Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC Clean-up

Started by HalYurAznPal , Aug 13 2012 09:04 AM

  • Please log in to reply

#1
HalYurAznPal
Posted 13 August 2012 - 09:04 AM

HalYurAznPal

    Member

  • Member
  • PipPip
  • 38 posts
Hello,

My girlfriend and I need some help to clean up her PC. It has been reformatted recently, and I have run MBAM and Avira scans. MBAM was able to take out 2 threats, while Avira was unable to find anything.

My only concern is when I open up the task manager there is what seems to be an unhealthy amount of processes running.

We need some help to get a "deeper" clean.

Any and all help would be appreciated. The OTL Log File is pasted below.

Thanks,

Hal

OTL logfile created on: 8/13/2012 10:32:22 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\MY PC\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 348.38 Mb Available Physical Memory | 34.36% Memory free
2.38 Gb Paging File | 1.68 Gb Available in Paging File | 70.45% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.05 Gb Total Space | 132.58 Gb Free Space | 91.41% Space Free | Partition Type: NTFS

Computer Name: YOUR-0A89A14CFD | User Name: MY PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/13 10:29:08 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MY PC\My Documents\Downloads\OTL.exe
PRC - [2012/08/11 14:05:02 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/08/07 02:43:41 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/12/01 03:45:10 | 000,532,480 | ---- | M] (Vimicro) -- C:\Program Files\USB Camera\VM331_STI.EXE
PRC - [2008/09/12 18:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/12 18:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/11 14:05:07 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/08/11 14:05:02 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/08/07 02:43:40 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppgooglenaclpluginchrome.dll
MOD - [2012/08/07 02:43:39 | 012,235,800 | ---- | M] () -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
MOD - [2012/08/07 02:43:37 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
MOD - [2012/08/07 02:42:09 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avutil-51.dll
MOD - [2012/08/07 02:42:08 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avformat-54.dll
MOD - [2012/08/07 02:42:07 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avcodec-54.dll
MOD - [2012/01/31 08:57:08 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/11 14:05:06 | 000,935,008 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/09/12 18:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/05 14:03:56 | 000,069,632 | ---- | M] (SRS Labs, Inc.) [Auto | Stopped] -- C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe -- (SRS_PostInstaller)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/09 04:39:46 | 000,997,888 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2009/02/03 04:22:00 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/10/30 08:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/05 14:08:14 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WOWFilter.sys -- (wowfilter)
DRV - [2008/08/22 05:25:14 | 000,308,608 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/03 21:38:40 | 000,015,232 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Ndisipo.sys -- (Ndisipo)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7LGEL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LGEL&bmod=LGEL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LGEL&bmod=LGEL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7LGEL_enCA496
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-08-08 09:14:47&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/08 09:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/08/11 14:05:13 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [331BigDog] C:\Program Files\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IPO3] C:\Program Files\LG Software\IP Operator\IP Operator.exe (LG Electronics Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.210.47.10 207.210.47.19 207.210.47.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0E913F2-672B-4B7A-AF74-E7F031BAFD3E}: DhcpNameServer = 207.210.47.10 207.210.47.19 207.210.47.20
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\butterfly-1024_576_00120.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\butterfly-1024_576_00120.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/23 13:58:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 10:32:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/13 10:24:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/08/13 10:21:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/12 20:05:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/08/12 20:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\Avira
[2012/08/12 19:53:48 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/08/12 19:53:47 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/08/12 19:53:47 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/08/12 19:53:47 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/08/12 19:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/08/12 19:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/08/12 19:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\MSNInstaller
[2012/08/12 19:44:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MY PC\PrivacIE
[2012/08/12 19:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2012/08/12 19:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\Malwarebytes
[2012/08/12 19:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/12 19:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/12 19:25:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/12 19:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/12 19:19:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/08/11 17:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/08/11 16:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/08/11 16:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/08/11 16:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/08/11 16:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/08/11 16:54:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/08/11 16:53:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/11 16:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\WinRAR
[2012/08/11 16:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/08/11 16:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Start Menu\Programs\WinRAR
[2012/08/11 16:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/08/11 15:07:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MY PC\IETldCache
[2012/08/11 15:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\My Documents\OneNote Notebooks
[2012/08/11 14:59:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/08/11 14:59:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/08/11 14:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Microsoft Help
[2012/08/11 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/11 14:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/08/11 14:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012/08/08 11:34:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/08/08 11:34:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/08/08 09:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/08/08 09:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\AVG2012
[2012/08/08 09:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/08/08 09:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Local Settings\Application Data\AVG Secure Search
[2012/08/08 09:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/08/08 09:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\AVG Secure Search
[2012/08/08 09:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/08/08 09:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/08/08 09:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/08/08 09:14:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/08 09:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/08/08 09:14:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/08/08 09:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/08/08 09:11:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/08 09:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/08/08 09:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\My Documents\Downloads
[2012/08/08 09:10:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/08/08 03:46:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MY PC\Application Data\Microsoft
[2012/08/08 03:46:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MY PC\SendTo
[2012/08/08 03:46:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MY PC\Recent
[2012/08/08 03:46:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MY PC\Application Data
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\Start Menu\Programs\Startup
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\Start Menu
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\My Documents\My Pictures
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\My Documents\My Music
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\My Documents
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\Favorites
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\Start Menu\Programs\Accessories
[2012/08/08 03:46:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MY PC\Cookies
[2012/08/08 03:46:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MY PC\Templates
[2012/08/08 03:46:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MY PC\PrintHood
[2012/08/08 03:46:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MY PC\NetHood
[2012/08/08 03:46:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MY PC\Local Settings
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\My Documents\Youcam
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\Sun
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\SRSCPL
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Microsoft
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\InstallShield
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\Identities
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Desktop
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Start Menu\Programs\CyberLink YouCam
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\Adobe
[2012/08/08 03:41:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/08/07 23:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/08/07 23:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Start Menu\Programs\Google Chrome
[2012/08/07 23:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Temp
[2012/08/07 23:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/08/07 23:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Google
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/13 10:52:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/13 10:27:07 | 103,696,573 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/08/13 10:21:54 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/13 10:21:54 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/12 21:56:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/12 21:56:46 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 21:02:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3420323342-1523444748-2663574226-1005UA.job
[2012/08/12 20:03:43 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\MY PC\Desktop\Google Chrome.lnk
[2012/08/12 20:03:43 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\MY PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/12 19:54:06 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/08/12 19:46:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\lgcenter.ini
[2012/08/12 19:44:59 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\MY PC\Local Settings\Application Data\dt.dat
[2012/08/12 19:25:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/12 19:24:06 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/08/12 19:15:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/12 19:15:30 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/11 15:07:39 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\MY PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/08 10:02:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3420323342-1523444748-2663574226-1005Core.job
[2012/08/08 09:14:53 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/08/08 03:45:27 | 000,000,135 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/08/08 03:43:20 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/13 10:27:07 | 103,696,573 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/08/12 19:54:06 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/08/12 19:44:59 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\MY PC\Local Settings\Application Data\dt.dat
[2012/08/12 19:25:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 14:06:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/11 14:06:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/08/08 09:14:53 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/08/08 03:46:27 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\bmpsap.dll
[2012/08/08 03:46:10 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\MY PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/08 03:46:10 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\MY PC\Desktop\CyberLink YouCam.lnk
[2012/08/08 03:46:10 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\MY PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/08/08 03:46:09 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\MY PC\Start Menu\Programs\Remote Assistance.lnk
[2012/08/08 03:46:09 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\MY PC\Start Menu\Programs\Internet Explorer.lnk
[2012/08/08 03:46:09 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\MY PC\Start Menu\Programs\Windows Media Player.lnk
[2012/08/08 03:46:09 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\MY PC\Start Menu\Programs\Outlook Express.lnk
[2012/08/08 03:45:23 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Media Player.lnk
[2012/08/08 03:41:26 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/07 23:48:42 | 000,002,286 | ---- | C] () -- C:\Documents and Settings\MY PC\Desktop\Google Chrome.lnk
[2012/08/07 23:48:42 | 000,002,264 | ---- | C] () -- C:\Documents and Settings\MY PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/07 23:47:32 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3420323342-1523444748-2663574226-1005UA.job
[2012/08/07 23:47:32 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3420323342-1523444748-2663574226-1005Core.job

========== LOP Check ==========

[2012/08/12 19:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/08/08 09:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/08/08 09:11:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/13 10:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/12 11:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2012/08/08 09:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MY PC\Application Data\AVG Secure Search
[2012/08/08 09:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MY PC\Application Data\AVG2012
[2012/08/12 19:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MY PC\Application Data\MSNInstaller
[2009/03/12 11:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MY PC\Application Data\SRSCPL

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Gammo
Posted 16 August 2012 - 08:02 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
HalYurAznPal
Posted 16 August 2012 - 08:55 AM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I have 2 problems with my PC right now.

1. It is very slow even after completely reformatting. MBAM was able to pick up threats even after reformatting, which makes me suspicious that there may be more threats remaining.

2. I have about 45 processes running, which also makes me very suspicious.

As of right now, I have only put MBAM and Avira on the computer, and run scans with MBAM.

OTL Didn't Create an Extras document, I only have the the OTL.Txt


OTL logfile created on: 8/16/2012 10:36:00 AM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\MY PC\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.04 Mb Total Physical Memory | 644.43 Mb Available Physical Memory | 63.55% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.05 Gb Total Space | 131.30 Gb Free Space | 90.52% Space Free | Partition Type: NTFS

Computer Name: YOUR-0A89A14CFD | User Name: MY PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 23:41:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/08/14 23:41:09 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/08/14 23:41:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/08/14 23:41:09 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/08/13 10:29:08 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MY PC\My Documents\Downloads\OTL.exe
PRC - [2008/12/01 03:45:10 | 000,532,480 | ---- | M] (Vimicro) -- C:\Program Files\USB Camera\VM331_STI.EXE
PRC - [2008/09/12 18:01:28 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/12 18:01:24 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/09/12 14:45:04 | 001,056,768 | ---- | M] (LG Electronics Inc.) -- C:\Program Files\LG Software\IP Operator\IP Operator.exe
PRC - [2008/09/05 14:03:56 | 000,069,632 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/14 23:41:11 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/14 23:41:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/08/14 23:41:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/09/12 18:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/05 14:03:56 | 000,069,632 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe -- (SRS_PostInstaller)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/14 23:41:11 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/08/14 23:41:11 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/09 04:39:46 | 000,997,888 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2009/02/03 04:22:00 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/10/30 08:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/09/05 14:08:14 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WOWFilter.sys -- (wowfilter)
DRV - [2008/08/22 05:25:14 | 000,308,608 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/03 21:38:40 | 000,015,232 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Ndisipo.sys -- (Ndisipo)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7LGEL


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LGEL&bmod=LGEL
IE - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LGEL&bmod=LGEL
IE - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7LGEL_enCA496
IE - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-08-08 09:14:47&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\MY PC\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [331BigDog] C:\Program Files\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IPO3] C:\Program Files\LG Software\IP Operator\IP Operator.exe (LG Electronics Inc.)
O4 - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3420323342-1523444748-2663574226-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.210.47.10 207.210.47.19 207.210.47.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0E913F2-672B-4B7A-AF74-E7F031BAFD3E}: DhcpNameServer = 207.210.47.10 207.210.47.19 207.210.47.20
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\MY PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MY PC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/23 13:58:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 10:19:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/08/13 18:30:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/13 17:14:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/13 10:24:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/08/12 20:05:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/08/12 20:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\Avira
[2012/08/12 19:53:48 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/08/12 19:53:47 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/08/12 19:53:47 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/08/12 19:53:47 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/08/12 19:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/08/12 19:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/08/12 19:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\MSNInstaller
[2012/08/12 19:44:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MY PC\PrivacIE
[2012/08/12 19:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2012/08/12 19:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\Malwarebytes
[2012/08/12 19:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/12 19:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/12 19:25:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/12 19:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/12 19:19:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/08/11 17:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/08/11 16:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/08/11 16:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/08/11 16:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/08/11 16:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/08/11 16:54:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/08/11 16:53:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/11 16:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\WinRAR
[2012/08/11 16:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/08/11 16:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Start Menu\Programs\WinRAR
[2012/08/11 16:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/08/11 15:07:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MY PC\IETldCache
[2012/08/11 15:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\My Documents\OneNote Notebooks
[2012/08/11 14:59:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/08/11 14:59:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/08/11 14:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Microsoft Help
[2012/08/11 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/11 14:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/08/11 14:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012/08/08 11:34:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/08/08 11:34:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/08/08 09:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/08/08 09:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\AVG2012
[2012/08/08 09:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/08/08 09:14:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/08 09:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/08/08 09:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/08/08 09:11:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/08 09:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/08/08 09:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\My Documents\Downloads
[2012/08/08 09:10:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/08/08 03:46:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MY PC\Application Data\Microsoft
[2012/08/08 03:46:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MY PC\SendTo
[2012/08/08 03:46:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MY PC\Recent
[2012/08/08 03:46:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MY PC\Application Data
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\Start Menu\Programs\Startup
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\Start Menu
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\My Documents\My Pictures
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\My Documents\My Music
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\My Documents
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\Favorites
[2012/08/08 03:46:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MY PC\Start Menu\Programs\Accessories
[2012/08/08 03:46:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MY PC\Cookies
[2012/08/08 03:46:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MY PC\Templates
[2012/08/08 03:46:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MY PC\PrintHood
[2012/08/08 03:46:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MY PC\NetHood
[2012/08/08 03:46:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MY PC\Local Settings
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\My Documents\Youcam
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\Sun
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\SRSCPL
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Microsoft
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\InstallShield
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\Identities
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Desktop
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Start Menu\Programs\CyberLink YouCam
[2012/08/08 03:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Application Data\Adobe
[2012/08/08 03:41:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/08/07 23:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/08/07 23:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Start Menu\Programs\Google Chrome
[2012/08/07 23:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Temp
[2012/08/07 23:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/08/07 23:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MY PC\Local Settings\Application Data\Google
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 23:41:11 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/08/14 23:41:11 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/08/14 21:29:36 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\MY PC\Desktop\Google Chrome.lnk
[2012/08/14 21:29:36 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\MY PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/14 21:28:37 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3420323342-1523444748-2663574226-1005UA.job
[2012/08/13 19:34:20 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/13 19:34:20 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/13 19:30:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/13 19:29:55 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 17:11:35 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/13 10:52:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/12 19:54:06 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/08/12 19:46:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\lgcenter.ini
[2012/08/12 19:44:59 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\MY PC\Local Settings\Application Data\dt.dat
[2012/08/12 19:25:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/12 19:24:06 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/08/12 19:15:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/11 15:07:39 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\MY PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/08 10:02:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3420323342-1523444748-2663574226-1005Core.job
[2012/08/08 03:45:27 | 000,000,135 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/08/08 03:43:20 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/12 19:54:06 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2012/08/12 19:44:59 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\MY PC\Local Settings\Application Data\dt.dat
[2012/08/12 19:25:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 14:06:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/11 14:06:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/08/08 03:46:27 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\bmpsap.dll
[2012/08/08 03:46:10 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\MY PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/08 03:46:10 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\MY PC\Desktop\CyberLink YouCam.lnk
[2012/08/08 03:46:10 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\MY PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/08/08 03:46:09 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\MY PC\Start Menu\Programs\Remote Assistance.lnk
[2012/08/08 03:46:09 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\MY PC\Start Menu\Programs\Internet Explorer.lnk
[2012/08/08 03:46:09 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\MY PC\Start Menu\Programs\Windows Media Player.lnk
[2012/08/08 03:46:09 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\MY PC\Start Menu\Programs\Outlook Express.lnk
[2012/08/08 03:45:23 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Media Player.lnk
[2012/08/08 03:41:26 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/07 23:48:42 | 000,002,286 | ---- | C] () -- C:\Documents and Settings\MY PC\Desktop\Google Chrome.lnk
[2012/08/07 23:48:42 | 000,002,264 | ---- | C] () -- C:\Documents and Settings\MY PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/07 23:47:32 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3420323342-1523444748-2663574226-1005UA.job
[2012/08/07 23:47:32 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3420323342-1523444748-2663574226-1005Core.job

========== LOP Check ==========

[2012/08/13 19:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/08/08 09:11:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/13 19:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/12 11:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/03/12 11:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SRSCPL
[2012/08/08 09:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MY PC\Application Data\AVG2012
[2012/08/12 19:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MY PC\Application Data\MSNInstaller
[2009/03/12 11:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MY PC\Application Data\SRSCPL

========== Purity Check ==========



< End of report >
  • 0

#4
Gammo
Posted 16 August 2012 - 09:55 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts

MBAM was able to pick up threats even after reformatting

Can you please post the log file of that scan? MBAM's log files can be found under the "Logs" tab of the program.
  • 0

#5
HalYurAznPal
Posted 16 August 2012 - 09:59 AM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi,

Here is the log file.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MY PC :: YOUR-0A89A14CFD [limited]

8/12/2012 7:27:44 PM
mbam-log-2012-08-12 (19-27-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 175576
Time elapsed: 9 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\MY PC\My Documents\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)
  • 0

#6
Gammo
Posted 16 August 2012 - 10:04 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
You don't need to worry about what MBAM found. Also your OTL log appears to be clean, so I really don't think there is any malware on your PC. We can do some additional scans, but I don't think they'll find anything. :)




Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.






Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#7
HalYurAznPal
Posted 16 August 2012 - 10:25 AM

HalYurAznPal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi,

Here are the logs you requested.


12:07:15.0250 0692 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:07:15.0531 0692 ============================================================
12:07:15.0531 0692 Current date / time: 2012/08/16 12:07:15.0531
12:07:15.0531 0692 SystemInfo:
12:07:15.0531 0692
12:07:15.0546 0692 OS Version: 5.1.2600 ServicePack: 3.0
12:07:15.0546 0692 Product type: Workstation
12:07:15.0546 0692 ComputerName: YOUR-0A89A14CFD
12:07:15.0546 0692 UserName: MY PC
12:07:15.0546 0692 Windows directory: C:\WINDOWS
12:07:15.0546 0692 System windows directory: C:\WINDOWS
12:07:15.0546 0692 Processor architecture: Intel x86
12:07:15.0546 0692 Number of processors: 2
12:07:15.0546 0692 Page size: 0x1000
12:07:15.0546 0692 Boot type: Normal boot
12:07:15.0546 0692 ============================================================
12:07:16.0312 0692 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:07:16.0312 0692 ============================================================
12:07:16.0312 0692 \Device\Harddisk0\DR0:
12:07:16.0328 0692 MBR partitions:
12:07:16.0328 0692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800800, BlocksNum 0x12218EB0
12:07:16.0328 0692 ============================================================
12:07:16.0390 0692 C: <-> \Device\Harddisk0\DR0\Partition1
12:07:16.0390 0692 ============================================================
12:07:16.0390 0692 Initialize success
12:07:16.0390 0692 ============================================================
12:08:14.0859 3764 ============================================================
12:08:14.0859 3764 Scan started
12:08:14.0859 3764 Mode: Manual; SigCheck; TDLFS;
12:08:14.0859 3764 ============================================================
12:08:14.0968 3764 ================ Scan services =============================
12:08:15.0093 3764 Abiosdsk - ok
12:08:15.0109 3764 abp480n5 - ok
12:08:15.0171 3764 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:08:16.0375 3764 ACPI - ok
12:08:16.0421 3764 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:08:16.0625 3764 ACPIEC - ok
12:08:16.0640 3764 adpu160m - ok
12:08:16.0656 3764 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:08:16.0875 3764 aec - ok
12:08:16.0953 3764 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:08:17.0015 3764 AFD - ok
12:08:17.0015 3764 Aha154x - ok
12:08:17.0031 3764 aic78u2 - ok
12:08:17.0031 3764 aic78xx - ok
12:08:17.0078 3764 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:08:17.0265 3764 Alerter - ok
12:08:17.0296 3764 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
12:08:17.0390 3764 ALG - ok
12:08:17.0390 3764 AliIde - ok
12:08:17.0484 3764 [ f6af59d6eee5e1c304f7f73706ad11d8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
12:08:17.0687 3764 Ambfilt - ok
12:08:17.0703 3764 amsint - ok
12:08:17.0828 3764 [ 0a1cc583e8147004e4ad4625d7fbf88c ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:08:17.0875 3764 AntiVirSchedulerService - ok
12:08:17.0921 3764 [ c9a36ef935aced86aedf93e97e606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:08:17.0953 3764 AntiVirService - ok
12:08:17.0953 3764 AppMgmt - ok
12:08:17.0968 3764 asc - ok
12:08:17.0968 3764 asc3350p - ok
12:08:17.0984 3764 asc3550 - ok
12:08:18.0031 3764 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:08:18.0234 3764 AsyncMac - ok
12:08:18.0265 3764 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
12:08:18.0500 3764 atapi - ok
12:08:18.0500 3764 Atdisk - ok
12:08:18.0546 3764 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:08:18.0765 3764 Atmarpc - ok
12:08:18.0828 3764 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:08:19.0046 3764 AudioSrv - ok
12:08:19.0062 3764 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:08:19.0281 3764 audstub - ok
12:08:19.0296 3764 [ d5541f0afb767e85fc412fc609d96a74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:08:19.0453 3764 avgntflt - ok
12:08:19.0484 3764 [ 7d967a682d4694df7fa57d63a2db01fe ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:08:19.0515 3764 avipbb - ok
12:08:19.0546 3764 [ 271cfd1a989209b1964e24d969552bf7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
12:08:19.0562 3764 avkmgr - ok
12:08:19.0609 3764 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:08:19.0828 3764 Beep - ok
12:08:19.0890 3764 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:08:20.0156 3764 BITS - ok
12:08:20.0218 3764 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser C:\WINDOWS\System32\browser.dll
12:08:20.0453 3764 Browser - ok
12:08:20.0500 3764 [ b279426e3c0c344893ed78a613a73bde ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:08:20.0718 3764 BthEnum - ok
12:08:20.0734 3764 [ 80602b8746d3738f5886ce3d67ef06b6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:08:20.0937 3764 BthPan - ok
12:08:21.0015 3764 [ 662bfd909447dd9cc15b1a1c366583b4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
12:08:21.0093 3764 BTHPORT - ok
12:08:21.0125 3764 [ f4c43c66471b87996d95db7a3a664a37 ] BthServ C:\WINDOWS\System32\bthserv.dll
12:08:21.0343 3764 BthServ - ok
12:08:21.0390 3764 [ 61364cd71ef63b0f038b7e9df00f1efa ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:08:21.0625 3764 BTHUSB - ok
12:08:21.0656 3764 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:08:21.0859 3764 cbidf2k - ok
12:08:21.0890 3764 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:08:22.0093 3764 CCDECODE - ok
12:08:22.0109 3764 cd20xrnt - ok
12:08:22.0171 3764 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:08:22.0375 3764 Cdaudio - ok
12:08:22.0421 3764 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:08:22.0625 3764 Cdfs - ok
12:08:22.0640 3764 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:08:22.0875 3764 Cdrom - ok
12:08:22.0875 3764 Changer - ok
12:08:22.0937 3764 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:08:23.0156 3764 CiSvc - ok
12:08:23.0187 3764 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:08:23.0406 3764 ClipSrv - ok
12:08:23.0453 3764 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:08:23.0687 3764 CmBatt - ok
12:08:23.0703 3764 CmdIde - ok
12:08:23.0734 3764 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:08:23.0937 3764 Compbatt - ok
12:08:23.0953 3764 COMSysApp - ok
12:08:23.0968 3764 Cpqarray - ok
12:08:24.0000 3764 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:08:24.0203 3764 CryptSvc - ok
12:08:24.0218 3764 dac2w2k - ok
12:08:24.0218 3764 dac960nt - ok
12:08:24.0281 3764 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:08:24.0375 3764 DcomLaunch - ok
12:08:24.0421 3764 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:08:24.0640 3764 Dhcp - ok
12:08:24.0640 3764 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:08:24.0859 3764 Disk - ok
12:08:24.0875 3764 dmadmin - ok
12:08:24.0937 3764 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:08:25.0218 3764 dmboot - ok
12:08:25.0234 3764 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:08:25.0468 3764 dmio - ok
12:08:25.0500 3764 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:08:25.0703 3764 dmload - ok
12:08:25.0765 3764 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:08:25.0968 3764 dmserver - ok
12:08:26.0015 3764 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:08:26.0234 3764 DMusic - ok
12:08:26.0281 3764 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:08:26.0343 3764 Dnscache - ok
12:08:26.0375 3764 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:08:26.0593 3764 Dot3svc - ok
12:08:26.0609 3764 dpti2o - ok
12:08:26.0656 3764 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:08:26.0875 3764 drmkaud - ok
12:08:26.0921 3764 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:08:27.0125 3764 EapHost - ok
12:08:27.0187 3764 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:08:27.0406 3764 ERSvc - ok
12:08:27.0468 3764 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:08:27.0515 3764 Eventlog - ok
12:08:27.0546 3764 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
12:08:27.0609 3764 EventSystem - ok
12:08:27.0640 3764 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:08:27.0843 3764 Fastfat - ok
12:08:27.0906 3764 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:08:28.0000 3764 FastUserSwitchingCompatibility - ok
12:08:28.0046 3764 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:08:28.0250 3764 Fdc - ok
12:08:28.0312 3764 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:08:28.0515 3764 Fips - ok
12:08:28.0531 3764 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:08:28.0734 3764 Flpydisk - ok
12:08:28.0765 3764 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:08:29.0000 3764 FltMgr - ok
12:08:29.0015 3764 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:08:29.0218 3764 Fs_Rec - ok
12:08:29.0218 3764 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:08:29.0437 3764 Ftdisk - ok
12:08:29.0484 3764 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:08:29.0703 3764 Gpc - ok
12:08:29.0734 3764 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:08:29.0968 3764 HDAudBus - ok
12:08:30.0062 3764 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:08:30.0281 3764 helpsvc - ok
12:08:30.0296 3764 HidServ - ok
12:08:30.0328 3764 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:08:30.0531 3764 HidUsb - ok
12:08:30.0593 3764 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:08:30.0796 3764 hkmsvc - ok
12:08:30.0812 3764 hpn - ok
12:08:30.0875 3764 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:08:30.0921 3764 HTTP - ok
12:08:30.0968 3764 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:08:31.0187 3764 HTTPFilter - ok
12:08:31.0203 3764 i2omgmt - ok
12:08:31.0218 3764 i2omp - ok
12:08:31.0250 3764 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:08:31.0468 3764 i8042prt - ok
12:08:31.0578 3764 [ 0d16e362b66a0c1d01b015f517129d13 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:08:31.0625 3764 IAANTMON - ok
12:08:31.0843 3764 [ 48846b31be5a4fa662ccfde7a1ba86b9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:08:32.0265 3764 ialm - ok
12:08:32.0328 3764 [ 8ef427c54497c5f8a7a645990e4278c7 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
12:08:32.0359 3764 iaStor - ok
12:08:32.0390 3764 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:08:32.0593 3764 Imapi - ok
12:08:32.0656 3764 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:08:32.0890 3764 ImapiService - ok
12:08:32.0906 3764 ini910u - ok
12:08:33.0140 3764 [ f9bb9063a6557098dbaf7396e026c922 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:08:33.0546 3764 IntcAzAudAddService - ok
12:08:33.0562 3764 IntelIde - ok
12:08:33.0578 3764 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:08:33.0781 3764 intelppm - ok
12:08:33.0828 3764 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:08:34.0062 3764 Ip6Fw - ok
12:08:34.0109 3764 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:08:34.0312 3764 IpFilterDriver - ok
12:08:34.0343 3764 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:08:34.0578 3764 IpInIp - ok
12:08:34.0593 3764 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:08:34.0812 3764 IpNat - ok
12:08:34.0828 3764 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:08:35.0078 3764 IPSec - ok
12:08:35.0125 3764 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:08:35.0203 3764 IRENUM - ok
12:08:35.0234 3764 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:08:35.0453 3764 isapnp - ok
12:08:35.0562 3764 [ 28e8a9984ba1297efe44b6138d2ca51e ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:08:35.0609 3764 JavaQuickStarterService - ok
12:08:35.0625 3764 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:08:35.0890 3764 Kbdclass - ok
12:08:35.0953 3764 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:08:36.0171 3764 kmixer - ok
12:08:36.0218 3764 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:08:36.0281 3764 KSecDD - ok
12:08:36.0312 3764 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:08:36.0390 3764 LanmanServer - ok
12:08:36.0437 3764 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:08:36.0484 3764 lanmanworkstation - ok
12:08:36.0484 3764 lbrtfdc - ok
12:08:36.0546 3764 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:08:36.0750 3764 LmHosts - ok
12:08:36.0796 3764 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:08:37.0046 3764 Messenger - ok
12:08:37.0140 3764 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:08:37.0171 3764 Microsoft Office Groove Audit Service - ok
12:08:37.0203 3764 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:08:37.0437 3764 mnmdd - ok
12:08:37.0484 3764 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:08:37.0718 3764 mnmsrvc - ok
12:08:37.0750 3764 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:08:37.0968 3764 Modem - ok
12:08:38.0046 3764 [ 9fa7207d1b1adead88ae8eed9cdbbaa5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
12:08:38.0218 3764 Monfilt - ok
12:08:38.0265 3764 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:08:38.0484 3764 Mouclass - ok
12:08:38.0515 3764 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:08:38.0718 3764 mouhid - ok
12:08:38.0765 3764 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:08:38.0984 3764 MountMgr - ok
12:08:39.0000 3764 mraid35x - ok
12:08:39.0015 3764 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:08:39.0250 3764 MRxDAV - ok
12:08:39.0312 3764 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:08:39.0406 3764 MRxSmb - ok
12:08:39.0437 3764 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:08:39.0640 3764 MSDTC - ok
12:08:39.0656 3764 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:08:39.0875 3764 Msfs - ok
12:08:39.0890 3764 MSIServer - ok
12:08:39.0906 3764 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:08:40.0125 3764 MSKSSRV - ok
12:08:40.0125 3764 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:08:40.0343 3764 MSPCLOCK - ok
12:08:40.0359 3764 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:08:40.0609 3764 MSPQM - ok
12:08:40.0640 3764 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:08:40.0859 3764 mssmbios - ok
12:08:40.0890 3764 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:08:41.0093 3764 MSTEE - ok
12:08:41.0171 3764 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:08:41.0203 3764 Mup - ok
12:08:41.0218 3764 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:08:41.0453 3764 NABTSFEC - ok
12:08:41.0500 3764 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:08:41.0718 3764 napagent - ok
12:08:41.0781 3764 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:08:42.0031 3764 NDIS - ok
12:08:42.0031 3764 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:08:42.0250 3764 NdisIP - ok
12:08:42.0281 3764 [ e87c0cee30b5f6f4a2b80011941dc5bd ] Ndisipo C:\WINDOWS\system32\DRIVERS\ndisipo.sys
12:08:42.0281 3764 Ndisipo ( UnsignedFile.Multi.Generic ) - warning
12:08:42.0296 3764 Ndisipo - detected UnsignedFile.Multi.Generic (1)
12:08:42.0343 3764 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:08:42.0390 3764 NdisTapi - ok
12:08:42.0421 3764 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:08:42.0640 3764 Ndisuio - ok
12:08:42.0640 3764 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:08:42.0859 3764 NdisWan - ok
12:08:42.0921 3764 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:08:42.0968 3764 NDProxy - ok
12:08:43.0015 3764 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:08:43.0234 3764 NetBIOS - ok
12:08:43.0250 3764 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:08:43.0468 3764 NetBT - ok
12:08:43.0515 3764 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
12:08:43.0765 3764 NetDDE - ok
12:08:43.0765 3764 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:08:43.0984 3764 NetDDEdsdm - ok
12:08:44.0046 3764 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:08:44.0265 3764 Netlogon - ok
12:08:44.0281 3764 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
12:08:44.0515 3764 Netman - ok
12:08:44.0593 3764 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:08:44.0640 3764 Nla - ok
12:08:44.0640 3764 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:08:44.0859 3764 Npfs - ok
12:08:44.0921 3764 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:08:45.0203 3764 Ntfs - ok
12:08:45.0203 3764 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:08:45.0421 3764 NtLmSsp - ok
12:08:45.0500 3764 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:08:45.0734 3764 NtmsSvc - ok
12:08:45.0796 3764 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
12:08:46.0015 3764 Null - ok
12:08:46.0062 3764 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:08:46.0296 3764 NwlnkFlt - ok
12:08:46.0328 3764 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:08:46.0531 3764 NwlnkFwd - ok
12:08:46.0718 3764 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:08:46.0781 3764 odserv - ok
12:08:46.0828 3764 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:08:46.0859 3764 ose - ok
12:08:46.0921 3764 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:08:47.0140 3764 Parport - ok
12:08:47.0203 3764 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:08:47.0406 3764 PartMgr - ok
12:08:47.0468 3764 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:08:47.0687 3764 ParVdm - ok
12:08:47.0703 3764 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:08:47.0906 3764 PCI - ok
12:08:47.0921 3764 PCIDump - ok
12:08:47.0937 3764 PCIIde - ok
12:08:47.0984 3764 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:08:48.0218 3764 Pcmcia - ok
12:08:48.0218 3764 PDCOMP - ok
12:08:48.0234 3764 PDFRAME - ok
12:08:48.0234 3764 PDRELI - ok
12:08:48.0250 3764 PDRFRAME - ok
12:08:48.0265 3764 perc2 - ok
12:08:48.0265 3764 perc2hib - ok
12:08:48.0312 3764 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:08:48.0359 3764 PlugPlay - ok
12:08:48.0375 3764 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:08:48.0578 3764 PolicyAgent - ok
12:08:48.0593 3764 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:08:48.0812 3764 PptpMiniport - ok
12:08:48.0828 3764 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:08:49.0031 3764 ProtectedStorage - ok
12:08:49.0046 3764 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:08:49.0265 3764 PSched - ok
12:08:49.0281 3764 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:08:49.0484 3764 Ptilink - ok
12:08:49.0500 3764 ql1080 - ok
12:08:49.0500 3764 Ql10wnt - ok
12:08:49.0515 3764 ql12160 - ok
12:08:49.0531 3764 ql1240 - ok
12:08:49.0531 3764 ql1280 - ok
12:08:49.0562 3764 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:08:49.0765 3764 RasAcd - ok
12:08:49.0828 3764 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:08:50.0031 3764 RasAuto - ok
12:08:50.0062 3764 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:08:50.0281 3764 Rasl2tp - ok
12:08:50.0312 3764 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:08:50.0515 3764 RasMan - ok
12:08:50.0546 3764 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:08:50.0765 3764 RasPppoe - ok
12:08:50.0781 3764 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:08:50.0984 3764 Raspti - ok
12:08:51.0046 3764 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:08:51.0281 3764 Rdbss - ok
12:08:51.0296 3764 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:08:51.0515 3764 RDPCDD - ok
12:08:51.0578 3764 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:08:51.0656 3764 RDPWD - ok
12:08:51.0687 3764 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:08:51.0906 3764 RDSessMgr - ok
12:08:51.0968 3764 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:08:52.0171 3764 redbook - ok
12:08:52.0218 3764 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:08:52.0437 3764 RemoteAccess - ok
12:08:52.0453 3764 [ 851c30df2807fcfa21e4c681a7d6440e ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:08:52.0656 3764 RFCOMM - ok
12:08:52.0703 3764 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
12:08:52.0906 3764 RpcLocator - ok
12:08:52.0953 3764 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:08:53.0000 3764 RpcSs - ok
12:08:53.0031 3764 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:08:53.0250 3764 RSVP - ok
12:08:53.0312 3764 [ 85334aa5417ba063e9aae58eb3c7280d ] rtl8187Se C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys
12:08:53.0375 3764 rtl8187Se - ok
12:08:53.0390 3764 [ 839141088ad7ee90f5b441b2d1afd22c ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:08:53.0468 3764 RTLE8023xp - ok
12:08:53.0500 3764 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:08:53.0718 3764 SamSs - ok
12:08:53.0765 3764 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:08:54.0000 3764 SCardSvr - ok
12:08:54.0015 3764 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:08:54.0234 3764 Schedule - ok
12:08:54.0265 3764 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:08:54.0343 3764 Secdrv - ok
12:08:54.0390 3764 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:08:54.0593 3764 seclogon - ok
12:08:54.0609 3764 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
12:08:54.0828 3764 SENS - ok
12:08:54.0843 3764 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:08:55.0078 3764 Serial - ok
12:08:55.0109 3764 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:08:55.0328 3764 Sfloppy - ok
12:08:55.0390 3764 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:08:55.0625 3764 SharedAccess - ok
12:08:55.0656 3764 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:08:55.0687 3764 ShellHWDetection - ok
12:08:55.0703 3764 Simbad - ok
12:08:55.0718 3764 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:08:55.0937 3764 SLIP - ok
12:08:55.0953 3764 Sparrow - ok
12:08:56.0015 3764 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:08:56.0218 3764 splitter - ok
12:08:56.0265 3764 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:08:56.0328 3764 Spooler - ok
12:08:56.0406 3764 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:08:56.0500 3764 sr - ok
12:08:56.0546 3764 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:08:56.0640 3764 srservice - ok
12:08:56.0734 3764 [ 9469fdadc50c9d07621be231dd792129 ] SRS_PostInstaller C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe
12:08:56.0750 3764 SRS_PostInstaller ( UnsignedFile.Multi.Generic ) - warning
12:08:56.0750 3764 SRS_PostInstaller - detected UnsignedFile.Multi.Generic (1)
12:08:56.0796 3764 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:08:56.0859 3764 Srv - ok
12:08:56.0890 3764 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:08:57.0000 3764 SSDPSRV - ok
12:08:57.0046 3764 [ a36ee93698802cd899f98bfd553d8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:08:57.0078 3764 ssmdrv - ok
12:08:57.0125 3764 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:08:57.0359 3764 stisvc - ok
12:08:57.0390 3764 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:08:57.0609 3764 streamip - ok
12:08:57.0625 3764 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:08:57.0828 3764 swenum - ok
12:08:57.0890 3764 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:08:58.0125 3764 swmidi - ok
12:08:58.0140 3764 SwPrv - ok
12:08:58.0140 3764 symc810 - ok
12:08:58.0156 3764 symc8xx - ok
12:08:58.0171 3764 sym_hi - ok
12:08:58.0171 3764 sym_u3 - ok
12:08:58.0250 3764 [ aee6e411a915f50101895ba8dc5c15d4 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:08:58.0296 3764 SynTP - ok
12:08:58.0312 3764 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:08:58.0546 3764 sysaudio - ok
12:08:58.0593 3764 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:08:58.0828 3764 SysmonLog - ok
12:08:58.0859 3764 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:08:59.0078 3764 TapiSrv - ok
12:08:59.0125 3764 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:08:59.0187 3764 Tcpip - ok
12:08:59.0218 3764 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:08:59.0453 3764 TDPIPE - ok
12:08:59.0500 3764 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:08:59.0703 3764 TDTCP - ok
12:08:59.0750 3764 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:08:59.0968 3764 TermDD - ok
12:08:59.0984 3764 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
12:09:00.0218 3764 TermService - ok
12:09:00.0250 3764 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
12:09:00.0281 3764 Themes - ok
12:09:00.0281 3764 TosIde - ok
12:09:00.0328 3764 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:09:00.0531 3764 TrkWks - ok
12:09:00.0593 3764 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:09:00.0828 3764 Udfs - ok
12:09:00.0828 3764 ultra - ok
12:09:00.0859 3764 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:09:01.0093 3764 Update - ok
12:09:01.0156 3764 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:09:01.0265 3764 upnphost - ok
12:09:01.0281 3764 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
12:09:01.0500 3764 UPS - ok
12:09:01.0562 3764 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:09:01.0781 3764 usbccgp - ok
12:09:01.0796 3764 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:09:02.0031 3764 usbehci - ok
12:09:02.0031 3764 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:09:02.0234 3764 usbhub - ok
12:09:02.0265 3764 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:09:02.0500 3764 usbscan - ok
12:09:02.0546 3764 [ a32426d9b14a089eaa1d922e0c5801a9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:09:02.0750 3764 usbstor - ok
12:09:02.0765 3764 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:09:03.0000 3764 usbuhci - ok
12:09:03.0000 3764 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:09:03.0218 3764 usbvideo - ok
12:09:03.0265 3764 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:09:03.0484 3764 VgaSave - ok
12:09:03.0484 3764 ViaIde - ok
12:09:03.0546 3764 [ 280757baf6030242424a9be5e3bd562b ] vm331avs C:\WINDOWS\system32\Drivers\vm331avs.sys
12:09:03.0687 3764 vm331avs - ok
12:09:03.0718 3764 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:09:03.0921 3764 VolSnap - ok
12:09:03.0984 3764 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
12:09:04.0093 3764 VSS - ok
12:09:04.0125 3764 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
12:09:04.0343 3764 W32Time - ok
12:09:04.0390 3764 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:09:04.0593 3764 Wanarp - ok
12:09:04.0640 3764 [ bbcfeab7e871cddac2d397ee7fa91fdc ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
12:09:04.0703 3764 Wdf01000 - ok
12:09:04.0703 3764 WDICA - ok
12:09:04.0750 3764 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:09:04.0968 3764 wdmaud - ok
12:09:04.0984 3764 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:09:05.0203 3764 WebClient - ok
12:09:05.0265 3764 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:09:05.0500 3764 winmgmt - ok
12:09:05.0562 3764 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:09:05.0609 3764 WmdmPmSN - ok
12:09:05.0640 3764 [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:09:05.0843 3764 WmiAcpi - ok
12:09:05.0890 3764 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:09:06.0125 3764 WmiApSrv - ok
12:09:06.0234 3764 [ f74e3d9a7fa9556c3bbb14d4e5e63d3b ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:09:06.0343 3764 WMPNetworkSvc - ok
12:09:06.0390 3764 [ ed55357ff5d8551f9d105163bcb70408 ] wowfilter C:\WINDOWS\system32\drivers\wowfilter.sys
12:09:06.0406 3764 wowfilter ( UnsignedFile.Multi.Generic ) - warning
12:09:06.0406 3764 wowfilter - detected UnsignedFile.Multi.Generic (1)
12:09:06.0468 3764 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:09:06.0671 3764 wscsvc - ok
12:09:06.0703 3764 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:09:06.0921 3764 WSTCODEC - ok
12:09:06.0937 3764 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:09:07.0140 3764 wuauserv - ok
12:09:07.0187 3764 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:09:07.0265 3764 WudfPf - ok
12:09:07.0281 3764 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:09:07.0312 3764 WudfRd - ok
12:09:07.0343 3764 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:09:07.0375 3764 WudfSvc - ok
12:09:07.0406 3764 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:09:07.0656 3764 WZCSVC - ok
12:09:07.0703 3764 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:09:07.0937 3764 xmlprov - ok
12:09:07.0968 3764 ================ Scan global ===============================
12:09:08.0015 3764 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
12:09:08.0046 3764 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:09:08.0078 3764 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:09:08.0109 3764 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:09:08.0109 3764 [Global] - ok
12:09:08.0109 3764 ================ Scan MBR ==================================
12:09:08.0140 3764 MBR (0x1B8) (d0e3b597d866a08d68ab4778454119c9) \Device\Harddisk0\DR0
12:09:16.0796 3764 \Device\Harddisk0\DR0 - ok
12:09:16.0796 3764 ================ Scan VBR ==================================
12:09:16.0812 3764 Boot (0x1200) (0c374116f4611995b94cb10cf52f2167) \Device\Harddisk0\DR0\Partition1
12:09:16.0812 3764 \Device\Harddisk0\DR0\Partition1 - ok
12:09:16.0812 3764 ============================================================
12:09:16.0812 3764 Scan finished
12:09:16.0812 3764 ============================================================
12:09:16.0953 3852 Detected object count: 3
12:09:16.0953 3852 Actual detected object count: 3
12:16:36.0828 3852 Ndisipo ( UnsignedFile.Multi.Generic ) - skipped by user
12:16:36.0828 3852 Ndisipo ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:16:36.0828 3852 SRS_PostInstaller ( UnsignedFile.Multi.Generic ) - skipped by user
12:16:36.0828 3852 SRS_PostInstaller ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:16:36.0828 3852 wowfilter ( UnsignedFile.Multi.Generic ) - skipped by user
12:16:36.0828 3852 wowfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:17:55.0109 0452 ============================================================
12:17:55.0109 0452 Scan started
12:17:55.0109 0452 Mode: Manual; SigCheck; TDLFS;
12:17:55.0109 0452 ============================================================
12:17:55.0234 0452 ================ Scan services =============================
12:17:55.0359 0452 Abiosdsk - ok
12:17:55.0375 0452 abp480n5 - ok
12:17:55.0437 0452 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:17:56.0078 0452 ACPI - ok
12:17:56.0093 0452 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:17:56.0328 0452 ACPIEC - ok
12:17:56.0343 0452 adpu160m - ok
12:17:56.0406 0452 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:17:56.0609 0452 aec - ok
12:17:56.0687 0452 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:17:56.0718 0452 AFD - ok
12:17:56.0718 0452 Aha154x - ok
12:17:56.0734 0452 aic78u2 - ok
12:17:56.0750 0452 aic78xx - ok
12:17:56.0781 0452 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:17:57.0000 0452 Alerter - ok
12:17:57.0015 0452 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
12:17:57.0109 0452 ALG - ok
12:17:57.0125 0452 AliIde - ok
12:17:57.0187 0452 [ f6af59d6eee5e1c304f7f73706ad11d8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
12:17:57.0343 0452 Ambfilt - ok
12:17:57.0359 0452 amsint - ok
12:17:57.0484 0452 [ 0a1cc583e8147004e4ad4625d7fbf88c ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:17:57.0515 0452 AntiVirSchedulerService - ok
12:17:57.0531 0452 [ c9a36ef935aced86aedf93e97e606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:17:57.0562 0452 AntiVirService - ok
12:17:57.0562 0452 AppMgmt - ok
12:17:57.0578 0452 asc - ok
12:17:57.0593 0452 asc3350p - ok
12:17:57.0593 0452 asc3550 - ok
12:17:57.0640 0452 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:17:57.0843 0452 AsyncMac - ok
12:17:57.0890 0452 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
12:17:58.0125 0452 atapi - ok
12:17:58.0140 0452 Atdisk - ok
12:17:58.0156 0452 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:17:58.0375 0452 Atmarpc - ok
12:17:58.0437 0452 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:17:58.0656 0452 AudioSrv - ok
12:17:58.0687 0452 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:17:58.0890 0452 audstub - ok
12:17:58.0921 0452 [ d5541f0afb767e85fc412fc609d96a74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:17:58.0953 0452 avgntflt - ok
12:17:58.0984 0452 [ 7d967a682d4694df7fa57d63a2db01fe ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:17:59.0015 0452 avipbb - ok
12:17:59.0046 0452 [ 271cfd1a989209b1964e24d969552bf7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
12:17:59.0062 0452 avkmgr - ok
12:17:59.0109 0452 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:17:59.0328 0452 Beep - ok
12:17:59.0390 0452 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:17:59.0609 0452 BITS - ok
12:17:59.0687 0452 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser C:\WINDOWS\System32\browser.dll
12:17:59.0906 0452 Browser - ok
12:17:59.0921 0452 [ b279426e3c0c344893ed78a613a73bde ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:18:00.0140 0452 BthEnum - ok
12:18:00.0156 0452 [ 80602b8746d3738f5886ce3d67ef06b6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:18:00.0375 0452 BthPan - ok
12:18:00.0437 0452 [ 662bfd909447dd9cc15b1a1c366583b4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
12:18:00.0484 0452 BTHPORT - ok
12:18:00.0500 0452 [ f4c43c66471b87996d95db7a3a664a37 ] BthServ C:\WINDOWS\System32\bthserv.dll
12:18:00.0750 0452 BthServ - ok
12:18:00.0781 0452 [ 61364cd71ef63b0f038b7e9df00f1efa ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:18:01.0000 0452 BTHUSB - ok
12:18:01.0031 0452 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:18:01.0234 0452 cbidf2k - ok
12:18:01.0265 0452 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:18:01.0484 0452 CCDECODE - ok
12:18:01.0484 0452 cd20xrnt - ok
12:18:01.0546 0452 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:18:01.0750 0452 Cdaudio - ok
12:18:01.0781 0452 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:18:02.0031 0452 Cdfs - ok
12:18:02.0031 0452 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:18:02.0250 0452 Cdrom - ok
12:18:02.0250 0452 Changer - ok
12:18:02.0296 0452 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:18:02.0531 0452 CiSvc - ok
12:18:02.0578 0452 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:18:02.0781 0452 ClipSrv - ok
12:18:02.0828 0452 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:18:03.0031 0452 CmBatt - ok
12:18:03.0046 0452 CmdIde - ok
12:18:03.0062 0452 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:18:03.0250 0452 Compbatt - ok
12:18:03.0265 0452 COMSysApp - ok
12:18:03.0296 0452 Cpqarray - ok
12:18:03.0312 0452 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:18:03.0531 0452 CryptSvc - ok
12:18:03.0546 0452 dac2w2k - ok
12:18:03.0546 0452 dac960nt - ok
12:18:03.0625 0452 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:18:03.0703 0452 DcomLaunch - ok
12:18:03.0750 0452 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:18:03.0953 0452 Dhcp - ok
12:18:03.0968 0452 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:18:04.0203 0452 Disk - ok
12:18:04.0218 0452 dmadmin - ok
12:18:04.0265 0452 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:18:04.0531 0452 dmboot - ok
12:18:04.0578 0452 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:18:04.0812 0452 dmio - ok
12:18:04.0843 0452 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:18:05.0046 0452 dmload - ok
12:18:05.0109 0452 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:18:05.0312 0452 dmserver - ok
12:18:05.0343 0452 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:18:05.0562 0452 DMusic - ok
12:18:05.0593 0452 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:18:05.0625 0452 Dnscache - ok
12:18:05.0656 0452 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:18:05.0875 0452 Dot3svc - ok
12:18:05.0875 0452 dpti2o - ok
12:18:05.0890 0452 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:18:06.0093 0452 drmkaud - ok
12:18:06.0125 0452 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:18:06.0343 0452 EapHost - ok
12:18:06.0390 0452 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:18:06.0593 0452 ERSvc - ok
12:18:06.0656 0452 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:18:06.0703 0452 Eventlog - ok
12:18:06.0734 0452 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
12:18:06.0781 0452 EventSystem - ok
12:18:06.0828 0452 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:18:07.0046 0452 Fastfat - ok
12:18:07.0109 0452 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:18:07.0156 0452 FastUserSwitchingCompatibility - ok
12:18:07.0187 0452 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:18:07.0406 0452 Fdc - ok
12:18:07.0421 0452 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:18:07.0625 0452 Fips - ok
12:18:07.0640 0452 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:18:07.0843 0452 Flpydisk - ok
12:18:07.0875 0452 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:18:08.0078 0452 FltMgr - ok
12:18:08.0078 0452 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:18:08.0296 0452 Fs_Rec - ok
12:18:08.0296 0452 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:18:08.0500 0452 Ftdisk - ok
12:18:08.0531 0452 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:18:08.0734 0452 Gpc - ok
12:18:08.0781 0452 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:18:08.0984 0452 HDAudBus - ok
12:18:09.0093 0452 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:18:09.0312 0452 helpsvc - ok
12:18:09.0312 0452 HidServ - ok
12:18:09.0359 0452 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:18:09.0562 0452 HidUsb - ok
12:18:09.0625 0452 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:18:09.0843 0452 hkmsvc - ok
12:18:09.0843 0452 hpn - ok
12:18:09.0906 0452 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:18:09.0937 0452 HTTP - ok
12:18:09.0984 0452 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:18:10.0203 0452 HTTPFilter - ok
12:18:10.0203 0452 i2omgmt - ok
12:18:10.0218 0452 i2omp - ok
12:18:10.0250 0452 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:18:10.0453 0452 i8042prt - ok
12:18:10.0562 0452 [ 0d16e362b66a0c1d01b015f517129d13 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:18:10.0609 0452 IAANTMON - ok
12:18:10.0828 0452 [ 48846b31be5a4fa662ccfde7a1ba86b9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:18:11.0093 0452 ialm - ok
12:18:11.0156 0452 [ 8ef427c54497c5f8a7a645990e4278c7 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
12:18:11.0187 0452 iaStor - ok
12:18:11.0218 0452 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:18:11.0437 0452 Imapi - ok
12:18:11.0484 0452 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:18:11.0718 0452 ImapiService - ok
12:18:11.0718 0452 ini910u - ok
12:18:11.0953 0452 [ f9bb9063a6557098dbaf7396e026c922 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:18:12.0234 0452 IntcAzAudAddService - ok
12:18:12.0234 0452 IntelIde - ok
12:18:12.0265 0452 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:18:12.0484 0452 intelppm - ok
12:18:12.0531 0452 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:18:12.0750 0452 Ip6Fw - ok
12:18:12.0796 0452 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:18:13.0015 0452 IpFilterDriver - ok
12:18:13.0062 0452 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:18:13.0296 0452 IpInIp - ok
12:18:13.0328 0452 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:18:13.0546 0452 IpNat - ok
12:18:13.0578 0452 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:18:13.0812 0452 IPSec - ok
12:18:13.0859 0452 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:18:13.0953 0452 IRENUM - ok
12:18:13.0984 0452 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:18:14.0203 0452 isapnp - ok
12:18:14.0296 0452 [ 28e8a9984ba1297efe44b6138d2ca51e ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:18:14.0328 0452 JavaQuickStarterService - ok
12:18:14.0343 0452 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:18:14.0562 0452 Kbdclass - ok
12:18:14.0625 0452 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:18:14.0859 0452 kmixer - ok
12:18:14.0890 0452 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:18:14.0937 0452 KSecDD - ok
12:18:14.0968 0452 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:18:15.0000 0452 LanmanServer - ok
12:18:15.0046 0452 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:18:15.0093 0452 lanmanworkstation - ok
12:18:15.0093 0452 lbrtfdc - ok
12:18:15.0156 0452 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:18:15.0359 0452 LmHosts - ok
12:18:15.0406 0452 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:18:15.0640 0452 Messenger - ok
12:18:15.0734 0452 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:18:15.0765 0452 Microsoft Office Groove Audit Service - ok
12:18:15.0812 0452 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:18:16.0015 0452 mnmdd - ok
12:18:16.0046 0452 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:18:16.0281 0452 mnmsrvc - ok
12:18:16.0328 0452 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:18:16.0531 0452 Modem - ok
12:18:16.0625 0452 [ 9fa7207d1b1adead88ae8eed9cdbbaa5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
12:18:16.0781 0452 Monfilt - ok
12:18:16.0812 0452 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:18:17.0015 0452 Mouclass - ok
12:18:17.0062 0452 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:18:17.0265 0452 mouhid - ok
12:18:17.0312 0452 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:18:17.0500 0452 MountMgr - ok
12:18:17.0515 0452 mraid35x - ok
12:18:17.0531 0452 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:18:17.0750 0452 MRxDAV - ok
12:18:17.0812 0452 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:18:17.0843 0452 MRxSmb - ok
12:18:17.0875 0452 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:18:18.0078 0452 MSDTC - ok
12:18:18.0109 0452 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:18:18.0343 0452 Msfs - ok
12:18:18.0343 0452 MSIServer - ok
12:18:18.0375 0452 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:18:18.0578 0452 MSKSSRV - ok
12:18:18.0593 0452 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:18:18.0781 0452 MSPCLOCK - ok
12:18:18.0812 0452 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:18:19.0031 0452 MSPQM - ok
12:18:19.0046 0452 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:18:19.0265 0452 mssmbios - ok
12:18:19.0296 0452 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:18:19.0484 0452 MSTEE - ok
12:18:19.0515 0452 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:18:19.0546 0452 Mup - ok
12:18:19.0562 0452 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:18:19.0765 0452 NABTSFEC - ok
12:18:19.0828 0452 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:18:20.0046 0452 napagent - ok
12:18:20.0078 0452 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:18:20.0312 0452 NDIS - ok
12:18:20.0328 0452 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:18:20.0531 0452 NdisIP - ok
12:18:20.0546 0452 [ e87c0cee30b5f6f4a2b80011941dc5bd ] Ndisipo C:\WINDOWS\system32\DRIVERS\ndisipo.sys
12:18:20.0562 0452 Ndisipo ( UnsignedFile.Multi.Generic ) - warning
12:18:20.0562 0452 Ndisipo - detected UnsignedFile.Multi.Generic (1)
12:18:20.0609 0452 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:18:20.0640 0452 NdisTapi - ok
12:18:20.0656 0452 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:18:20.0859 0452 Ndisuio - ok
12:18:20.0906 0452 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:18:21.0093 0452 NdisWan - ok
12:18:21.0156 0452 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:18:21.0203 0452 NDProxy - ok
12:18:21.0218 0452 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:18:21.0421 0452 NetBIOS - ok
12:18:21.0437 0452 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:18:21.0656 0452 NetBT - ok
12:18:21.0703 0452 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
12:18:21.0890 0452 NetDDE - ok
12:18:21.0906 0452 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:18:22.0109 0452 NetDDEdsdm - ok
12:18:22.0140 0452 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:18:22.0359 0452 Netlogon - ok
12:18:22.0390 0452 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
12:18:22.0593 0452 Netman - ok
12:18:22.0656 0452 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:18:22.0687 0452 Nla - ok
12:18:22.0703 0452 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:18:22.0906 0452 Npfs - ok
12:18:22.0984 0452 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:18:23.0203 0452 Ntfs - ok
12:18:23.0218 0452 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:18:23.0421 0452 NtLmSsp - ok
12:18:23.0484 0452 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:18:23.0703 0452 NtmsSvc - ok
12:18:23.0765 0452 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
12:18:24.0000 0452 Null - ok
12:18:24.0046 0452 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:18:24.0250 0452 NwlnkFlt - ok
12:18:24.0281 0452 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:18:24.0484 0452 NwlnkFwd - ok
12:18:24.0671 0452 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:18:24.0718 0452 odserv - ok
12:18:24.0765 0452 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:18:24.0796 0452 ose - ok
12:18:24.0859 0452 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:18:25.0062 0452 Parport - ok
12:18:25.0125 0452 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:18:25.0328 0452 PartMgr - ok
12:18:25.0375 0452 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:18:25.0593 0452 ParVdm - ok
12:18:25.0593 0452 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:18:25.0796 0452 PCI - ok
12:18:25.0796 0452 PCIDump - ok
12:18:25.0812 0452 PCIIde - ok
12:18:25.0843 0452 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:18:26.0062 0452 Pcmcia - ok
12:18:26.0078 0452 PDCOMP - ok
12:18:26.0093 0452 PDFRAME - ok
12:18:26.0093 0452 PDRELI - ok
12:18:26.0109 0452 PDRFRAME - ok
12:18:26.0109 0452 perc2 - ok
12:18:26.0125 0452 perc2hib - ok
12:18:26.0171 0452 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:18:26.0203 0452 PlugPlay - ok
12:18:26.0218 0452 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:18:26.0421 0452 PolicyAgent - ok
12:18:26.0453 0452 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:18:26.0640 0452 PptpMiniport - ok
12:18:26.0656 0452 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:18:26.0843 0452 ProtectedStorage - ok
12:18:26.0859 0452 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:18:27.0078 0452 PSched - ok
12:18:27.0093 0452 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:18:27.0281 0452 Ptilink - ok
12:18:27.0281 0452 ql1080 - ok
12:18:27.0296 0452 Ql10wnt - ok
12:18:27.0312 0452 ql12160 - ok
12:18:27.0312 0452 ql1240 - ok
12:18:27.0328 0452 ql1280 - ok
12:18:27.0343 0452 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:18:27.0531 0452 RasAcd - ok
12:18:27.0578 0452 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:18:27.0765 0452 RasAuto - ok
12:18:27.0781 0452 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:18:28.0000 0452 Rasl2tp - ok
12:18:28.0031 0452 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:18:28.0234 0452 RasMan - ok
12:18:28.0234 0452 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:18:28.0468 0452 RasPppoe - ok
12:18:28.0484 0452 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:18:28.0671 0452 Raspti - ok
12:18:28.0718 0452 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:18:28.0921 0452 Rdbss - ok
12:18:28.0921 0452 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:18:29.0125 0452 RDPCDD - ok
12:18:29.0187 0452 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:18:29.0250 0452 RDPWD - ok
12:18:29.0265 0452 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:18:29.0484 0452 RDSessMgr - ok
12:18:29.0546 0452 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:18:29.0734 0452 redbook - ok
12:18:29.0781 0452 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:18:29.0968 0452 RemoteAccess - ok
12:18:30.0015 0452 [ 851c30df2807fcfa21e4c681a7d6440e ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:18:30.0203 0452 RFCOMM - ok
12:18:30.0234 0452 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
12:18:30.0421 0452 RpcLocator - ok
12:18:30.0468 0452 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:18:30.0515 0452 RpcSs - ok
12:18:30.0546 0452 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:18:30.0750 0452 RSVP - ok
12:18:30.0828 0452 [ 85334aa5417ba063e9aae58eb3c7280d ] rtl8187Se C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys
12:18:30.0859 0452 rtl8187Se - ok
12:18:30.0890 0452 [ 839141088ad7ee90f5b441b2d1afd22c ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:18:30.0968 0452 RTLE8023xp - ok
12:18:30.0984 0452 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:18:31.0203 0452 SamSs - ok
12:18:31.0218 0452 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:18:31.0437 0452 SCardSvr - ok
12:18:31.0468 0452 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:18:31.0671 0452 Schedule - ok
12:18:31.0734 0452 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:18:31.0812 0452 Secdrv - ok
12:18:31.0859 0452 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:18:32.0046 0452 seclogon - ok
12:18:32.0062 0452 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
12:18:32.0250 0452 SENS - ok
12:18:32.0281 0452 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:18:32.0500 0452 Serial - ok
12:18:32.0531 0452 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:18:32.0718 0452 Sfloppy - ok
12:18:32.0765 0452 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:18:32.0984 0452 SharedAccess - ok
12:18:33.0031 0452 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:18:33.0062 0452 ShellHWDetection - ok
12:18:33.0062 0452 Simbad - ok
12:18:33.0078 0452 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:18:33.0296 0452 SLIP - ok
12:18:33.0296 0452 Sparrow - ok
12:18:33.0328 0452 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:18:33.0531 0452 splitter - ok
12:18:33.0578 0452 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:18:33.0609 0452 Spooler - ok
12:18:33.0656 0452 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:18:33.0765 0452 sr - ok
12:18:33.0796 0452 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:18:33.0890 0452 srservice - ok
12:18:33.0984 0452 [ 9469fdadc50c9d07621be231dd792129 ] SRS_PostInstaller C:\Program Files\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe
12:18:34.0000 0452 SRS_PostInstaller ( UnsignedFile.Multi.Generic ) - warning
12:18:34.0000 0452 SRS_PostInstaller - detected UnsignedFile.Multi.Generic (1)
12:18:34.0062 0452 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:18:34.0093 0452 Srv - ok
12:18:34.0140 0452 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:18:34.0234 0452 SSDPSRV - ok
12:18:34.0250 0452 [ a36ee93698802cd899f98bfd553d8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:18:34.0281 0452 ssmdrv - ok
12:18:34.0328 0452 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:18:34.0531 0452 stisvc - ok
12:18:34.0562 0452 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:18:34.0765 0452 streamip - ok
12:18:34.0781 0452 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:18:34.0984 0452 swenum - ok
12:18:35.0031 0452 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:18:35.0218 0452 swmidi - ok
12:18:35.0234 0452 SwPrv - ok
12:18:35.0234 0452 symc810 - ok
12:18:35.0250 0452 symc8xx - ok
12:18:35.0265 0452 sym_hi - ok
12:18:35.0265 0452 sym_u3 - ok
12:18:35.0343 0452 [ aee6e411a915f50101895ba8dc5c15d4 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:18:35.0375 0452 SynTP - ok
12:18:35.0406 0452 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:18:35.0609 0452 sysaudio - ok
12:18:35.0656 0452 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:18:35.0875 0452 SysmonLog - ok
12:18:35.0921 0452 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:18:36.0125 0452 TapiSrv - ok
12:18:36.0171 0452 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:18:36.0203 0452 Tcpip - ok
12:18:36.0234 0452 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:18:36.0437 0452 TDPIPE - ok
12:18:36.0468 0452 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:18:36.0671 0452 TDTCP - ok
12:18:36.0687 0452 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:18:36.0890 0452 TermDD - ok
12:18:36.0906 0452 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
12:18:37.0125 0452 TermService - ok
12:18:37.0156 0452 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
12:18:37.0187 0452 Themes - ok
12:18:37.0203 0452 TosIde - ok
12:18:37.0234 0452 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:18:37.0421 0452 TrkWks - ok
12:18:37.0484 0452 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:18:37.0703 0452 Udfs - ok
12:18:37.0703 0452 ultra - ok
12:18:37.0750 0452 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:18:37.0953 0452 Update - ok
12:18:38.0000 0452 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:18:38.0109 0452 upnphost - ok
12:18:38.0140 0452 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
12:18:38.0343 0452 UPS - ok
12:18:38.0390 0452 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:18:38.0593 0452 usbccgp - ok
12:18:38.0640 0452 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:18:38.0828 0452 usbehci - ok
12:18:38.0843 0452 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:18:39.0031 0452 usbhub - ok
12:18:39.0093 0452 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:18:39.0296 0452 usbscan - ok
12:18:39.0328 0452 [ a32426d9b14a089eaa1d922e0c5801a9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:18:39.0515 0452 usbstor - ok
12:18:39.0546 0452 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:18:39.0765 0452 usbuhci - ok
12:18:39.0765 0452 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:18:39.0984 0452 usbvideo - ok
12:18:40.0000 0452 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:18:40.0187 0452 VgaSave - ok
12:18:40.0203 0452 ViaIde - ok
12:18:40.0281 0452 [ 280757baf6030242424a9be5e3bd562b ] vm331avs C:\WINDOWS\system32\Drivers\vm331avs.sys
12:18:40.0375 0452 vm331avs - ok
12:18:40.0406 0452 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:18:40.0593 0452 VolSnap - ok
12:18:40.0656 0452 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
12:18:40.0750 0452 VSS - ok
12:18:40.0796 0452 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
12:18:41.0000 0452 W32Time - ok
12:18:41.0031 0452 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:18:41.0234 0452 Wanarp - ok
12:18:41.0281 0452 [ bbcfeab7e871cddac2d397ee7fa91fdc ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
12:18:41.0328 0452 Wdf01000 - ok
12:18:41.0343 0452 WDICA - ok
12:18:41.0359 0452 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:18:41.0578 0452 wdmaud - ok
12:18:41.0593 0452 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:18:41.0781 0452 WebClient - ok
12:18:41.0890 0452 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:18:42.0078 0452 winmgmt - ok
12:18:42.0140 0452 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:18:42.0171 0452 WmdmPmSN - ok
12:18:42.0203 0452 [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:18:42.0390 0452 WmiAcpi - ok
12:18:42.0437 0452 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:18:42.0656 0452 WmiApSrv - ok
12:18:42.0750 0452 [ f74e3d9a7fa9556c3bbb14d4e5e63d3b ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:18:42.0812 0452 WMPNetworkSvc - ok
12:18:42.0843 0452 [ ed55357ff5d8551f9d105163bcb70408 ] wowfilter C:\WINDOWS\system32\drivers\wowfilter.sys
12:18:42.0875 0452 wowfilter ( UnsignedFile.Multi.Generic ) - warning
12:18:42.0875 0452 wowfilter - detected UnsignedFile.Multi.Generic (1)
12:18:42.0921 0452 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:18:43.0140 0452 wscsvc - ok
12:18:43.0171 0452 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:18:43.0359 0452 WSTCODEC - ok
12:18:43.0421 0452 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:18:43.0609 0452 wuauserv - ok
12:18:43.0625 0452 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:18:43.0656 0452 WudfPf - ok
12:18:43.0671 0452 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:18:43.0703 0452 WudfRd - ok
12:18:43.0718 0452 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:18:43.0750 0452 WudfSvc - ok
12:18:43.0796 0452 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:18:44.0000 0452 WZCSVC - ok
12:18:44.0046 0452 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:18:44.0250 0452 xmlprov - ok
12:18:44.0265 0452 ================ Scan global ===============================
12:18:44.0328 0452 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
12:18:44.0359 0452 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:18:44.0390 0452 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:18:44.0421 0452 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:18:44.0421 0452 [Global] - ok
12:18:44.0421 0452 ================ Scan MBR ==================================
12:18:44.0453 0452 MBR (0x1B8) (d0e3b597d866a08d68ab4778454119c9) \Device\Harddisk0\DR0
12:18:53.0437 0452 \Device\Harddisk0\DR0 - ok
12:18:53.0437 0452 ================ Scan VBR ==================================
12:18:53.0437 0452 Boot (0x1200) (0c374116f4611995b94cb10cf52f2167) \Device\Harddisk0\DR0\Partition1
12:18:53.0453 0452 \Device\Harddisk0\DR0\Partition1 - ok
12:18:53.0453 0452 ============================================================
12:18:53.0453 0452 Scan finished
12:18:53.0453 0452 ============================================================
12:18:53.0468 2088 Detected object count: 3
12:18:53.0468 2088 Actual detected object count: 3
12:20:24.0656 2088 Ndisipo ( UnsignedFile.Multi.Generic ) - skipped by user
12:20:24.0656 2088 Ndisipo ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:20:24.0656 2088 SRS_PostInstaller ( UnsignedFile.Multi.Generic ) - skipped by user
12:20:24.0671 2088 SRS_PostInstaller ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:20:24.0671 2088 wowfilter ( UnsignedFile.Multi.Generic ) - skipped by user
12:20:24.0671 2088 wowfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:20:39.0531 3568 Deinitialize success

aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-16 12:22:28
-----------------------------
12:22:28.656 OS Version: Windows 5.1.2600 Service Pack 3
12:22:28.656 Number of processors: 2 586 0x1C02
12:22:28.656 ComputerName: YOUR-0A89A14CFD UserName: MY PC
12:22:29.484 Initialize success
12:23:03.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:23:03.375 Disk 0 Vendor: FUJITSU_ 0000 Size: 152627MB BusType: 3
12:23:03.406 Disk 0 MBR read successfully
12:23:03.406 Disk 0 MBR scan
12:23:03.421 Disk 0 unknown MBR code
12:23:03.421 Disk 0 Partition 1 00 12 Compaq diag NTFS 4096 MB offset 2048
12:23:03.437 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 148529 MB offset 8390656
12:23:03.453 Disk 0 scanning sectors +312579760
12:23:03.531 Disk 0 scanning C:\WINDOWS\system32\drivers
12:23:07.843 Service scanning
12:23:19.390 Modules scanning
12:23:25.640 Disk 0 trace - called modules:
12:23:25.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
12:23:25.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865c6380]
12:23:25.656 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\0000006a[0x865c8340]
12:23:25.656 5 ACPI.sys[f7495620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86538028]
12:23:25.671 Scan finished successfully
12:23:33.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\MY PC\My Documents\Downloads\MBR.dat"
12:23:33.968 The log file has been saved successfully to "C:\Documents and Settings\MY PC\My Documents\Downloads\aswMBR.txt"
  • 0

#8
Gammo
Posted 16 August 2012 - 11:09 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections.

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

Cheers,
Gammo :cool:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP