55:36.0975 2336 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:55:37.0115 2336 Cdaudio - ok
15:55:37.0178 2336 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:55:37.0272 2336 Cdfs - ok
15:55:37.0303 2336 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:55:37.0412 2336 Cdrom - ok
15:55:37.0444 2336 Changer - ok
15:55:37.0475 2336 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:55:37.0584 2336 CiSvc - ok
15:55:37.0615 2336 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:55:37.0725 2336 ClipSrv - ok
15:55:37.0787 2336 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:55:37.0881 2336 clr_optimization_v2.0.50727_32 - ok
15:55:37.0897 2336 CmdIde - ok
15:55:37.0912 2336 COMSysApp - ok
15:55:37.0944 2336 Cpqarray - ok
15:55:37.0975 2336 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:55:38.0084 2336 CryptSvc - ok
15:55:38.0100 2336 dac2w2k - ok
15:55:38.0115 2336 dac960nt - ok
15:55:38.0162 2336 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:55:38.0225 2336 DcomLaunch - ok
15:55:38.0272 2336 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:55:38.0381 2336 Dhcp - ok
15:55:38.0397 2336 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:55:38.0506 2336 Disk - ok
15:55:38.0522 2336 dmadmin - ok
15:55:38.0615 2336 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:55:38.0772 2336 dmboot - ok
15:55:38.0787 2336 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:55:38.0897 2336 dmio - ok
15:55:38.0928 2336 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:55:39.0069 2336 dmload - ok
15:55:39.0100 2336 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:55:39.0209 2336 dmserver - ok
15:55:39.0240 2336 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:55:39.0334 2336 DMusic - ok
15:55:39.0365 2336 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:55:39.0428 2336 Dnscache - ok
15:55:39.0475 2336 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:55:39.0584 2336 Dot3svc - ok
15:55:39.0600 2336 dpti2o - ok
15:55:39.0631 2336 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:55:39.0756 2336 drmkaud - ok
15:55:39.0772 2336 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:55:39.0881 2336 EapHost - ok
15:55:39.0912 2336 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:55:40.0037 2336 ERSvc - ok
15:55:40.0069 2336 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:55:40.0100 2336 Eventlog - ok
15:55:40.0131 2336 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:55:40.0162 2336 EventSystem - ok
15:55:40.0209 2336 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:55:40.0319 2336 Fastfat - ok
15:55:40.0365 2336 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:55:40.0397 2336 FastUserSwitchingCompatibility - ok
15:55:40.0428 2336 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:55:40.0537 2336 Fdc - ok
15:55:40.0569 2336 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:55:40.0662 2336 Fips - ok
15:55:40.0678 2336 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:55:40.0803 2336 Flpydisk - ok
15:55:40.0834 2336 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:55:40.0944 2336 FltMgr - ok
15:55:41.0022 2336 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:55:41.0037 2336 FontCache3.0.0.0 - ok
15:55:41.0100 2336 ForceWare Intelligent Application Manager (IAM) (feb63947aa91a6d089118122e30dda68) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
15:55:41.0115 2336 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
15:55:41.0115 2336 ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
15:55:41.0162 2336 ForcewareWebInterface (b81f8778f5bb485f3b75114f0c99a49f) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
15:55:41.0162 2336 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - warning
15:55:41.0162 2336 ForcewareWebInterface - detected UnsignedFile.Multi.Generic (1)
15:55:41.0209 2336 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:55:41.0350 2336 Fs_Rec - ok
15:55:41.0381 2336 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:55:41.0537 2336 Ftdisk - ok
15:55:41.0584 2336 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:55:41.0678 2336 Gpc - ok
15:55:41.0725 2336 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
15:55:41.0772 2336 HdAudAddService - ok
15:55:41.0819 2336 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:55:41.0928 2336 HDAudBus - ok
15:55:41.0975 2336 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:55:42.0084 2336 helpsvc - ok
15:55:42.0115 2336 HidServ - ok
15:55:42.0147 2336 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:55:42.0256 2336 hidusb - ok
15:55:42.0287 2336 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:55:42.0412 2336 hkmsvc - ok
15:55:42.0428 2336 hpn - ok
15:55:42.0459 2336 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:55:42.0506 2336 HTTP - ok
15:55:42.0537 2336 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:55:42.0647 2336 HTTPFilter - ok
15:55:42.0662 2336 i2omgmt - ok
15:55:42.0678 2336 i2omp - ok
15:55:42.0725 2336 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:55:42.0819 2336 i8042prt - ok
15:55:42.0944 2336 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:55:43.0022 2336 idsvc - ok
15:55:43.0069 2336 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:55:43.0178 2336 Imapi - ok
15:55:43.0225 2336 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:55:43.0350 2336 ImapiService - ok
15:55:43.0365 2336 ini910u - ok
15:55:43.0397 2336 IntelIde - ok
15:55:43.0428 2336 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:55:43.0537 2336 Ip6Fw - ok
15:55:43.0569 2336 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:55:43.0709 2336 IpFilterDriver - ok
15:55:43.0756 2336 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:55:43.0865 2336 IpInIp - ok
15:55:43.0897 2336 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:55:43.0990 2336 IpNat - ok
15:55:44.0022 2336 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:55:44.0131 2336 IPSec - ok
15:55:44.0162 2336 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:55:44.0272 2336 IRENUM - ok
15:55:44.0303 2336 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:55:44.0397 2336 isapnp - ok
15:55:44.0475 2336 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
15:55:44.0490 2336 ISWKL - ok
15:55:44.0506 2336 IswSvc (5b2ccef06f96dfb22893ab8f0b3f891d) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
15:55:44.0522 2336 IswSvc - ok
15:55:44.0584 2336 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
15:55:44.0600 2336 JavaQuickStarterService - ok
15:55:44.0662 2336 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:55:44.0772 2336 Kbdclass - ok
15:55:44.0819 2336 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:55:45.0147 2336 kmixer - ok
15:55:45.0209 2336 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:55:45.0287 2336 KSecDD - ok
15:55:45.0334 2336 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:55:45.0365 2336 lanmanserver - ok
15:55:45.0428 2336 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:55:45.0459 2336 lanmanworkstation - ok
15:55:45.0490 2336 lbrtfdc - ok
15:55:45.0537 2336 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:55:45.0647 2336 LmHosts - ok
15:55:45.0694 2336 MagicTune (27ebe229cbb97494eb84de3cb76930b7) C:\WINDOWS\system32\drivers\MTiCtwl.sys
15:55:45.0709 2336 MagicTune ( UnsignedFile.Multi.Generic ) - warning
15:55:45.0709 2336 MagicTune - detected UnsignedFile.Multi.Generic (1)
15:55:45.0787 2336 MagicTuneEngine (86504fe0759d4dce38e997921062df6b) C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
15:55:45.0803 2336 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - warning
15:55:45.0803 2336 MagicTuneEngine - detected UnsignedFile.Multi.Generic (1)
15:55:45.0850 2336 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:55:45.0975 2336 Messenger - ok
15:55:46.0006 2336 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:55:46.0147 2336 mnmdd - ok
15:55:46.0162 2336 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:55:46.0287 2336 mnmsrvc - ok
15:55:46.0334 2336 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:55:46.0444 2336 Modem - ok
15:55:46.0459 2336 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:55:46.0569 2336 Mouclass - ok
15:55:46.0600 2336 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:55:46.0756 2336 mouhid - ok
15:55:46.0772 2336 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:55:46.0881 2336 MountMgr - ok
15:55:46.0897 2336 mraid35x - ok
15:55:46.0912 2336 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:55:47.0022 2336 MRxDAV - ok
15:55:47.0069 2336 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:55:47.0131 2336 MRxSmb - ok
15:55:47.0162 2336 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:55:47.0287 2336 MSDTC - ok
15:55:47.0319 2336 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:55:47.0412 2336 Msfs - ok
15:55:47.0428 2336 MSIServer - ok
15:55:47.0444 2336 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:55:47.0553 2336 MSKSSRV - ok
15:55:47.0584 2336 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:55:47.0694 2336 MSPCLOCK - ok
15:55:47.0709 2336 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:55:47.0819 2336 MSPQM - ok
15:55:47.0834 2336 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:55:47.0928 2336 mssmbios - ok
15:55:47.0975 2336 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
15:55:48.0006 2336 MTsensor - ok
15:55:48.0037 2336 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:55:48.0084 2336 Mup - ok
15:55:48.0115 2336 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:55:48.0240 2336 napagent - ok
15:55:48.0272 2336 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:55:48.0381 2336 NDIS - ok
15:55:48.0412 2336 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:55:48.0444 2336 NdisTapi - ok
15:55:48.0475 2336 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:55:48.0569 2336 Ndisuio - ok
15:55:48.0584 2336 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:55:48.0678 2336 NdisWan - ok
15:55:48.0725 2336 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:55:48.0756 2336 NDProxy - ok
15:55:48.0787 2336 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:55:48.0897 2336 NetBIOS - ok
15:55:48.0928 2336 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:55:49.0037 2336 NetBT - ok
15:55:49.0069 2336 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:55:49.0178 2336 NetDDE - ok
15:55:49.0194 2336 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:55:49.0287 2336 NetDDEdsdm - ok
15:55:49.0319 2336 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:55:49.0412 2336 Netlogon - ok
15:55:49.0444 2336 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:55:49.0553 2336 Netman - ok
15:55:49.0662 2336 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:55:49.0678 2336 NetTcpPortSharing - ok
15:55:49.0725 2336 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:55:49.0834 2336 NIC1394 - ok
15:55:49.0865 2336 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
15:55:49.0897 2336 Nla - ok
15:55:49.0928 2336 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:55:50.0037 2336 Npfs - ok
15:55:50.0115 2336 nSvcIp (63c7ceeec6271171bc2a723d694eda66) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
15:55:50.0131 2336 nSvcIp ( UnsignedFile.Multi.Generic ) - warning
15:55:50.0131 2336 nSvcIp - detected UnsignedFile.Multi.Generic (1)
15:55:50.0147 2336 nSvcLog (820b9afba044a8a43afdd9ba3d5e4b7b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
15:55:50.0162 2336 nSvcLog ( UnsignedFile.Multi.Generic ) - warning
15:55:50.0162 2336 nSvcLog - detected UnsignedFile.Multi.Generic (1)
15:55:50.0240 2336 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:55:50.0365 2336 Ntfs - ok
15:55:50.0412 2336 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:55:50.0506 2336 NtLmSsp - ok
15:55:50.0584 2336 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:55:50.0740 2336 NtmsSvc - ok
15:55:50.0787 2336 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:55:50.0928 2336 Null - ok
15:55:51.0053 2336 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:55:51.0256 2336 nv - ok
15:55:51.0287 2336 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:55:51.0319 2336 NVENETFD - ok
15:55:51.0350 2336 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:55:51.0381 2336 nvnetbus - ok
15:55:51.0428 2336 NVSvc (0b24ab7cc5b7ed2aa7f438a4072459f4) C:\WINDOWS\system32\nvsvc32.exe
15:55:51.0444 2336 NVSvc - ok
15:55:51.0475 2336 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:55:51.0631 2336 NwlnkFlt - ok
15:55:51.0647 2336 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:55:51.0803 2336 NwlnkFwd - ok
15:55:51.0834 2336 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:55:51.0944 2336 ohci1394 - ok
15:55:51.0975 2336 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:55:52.0084 2336 Parport - ok
15:55:52.0100 2336 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:55:52.0194 2336 PartMgr - ok
15:55:52.0225 2336 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:55:52.0365 2336 ParVdm - ok
15:55:52.0381 2336 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:55:52.0490 2336 PCI - ok
15:55:52.0506 2336 PCIDump - ok
15:55:52.0537 2336 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:55:52.0678 2336 PCIIde - ok
15:55:52.0725 2336 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:55:52.0850 2336 Pcmcia - ok
15:55:52.0850 2336 PDCOMP - ok
15:55:52.0881 2336 PDFRAME - ok
15:55:52.0897 2336 PDRELI - ok
15:55:52.0912 2336 PDRFRAME - ok
15:55:52.0928 2336 perc2 - ok
15:55:52.0944 2336 perc2hib - ok
15:55:53.0006 2336 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:55:53.0022 2336 PlugPlay - ok
15:55:53.0053 2336 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:55:53.0147 2336 PolicyAgent - ok
15:55:53.0178 2336 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:55:53.0272 2336 PptpMiniport - ok
15:55:53.0287 2336 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:55:53.0397 2336 Processor - ok
15:55:53.0412 2336 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:55:53.0506 2336 ProtectedStorage - ok
15:55:53.0537 2336 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:55:53.0631 2336 PSched - ok
15:55:53.0662 2336 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:55:53.0803 2336 Ptilink - ok
15:55:53.0819 2336 ql1080 - ok
15:55:53.0850 2336 Ql10wnt - ok
15:55:53.0865 2336 ql12160 - ok
15:55:53.0881 2336 ql1240 - ok
15:55:53.0897 2336 ql1280 - ok
15:55:53.0928 2336 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:55:54.0053 2336 RasAcd - ok
15:55:54.0100 2336 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:55:54.0209 2336 RasAuto - ok
15:55:54.0225 2336 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:55:54.0319 2336 Rasl2tp - ok
15:55:54.0350 2336 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:55:54.0459 2336 RasMan - ok
15:55:54.0475 2336 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:55:54.0584 2336 RasPppoe - ok
15:55:54.0615 2336 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:55:54.0756 2336 Raspti - ok
15:55:54.0803 2336 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:55:54.0897 2336 Rdbss - ok
15:55:54.0928 2336 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:55:55.0069 2336 RDPCDD - ok
15:55:55.0100 2336 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:55:55.0209 2336 rdpdr - ok
15:55:55.0256 2336 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:55:55.0303 2336 RDPWD - ok
15:55:55.0334 2336 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:55:55.0444 2336 RDSessMgr - ok
15:55:55.0475 2336 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:55:55.0569 2336 redbook - ok
15:55:55.0615 2336 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:55:55.0740 2336 RemoteAccess - ok
15:55:55.0772 2336 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:55:55.0881 2336 RemoteRegistry - ok
15:55:55.0912 2336 RMSPPPOE (9ffc7e81313d48a27df2727f82e402d4) C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS
15:55:55.0928 2336 RMSPPPOE ( UnsignedFile.Multi.Generic ) - warning
15:55:55.0928 2336 RMSPPPOE - detected UnsignedFile.Multi.Generic (1)
15:55:55.0959 2336 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:55:56.0053 2336 RpcLocator - ok
15:55:56.0100 2336 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:55:56.0147 2336 RpcSs - ok
15:55:56.0178 2336 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:55:56.0334 2336 RSVP - ok
15:55:56.0365 2336 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:55:56.0475 2336 SamSs - ok
15:55:56.0506 2336 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:55:56.0631 2336 SCardSvr - ok
15:55:56.0662 2336 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:55:56.0819 2336 Schedule - ok
15:55:56.0850 2336 scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
15:55:56.0944 2336 scsiscan - ok
15:55:56.0990 2336 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:55:57.0084 2336 Secdrv - ok
15:55:57.0100 2336 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:55:57.0209 2336 seclogon - ok
15:55:57.0256 2336 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
15:55:57.0272 2336 SenFiltService - ok
15:55:57.0303 2336 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:55:57.0412 2336 SENS - ok
15:55:57.0444 2336 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:55:57.0537 2336 serenum - ok
15:55:57.0569 2336 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:55:57.0678 2336 Serial - ok
15:55:57.0709 2336 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:55:57.0803 2336 Sfloppy - ok
15:55:57.0850 2336 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:55:57.0959 2336 SharedAccess - ok
15:55:57.0990 2336 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:55:58.0022 2336 ShellHWDetection - ok
15:55:58.0037 2336 Simbad - ok
15:55:58.0053 2336 Sparrow - ok
15:55:58.0100 2336 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:55:58.0209 2336 splitter - ok
15:55:58.0240 2336 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:55:58.0303 2336 Spooler - ok
15:55:58.0334 2336 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:55:58.0444 2336 sr - ok
15:55:58.0475 2336 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:55:58.0584 2336 srservice - ok
15:55:58.0631 2336 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:55:58.0678 2336 Srv - ok
15:55:58.0709 2336 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:55:58.0834 2336 SSDPSRV - ok
15:55:58.0881 2336 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:55:58.0897 2336 ssmdrv - ok
15:55:58.0928 2336 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:55:59.0037 2336 stisvc - ok
15:55:59.0084 2336 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:55:59.0178 2336 swenum - ok
15:55:59.0209 2336 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:55:59.0319 2336 swmidi - ok
15:55:59.0334 2336 SwPrv - ok
15:55:59.0350 2336 symc810 - ok
15:55:59.0365 2336 symc8xx - ok
15:55:59.0381 2336 sym_hi - ok
15:55:59.0397 2336 sym_u3 - ok
15:55:59.0428 2336 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:55:59.0522 2336 sysaudio - ok
15:55:59.0569 2336 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:55:59.0678 2336 SysmonLog - ok
15:55:59.0725 2336 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:55:59.0834 2336 TapiSrv - ok
15:55:59.0897 2336 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:55:59.0912 2336 Tcpip - ok
15:55:59.0944 2336 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:56:00.0053 2336 TDPIPE - ok
15:56:00.0084 2336 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:56:00.0194 2336 TDTCP - ok
15:56:00.0240 2336 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:56:00.0334 2336 TermDD - ok
15:56:00.0381 2336 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:56:00.0506 2336 TermService - ok
15:56:00.0537 2336 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:56:00.0553 2336 Themes - ok
15:56:00.0584 2336 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:56:00.0709 2336 TlntSvr - ok
15:56:00.0740 2336 TosIde - ok
15:56:00.0803 2336 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:56:00.0928 2336 TrkWks - ok
15:56:00.0959 2336 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:56:01.0053 2336 Udfs - ok
15:56:01.0069 2336 ultra - ok
15:56:01.0115 2336 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:56:01.0240 2336 Update - ok
15:56:01.0287 2336 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:56:01.0397 2336 upnphost - ok
15:56:01.0428 2336 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:56:01.0537 2336 UPS - ok
15:56:01.0569 2336 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:56:01.0662 2336 usbehci - ok
15:56:01.0725 2336 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:56:01.0819 2336 usbhub - ok
15:56:01.0850 2336 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:56:01.0944 2336 usbohci - ok
15:56:01.0975 2336 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:56:02.0069 2336 usbstor - ok
15:56:02.0100 2336 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:56:02.0209 2336 VgaSave - ok
15:56:02.0209 2336 ViaIde - ok
15:56:02.0240 2336 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:56:02.0334 2336 VolSnap - ok
15:56:02.0381 2336 Vsdatant (b0d3c4497d1ed91628dc56f592aebef4) C:\WINDOWS\system32\vsdatant.sys
15:56:02.0412 2336 Vsdatant - ok
15:56:02.0490 2336 vsmon - ok
15:56:02.0537 2336 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:56:02.0662 2336 VSS - ok
15:56:02.0694 2336 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:56:02.0787 2336 W32Time - ok
15:56:02.0850 2336 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:56:02.0959 2336 Wanarp - ok
15:56:02.0975 2336 WDICA - ok
15:56:03.0006 2336 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:56:03.0100 2336 wdmaud - ok
15:56:03.0147 2336 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:56:03.0256 2336 WebClient - ok
15:56:03.0319 2336 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:56:03.0444 2336 winmgmt - ok
15:56:03.0475 2336 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
15:56:03.0584 2336 WmdmPmSN - ok
15:56:03.0647 2336 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:56:03.0694 2336 Wmi - ok
15:56:03.0740 2336 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:56:03.0865 2336 WmiApSrv - ok
15:56:03.0897 2336 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:56:04.0037 2336 WS2IFSL - ok
15:56:04.0084 2336 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:56:04.0178 2336 wscsvc - ok
15:56:04.0225 2336 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:56:04.0319 2336 wuauserv - ok
15:56:04.0365 2336 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:56:04.0490 2336 WZCSVC - ok
15:56:04.0522 2336 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:56:04.0631 2336 xmlprov - ok
15:56:04.0647 2336 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:56:04.0975 2336 \Device\Harddisk1\DR1 - ok
15:56:05.0006 2336 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:56:05.0162 2336 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:56:05.0162 2336 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:56:05.0178 2336 MBR (0x1B8) (256b453263093eca750c20387813b317) \Device\Harddisk2\DR9
15:56:05.0740 2336 \Device\Harddisk2\DR9 - ok
15:56:05.0740 2336 Boot (0x1200) (c9d8a2c5c21bac54ab94cdf4702752b0) \Device\Harddisk1\DR1\Partition0
15:56:05.0756 2336 \Device\Harddisk1\DR1\Partition0 - ok
15:56:05.0756 2336 Boot (0x1200) (159993b34a57d862318094accb62bd8e) \Device\Harddisk1\DR1\Partition1
15:56:05.0756 2336 \Device\Harddisk1\DR1\Partition1 - ok
15:56:05.0787 2336 Boot (0x1200) (cda92e7591a2f7d468c28ca528af313a) \Device\Harddisk1\DR1\Partition2
15:56:05.0787 2336 \Device\Harddisk1\DR1\Partition2 - ok
15:56:05.0787 2336 Boot (0x1200) (e1a0028ba68f430c0d17a92bb2466b79) \Device\Harddisk1\DR1\Partition3
15:56:05.0803 2336 \Device\Harddisk1\DR1\Partition3 - ok
15:56:05.0819 2336 Boot (0x1200) (1966f087464259fa068cc65e549ef70c) \Device\Harddisk1\DR1\Partition4
15:56:05.0819 2336 \Device\Harddisk1\DR1\Partition4 - ok
15:56:05.0834 2336 Boot (0x1200) (1238c4d5ac7555ec6bba4a49002ca329) \Device\Harddisk0\DR0\Partition0
15:56:05.0834 2336 \Device\Harddisk0\DR0\Partition0 - ok
15:56:05.0834 2336 Boot (0x1200) (cff4dfbbe60e2ff63cf8da95742eb781) \Device\Harddisk0\DR0\Partition1
15:56:05.0850 2336 \Device\Harddisk0\DR0\Partition1 - ok
15:56:05.0850 2336 Boot (0x1200) (3043a772b38971e651d5c7f356ccb86d) \Device\Harddisk2\DR9\Partition0
15:56:05.0850 2336 \Device\Harddisk2\DR9\Partition0 - ok
15:56:05.0865 2336 ============================================================
15:56:05.0865 2336 Scan finished
15:56:05.0865 2336 ============================================================
15:56:05.0975 3360 Detected object count: 9
15:56:05.0975 3360 Actual detected object count: 9
15:56:42.0365 3360 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:42.0365 3360 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:42.0365 3360 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:42.0365 3360 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:42.0365 3360 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:42.0365 3360 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:42.0365 3360 MagicTune ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:42.0365 3360 MagicTune ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:42.0365 3360 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:42.0365 3360 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:42.0365 3360 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:42.0365 3360 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:42.0365 3360 nSvcLog ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:42.0365 3360 nSvcLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:42.0365 3360 RMSPPPOE ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:42.0365 3360 RMSPPPOE ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:42.0365 3360 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:56:42.0365 3360 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:56:52.0850 2944 ============================================================
15:56:52.0850 2944 Scan started
15:56:52.0850 2944 Mode: Manual; SigCheck; TDLFS;
15:56:52.0850 2944 ============================================================
15:56:53.0194 2944 Abiosdsk - ok
15:56:53.0225 2944 abp480n5 - ok
15:56:53.0272 2944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:56:53.0397 2944 ACPI - ok
15:56:53.0428 2944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:56:53.0553 2944 ACPIEC - ok
15:56:53.0600 2944 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:56:53.0615 2944 ADIHdAudAddService - ok
15:56:53.0662 2944 Adobe LM Service (6d182c31acf16213407f2768f1107fe3) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:56:53.0678 2944 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
15:56:53.0678 2944 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
15:56:53.0694 2944 adpu160m - ok
15:56:53.0725 2944 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys
15:56:53.0740 2944 AEAudioService - ok
15:56:53.0772 2944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:56:53.0881 2944 aec - ok
15:56:53.0928 2944 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:56:53.0928 2944 AFD - ok
15:56:53.0944 2944 Aha154x - ok
15:56:53.0975 2944 aic78u2 - ok
15:56:54.0006 2944 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:56:54.0147 2944 aic78xx - ok
15:56:54.0178 2944 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:56:54.0287 2944 Alerter - ok
15:56:54.0303 2944 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:56:54.0412 2944 ALG - ok
15:56:54.0428 2944 AliIde - ok
15:56:54.0459 2944 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:56:54.0475 2944 AmdK8 - ok
15:56:54.0490 2944 amsint - ok
15:56:54.0553 2944 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:56:54.0569 2944 AntiVirSchedulerService - ok
15:56:54.0600 2944 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:56:54.0615 2944 AntiVirService - ok
15:56:54.0647 2944 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:56:54.0756 2944 AppMgmt - ok
15:56:54.0787 2944 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:56:54.0897 2944 Arp1394 - ok
15:56:54.0912 2944 asc - ok
15:56:54.0928 2944 asc3350p - ok
15:56:54.0944 2944 asc3550 - ok
15:56:55.0037 2944 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:56:55.0053 2944 aspnet_state - ok
15:56:55.0084 2944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:56:55.0194 2944 AsyncMac - ok
15:56:55.0225 2944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:56:55.0334 2944 atapi - ok
15:56:55.0350 2944 Atdisk - ok
15:56:55.0365 2944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:56:55.0490 2944 Atmarpc - ok
15:56:55.0522 2944 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:56:55.0631 2944 AudioSrv - ok
15:56:55.0662 2944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:56:55.0803 2944 audstub - ok
15:56:55.0834 2944 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:56:55.0850 2944 avgntflt - ok
15:56:55.0865 2944 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:56:55.0881 2944 avipbb - ok
15:56:55.0928 2944 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:56:55.0928 2944 avkmgr - ok
15:56:55.0975 2944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:56:56.0100 2944 Beep - ok
15:56:56.0162 2944 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:56:56.0287 2944 BITS - ok
15:56:56.0334 2944 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:56:56.0444 2944 Browser - ok
15:56:56.0444 2944 catchme - ok
15:56:56.0490 2944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:56:56.0615 2944 cbidf2k - ok
15:56:56.0631 2944 cd20xrnt - ok
15:56:56.0662 2944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:56:56.0803 2944 Cdaudio - ok
15:56:56.0834 2944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:56:56.0975 2944 Cdfs - ok
15:56:57.0006 2944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:56:57.0115 2944 Cdrom - ok
15:56:57.0131 2944 Changer - ok
15:56:57.0162 2944 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:56:57.0272 2944 CiSvc - ok
15:56:57.0287 2944 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:56:57.0397 2944 ClipSrv - ok
15:56:57.0444 2944 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:57.0459 2944 clr_optimization_v2.0.50727_32 - ok
15:56:57.0475 2944 CmdIde - ok
15:56:57.0490 2944 COMSysApp - ok
15:56:57.0522 2944 Cpqarray - ok
15:56:57.0553 2944 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:56:57.0647 2944 CryptSvc - ok
15:56:57.0662 2944 dac2w2k - ok
15:56:57.0678 2944 dac960nt - ok
15:56:57.0725 2944 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:56:57.0740 2944 DcomLaunch - ok
15:56:57.0787 2944 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:56:57.0897 2944 Dhcp - ok
15:56:57.0928 2944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:56:58.0022 2944 Disk - ok
15:56:58.0037 2944 dmadmin - ok
15:56:58.0131 2944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:56:58.0272 2944 dmboot - ok
15:56:58.0287 2944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:56:58.0397 2944 dmio - ok
15:56:58.0428 2944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:56:58.0569 2944 dmload - ok
15:56:58.0615 2944 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:56:58.0709 2944 dmserver - ok
15:56:58.0740 2944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:56:58.0834 2944 DMusic - ok
15:56:58.0865 2944 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:56:58.0881 2944 Dnscache - ok
15:56:58.0928 2944 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:56:59.0022 2944 Dot3svc - ok
15:56:59.0037 2944 dpti2o - ok
15:56:59.0069 2944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:56:59.0178 2944 drmkaud - ok
15:56:59.0209 2944 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:56:59.0303 2944 EapHost - ok
15:56:59.0334 2944 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:56:59.0428 2944 ERSvc - ok
15:56:59.0475 2944 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:56:59.0490 2944 Eventlog - ok
15:56:59.0537 2944 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:56:59.0553 2944 EventSystem - ok
15:56:59.0584 2944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:56:59.0694 2944 Fastfat - ok
15:56:59.0740 2944 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:56:59.0756 2944 FastUserSwitchingCompatibility - ok
15:56:59.0787 2944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:56:59.0897 2944 Fdc - ok
15:56:59.0928 2944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:57:00.0022 2944 Fips - ok
15:57:00.0037 2944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:57:00.0147 2944 Flpydisk - ok
15:57:00.0178 2944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:57:00.0272 2944 FltMgr - ok
15:57:00.0365 2944 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:57:00.0365 2944 FontCache3.0.0.0 - ok
15:57:00.0428 2944 ForceWare Intelligent Application Manager (IAM) (feb63947aa91a6d089118122e30dda68) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
15:57:00.0428 2944 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
15:57:00.0428 2944 ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
15:57:00.0490 2944 ForcewareWebInterface (b81f8778f5bb485f3b75114f0c99a49f) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
15:57:00.0490 2944 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - warning
15:57:00.0490 2944 ForcewareWebInterface - detected UnsignedFile.Multi.Generic (1)
15:57:00.0537 2944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:57:00.0662 2944 Fs_Rec - ok
15:57:00.0694 2944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:57:00.0819 2944 Ftdisk - ok
15:57:00.0865 2944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:57:00.0959 2944 Gpc - ok
15:57:00.0990 2944 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
15:57:01.0006 2944 HdAudAddService - ok
15:57:01.0037 2944 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:57:01.0147 2944 HDAudBus - ok
15:57:01.0178 2944 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:57:01.0287 2944 helpsvc - ok
15:57:01.0303 2944 HidServ - ok
15:57:01.0334 2944 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:57:01.0444 2944 hidusb - ok
15:57:01.0475 2944 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:57:01.0584 2944 hkmsvc - ok
15:57:01.0600 2944 hpn - ok
15:57:01.0631 2944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:57:01.0662 2944 HTTP - ok
15:57:01.0694 2944 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:57:01.0803 2944 HTTPFilter - ok
15:57:01.0819 2944 i2omgmt - ok
15:57:01.0834 2944 i2omp - ok
15:57:01.0865 2944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:57:01.0975 2944 i8042prt - ok
15:57:02.0100 2944 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:57:02.0147 2944 idsvc - ok
15:57:02.0178 2944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:57:02.0287 2944 Imapi - ok
15:57:02.0319 2944 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:57:02.0428 2944 ImapiService - ok
15:57:02.0444 2944 ini910u - ok
15:57:02.0459 2944 IntelIde - ok
15:57:02.0490 2944 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:57:02.0584 2944 Ip6Fw - ok
15:57:02.0615 2944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:57:02.0740 2944 IpFilterDriver - ok
15:57:02.0772 2944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:57:02.0865 2944 IpInIp - ok
15:57:02.0897 2944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:57:02.0990 2944 IpNat - ok
15:57:03.0022 2944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:57:03.0131 2944 IPSec - ok
15:57:03.0162 2944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:57:03.0272 2944 IRENUM - ok
15:57:03.0303 2944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:57:03.0412 2944 isapnp - ok
15:57:03.0506 2944 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
15:57:03.0506 2944 ISWKL - ok
15:57:03.0537 2944 IswSvc (5b2ccef06f96dfb22893ab8f0b3f891d) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
15:57:03.0553 2944 IswSvc - ok
15:57:03.0600 2944 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
15:57:03.0615 2944 JavaQuickStarterService - ok
15:57:03.0678 2944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:57:03.0787 2944 Kbdclass - ok
15:57:03.0819 2944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:57:03.0928 2944 kmixer - ok
15:57:03.0975 2944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:57:04.0006 2944 KSecDD - ok
15:57:04.0053 2944 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:57:04.0084 2944 lanmanserver - ok
15:57:04.0131 2944 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:57:04.0162 2944 lanmanworkstation - ok
15:57:04.0178 2944 lbrtfdc - ok
15:57:04.0225 2944 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:57:04.0319 2944 LmHosts - ok
15:57:04.0350 2944 MagicTune (27ebe229cbb97494eb84de3cb76930b7) C:\WINDOWS\system32\drivers\MTiCtwl.sys
15:57:04.0365 2944 MagicTune ( UnsignedFile.Multi.Generic ) - warning
15:57:04.0365 2944 MagicTune - detected UnsignedFile.Multi.Generic (1)
15:57:04.0444 2944 MagicTuneEngine (86504fe0759d4dce38e997921062df6b) C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
15:57:04.0459 2944 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - warning
15:57:04.0459 2944 MagicTuneEngine - detected UnsignedFile.Multi.Generic (1)
15:57:04.0506 2944 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:57:04.0600 2944 Messenger - ok
15:57:04.0631 2944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:57:04.0772 2944 mnmdd - ok
15:57:04.0803 2944 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:57:04.0897 2944 mnmsrvc - ok
15:57:05.0162 2944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:57:05.0272 2944 Modem - ok
15:57:05.0287 2944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:57:05.0381 2944 Mouclass - ok
15:57:05.0412 2944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:57:05.0553 2944 mouhid - ok
15:57:05.0569 2944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:57:05.0678 2944 MountMgr - ok
15:57:05.0694 2944 mraid35x - ok
15:57:05.0709 2944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:57:05.0819 2944 MRxDAV - ok
15:57:05.0850 2944 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:57:05.0897 2944 MRxSmb - ok
15:57:05.0928 2944 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:57:06.0037 2944 MSDTC - ok
15:57:06.0084 2944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:57:06.0178 2944 Msfs - ok
15:57:06.0194 2944 MSIServer - ok
15:57:06.0209 2944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:57:06.0319 2944 MSKSSRV - ok
15:57:06.0350 2944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:57:06.0444 2944 MSPCLOCK - ok
15:57:06.0459 2944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:57:06.0569 2944 MSPQM - ok
15:57:06.0584 2944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:57:06.0678 2944 mssmbios - ok
15:57:06.0725 2944 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
15:57:06.0725 2944 MTsensor - ok
15:57:06.0787 2944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:57:06.0787 2944 Mup - ok
15:57:06.0834 2944 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:57:06.0944 2944 napagent - ok
15:57:06.0975 2944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:57:07.0084 2944 NDIS - ok
15:57:07.0131 2944 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:57:07.0131 2944 NdisTapi - ok
15:57:07.0162 2944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:57:07.0256 2944 Ndisuio - ok
15:57:07.0287 2944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:57:07.0397 2944 NdisWan - ok
15:57:07.0428 2944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:57:07.0444 2944 NDProxy - ok
15:57:07.0475 2944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:57:07.0584 2944 NetBIOS - ok
15:57:07.0615 2944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:57:07.0725 2944 NetBT - ok
15:57:07.0772 2944 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:57:07.0881 2944 NetDDE - ok
15:57:07.0881 2944 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:57:07.0990 2944 NetDDEdsdm - ok
15:57:08.0006 2944 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:57:08.0100 2944 Netlogon - ok
15:57:08.0131 2944 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:57:08.0225 2944 Netman - ok
15:57:08.0350 2944 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:57:08.0350 2944 NetTcpPortSharing - ok
15:57:08.0397 2944 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:57:08.0490 2944 NIC1394 - ok
15:57:08.0537 2944 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
15:57:08.0553 2944 Nla - ok
15:57:08.0569 2944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:57:08.0678 2944 Npfs - ok
15:57:08.0756 2944 nSvcIp (63c7ceeec6271171bc2a723d694eda66) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
15:57:08.0772 2944 nSvcIp ( UnsignedFile.Multi.Generic ) - warning
15:57:08.0772 2944 nSvcIp - detected UnsignedFile.Multi.Generic (1)
15:57:08.0787 2944 nSvcLog (820b9afba044a8a43afdd9ba3d5e4b7b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
15:57:08.0803 2944 nSvcLog ( UnsignedFile.Multi.Generic ) - warning
15:57:08.0803 2944 nSvcLog - detected UnsignedFile.Multi.Generic (1)
15:57:08.0881 2944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:57:08.0990 2944 Ntfs - ok
15:57:09.0037 2944 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:57:09.0131 2944 NtLmSsp - ok
15:57:09.0209 2944 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:57:09.0334 2944 NtmsSvc - ok
15:57:09.0397 2944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:57:09.0537 2944 Null - ok
15:57:09.0662 2944 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:57:09.0803 2944 nv - ok
15:57:09.0850 2944 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:57:09.0865 2944 NVENETFD - ok
15:57:09.0928 2944 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:57:09.0928 2944 nvnetbus - ok
15:57:09.0959 2944 NVSvc (0b24ab7cc5b7ed2aa7f438a4072459f4) C:\WINDOWS\system32\nvsvc32.exe
15:57:09.0975 2944 NVSvc - ok
15:57:10.0006 2944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:57:10.0131 2944 NwlnkFlt - ok
15:57:10.0147 2944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:57:10.0272 2944 NwlnkFwd - ok
15:57:10.0319 2944 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:57:10.0412 2944 ohci1394 - ok
15:57:10.0428 2944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:57:10.0522 2944 Parport - ok
15:57:10.0553 2944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:57:10.0647 2944 PartMgr - ok
15:57:10.0678 2944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:57:10.0803 2944 ParVdm - ok
15:57:10.0834 2944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:57:10.0928 2944 PCI - ok
15:57:10.0944 2944 PCIDump - ok
15:57:10.0975 2944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:57:11.0100 2944 PCIIde - ok
15:57:11.0147 2944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:57:11.0240 2944 Pcmcia - ok
15:57:11.0256 2944 PDCOMP - ok
15:57:11.0287 2944 PDFRAME - ok
15:57:11.0303 2944 PDRELI - ok
15:57:11.0319 2944 PDRFRAME - ok
15:57:11.0334 2944 perc2 - ok
15:57:11.0350 2944 perc2hib - ok
15:57:11.0412 2944 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:57:11.0412 2944 PlugPlay - ok
15:57:11.0444 2944 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:57:11.0553 2944 PolicyAgent - ok
15:57:11.0584 2944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:57:11.0694 2944 PptpMiniport - ok
15:57:11.0709 2944 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:57:11.0819 2944 Processor - ok
15:57:11.0834 2944 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:57:11.0928 2944 ProtectedStorage - ok
15:57:11.0959 2944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:57:12.0053 2944 PSched - ok
15:57:12.0084 2944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:57:12.0225 2944 Ptilink - ok
15:57:12.0240 2944 ql1080 - ok
15:57:12.0256 2944 Ql10wnt - ok
15:57:12.0272 2944 ql12160 - ok
15:57:12.0287 2944 ql1240 - ok
15:57:12.0319 2944 ql1280 - ok
15:57:12.0334 2944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:57:12.0459 2944 RasAcd - ok
15:57:12.0490 2944 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:57:12.0600 2944 RasAuto - ok
15:57:12.0631 2944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:57:12.0740 2944 Rasl2tp - ok
15:57:12.0772 2944 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:57:12.0881 2944 RasMan - ok
15:57:12.0897 2944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:57:13.0006 2944 RasPppoe - ok
15:57:13.0037 2944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:57:13.0162 2944 Raspti - ok
15:57:13.0194 2944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:57:13.0287 2944 Rdbss - ok
15:57:13.0334 2944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:57:13.0459 2944 RDPCDD - ok
15:57:13.0475 2944 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:57:13.0584 2944 rdpdr - ok
15:57:13.0647 2944 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:57:13.0662 2944 RDPWD - ok
15:57:13.0678 2944 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:57:13.0772 2944 RDSessMgr - ok
15:57:13.0819 2944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:57:13.0912 2944 redbook - ok
15:57:13.0959 2944 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:57:14.0069 2944 RemoteAccess - ok
15:57:14.0100 2944 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:57:14.0194 2944 RemoteRegistry - ok
15:57:14.0225 2944 RMSPPPOE (9ffc7e81313d48a27df2727f82e402d4) C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS
15:57:14.0240 2944 RMSPPPOE ( UnsignedFile.Multi.Generic ) - warning
15:57:14.0240 2944 RMSPPPOE - detected UnsignedFile.Multi.Generic (1)
15:57:14.0272 2944 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:57:14.0381 2944 RpcLocator - ok
15:57:14.0428 2944 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:57:14.0444 2944 RpcSs - ok
15:57:14.0475 2944 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:57:14.0631 2944 RSVP - ok
15:57:14.0647 2944 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:57:14.0740 2944 SamSs - ok
15:57:14.0772 2944 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:57:14.0897 2944 SCardSvr - ok
15:57:14.0912 2944 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:57:15.0022 2944 Schedule - ok
15:57:15.0053 2944 scsiscan (089870dab7aa277585c475ae09ee4c63) C:\WINDOWS\system32\DRIVERS\scsiscan.sys
15:57:15.0147 2944 scsiscan - ok
15:57:15.0178 2944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:57:15.0272 2944 Secdrv - ok
15:57:15.0303 2944 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:57:15.0412 2944 seclogon - ok
15:57:15.0444 2944 SenFiltService (eca77beeb2be8d573cf1b265e44fbfbd) C:\WINDOWS\system32\drivers\Senfilt.sys
15:57:15.0475 2944 SenFiltService - ok
15:57:15.0490 2944 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:57:15.0600 2944 SENS - ok
15:57:15.0631 2944 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:57:15.0725 2944 serenum - ok
15:57:15.0740 2944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:57:15.0850 2944 Serial - ok
15:57:15.0881 2944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:57:15.0975 2944 Sfloppy - ok
15:57:16.0022 2944 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:57:16.0115 2944 SharedAccess - ok
15:57:16.0162 2944 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:57:16.0178 2944 ShellHWDetection - ok
15:57:16.0194 2944 Simbad - ok
15:57:16.0209 2944 Sparrow - ok
15:57:16.0256 2944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:57:16.0365 2944 splitter - ok
15:57:16.0397 2944 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:57:16.0428 2944 Spooler - ok
15:57:16.0459 2944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:57:16.0553 2944 sr - ok
15:57:16.0600 2944 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:57:16.0694 2944 srservice - ok
15:57:16.0725 2944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:57:16.0740 2944 Srv - ok
15:57:16.0772 2944 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:57:16.0881 2944 SSDPSRV - ok
15:57:16.0912 2944 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:57:16.0912 2944 ssmdrv - ok
15:57:16.0944 2944 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:57:17.0053 2944 stisvc - ok
15:57:17.0100 2944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:57:17.0194 2944 swenum - ok
15:57:17.0225 2944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:57:17.0319 2944 swmidi - ok
15:57:17.0350 2944 SwPrv - ok
15:57:17.0365 2944 symc810 - ok
15:57:17.0381 2944 symc8xx - ok
15:57:17.0397 2944 sym_hi - ok
15:57:17.0412 2944 sym_u3 - ok
15:57:17.0444 2944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:57:17.0537 2944 sysaudio - ok
15:57:17.0584 2944 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:57:17.0678 2944 SysmonLog - ok
15:57:17.0725 2944 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:57:17.0834 2944 TapiSrv - ok
15:57:17.0865 2944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:57:17.0897 2944 Tcpip - ok
15:57:17.0928 2944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:57:18.0037 2944 TDPIPE - ok
15:57:18.0069 2944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:57:18.0178 2944 TDTCP - ok
15:57:18.0209 2944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:57:18.0319 2944 TermDD - ok
15:57:18.0350 2944 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:57:18.0459 2944 TermService - ok
15:57:18.0506 2944 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:57:18.0522 2944 Themes - ok
15:57:18.0569 2944 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:57:18.0662 2944 TlntSvr - ok
15:57:18.0678 2944 TosIde - ok
15:57:18.0725 2944 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:57:18.0834 2944 TrkWks - ok
15:57:18.0881 2944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:57:18.0975 2944 Udfs - ok
15:57:18.0990 2944 ultra - ok
15:57:19.0022 2944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:57:19.0147 2944 Update - ok
15:57:19.0178 2944 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:57:19.0287 2944 upnphost - ok
15:57:19.0303 2944 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:57:19.0412 2944 UPS - ok
15:57:19.0459 2944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:57:19.0553 2944 usbehci - ok
15:57:19.0584 2944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:57:19.0678 2944 usbhub - ok
15:57:19.0709 2944 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:57:19.0819 2944 usbohci - ok
15:57:19.0834 2944 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:57:19.0944 2944 usbstor - ok
15:57:19.0959 2944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:57:20.0069 2944 VgaSave - ok
15:57:20.0084 2944 ViaIde - ok
15:57:20.0100 2944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:57:20.0209 2944 VolSnap - ok
15:57:20.0256 2944 Vsdatant (b0d3c4497d1ed91628dc56f592aebef4) C:\WINDOWS\system32\vsdatant.sys
15:57:20.0272 2944 Vsdatant - ok
15:57:20.0319 2944 vsmon - ok
15:57:20.0365 2944 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:57:20.0506 2944 VSS - ok
15:57:20.0537 2944 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:57:20.0631 2944 W32Time - ok
15:57:20.0678 2944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:57:20.0772 2944 Wanarp - ok
15:57:20.0787 2944 WDICA - ok
15:57:20.0819 2944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:57:20.0912 2944 wdmaud - ok
15:57:20.0959 2944 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:57:21.0053 2944 WebClient - ok
15:57:21.0100 2944 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:57:21.0194 2944 winmgmt - ok
15:57:21.0240 2944 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
15:57:21.0334 2944 WmdmPmSN - ok
15:57:21.0381 2944 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:57:21.0428 2944 Wmi - ok
15:57:21.0475 2944 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:57:21.0584 2944 WmiApSrv - ok
15:57:21.0631 2944 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:57:21.0756 2944 WS2IFSL - ok
15:57:21.0787 2944 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:57:21.0897 2944 wscsvc - ok
15:57:21.0928 2944 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:57:22.0022 2944 wuauserv - ok
15:57:22.0084 2944 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:57:22.0194 2944 WZCSVC - ok
15:57:22.0209 2944 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:57:22.0303 2944 xmlprov - ok
15:57:22.0334 2944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:57:22.0662 2944 \Device\Harddisk1\DR1 - ok
15:57:22.0678 2944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:57:22.0834 2944 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:57:22.0834 2944 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:57:22.0865 2944 MBR (0x1B8) (256b453263093eca750c20387813b317) \Device\Harddisk2\DR9
15:57:23.0412 2944 \Device\Harddisk2\DR9 - ok
15:57:23.0428 2944 Boot (0x1200) (c9d8a2c5c21bac54ab94cdf4702752b0) \Device\Harddisk1\DR1\Partition0
15:57:23.0428 2944 \Device\Harddisk1\DR1\Partition0 - ok
15:57:23.0428 2944 Boot (0x1200) (159993b34a57d862318094accb62bd8e) \Device\Harddisk1\DR1\Partition1
15:57:23.0428 2944 \Device\Harddisk1\DR1\Partition1 - ok
15:57:23.0459 2944 Boot (0x1200) (cda92e7591a2f7d468c28ca528af313a) \Device\Harddisk1\DR1\Partition2
15:57:23.0459 2944 \Device\Harddisk1\DR1\Partition2 - ok
15:57:23.0475 2944 Boot (0x1200) (e1a0028ba68f430c0d17a92bb2466b79) \Device\Harddisk1\DR1\Partition3
15:57:23.0475 2944 \Device\Harddisk1\DR1\Partition3 - ok
15:57:23.0490 2944 Boot (0x1200) (1966f087464259fa068cc65e549ef70c) \Device\Harddisk1\DR1\Partition4
15:57:23.0490 2944 \Device\Harddisk1\DR1\Partition4 - ok
15:57:23.0506 2944 Boot (0x1200) (1238c4d5ac7555ec6bba4a49002ca329) \Device\Harddisk0\DR0\Partition0
15:57:23.0506 2944 \Device\Harddisk0\DR0\Partition0 - ok
15:57:23.0522 2944 Boot (0x1200) (cff4dfbbe60e2ff63cf8da95742eb781) \Device\Harddisk0\DR0\Partition1
15:57:23.0522 2944 \Device\Harddisk0\DR0\Partition1 - ok
15:57:23.0537 2944 Boot (0x1200) (3043a772b38971e651d5c7f356ccb86d) \Device\Harddisk2\DR9\Partition0
15:57:23.0537 2944 \Device\Harddisk2\DR9\Partition0 - ok
15:57:23.0537 2944 ============================================================
15:57:23.0537 2944 Scan finished
15:57:23.0537 2944 ============================================================
15:57:23.0569 3592 Detected object count: 9
15:57:23.0569 3592 Actual detected object count: 9
15:58:04.0272 3592 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:04.0272 3592 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:58:04.0272 3592 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:04.0272 3592 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:58:04.0272 3592 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:04.0272 3592 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:58:04.0287 3592 MagicTune ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:04.0287 3592 MagicTune ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:58:04.0287 3592 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:04.0287 3592 MagicTuneEngine ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:58:04.0287 3592 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:04.0287 3592 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:58:04.0287 3592 nSvcLog ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:04.0287 3592 nSvcLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:58:04.0287 3592 RMSPPPOE ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:04.0287 3592 RMSPPPOE ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:58:04.0319 3592 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
15:58:04.0334 3592 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
15:58:04.0334 3592 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
15:58:04.0350 3592 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:58:04.0350 3592 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:58:04.0350 3592 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:58:04.0350 3592 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:58:04.0412 3592 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:58:04.0412 3592 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
15:58:04.0412 3592 \Device\Harddisk0\DR0\TDLFS - deleted
15:58:04.0412 3592 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
  • 0

#20
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Just to confirm... Your system is slow even if you are in Safe Mode?


Next... Let's see event logs:

  • Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
  • Double-click VEW.exe
  • Under 'Select log to query', select :
    • Application
    • System
  • Under 'Select type to list', select:
    • Error
    • Information
    • Warning

  • Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.

  • 0

#21
NickKeenan

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Yes.. even in Safe Mode the machine is slow.

The VEW log follows:

============================================
Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/03/2012 4:47:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/03/2012 8:52:13 AM
Type: error Category: 1
Event: 4126 Source: Ci
Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents.

Log: 'Application' Date/Time: 13/03/2012 8:52:13 AM
Type: error Category: 1
Event: 4124 Source: Ci
Content index on e:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service (cisvc).

Log: 'Application' Date/Time: 11/03/2012 5:46:32 PM
Type: error Category: 1
Event: 4126 Source: Ci
Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents.

Log: 'Application' Date/Time: 11/03/2012 3:17:15 PM
Type: error Category: 1
Event: 4126 Source: Ci
Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents.

Log: 'Application' Date/Time: 11/03/2012 3:17:15 PM
Type: error Category: 1
Event: 4124 Source: Ci
Content index on e:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service (cisvc).

Log: 'Application' Date/Time: 11/03/2012 5:25:34 AM
Type: error Category: 1
Event: 4126 Source: Ci
Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents.

Log: 'Application' Date/Time: 11/03/2012 2:08:33 AM
Type: error Category: 1
Event: 4126 Source: Ci
Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents.

Log: 'Application' Date/Time: 10/03/2012 11:35:19 PM
Type: error Category: 1
Event: 4126 Source: Ci
Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents.

Log: 'Application' Date/Time: 10/03/2012 11:35:19 PM
Type: error Category: 1
Event: 4124 Source: Ci
Content index on e:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service (cisvc).

Log: 'Application' Date/Time: 10/03/2012 4:31:43 PM
Type: error Category: 1
Event: 4126 Source: Ci
Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents.

Log: 'Application' Date/Time: 10/03/2012 4:31:43 PM
Type: error Category: 1
Event: 4124 Source: Ci
Content index on e:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service (cisvc).

Log: 'Application' Date/Time: 08/03/2012 11:27:59 PM
Type: error Category: 1
Event: 4126 Source: Ci
Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents.

Log: 'Application' Date/Time: 08/03/2012 11:27:59 PM
Type: error Category: 1
Event: 4124 Source: Ci
Content index on e:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service (cisvc).

Log: 'Application' Date/Time: 02/03/2012 1:38:28 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application notepad.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 01/03/2012 6:06:47 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application cdextract.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 01/03/2012 6:02:36 PM
Type: error Category: 1
Event: 4118 Source: Ci
A content scan could not be completed on Side01.

Log: 'Application' Date/Time: 01/03/2012 3:31:40 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application freerip3.exe, version 3.0.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 24/02/2012 11:23:39 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application uTorrent.exe, version 3.1.2.26729, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 24/02/2012 10:58:04 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application uTorrent.exe, version 3.1.2.26729, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 23/02/2012 6:25:31 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application uTorrent.exe, version 3.1.2.26729, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/03/2012 4:04:23 PM
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 22/03/2012 4:04:04 PM
Type: information Category: 1
Event: 4096 Source: Avira Antivirus
The AntiVir service has been started successfully!

Log: 'Application' Date/Time: 22/03/2012 4:01:45 PM
Type: information Category: 0
Event: 1516 Source: Userenv
Windows unloaded user GENERALSPECIFIX\Nick registry when it received a notification that no other applications or services were using the profile.

Log: 'Application' Date/Time: 22/03/2012 4:10:20 AM
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 22/03/2012 4:10:01 AM
Type: information Category: 1
Event: 4096 Source: Avira Antivirus
The AntiVir service has been started successfully!

Log: 'Application' Date/Time: 22/03/2012 4:08:50 AM
Type: information Category: 0
Event: 1001 Source: Winlogon
Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. Cleaning up 184 unused index entries from index $SII of file 0x9. Cleaning up 184 unused index entries from index $SDH of file 0x9. Cleaning up 184 unused security descriptors. CHKDSK is verifying Usn Journal... Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... Free space verification is complete. 40957685 KB total disk space. 17845972 KB in 49110 files. 16552 KB in 6274 indexes. 0 KB in bad sectors. 133377 KB in use by the system. 65536 KB occupied by the log file. 22961784 KB available on disk. 4096 bytes in each allocation unit. 10239421 total allocation units on disk. 5740446 allocation units available on disk. Internal Info: 20 da 00 00 64 d8 00 00 fa 26 01 00 00 00 00 00 ...d....&...... be 00 00 00 02 00 00 00 98 06 00 00 00 00 00 00 ................ 10 8b 90 01 00 00 00 00 66 f2 d6 25 00 00 00 00 ........f..%.... 26 42 bd 07 00 00 00 00 76 2a 5c f2 01 00 00 00 &B......v*\..... c4 ae 17 79 01 00 00 00 78 03 3e a2 03 00 00 00 ...y....x.>..... 99 9e 36 00 00 00 00 00 e8 3e 07 00 d6 bf 00 00 ..6......>...... 00 00 00 00 00 50 3b 41 04 00 00 00 82 18 00 00 .....P;A........ Windows has finished checking your disk. Please wait while your computer restarts.

Log: 'Application' Date/Time: 22/03/2012 3:40:32 AM
Type: information Category: 0
Event: 1516 Source: Userenv
Windows unloaded user GENERALSPECIFIX\Nick registry when it received a notification that no other applications or services were using the profile.

Log: 'Application' Date/Time: 21/03/2012 11:27:31 AM
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 21/03/2012 11:27:10 AM
Type: information Category: 1
Event: 4096 Source: Avira Antivirus
The AntiVir service has been started successfully!

Log: 'Application' Date/Time: 21/03/2012 8:56:21 AM
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 21/03/2012 8:56:01 AM
Type: information Category: 1
Event: 4096 Source: Avira Antivirus
The AntiVir service has been started successfully!

Log: 'Application' Date/Time: 20/03/2012 1:49:00 PM
Type: information Category: 0
Event: 1904 Source: HHCTRL
The event description cannot be found.

Log: 'Application' Date/Time: 20/03/2012 1:48:59 PM
Type: information Category: 0
Event: 1904 Source: HHCTRL
The event description cannot be found.

Log: 'Application' Date/Time: 20/03/2012 1:35:50 PM
Type: information Category: 0
Event: 11707 Source: MsiInstaller
Product: Java Auto Updater -- Installation operation completed successfully.

Log: 'Application' Date/Time: 20/03/2012 1:35:32 PM
Type: information Category: 0
Event: 11707 Source: MsiInstaller
Product: Java™ 6 Update 31 -- Installation operation completed successfully.

Log: 'Application' Date/Time: 20/03/2012 1:30:44 PM
Type: information Category: 0
Event: 1 Source: crypt32
Successful auto update of third-party root certificate:: Subject: <CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE> Sha1 thumbprint: <02FAF3E291435468607857694DF5E45B68851868>

Log: 'Application' Date/Time: 20/03/2012 1:30:44 PM
Type: information Category: 0
Event: 4 Source: crypt32
Successful auto update retrieval of third-party root certificate from: <http://www.download....5B68851868.crt>

Log: 'Application' Date/Time: 20/03/2012 1:27:37 PM
Type: information Category: 0
Event: 11707 Source: MsiInstaller
Product: Creo Elements/Direct Modeling Express 4.0 -- Installation operation completed successfully.

Log: 'Application' Date/Time: 20/03/2012 9:42:23 AM
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 20/03/2012 9:42:02 AM
Type: information Category: 1
Event: 4096 Source: Avira Antivirus
The AntiVir service has been started successfully!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/03/2012 4:01:44 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GENERALSPECIFIX\Nick registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 22/03/2012 4:01:43 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 22/03/2012 3:40:29 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GENERALSPECIFIX\Nick registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 22/03/2012 3:40:29 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 21/03/2012 11:24:40 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GENERALSPECIFIX\Nick registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 21/03/2012 11:24:40 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 21/03/2012 1:52:24 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GENERALSPECIFIX\Nick registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 21/03/2012 1:52:23 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 20/03/2012 2:16:47 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GENERALSPECIFIX\Nick registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 20/03/2012 2:16:47 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 19/03/2012 10:58:49 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GENERALSPECIFIX\Nick registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 19/03/2012 10:58:47 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 19/03/2012 10:44:36 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GENERALSPECIFIX\Nick registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 19/03/2012 10:44:35 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 19/03/2012 10:29:34 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GENERALSPECIFIX\Nick registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 19/03/2012 10:29:33 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 19/03/2012 1:04:32 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GENERALSPECIFIX\Nick registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 19/03/2012 1:04:31 AM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 18/03/2012 5:13:30 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GENERALSPECIFIX\Nick registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 18/03/2012 2:24:27 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user GENERALSPECIFIX\Nick registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/03/2012 4:01:41 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 22/03/2012 10:01:15 AM
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 22/03/2012 10:01:15 AM
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 22/03/2012 9:53:41 AM
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 120 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 22/03/2012 9:53:41 AM
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 22/03/2012 8:53:37 AM
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 60 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 22/03/2012 8:53:37 AM
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 22/03/2012 8:23:35 AM
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 22/03/2012 8:23:35 AM
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 22/03/2012 8:08:34 AM
Type: error Category: 0
Event: 29 Source: W32Time
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

Log: 'System' Date/Time: 22/03/2012 8:08:34 AM
Type: error Category: 0
Event: 17 Source: W32Time
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Log: 'System' Date/Time: 22/03/2012 3:40:25 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 21/03/2012 11:24:36 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 21/03/2012 1:52:20 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 20/03/2012 2:16:42 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 19/03/2012 11:06:28 AM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The ForceWare Intelligent Application Manager (IAM) service hung on starting.

Log: 'System' Date/Time: 19/03/2012 11:02:22 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 19/03/2012 11:01:32 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: AFD AmdK8 avipbb avkmgr Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip Vsdatant WS2IFSL

Log: 'System' Date/Time: 19/03/2012 11:01:32 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 19/03/2012 11:01:32 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Forceware Web Interface service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/03/2012 4:08:09 PM
Type: information Category: 0
Event: 20158 Source: RemoteAccess
The user [email protected] successfully established a connection to teksavvy using the device PPPoE5-0.

Log: 'System' Date/Time: 22/03/2012 4:04:40 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 22/03/2012 4:04:36 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Application Layer Gateway Service service entered the running state.

Log: 'System' Date/Time: 22/03/2012 4:04:36 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Application Layer Gateway Service service was successfully sent a start control.

Log: 'System' Date/Time: 22/03/2012 4:04:36 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The SSDP Discovery Service service entered the running state.

Log: 'System' Date/Time: 22/03/2012 4:04:35 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Remote Access Connection Manager service entered the running state.

Log: 'System' Date/Time: 22/03/2012 4:04:35 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The SSDP Discovery Service service was successfully sent a start control.

Log: 'System' Date/Time: 22/03/2012 4:04:34 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 22/03/2012 4:04:34 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Network Location Awareness (NLA) service entered the running state.

Log: 'System' Date/Time: 22/03/2012 4:04:31 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The MagicTune service was successfully sent a start control.

Log: 'System' Date/Time: 22/03/2012 4:04:31 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Network Location Awareness (NLA) service was successfully sent a start control.

Log: 'System' Date/Time: 22/03/2012 4:04:31 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 22/03/2012 4:04:30 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Background Intelligent Transfer Service service entered the running state.

Log: 'System' Date/Time: 22/03/2012 4:04:29 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Background Intelligent Transfer Service service was successfully sent a start control.

Log: 'System' Date/Time: 22/03/2012 4:04:29 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Remote Access Connection Manager service was successfully sent a start control.

Log: 'System' Date/Time: 22/03/2012 4:04:27 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Telephony service entered the running state.

Log: 'System' Date/Time: 22/03/2012 4:04:27 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Fast User Switching Compatibility service entered the running state.

Log: 'System' Date/Time: 22/03/2012 4:04:27 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Fast User Switching Compatibility service was successfully sent a start control.

Log: 'System' Date/Time: 22/03/2012 4:04:27 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Terminal Services service entered the running state.

Log: 'System' Date/Time: 22/03/2012 4:03:14 PM
Type: information Category: 0
Event: 17 Source: avgntflt
avgntflt.sys version 12.0.21.4 successfully loaded

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/03/2012 4:03:58 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 22/03/2012 3:25:29 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk2\D during a paging operation.

Log: 'System' Date/Time: 22/03/2012 4:09:54 AM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 22/03/2012 1:12:56 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 21/03/2012 6:22:39 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk2\D during a paging operation.

Log: 'System' Date/Time: 21/03/2012 11:27:04 AM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 21/03/2012 8:55:54 AM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 20/03/2012 11:23:30 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 20/03/2012 3:26:22 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk2\D during a paging operation.

Log: 'System' Date/Time: 20/03/2012 3:25:10 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk2\D during a paging operation.

Log: 'System' Date/Time: 20/03/2012 9:41:55 AM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 19/03/2012 2:23:14 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 19/03/2012 2:20:46 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 19/03/2012 12:41:59 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 19/03/2012 11:04:42 AM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 19/03/2012 11:03:57 AM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk2\D during a paging operation.

Log: 'System' Date/Time: 19/03/2012 10:46:42 AM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 19/03/2012 10:38:16 AM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 19/03/2012 9:06:12 AM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0017314A2D27. The IP address being used is 169.254.87.86.

Log: 'System' Date/Time: 18/03/2012 6:27:08 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk2\D during a paging operation.
  • 0

#22
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi NickKeenan,

For now I don't see any trace of malware left. Let's do deeper scan and see if we can get anything out of it.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun Virus Removal Tool and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#23
NickKeenan

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Attached File  avptool_sysinfo.zip   19.75KB   29 downloads
  • 0

#24
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Before we continue, what are your current problems beside slow system. Any visible problem?
  • 0

#25
NickKeenan

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
After a boot and run my PPPOE dialer to connect to the internet,
when I first launch Thunderbird, it times out. But Tbird works
as soon as I GetMail, or close and re-launch. Strange..

The system is slightly quicker changing windows, but
Tetris still stalls momentarily (less than a second, but noticeable enough
to make the game unplayable).

/nick
  • 0

Advertisements


#26
NickKeenan

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Forgot to mention that, after the long-winded system scan Kaspersky Virus Removal operation, when I restarted I got a Stop Error when I launched my PPPOE dialer.
I restarted again and this time I waited until all that background startup stuff seemed to be completed before launched my PPPOE dialer.. this time it worked.

But now, many hours later, with nothing going on, and I'm away from the machine, I come back to see the same Stop Error with identical text, including addresses.
I have copies if you're interested.

/nick
  • 0

#27
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi NickKeenan,

This is strange because there is nothing to remove from your system. Let's try to scan system fro errors.


We are going to run System File Checker, to make sure all of your protected files are not corrupt.&nbsp;&nbsp;The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan.&nbsp;&nbsp;if this happens please make sure that you can view protected files:
  • My Computer
  • Tools
  • Folder Options
  • View
  • "Uncheck" Hide protected operating system files.
Then rerun the scan.&nbsp;&nbsp;If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates!&nbsp;&nbsp;After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:
  • My Computer
  • Tools
  • Folder Options
  • View
  • "Check" Hide protected operating system files.

  • 0

#28
NickKeenan

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I was away for a day and a half.

I ran sfc /scannow, rebooted, tested performance - no change.

I applied Windows updates, rebooted, tested performance - no change.

I like to leave hidden files unhidden - any problem with that?

Would it be worthwhile to apply SP3 again?

/nick
  • 0

#29
NickKeenan

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I seem to have lost my last message to you.. here it is again

Just now, while I was away from the machine, it crashed with another Stop Error.
I didn't take down the details but I'm attaching a picture of the Stop Error window from the previous time it happened.
Should I be recording/reporting these details to you as they occur?

/nick
  • 0

#30
NickKeenan

NickKeenan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I don't understand how to reply properly - I keep losing my replies.

This message is for the purpose of attaching a photo of a Stop Error window I mentioned.

OK.. I've solved how to reply -- use Full Editor (which includes attachments).WindowsStopError01.jpg
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP