Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Father's PC is all gummed up

Started by FixDadsPC , Dec 01 2012 05:10 PM

  • This topic is locked This topic is locked

#1
FixDadsPC
Posted 01 December 2012 - 05:10 PM

FixDadsPC

    Member

  • Member
  • PipPip
  • 20 posts
Hi folks,

TIA for the help. Visiting my Dad, using his PC, it's atrociously slow. Not getting any particular error messages but by the looks of the software programs I've uninstalled, it looks like my recently deceased brother was trying everything to get this thing running better. Trying to get Dad some help before I leave on Monday morning. Here is the log:

OTL logfile created on: 12/1/2012 5:48:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 164.11 Mb Available Physical Memory | 32.15% Memory free
1.22 Gb Paging File | 0.71 Gb Available in Paging File | 58.07% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.87 Gb Total Space | 43.52 Gb Free Space | 77.88% Space Free | Partition Type: NTFS

Computer Name: EDSCOMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/01 17:48:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\desktop\OTL.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/07/03 05:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/11/20 14:12:24 | 000,282,713 | ---- | M] (GlobespanVirata, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe


========== Modules (No Company Name) ==========

MOD - [2003/10/20 15:32:00 | 000,147,456 | R--- | M] () -- C:\WINDOWS\system32\ssleay32.dll
MOD - [2003/10/20 15:31:58 | 000,651,264 | R--- | M] () -- C:\WINDOWS\system32\libeay32.dll


========== Services (SafeList) ==========

SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/12/02 00:29:16 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2010/12/02 00:16:01 | 000,017,968 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (VMSCSI)
DRV - [2010/12/02 00:12:01 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2010/11/17 22:59:03 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)
DRV - [2010/11/17 22:18:23 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2010/11/17 22:18:22 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2010/11/17 22:18:22 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2009/08/18 06:50:49 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2008/04/13 19:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/11/11 12:12:00 | 000,336,800 | ---- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02)
DRV - [2003/10/20 15:31:58 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 07 6E 19 B7 91 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120515
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/31 15:10:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/17 14:56:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/04 22:10:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/12/04 22:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/12/04 22:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/11/08 19:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions
[2012/06/18 04:42:02 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/04/01 13:20:34 | 001,184,804 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\[email protected]
[2012/10/12 23:05:14 | 000,743,290 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/02/02 20:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/31 15:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2010/12/01 17:47:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/01/31 15:10:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/31 15:10:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/31 15:10:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2002/09/03 13:39:21 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PRISMSVR.EXE] C:\WINDOWS\System32\PRISMSVR.EXE (GlobespanVirata, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Disk Cleaner.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} http://acer.custhelp...tivex/snret.cab (SNRet Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F9EACFA-78BF-46C2-B86D-20065D3258FE}: DhcpNameServer = 192.168.2.1 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\RailNotification: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/01 18:26:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a236c6f-fd70-11df-a6a3-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/01 17:47:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/12/01 11:58:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/11/10 13:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2012/11/10 13:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PC_Drivers_Headquarters
[2011/08/30 07:54:28 | 000,075,768 | ---- | C] (Microsoft Corp. - PC Drivers Headquarters) -- C:\Program Files\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll
[2011/08/30 07:54:28 | 000,063,424 | ---- | C] (Microsoft) -- C:\Program Files\Microsoft.Practices.ObjectBuilder.dll
[2011/08/30 07:54:26 | 000,124,864 | ---- | C] (Microsoft Corp. - PC Drivers Headquarters) -- C:\Program Files\Microsoft.ApplicationBlocks.Updater.dll
[2011/08/30 07:54:26 | 000,096,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Microsoft.Practices.EnterpriseLibrary.Common.dll
[2011/08/30 07:54:24 | 000,071,664 | ---- | C] (Microsoft Corp. - PC Drivers Headquarters) -- C:\Program Files\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll
[2011/08/30 07:54:24 | 000,034,784 | ---- | C] (Microsoft Corp. - PC Drivers Headquarters) -- C:\Program Files\Microsoft.ApplicationBlocks.Updater.Downloaders.dll
[2011/08/10 08:29:18 | 000,206,760 | ---- | C] (ICSharpCode.net) -- C:\Program Files\ICSharpCode.SharpZipLib.dll
[2011/08/10 08:29:14 | 000,661,392 | ---- | C] (CPUID) -- C:\Program Files\cpuidsdk.dll
[2011/08/10 08:29:10 | 000,044,432 | ---- | C] (Microsoft) -- C:\Program Files\Agent.CPU.exe
[2011/08/10 08:29:08 | 000,297,352 | ---- | C] (Microsoft) -- C:\Program Files\Common.dll
[2011/08/10 08:29:06 | 000,038,816 | ---- | C] (PC Drivers Headquarters) -- C:\Program Files\ExceptionLogging.dll
[2011/08/10 08:29:04 | 002,987,968 | ---- | C] (PC Drivers Headquarters) -- C:\Program Files\DriversHQ.DriverDetective.Client.exe
[2011/08/10 08:28:46 | 000,157,592 | ---- | C] (PC Drivers Headquarters) -- C:\Program Files\Agent.Common.dll
[2011/08/10 08:28:34 | 000,128,976 | ---- | C] (PC Drivers Headquarters) -- C:\Program Files\DriversHQ.DriverDetective.Client.Updater.exe
[2011/08/10 08:28:18 | 000,071,592 | ---- | C] (PC Drivers Headquarters) -- C:\Program Files\Agent.ExceptionLogging.dll
[2011/08/10 08:28:10 | 000,173,984 | ---- | C] (PC Drivers Headquarters) -- C:\Program Files\Agent.Communication.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/01 17:48:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/12/01 17:34:31 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/12/01 17:28:43 | 000,525,660 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/01 17:28:43 | 000,095,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/01 17:24:47 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/01 17:24:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/01 17:23:19 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/12/01 12:53:13 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/10 13:30:53 | 010,919,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\User Manual_Acer_1.0_A_A.pdf
[2012/11/10 13:12:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/11/09 23:00:11 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/01 17:23:16 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Disk Cleaner.lnk
[2012/11/10 13:29:52 | 010,919,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\User Manual_Acer_1.0_A_A.pdf
[2012/04/01 13:08:03 | 000,002,012 | ---- | C] () -- C:\Program Files\DriversHQ.DriverDetective.Client.InstallState
[2012/02/20 21:41:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/01 11:28:42 | 000,001,536 | ---- | C] () -- C:\Program Files\config.dat
[2011/08/30 07:54:22 | 000,014,224 | ---- | C] () -- C:\Program Files\ISUninstall.exe
[2011/08/30 07:46:46 | 000,002,316 | ---- | C] () -- C:\Program Files\DriversHQ.DriverDetective.Client.Updater.exe.config
[2011/08/30 07:46:22 | 000,002,595 | ---- | C] () -- C:\Program Files\DriversHQ.DriverDetective.Client.exe.config
[2011/08/10 08:29:16 | 000,092,064 | ---- | C] ( ) -- C:\Program Files\Interop.WUApiLib.dll
[2011/08/10 08:29:08 | 000,762,784 | ---- | C] () -- C:\Program Files\ThemePack.Default.dll
[2011/08/10 08:29:02 | 000,055,192 | ---- | C] () -- C:\Program Files\XPBurnComponent.dll
[2011/08/10 08:28:18 | 000,022,984 | ---- | C] () -- C:\Program Files\Agent.ExceptionLogging.XmlSerializers.dll
[2011/08/10 08:28:08 | 000,268,224 | ---- | C] () -- C:\Program Files\Agent.Communication.XmlSerializers.dll
[2011/04/12 15:09:06 | 000,000,248 | R--- | C] () -- C:\Program Files\Knowledge Base.url
[2011/02/04 13:46:07 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/02/04 13:46:06 | 000,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/02/02 08:23:49 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Owner\LOG
[2009/09/24 15:28:22 | 000,055,116 | ---- | C] () -- C:\Program Files\DriverDetective.chm

========== ZeroAccess Check ==========

[2010/12/01 17:49:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:56:35 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/12/01 18:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2012/04/01 13:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/04/01 12:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/02/04 13:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2012/11/10 13:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010/12/01 19:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AusLogics
[2011/02/02 20:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Disk Cleaner
[2011/02/02 20:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2010/12/01 21:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/12/01 18:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IconTweaker
[2012/04/01 12:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCDr
[2010/12/01 18:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softland
[2011/12/04 22:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2010/12/01 19:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/12/01 19:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 01 December 2012 - 10:26 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
FixDadsPC
Posted 02 December 2012 - 12:00 AM

FixDadsPC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Gringo, Thanks!

Here you go with the first one. Will post this since I need to close the browser to run the second diagnostic:

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Auslogics Registry Cleaner 2.0
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.2.152.21 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 10.0 Firefox out of Date!
Mozilla Thunderbird (3.1.7) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
  • 0

#4
FixDadsPC
Posted 02 December 2012 - 12:17 AM

FixDadsPC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here's the next one:

# AdwCleaner v2.010 - Logfile created 12/02/2012 at 01:08:07
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - EDSCOMPUTER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\AutocompletePro

***** [Registry] *****

Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AutocompletePro3_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Terrie\Application Data\Mozilla\Firefox\Profiles\x4er4zuc.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2162 octets] - [02/12/2012 01:08:07]

########## EOF - C:\AdwCleaner[S1].txt - [2222 octets] ##########
  • 0

#5
FixDadsPC
Posted 02 December 2012 - 12:22 AM

FixDadsPC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
last one:

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 12/02/2012 01:21:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC35L060AVV207-0 +++++
--- User ---
[MBR] ed7723d8dea8985e9664f7ef84f31354
[BSP] b92f8865a3ac7cc881ecda6e7bf344a4 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57215 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12022012_02d0121.txt >>
RKreport[1]_S_12022012_02d0120.txt ; RKreport[2]_D_12022012_02d0121.txt
  • 0

#6
gringo_pr
Posted 02 December 2012 - 12:41 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
FixDadsPC
Posted 02 December 2012 - 01:43 AM

FixDadsPC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here's what happened:
1)it did ask to install Recovery Console, which I did
2)also wanted to send an error report to Microsoft, which I declined

Here's the report:

ComboFix 12-12-01.02 - Owner 12/02/2012 2:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.232 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\OLD3.tmp
c:\windows\system32\OLD7.tmp
c:\windows\system32\OLDB.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 06:19 . 2012-12-02 06:19 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3A39D4E-9B62-460C-9BC7-EA589053323D}\MpKsl6a9e6c49.sys
2012-12-01 22:37 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3A39D4E-9B62-460C-9BC7-EA589053323D}\mpengine.dll
2012-11-30 01:19 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-10 18:15 . 2012-11-10 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2012-11-10 18:14 . 2012-11-10 18:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PC_Drivers_Headquarters
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:43 . 2010-08-31 12:38 1875328 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2008-04-14 09:42 58368 ----a-w- c:\windows\system32\synceng.dll
2011-08-30 12:54 . 2011-08-30 12:54 75768 ----a-w- c:\program files\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll
2011-08-30 12:54 . 2011-08-30 12:54 63424 ----a-w- c:\program files\Microsoft.Practices.ObjectBuilder.dll
2011-08-30 12:54 . 2011-08-30 12:54 96216 ----a-w- c:\program files\Microsoft.Practices.EnterpriseLibrary.Common.dll
2011-08-30 12:54 . 2011-08-30 12:54 124864 ----a-w- c:\program files\Microsoft.ApplicationBlocks.Updater.dll
2011-08-30 12:54 . 2011-08-30 12:54 71664 ----a-w- c:\program files\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll
2011-08-30 12:54 . 2011-08-30 12:54 34784 ----a-w- c:\program files\Microsoft.ApplicationBlocks.Updater.Downloaders.dll
2011-08-30 12:54 . 2011-08-30 12:54 14224 ----a-w- c:\program files\ISUninstall.exe
2011-08-10 13:29 . 2011-08-10 13:29 206760 ----a-w- c:\program files\ICSharpCode.SharpZipLib.dll
2011-08-10 13:29 . 2011-08-10 13:29 92064 ----a-w- c:\program files\Interop.WUApiLib.dll
2011-08-10 13:29 . 2011-08-10 13:29 661392 ----a-w- c:\program files\cpuidsdk.dll
2011-08-10 13:29 . 2011-08-10 13:29 44432 ----a-w- c:\program files\Agent.CPU.exe
2011-08-10 13:29 . 2011-08-10 13:29 762784 ----a-w- c:\program files\ThemePack.Default.dll
2011-08-10 13:29 . 2011-08-10 13:29 297352 ----a-w- c:\program files\Common.dll
2011-08-10 13:29 . 2011-08-10 13:29 38816 ----a-w- c:\program files\ExceptionLogging.dll
2011-08-10 13:29 . 2011-08-10 13:29 2987968 ----a-w- c:\program files\DriversHQ.DriverDetective.Client.exe
2011-08-10 13:29 . 2011-08-10 13:29 55192 ----a-w- c:\program files\XPBurnComponent.dll
2011-08-10 13:28 . 2011-08-10 13:28 157592 ----a-w- c:\program files\Agent.Common.dll
2011-08-10 13:28 . 2011-08-10 13:28 128976 ----a-w- c:\program files\DriversHQ.DriverDetective.Client.Updater.exe
2011-08-10 13:28 . 2011-08-10 13:28 71592 ----a-w- c:\program files\Agent.ExceptionLogging.dll
2011-08-10 13:28 . 2011-08-10 13:28 22984 ----a-w- c:\program files\Agent.ExceptionLogging.XmlSerializers.dll
2011-08-10 13:28 . 2011-08-10 13:28 173984 ----a-w- c:\program files\Agent.Communication.dll
2011-08-10 13:28 . 2011-08-10 13:28 268224 ----a-w- c:\program files\Agent.Communication.XmlSerializers.dll
2012-01-31 20:10 . 2011-02-03 01:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PRISMSVR.EXE"="c:\windows\system32\PRISMSVR.EXE" [2003-11-20 282713]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2009-03-08 128512]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Disk Cleaner.lnk - c:\program files\Disk Cleaner\dclean.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2010-12-1 128000]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [11/17/2010 10:18 PM 5632]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [11/17/2010 10:18 PM 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [11/17/2010 10:18 PM 5632]
R0 VMSCSI;vmscsi;c:\windows\system32\drivers\vmscsi.sys [11/17/2010 10:18 PM 17968]
R1 MpKsl6a9e6c49;MpKsl6a9e6c49;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3A39D4E-9B62-460C-9BC7-EA589053323D}\MpKsl6a9e6c49.sys [12/2/2012 1:19 AM 29904]
S0 Lsi_scsi;Lsi_scsi;c:\windows\system32\drivers\lsi_scsi.sys [12/2/2010 9:32 AM 93184]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [8/18/2009 6:50 AM 9472]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL6A9E6C49
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 75.75.76.76
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://acer.custhelp.com/euf/assets/activex/snret.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-RailNotification - (no file)
AddRemove-Microsoft .NET Framework 3.5 SP1 - c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-Microsoft .NET Framework 4 Extended - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2487367 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2737019 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-02 02:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2012-12-02 02:37:19
ComboFix-quarantined-files.txt 2012-12-02 07:37
.
Pre-Run: 46,212,505,600 bytes free
Post-Run: 46,386,896,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2FCEDF432407BFD6DA1FAC8214A74391
  • 0

#8
gringo_pr
Posted 02 December 2012 - 12:26 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

How is the computer starting to run now?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#9
FixDadsPC
Posted 02 December 2012 - 06:18 PM

FixDadsPC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
It is running a little better. Still slow though. This computer is used for surfing the net for the most part.
Here is the TDSSKiller:
19:13:17.0109 0940 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:13:17.0437 0940 ============================================================
19:13:17.0437 0940 Current date / time: 2012/12/02 19:13:17.0437
19:13:17.0437 0940 SystemInfo:
19:13:17.0437 0940
19:13:17.0437 0940 OS Version: 5.1.2600 ServicePack: 3.0
19:13:17.0437 0940 Product type: Workstation
19:13:17.0437 0940 ComputerName: EDSCOMPUTER
19:13:17.0437 0940 UserName: Owner
19:13:17.0437 0940 Windows directory: C:\WINDOWS
19:13:17.0437 0940 System windows directory: C:\WINDOWS
19:13:17.0437 0940 Processor architecture: Intel x86
19:13:17.0437 0940 Number of processors: 1
19:13:17.0437 0940 Page size: 0x1000
19:13:17.0437 0940 Boot type: Normal boot
19:13:17.0437 0940 ============================================================
19:13:19.0687 0940 Drive \Device\Harddisk0\DR0 - Size: 0xDF8475800 (55.88 Gb), SectorSize: 0x200, Cylinders: 0x1C7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:13:19.0718 0940 ============================================================
19:13:19.0718 0940 \Device\Harddisk0\DR0:
19:13:19.0718 0940 MBR partitions:
19:13:19.0718 0940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FBFEBF
19:13:19.0718 0940 ============================================================
19:13:19.0750 0940 C: <-> \Device\Harddisk0\DR0\Partition1
19:13:19.0750 0940 ============================================================
19:13:19.0750 0940 Initialize success
19:13:19.0750 0940 ============================================================
19:13:24.0312 3612 ============================================================
19:13:24.0312 3612 Scan started
19:13:24.0312 3612 Mode: Manual;
19:13:24.0312 3612 ============================================================
19:13:25.0953 3612 ================ Scan system memory ========================
19:13:25.0953 3612 System memory - ok
19:13:25.0968 3612 ================ Scan services =============================
19:13:26.0156 3612 Abiosdsk - ok
19:13:26.0218 3612 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:13:26.0218 3612 abp480n5 - ok
19:13:26.0281 3612 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:13:26.0312 3612 ACPI - ok
19:13:26.0343 3612 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:13:26.0359 3612 ACPIEC - ok
19:13:26.0390 3612 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:13:26.0390 3612 adpu160m - ok
19:13:26.0437 3612 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:13:26.0453 3612 aec - ok
19:13:26.0515 3612 [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:13:26.0546 3612 AFD - ok
19:13:26.0609 3612 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:13:26.0609 3612 agp440 - ok
19:13:26.0625 3612 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:13:26.0640 3612 agpCPQ - ok
19:13:26.0656 3612 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:13:26.0656 3612 Aha154x - ok
19:13:26.0671 3612 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:13:26.0671 3612 aic78u2 - ok
19:13:26.0703 3612 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:13:26.0703 3612 aic78xx - ok
19:13:26.0750 3612 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:13:26.0750 3612 Alerter - ok
19:13:26.0796 3612 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:13:26.0796 3612 ALG - ok
19:13:26.0843 3612 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:13:26.0843 3612 AliIde - ok
19:13:26.0890 3612 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:13:26.0906 3612 alim1541 - ok
19:13:26.0921 3612 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:13:26.0921 3612 amdagp - ok
19:13:26.0937 3612 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
19:13:26.0937 3612 amsint - ok
19:13:27.0015 3612 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:13:27.0015 3612 AppMgmt - ok
19:13:27.0046 3612 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
19:13:27.0046 3612 asc - ok
19:13:27.0109 3612 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:13:27.0109 3612 asc3350p - ok
19:13:27.0125 3612 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:13:27.0125 3612 asc3550 - ok
19:13:27.0312 3612 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:13:27.0359 3612 aspnet_state - ok
19:13:27.0421 3612 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:13:27.0421 3612 AsyncMac - ok
19:13:27.0484 3612 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:13:27.0484 3612 atapi - ok
19:13:27.0500 3612 Atdisk - ok
19:13:27.0546 3612 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:13:27.0546 3612 Atmarpc - ok
19:13:27.0593 3612 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:13:27.0593 3612 AudioSrv - ok
19:13:27.0656 3612 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:13:27.0656 3612 audstub - ok
19:13:27.0734 3612 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:13:27.0734 3612 bcm4sbxp - ok
19:13:27.0843 3612 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
19:13:27.0875 3612 BCMModem - ok
19:13:27.0937 3612 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:13:27.0937 3612 Beep - ok
19:13:28.0015 3612 [ F13D1AA04F1F02399EB87F011584B7C0 ] BITS C:\WINDOWS\system32\qmgr.dll
19:13:28.0062 3612 BITS - ok
19:13:28.0109 3612 [ FC6D1D80588D371F0321E15A75B2F8F2 ] Browser C:\WINDOWS\System32\browser.dll
19:13:28.0109 3612 Browser - ok
19:13:28.0218 3612 catchme - ok
19:13:28.0281 3612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:13:28.0281 3612 cbidf - ok
19:13:28.0296 3612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:13:28.0296 3612 cbidf2k - ok
19:13:28.0328 3612 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:13:28.0328 3612 cd20xrnt - ok
19:13:28.0406 3612 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:13:28.0406 3612 Cdaudio - ok
19:13:28.0453 3612 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:13:28.0453 3612 Cdfs - ok
19:13:28.0500 3612 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:13:28.0500 3612 Cdrom - ok
19:13:28.0515 3612 Changer - ok
19:13:28.0562 3612 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:13:28.0562 3612 CiSvc - ok
19:13:28.0593 3612 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:13:28.0593 3612 ClipSrv - ok
19:13:28.0687 3612 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:13:28.0796 3612 clr_optimization_v2.0.50727_32 - ok
19:13:28.0875 3612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:13:29.0031 3612 clr_optimization_v4.0.30319_32 - ok
19:13:29.0078 3612 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:13:29.0078 3612 CmBatt - ok
19:13:29.0125 3612 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:13:29.0125 3612 CmdIde - ok
19:13:29.0156 3612 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:13:29.0156 3612 Compbatt - ok
19:13:29.0171 3612 COMSysApp - ok
19:13:29.0218 3612 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:13:29.0218 3612 Cpqarray - ok
19:13:29.0281 3612 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:13:29.0281 3612 CryptSvc - ok
19:13:29.0312 3612 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:13:29.0312 3612 dac2w2k - ok
19:13:29.0343 3612 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:13:29.0343 3612 dac960nt - ok
19:13:29.0437 3612 [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:13:29.0468 3612 DcomLaunch - ok
19:13:29.0531 3612 [ 3102F13AFDCDFBFE1467BF03BF027CB1 ] DELL_A02 C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
19:13:29.0546 3612 DELL_A02 - ok
19:13:29.0609 3612 [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:13:29.0625 3612 Dhcp - ok
19:13:29.0640 3612 [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:13:29.0640 3612 Disk - ok
19:13:29.0671 3612 dmadmin - ok
19:13:29.0734 3612 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:13:29.0765 3612 dmboot - ok
19:13:29.0796 3612 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:13:29.0796 3612 dmio - ok
19:13:29.0828 3612 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:13:29.0828 3612 dmload - ok
19:13:29.0875 3612 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:13:29.0875 3612 dmserver - ok
19:13:29.0937 3612 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:13:29.0937 3612 DMusic - ok
19:13:29.0984 3612 [ FE120AC2244572B2FA4023B7270E956E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:13:29.0984 3612 Dnscache - ok
19:13:30.0046 3612 [ B4109C8C3D54C83246997A777724F318 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:13:30.0046 3612 Dot3svc - ok
19:13:30.0093 3612 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:13:30.0093 3612 dpti2o - ok
19:13:30.0125 3612 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:13:30.0125 3612 drmkaud - ok
19:13:30.0156 3612 [ B327281012B48BD73F587799F9F29BE2 ] DumpDrv C:\WINDOWS\system32\drivers\DumpDrv.sys
19:13:30.0156 3612 DumpDrv - ok
19:13:30.0203 3612 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:13:30.0203 3612 EapHost - ok
19:13:30.0250 3612 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:13:30.0265 3612 ERSvc - ok
19:13:30.0328 3612 [ 24E564F710D887ECC75CFE59882ECC5D ] es1371 C:\WINDOWS\system32\drivers\es1371mp.sys
19:13:30.0328 3612 es1371 - ok
19:13:30.0390 3612 [ C519E15665CD89A91AD383FCE3CB556A ] Eventlog C:\WINDOWS\system32\services.exe
19:13:30.0390 3612 Eventlog - ok
19:13:30.0468 3612 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem C:\WINDOWS\system32\es.dll
19:13:30.0468 3612 EventSystem - ok
19:13:30.0515 3612 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys
19:13:30.0515 3612 exFat - ok
19:13:30.0578 3612 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:13:30.0578 3612 Fastfat - ok
19:13:30.0656 3612 [ 888CD7B39C37E13A2419BECFAAF0A28C ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:13:30.0671 3612 FastUserSwitchingCompatibility - ok
19:13:30.0703 3612 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:13:30.0703 3612 Fdc - ok
19:13:30.0750 3612 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:13:30.0781 3612 Fips - ok
19:13:30.0812 3612 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:13:30.0812 3612 Flpydisk - ok
19:13:30.0875 3612 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:13:30.0875 3612 FltMgr - ok
19:13:30.0984 3612 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:13:30.0984 3612 FontCache3.0.0.0 - ok
19:13:31.0062 3612 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:13:31.0062 3612 Fs_Rec - ok
19:13:31.0687 3612 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:13:31.0687 3612 Ftdisk - ok
19:13:31.0734 3612 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:13:31.0734 3612 gameenum - ok
19:13:31.0796 3612 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:13:31.0796 3612 Gpc - ok
19:13:31.0906 3612 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:13:31.0906 3612 helpsvc - ok
19:13:31.0937 3612 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:13:31.0953 3612 HidServ - ok
19:13:32.0046 3612 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:13:32.0046 3612 hidusb - ok
19:13:32.0109 3612 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:13:32.0109 3612 hkmsvc - ok
19:13:32.0171 3612 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
19:13:32.0171 3612 hpn - ok
19:13:32.0203 3612 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:13:32.0234 3612 HTTP - ok
19:13:32.0281 3612 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:13:32.0281 3612 HTTPFilter - ok
19:13:32.0312 3612 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
19:13:32.0312 3612 i2omgmt - ok
19:13:32.0375 3612 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:13:32.0375 3612 i2omp - ok
19:13:32.0406 3612 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:13:32.0406 3612 i8042prt - ok
19:13:32.0500 3612 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:13:32.0515 3612 ialm - ok
19:13:32.0625 3612 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:13:32.0687 3612 idsvc - ok
19:13:32.0750 3612 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:13:32.0750 3612 Imapi - ok
19:13:32.0781 3612 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:13:32.0796 3612 ImapiService - ok
19:13:32.0875 3612 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:13:32.0875 3612 ini910u - ok
19:13:32.0937 3612 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:13:32.0937 3612 IntelIde - ok
19:13:33.0015 3612 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:13:33.0015 3612 intelppm - ok
19:13:33.0046 3612 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:13:33.0062 3612 Ip6Fw - ok
19:13:33.0093 3612 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:13:33.0093 3612 IpFilterDriver - ok
19:13:33.0156 3612 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:13:33.0156 3612 IpInIp - ok
19:13:33.0203 3612 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:13:33.0203 3612 IpNat - ok
19:13:33.0234 3612 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:13:33.0234 3612 IPSec - ok
19:13:33.0281 3612 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:13:33.0281 3612 IRENUM - ok
19:13:33.0343 3612 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:13:33.0343 3612 isapnp - ok
19:13:33.0390 3612 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:13:33.0406 3612 Kbdclass - ok
19:13:33.0421 3612 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:13:33.0421 3612 kbdhid - ok
19:13:33.0484 3612 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:13:33.0484 3612 kmixer - ok
19:13:33.0546 3612 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:13:33.0562 3612 KSecDD - ok
19:13:33.0625 3612 [ 3695B8D03745B2F8022B161238347A9D ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
19:13:33.0625 3612 LanmanServer - ok
19:13:33.0703 3612 [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:13:33.0703 3612 lanmanworkstation - ok
19:13:33.0718 3612 lbrtfdc - ok
19:13:33.0812 3612 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:13:33.0812 3612 LmHosts - ok
19:13:33.0859 3612 [ E3E0CD73A7A1928A4CBECD34417E3D93 ] Lsi_scsi C:\WINDOWS\system32\DRIVERS\lsi_scsi.sys
19:13:33.0875 3612 Lsi_scsi - ok
19:13:33.0921 3612 [ F12D725EEC3F7ED8E8C554C48BB2BA2E ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
19:13:33.0921 3612 MDC8021X - ok
19:13:33.0968 3612 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:13:33.0968 3612 Messenger - ok
19:13:34.0140 3612 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:13:34.0140 3612 Microsoft Office Groove Audit Service - ok
19:13:34.0203 3612 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:13:34.0203 3612 mnmdd - ok
19:13:34.0265 3612 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:13:34.0265 3612 mnmsrvc - ok
19:13:34.0312 3612 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:13:34.0312 3612 Modem - ok
19:13:34.0375 3612 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:13:34.0375 3612 MODEMCSA - ok
19:13:34.0421 3612 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:13:34.0421 3612 Mouclass - ok
19:13:34.0515 3612 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:13:34.0531 3612 mouhid - ok
19:13:34.0578 3612 [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:13:34.0578 3612 MountMgr - ok
19:13:34.0625 3612 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:13:34.0640 3612 MpFilter - ok
19:13:34.0671 3612 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:13:34.0671 3612 mraid35x - ok
19:13:34.0718 3612 [ 4FEFD389D71126EE581B9F9CB2918BE4 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:13:34.0734 3612 MRxDAV - ok
19:13:34.0812 3612 [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:13:34.0843 3612 MRxSmb - ok
19:13:34.0890 3612 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:13:34.0890 3612 MSDTC - ok
19:13:35.0031 3612 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:13:35.0031 3612 Msfs - ok
19:13:35.0046 3612 MSIServer - ok
19:13:35.0109 3612 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:13:35.0109 3612 MSKSSRV - ok
19:13:35.0187 3612 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:13:35.0187 3612 MsMpSvc - ok
19:13:35.0218 3612 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:13:35.0218 3612 MSPCLOCK - ok
19:13:35.0234 3612 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:13:35.0234 3612 MSPQM - ok
19:13:35.0296 3612 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:13:35.0312 3612 mssmbios - ok
19:13:35.0375 3612 [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:13:35.0375 3612 Mup - ok
19:13:35.0406 3612 [ 354A04BF1603CB4B07346C470EA52E73 ] mv61xxmm C:\WINDOWS\system32\drivers\mv61xxmm.sys
19:13:35.0406 3612 mv61xxmm - ok
19:13:35.0437 3612 [ 6090786DAA545A3EC7D34A46A8CD1661 ] mv64xxmm C:\WINDOWS\system32\drivers\mv64xxmm.sys
19:13:35.0437 3612 mv64xxmm - ok
19:13:35.0453 3612 [ CFEF13BA3DC5C6001D2066D3A596CD1B ] mvxxmm C:\WINDOWS\system32\drivers\mvxxmm.sys
19:13:35.0453 3612 mvxxmm - ok
19:13:35.0515 3612 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:13:35.0531 3612 napagent - ok
19:13:35.0578 3612 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:13:35.0593 3612 NDIS - ok
19:13:35.0656 3612 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:13:35.0656 3612 NdisTapi - ok
19:13:35.0671 3612 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:13:35.0687 3612 Ndisuio - ok
19:13:35.0703 3612 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:13:35.0703 3612 NdisWan - ok
19:13:35.0765 3612 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:13:35.0781 3612 NDProxy - ok
19:13:35.0843 3612 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:13:35.0843 3612 NetBIOS - ok
19:13:35.0875 3612 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:13:35.0890 3612 NetBT - ok
19:13:35.0937 3612 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:13:35.0953 3612 NetDDE - ok
19:13:35.0968 3612 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:13:35.0968 3612 NetDDEdsdm - ok
19:13:36.0031 3612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:13:36.0031 3612 Netlogon - ok
19:13:36.0093 3612 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:13:36.0093 3612 Netman - ok
19:13:36.0171 3612 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:13:36.0171 3612 NetTcpPortSharing - ok
19:13:36.0234 3612 [ 290C1A30DEFC723BBE10910AC2D6F6D0 ] Nla C:\WINDOWS\System32\mswsock.dll
19:13:36.0234 3612 Nla - ok
19:13:36.0296 3612 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:13:36.0296 3612 Npfs - ok
19:13:36.0343 3612 [ AE8CAD8F28DB13B515A68510A539B0B8 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:13:36.0359 3612 Ntfs - ok
19:13:36.0390 3612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:13:36.0390 3612 NtLmSsp - ok
19:13:36.0453 3612 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:13:36.0484 3612 NtmsSvc - ok
19:13:36.0531 3612 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:13:36.0546 3612 NuidFltr - ok
19:13:36.0593 3612 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:13:36.0593 3612 Null - ok
19:13:36.0640 3612 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:13:36.0640 3612 NwlnkFlt - ok
19:13:36.0656 3612 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:13:36.0656 3612 NwlnkFwd - ok
19:13:36.0765 3612 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:13:36.0781 3612 odserv - ok
19:13:36.0828 3612 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:13:36.0828 3612 ose - ok
19:13:36.0906 3612 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:13:36.0906 3612 Parport - ok
19:13:36.0937 3612 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:13:36.0937 3612 PartMgr - ok
19:13:37.0000 3612 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:13:37.0000 3612 ParVdm - ok
19:13:37.0046 3612 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:13:37.0046 3612 PCI - ok
19:13:37.0078 3612 PCIDump - ok
19:13:37.0093 3612 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:13:37.0093 3612 PCIIde - ok
19:13:37.0140 3612 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:13:37.0140 3612 Pcmcia - ok
19:13:37.0187 3612 [ CCF453C1D9EF8F5720D409DF6E5D149E ] PCnet C:\WINDOWS\system32\DRIVERS\PCNTPCI5.sys
19:13:37.0187 3612 PCnet - ok
19:13:37.0203 3612 PDCOMP - ok
19:13:37.0234 3612 PDFRAME - ok
19:13:37.0250 3612 PDRELI - ok
19:13:37.0265 3612 PDRFRAME - ok
19:13:37.0312 3612 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
19:13:37.0312 3612 perc2 - ok
19:13:37.0328 3612 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:13:37.0328 3612 perc2hib - ok
19:13:37.0406 3612 [ C519E15665CD89A91AD383FCE3CB556A ] PlugPlay C:\WINDOWS\system32\services.exe
19:13:37.0406 3612 PlugPlay - ok
19:13:37.0468 3612 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
19:13:37.0468 3612 Point32 - ok
19:13:37.0500 3612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:13:37.0500 3612 PolicyAgent - ok
19:13:37.0562 3612 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:13:37.0562 3612 PptpMiniport - ok
19:13:37.0578 3612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:13:37.0578 3612 ProtectedStorage - ok
19:13:37.0609 3612 [ D8E11D311785F89F1D70A28B0E879127 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:13:37.0609 3612 PSched - ok
19:13:37.0656 3612 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:13:37.0656 3612 Ptilink - ok
19:13:37.0703 3612 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:13:37.0718 3612 ql1080 - ok
19:13:37.0734 3612 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:13:37.0734 3612 Ql10wnt - ok
19:13:37.0765 3612 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:13:37.0765 3612 ql12160 - ok
19:13:37.0781 3612 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:13:37.0781 3612 ql1240 - ok
19:13:37.0812 3612 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:13:37.0812 3612 ql1280 - ok
19:13:37.0843 3612 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:13:37.0843 3612 RasAcd - ok
19:13:37.0890 3612 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:13:37.0890 3612 RasAuto - ok
19:13:37.0953 3612 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:13:37.0953 3612 Rasl2tp - ok
19:13:38.0078 3612 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:13:38.0078 3612 RasMan - ok
19:13:38.0109 3612 [ 2C9D4620A0FD35DE1828370B392F6E2D ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:13:38.0109 3612 RasPppoe - ok
19:13:38.0171 3612 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:13:38.0171 3612 Raspti - ok
19:13:38.0234 3612 [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:13:38.0250 3612 Rdbss - ok
19:13:38.0265 3612 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:13:38.0265 3612 RDPCDD - ok
19:13:38.0328 3612 [ 47EA20320E3D6FDC7B7BB22B2B881CA6 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:13:38.0328 3612 rdpdr - ok
19:13:38.0390 3612 [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:13:38.0406 3612 RDPWD - ok
19:13:38.0453 3612 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:13:38.0453 3612 RDSessMgr - ok
19:13:38.0500 3612 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:13:38.0515 3612 redbook - ok
19:13:38.0593 3612 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:13:38.0593 3612 RemoteAccess - ok
19:13:38.0656 3612 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:13:38.0656 3612 RemoteRegistry - ok
19:13:38.0718 3612 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:13:38.0718 3612 RpcLocator - ok
19:13:38.0765 3612 [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:13:38.0781 3612 RpcSs - ok
19:13:38.0843 3612 [ 743D7D59767073A617B1DCC6C546F234 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:13:38.0859 3612 rspndr - ok
19:13:38.0921 3612 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:13:38.0937 3612 RSVP - ok
19:13:38.0968 3612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:13:38.0968 3612 SamSs - ok
19:13:39.0046 3612 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:13:39.0046 3612 SCardSvr - ok
19:13:39.0125 3612 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:13:39.0125 3612 Schedule - ok
19:13:39.0187 3612 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:13:39.0187 3612 Secdrv - ok
19:13:39.0234 3612 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:13:39.0250 3612 seclogon - ok
19:13:39.0328 3612 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
19:13:39.0343 3612 senfilt - ok
19:13:39.0421 3612 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:13:39.0421 3612 SENS - ok
19:13:39.0437 3612 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:13:39.0437 3612 serenum - ok
19:13:39.0468 3612 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:13:39.0468 3612 Serial - ok
19:13:39.0578 3612 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:13:39.0578 3612 Sfloppy - ok
19:13:39.0625 3612 [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:13:39.0625 3612 SharedAccess - ok
19:13:39.0671 3612 [ 888CD7B39C37E13A2419BECFAAF0A28C ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:13:39.0671 3612 ShellHWDetection - ok
19:13:39.0703 3612 Simbad - ok
19:13:39.0765 3612 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:13:39.0765 3612 sisagp - ok
19:13:39.0859 3612 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:13:39.0859 3612 smwdm - ok
19:13:39.0890 3612 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:13:39.0890 3612 Sparrow - ok
19:13:39.0953 3612 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:13:39.0953 3612 splitter - ok
19:13:40.0046 3612 [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:13:40.0046 3612 Spooler - ok
19:13:40.0109 3612 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] SR C:\WINDOWS\system32\DRIVERS\sr.sys
19:13:40.0109 3612 SR - ok
19:13:40.0156 3612 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:13:40.0171 3612 srservice - ok
19:13:40.0234 3612 [ 9B390283569EA58D43D2586032B892F5 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:13:40.0250 3612 Srv - ok
19:13:40.0312 3612 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:13:40.0328 3612 SSDPSRV - ok
19:13:40.0406 3612 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:13:40.0421 3612 stisvc - ok
19:13:40.0453 3612 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:13:40.0453 3612 swenum - ok
19:13:40.0500 3612 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:13:40.0500 3612 swmidi - ok
19:13:40.0515 3612 SwPrv - ok
19:13:40.0578 3612 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
19:13:40.0578 3612 symc810 - ok
19:13:40.0609 3612 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:13:40.0609 3612 symc8xx - ok
19:13:40.0625 3612 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:13:40.0640 3612 sym_hi - ok
19:13:40.0656 3612 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:13:40.0656 3612 sym_u3 - ok
19:13:40.0687 3612 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:13:40.0687 3612 sysaudio - ok
19:13:40.0734 3612 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:13:40.0750 3612 SysmonLog - ok
19:13:40.0812 3612 [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:13:40.0812 3612 TapiSrv - ok
19:13:40.0859 3612 [ 51E41F16ACD80B8B39C0AE703A213F09 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:13:40.0859 3612 Tcpip - ok
19:13:40.0906 3612 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:13:40.0906 3612 TDPIPE - ok
19:13:40.0937 3612 [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:13:40.0937 3612 TDTCP - ok
19:13:41.0000 3612 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:13:41.0015 3612 TermDD - ok
19:13:41.0062 3612 [ 5128852A18AE46C387F87BF27DA4C9DD ] TermService C:\WINDOWS\System32\termsrv.dll
19:13:41.0078 3612 TermService - ok
19:13:41.0125 3612 [ 888CD7B39C37E13A2419BECFAAF0A28C ] Themes C:\WINDOWS\System32\shsvcs.dll
19:13:41.0125 3612 Themes - ok
19:13:41.0187 3612 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:13:41.0187 3612 TlntSvr - ok
19:13:41.0281 3612 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
19:13:41.0281 3612 TosIde - ok
19:13:41.0312 3612 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:13:41.0312 3612 TrkWks - ok
19:13:41.0390 3612 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:13:41.0390 3612 Udfs - ok
19:13:41.0437 3612 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
19:13:41.0437 3612 ultra - ok
19:13:41.0531 3612 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:13:41.0546 3612 Update - ok
19:13:41.0656 3612 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:13:41.0656 3612 upnphost - ok
19:13:41.0718 3612 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:13:41.0734 3612 UPS - ok
19:13:41.0781 3612 [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:13:41.0781 3612 usbccgp - ok
19:13:41.0843 3612 [ 52674B5DBEE499342A599C7771ABECAA ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:13:41.0843 3612 usbehci - ok
19:13:41.0875 3612 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:13:41.0875 3612 usbhub - ok
19:13:41.0953 3612 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:13:41.0953 3612 usbprint - ok
19:13:42.0015 3612 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:13:42.0015 3612 USBSTOR - ok
19:13:42.0062 3612 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:13:42.0062 3612 usbuhci - ok
19:13:42.0125 3612 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:13:42.0140 3612 VgaSave - ok
19:13:42.0156 3612 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:13:42.0171 3612 viaagp - ok
19:13:42.0171 3612 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:13:42.0171 3612 ViaIde - ok
19:13:42.0218 3612 [ 82132036EE4D3E8AA3E73FEEBE1A9741 ] VMSCSI C:\WINDOWS\system32\DRIVERS\vmscsi.sys
19:13:42.0218 3612 VMSCSI - ok
19:13:42.0250 3612 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:13:42.0250 3612 VolSnap - ok
19:13:42.0312 3612 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:13:42.0328 3612 VSS - ok
19:13:42.0375 3612 [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time C:\WINDOWS\system32\w32time.dll
19:13:42.0390 3612 W32Time - ok
19:13:42.0421 3612 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:13:42.0421 3612 Wanarp - ok
19:13:42.0500 3612 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:13:42.0515 3612 Wdf01000 - ok
19:13:42.0531 3612 WDICA - ok
19:13:42.0578 3612 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:13:42.0578 3612 wdmaud - ok
19:13:42.0656 3612 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:13:42.0656 3612 WebClient - ok
19:13:42.0796 3612 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:13:42.0796 3612 winmgmt - ok
19:13:42.0890 3612 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
19:13:42.0953 3612 WinRM - ok
19:13:43.0062 3612 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:13:43.0062 3612 WmdmPmSN - ok
19:13:43.0140 3612 [ DA1BF58EE904C814E748C9FC90B37DA2 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:13:43.0156 3612 Wmi - ok
19:13:43.0218 3612 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:13:43.0234 3612 WmiApSrv - ok
19:13:43.0343 3612 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:13:43.0359 3612 WMPNetworkSvc - ok
19:13:43.0421 3612 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:13:43.0421 3612 WpdUsb - ok
19:13:43.0515 3612 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:13:43.0609 3612 WPFFontCache_v0400 - ok
19:13:43.0671 3612 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:13:43.0671 3612 WS2IFSL - ok
19:13:43.0734 3612 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:13:43.0734 3612 wscsvc - ok
19:13:43.0750 3612 WSearch - ok
19:13:43.0828 3612 [ FC1E3B06AE8D160B686C5D04B5E85371 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:13:43.0859 3612 wuauserv - ok
19:13:43.0906 3612 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:13:43.0906 3612 WudfPf - ok
19:13:43.0953 3612 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:13:43.0953 3612 WudfRd - ok
19:13:44.0015 3612 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:13:44.0031 3612 WudfSvc - ok
19:13:44.0109 3612 [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:13:44.0125 3612 WZCSVC - ok
19:13:44.0171 3612 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:13:44.0203 3612 xmlprov - ok
19:13:44.0250 3612 ================ Scan global ===============================
19:13:44.0281 3612 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:13:44.0343 3612 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
19:13:44.0375 3612 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
19:13:44.0406 3612 [ C519E15665CD89A91AD383FCE3CB556A ] C:\WINDOWS\system32\services.exe
19:13:44.0406 3612 [Global] - ok
19:13:44.0406 3612 ================ Scan MBR ==================================
19:13:44.0437 3612 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:13:44.0671 3612 \Device\Harddisk0\DR0 - ok
19:13:44.0671 3612 ================ Scan VBR ==================================
19:13:44.0687 3612 [ 20CD200491CEA82CF95E4AF41FE118B1 ] \Device\Harddisk0\DR0\Partition1
19:13:44.0687 3612 \Device\Harddisk0\DR0\Partition1 - ok
19:13:44.0703 3612 ============================================================
19:13:44.0703 3612 Scan finished
19:13:44.0703 3612 ============================================================
19:13:44.0718 0988 Detected object count: 0
19:13:44.0718 0988 Actual detected object count: 0
19:14:10.0109 0480 ============================================================
19:14:10.0109 0480 Scan started
19:14:10.0109 0480 Mode: Manual;
19:14:10.0109 0480 ============================================================
19:14:10.0265 0480 ================ Scan system memory ========================
19:14:10.0281 0480 System memory - ok
19:14:10.0281 0480 ================ Scan services =============================
19:14:10.0468 0480 Abiosdsk - ok
19:14:10.0531 0480 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:14:10.0531 0480 abp480n5 - ok
19:14:10.0593 0480 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:14:10.0609 0480 ACPI - ok
19:14:10.0671 0480 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:14:10.0671 0480 ACPIEC - ok
19:14:10.0703 0480 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:14:10.0703 0480 adpu160m - ok
19:14:10.0765 0480 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:14:10.0765 0480 aec - ok
19:14:10.0843 0480 [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:14:10.0843 0480 AFD - ok
19:14:10.0906 0480 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:14:10.0906 0480 agp440 - ok
19:14:10.0921 0480 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:14:10.0921 0480 agpCPQ - ok
19:14:10.0953 0480 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:14:10.0953 0480 Aha154x - ok
19:14:10.0968 0480 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:14:10.0968 0480 aic78u2 - ok
19:14:11.0000 0480 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:14:11.0000 0480 aic78xx - ok
19:14:11.0046 0480 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:14:11.0046 0480 Alerter - ok
19:14:11.0093 0480 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:14:11.0093 0480 ALG - ok
19:14:11.0140 0480 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:14:11.0140 0480 AliIde - ok
19:14:11.0187 0480 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:14:11.0187 0480 alim1541 - ok
19:14:11.0203 0480 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:14:11.0203 0480 amdagp - ok
19:14:11.0234 0480 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
19:14:11.0234 0480 amsint - ok
19:14:11.0281 0480 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:14:11.0281 0480 AppMgmt - ok
19:14:11.0312 0480 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
19:14:11.0312 0480 asc - ok
19:14:11.0328 0480 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:14:11.0328 0480 asc3350p - ok
19:14:11.0343 0480 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:14:11.0343 0480 asc3550 - ok
19:14:11.0500 0480 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:14:11.0500 0480 aspnet_state - ok
19:14:11.0562 0480 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:14:11.0562 0480 AsyncMac - ok
19:14:11.0609 0480 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:14:11.0609 0480 atapi - ok
19:14:11.0640 0480 Atdisk - ok
19:14:11.0671 0480 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:14:11.0687 0480 Atmarpc - ok
19:14:11.0734 0480 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:14:11.0734 0480 AudioSrv - ok
19:14:11.0812 0480 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:14:11.0812 0480 audstub - ok
19:14:11.0875 0480 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:14:11.0875 0480 bcm4sbxp - ok
19:14:12.0015 0480 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
19:14:12.0031 0480 BCMModem - ok
19:14:12.0093 0480 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:14:12.0093 0480 Beep - ok
19:14:12.0187 0480 [ F13D1AA04F1F02399EB87F011584B7C0 ] BITS C:\WINDOWS\system32\qmgr.dll
19:14:12.0187 0480 BITS - ok
19:14:12.0250 0480 [ FC6D1D80588D371F0321E15A75B2F8F2 ] Browser C:\WINDOWS\System32\browser.dll
19:14:12.0250 0480 Browser - ok
19:14:12.0359 0480 catchme - ok
19:14:12.0421 0480 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:14:12.0421 0480 cbidf - ok
19:14:12.0437 0480 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:14:12.0437 0480 cbidf2k - ok
19:14:12.0468 0480 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:14:12.0468 0480 cd20xrnt - ok
19:14:12.0531 0480 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:14:12.0531 0480 Cdaudio - ok
19:14:12.0578 0480 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:14:12.0578 0480 Cdfs - ok
19:14:12.0609 0480 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:14:12.0625 0480 Cdrom - ok
19:14:12.0640 0480 Changer - ok
19:14:12.0687 0480 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:14:12.0687 0480 CiSvc - ok
19:14:12.0718 0480 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:14:12.0718 0480 ClipSrv - ok
19:14:12.0828 0480 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:14:12.0828 0480 clr_optimization_v2.0.50727_32 - ok
19:14:12.0890 0480 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:14:12.0906 0480 clr_optimization_v4.0.30319_32 - ok
19:14:12.0953 0480 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:14:12.0953 0480 CmBatt - ok
19:14:13.0000 0480 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:14:13.0015 0480 CmdIde - ok
19:14:13.0031 0480 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:14:13.0031 0480 Compbatt - ok
19:14:13.0046 0480 COMSysApp - ok
19:14:13.0093 0480 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:14:13.0093 0480 Cpqarray - ok
19:14:13.0171 0480 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:14:13.0171 0480 CryptSvc - ok
19:14:13.0203 0480 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:14:13.0203 0480 dac2w2k - ok
19:14:13.0218 0480 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:14:13.0218 0480 dac960nt - ok
19:14:13.0296 0480 [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:14:13.0312 0480 DcomLaunch - ok
19:14:13.0390 0480 [ 3102F13AFDCDFBFE1467BF03BF027CB1 ] DELL_A02 C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
19:14:13.0390 0480 DELL_A02 - ok
19:14:13.0468 0480 [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:14:13.0468 0480 Dhcp - ok
19:14:13.0500 0480 [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:14:13.0500 0480 Disk - ok
19:14:13.0515 0480 dmadmin - ok
19:14:13.0593 0480 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:14:13.0609 0480 dmboot - ok
19:14:13.0671 0480 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:14:13.0687 0480 dmio - ok
19:14:13.0718 0480 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:14:13.0718 0480 dmload - ok
19:14:13.0765 0480 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:14:13.0765 0480 dmserver - ok
19:14:13.0828 0480 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:14:13.0828 0480 DMusic - ok
19:14:13.0890 0480 [ FE120AC2244572B2FA4023B7270E956E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:14:13.0890 0480 Dnscache - ok
19:14:13.0937 0480 [ B4109C8C3D54C83246997A777724F318 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:14:13.0937 0480 Dot3svc - ok
19:14:13.0984 0480 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:14:13.0984 0480 dpti2o - ok
19:14:14.0000 0480 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:14:14.0000 0480 drmkaud - ok
19:14:14.0078 0480 [ B327281012B48BD73F587799F9F29BE2 ] DumpDrv C:\WINDOWS\system32\drivers\DumpDrv.sys
19:14:14.0078 0480 DumpDrv - ok
19:14:14.0125 0480 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:14:14.0140 0480 EapHost - ok
19:14:14.0187 0480 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:14:14.0187 0480 ERSvc - ok
19:14:14.0250 0480 [ 24E564F710D887ECC75CFE59882ECC5D ] es1371 C:\WINDOWS\system32\drivers\es1371mp.sys
19:14:14.0250 0480 es1371 - ok
19:14:14.0312 0480 [ C519E15665CD89A91AD383FCE3CB556A ] Eventlog C:\WINDOWS\system32\services.exe
19:14:14.0312 0480 Eventlog - ok
19:14:14.0343 0480 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem C:\WINDOWS\system32\es.dll
19:14:14.0359 0480 EventSystem - ok
19:14:14.0406 0480 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys
19:14:14.0406 0480 exFat - ok
19:14:14.0468 0480 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:14:14.0468 0480 Fastfat - ok
19:14:14.0546 0480 [ 888CD7B39C37E13A2419BECFAAF0A28C ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:14:14.0546 0480 FastUserSwitchingCompatibility - ok
19:14:14.0593 0480 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:14:14.0593 0480 Fdc - ok
19:14:14.0656 0480 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:14:14.0656 0480 Fips - ok
19:14:14.0687 0480 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:14:14.0687 0480 Flpydisk - ok
19:14:14.0750 0480 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:14:14.0765 0480 FltMgr - ok
19:14:14.0875 0480 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:14:14.0875 0480 FontCache3.0.0.0 - ok
19:14:14.0953 0480 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:14:14.0953 0480 Fs_Rec - ok
19:14:15.0015 0480 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:14:15.0015 0480 Ftdisk - ok
19:14:15.0062 0480 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:14:15.0062 0480 gameenum - ok
19:14:15.0093 0480 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:14:15.0093 0480 Gpc - ok
19:14:15.0203 0480 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:14:15.0281 0480 helpsvc - ok
19:14:15.0328 0480 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:14:15.0343 0480 HidServ - ok
19:14:15.0421 0480 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:14:15.0421 0480 hidusb - ok
19:14:15.0500 0480 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:14:15.0531 0480 hkmsvc - ok
19:14:15.0609 0480 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
19:14:15.0609 0480 hpn - ok
19:14:15.0640 0480 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:14:15.0656 0480 HTTP - ok
19:14:15.0718 0480 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:14:15.0718 0480 HTTPFilter - ok
19:14:15.0734 0480 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
19:14:15.0734 0480 i2omgmt - ok
19:14:15.0796 0480 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:14:15.0796 0480 i2omp - ok
19:14:15.0812 0480 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:14:15.0812 0480 i8042prt - ok
19:14:15.0906 0480 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:14:15.0921 0480 ialm - ok
19:14:16.0062 0480 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:14:16.0078 0480 idsvc - ok
19:14:16.0125 0480 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:14:16.0125 0480 Imapi - ok
19:14:16.0156 0480 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:14:16.0156 0480 ImapiService - ok
19:14:16.0218 0480 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:14:16.0218 0480 ini910u - ok
19:14:16.0234 0480 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:14:16.0234 0480 IntelIde - ok
19:14:16.0265 0480 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:14:16.0265 0480 intelppm - ok
19:14:16.0328 0480 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:14:16.0328 0480 Ip6Fw - ok
19:14:16.0375 0480 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:14:16.0375 0480 IpFilterDriver - ok
19:14:16.0390 0480 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:14:16.0390 0480 IpInIp - ok
19:14:16.0453 0480 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:14:16.0453 0480 IpNat - ok
19:14:16.0515 0480 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:14:16.0515 0480 IPSec - ok
19:14:16.0625 0480 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:14:16.0640 0480 IRENUM - ok
19:14:16.0718 0480 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:14:16.0718 0480 isapnp - ok
19:14:16.0781 0480 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:14:16.0781 0480 Kbdclass - ok
19:14:16.0812 0480 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:14:16.0812 0480 kbdhid - ok
19:14:16.0890 0480 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:14:16.0890 0480 kmixer - ok
19:14:16.0968 0480 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:14:16.0968 0480 KSecDD - ok
19:14:17.0015 0480 [ 3695B8D03745B2F8022B161238347A9D ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
19:14:17.0015 0480 LanmanServer - ok
19:14:17.0078 0480 [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:14:17.0093 0480 lanmanworkstation - ok
19:14:17.0109 0480 lbrtfdc - ok
19:14:17.0203 0480 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:14:17.0218 0480 LmHosts - ok
19:14:17.0265 0480 [ E3E0CD73A7A1928A4CBECD34417E3D93 ] Lsi_scsi C:\WINDOWS\system32\DRIVERS\lsi_scsi.sys
19:14:17.0265 0480 Lsi_scsi - ok
19:14:17.0312 0480 [ F12D725EEC3F7ED8E8C554C48BB2BA2E ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
19:14:17.0312 0480 MDC8021X - ok
19:14:17.0359 0480 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:14:17.0390 0480 Messenger - ok
19:14:17.0593 0480 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:14:17.0593 0480 Microsoft Office Groove Audit Service - ok
19:14:17.0640 0480 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:14:17.0640 0480 mnmdd - ok
19:14:17.0687 0480 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:14:17.0703 0480 mnmsrvc - ok
19:14:17.0750 0480 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:14:17.0750 0480 Modem - ok
19:14:17.0781 0480 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:14:17.0796 0480 MODEMCSA - ok
19:14:17.0843 0480 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:14:17.0843 0480 Mouclass - ok
19:14:17.0906 0480 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:14:17.0906 0480 mouhid - ok
19:14:17.0968 0480 [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:14:17.0968 0480 MountMgr - ok
19:14:18.0015 0480 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:14:18.0015 0480 MpFilter - ok
19:14:18.0031 0480 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:14:18.0031 0480 mraid35x - ok
19:14:18.0078 0480 [ 4FEFD389D71126EE581B9F9CB2918BE4 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:14:18.0078 0480 MRxDAV - ok
19:14:18.0187 0480 [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:14:18.0203 0480 MRxSmb - ok
19:14:18.0265 0480 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:14:18.0265 0480 MSDTC - ok
19:14:18.0312 0480 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:14:18.0312 0480 Msfs - ok
19:14:18.0328 0480 MSIServer - ok
19:14:18.0343 0480 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:14:18.0343 0480 MSKSSRV - ok
19:14:18.0421 0480 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:14:18.0421 0480 MsMpSvc - ok
19:14:18.0437 0480 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:14:18.0437 0480 MSPCLOCK - ok
19:14:18.0468 0480 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:14:18.0468 0480 MSPQM - ok
19:14:18.0531 0480 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:14:18.0546 0480 mssmbios - ok
19:14:18.0609 0480 [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:14:18.0609 0480 Mup - ok
19:14:18.0640 0480 [ 354A04BF1603CB4B07346C470EA52E73 ] mv61xxmm C:\WINDOWS\system32\drivers\mv61xxmm.sys
19:14:18.0640 0480 mv61xxmm - ok
19:14:18.0656 0480 [ 6090786DAA545A3EC7D34A46A8CD1661 ] mv64xxmm C:\WINDOWS\system32\drivers\mv64xxmm.sys
19:14:18.0656 0480 mv64xxmm - ok
19:14:18.0671 0480 [ CFEF13BA3DC5C6001D2066D3A596CD1B ] mvxxmm C:\WINDOWS\system32\drivers\mvxxmm.sys
19:14:18.0671 0480 mvxxmm - ok
19:14:18.0718 0480 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:14:18.0718 0480 napagent - ok
19:14:18.0781 0480 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:14:18.0781 0480 NDIS - ok
19:14:18.0828 0480 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:14:18.0843 0480 NdisTapi - ok
19:14:18.0859 0480 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:14:18.0859 0480 Ndisuio - ok
19:14:18.0875 0480 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:14:18.0875 0480 NdisWan - ok
19:14:18.0921 0480 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:14:18.0921 0480 NDProxy - ok
19:14:19.0015 0480 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:14:19.0015 0480 NetBIOS - ok
19:14:19.0046 0480 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:14:19.0046 0480 NetBT - ok
19:14:19.0093 0480 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:14:19.0109 0480 NetDDE - ok
19:14:19.0125 0480 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:14:19.0125 0480 NetDDEdsdm - ok
19:14:19.0187 0480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:14:19.0187 0480 Netlogon - ok
19:14:19.0265 0480 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:14:19.0281 0480 Netman - ok
19:14:19.0343 0480 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:14:19.0343 0480 NetTcpPortSharing - ok
19:14:19.0390 0480 [ 290C1A30DEFC723BBE10910AC2D6F6D0 ] Nla C:\WINDOWS\System32\mswsock.dll
19:14:19.0406 0480 Nla - ok
19:14:19.0468 0480 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:14:19.0468 0480 Npfs - ok
19:14:19.0515 0480 [ AE8CAD8F28DB13B515A68510A539B0B8 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:14:19.0515 0480 Ntfs - ok
19:14:19.0546 0480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:14:19.0546 0480 NtLmSsp - ok
19:14:19.0609 0480 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:14:19.0609 0480 NtmsSvc - ok
19:14:19.0656 0480 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:14:19.0656 0480 NuidFltr - ok
19:14:19.0703 0480 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:14:19.0718 0480 Null - ok
19:14:19.0750 0480 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:14:19.0750 0480 NwlnkFlt - ok
19:14:19.0781 0480 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:14:19.0781 0480 NwlnkFwd - ok
19:14:19.0921 0480 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:14:19.0937 0480 odserv - ok
19:14:20.0015 0480 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:14:20.0015 0480 ose - ok
19:14:20.0062 0480 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:14:20.0062 0480 Parport - ok
19:14:20.0078 0480 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:14:20.0078 0480 PartMgr - ok
19:14:20.0125 0480 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:14:20.0125 0480 ParVdm - ok
19:14:20.0156 0480 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:14:20.0156 0480 PCI - ok
19:14:20.0171 0480 PCIDump - ok
19:14:20.0171 0480 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:14:20.0171 0480 PCIIde - ok
19:14:20.0187 0480 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:14:20.0203 0480 Pcmcia - ok
19:14:20.0218 0480 [ CCF453C1D9EF8F5720D409DF6E5D149E ] PCnet C:\WINDOWS\system32\DRIVERS\PCNTPCI5.sys
19:14:20.0218 0480 PCnet - ok
19:14:20.0218 0480 PDCOMP - ok
19:14:20.0234 0480 PDFRAME - ok
19:14:20.0234 0480 PDRELI - ok
19:14:20.0234 0480 PDRFRAME - ok
19:14:20.0265 0480 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
19:14:20.0265 0480 perc2 - ok
19:14:20.0281 0480 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:14:20.0281 0480 perc2hib - ok
19:14:20.0296 0480 [ C519E15665CD89A91AD383FCE3CB556A ] PlugPlay C:\WINDOWS\system32\services.exe
19:14:20.0296 0480 PlugPlay - ok
19:14:20.0343 0480 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
19:14:20.0359 0480 Point32 - ok
19:14:20.0359 0480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:14:20.0359 0480 PolicyAgent - ok
19:14:20.0406 0480 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:14:20.0406 0480 PptpMiniport - ok
19:14:20.0406 0480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:14:20.0421 0480 ProtectedStorage - ok
19:14:20.0421 0480 [ D8E11D311785F89F1D70A28B0E879127 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:14:20.0421 0480 PSched - ok
19:14:20.0453 0480 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:14:20.0453 0480 Ptilink - ok
19:14:20.0484 0480 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:14:20.0484 0480 ql1080 - ok
19:14:20.0500 0480 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:14:20.0500 0480 Ql10wnt - ok
19:14:20.0500 0480 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:14:20.0500 0480 ql12160 - ok
19:14:20.0515 0480 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:14:20.0515 0480 ql1240 - ok
19:14:20.0515 0480 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:14:20.0515 0480 ql1280 - ok
19:14:20.0531 0480 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:14:20.0531 0480 RasAcd - ok
19:14:20.0578 0480 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:14:20.0578 0480 RasAuto - ok
19:14:20.0609 0480 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:14:20.0609 0480 Rasl2tp - ok
19:14:20.0640 0480 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:14:20.0640 0480 RasMan - ok
19:14:20.0671 0480 [ 2C9D4620A0FD35DE1828370B392F6E2D ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:14:20.0671 0480 RasPppoe - ok
19:14:20.0734 0480 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:14:20.0734 0480 Raspti - ok
19:14:20.0796 0480 [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:14:20.0796 0480 Rdbss - ok
19:14:20.0828 0480 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:14:20.0828 0480 RDPCDD - ok
19:14:20.0875 0480 [ 47EA20320E3D6FDC7B7BB22B2B881CA6 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:14:20.0890 0480 rdpdr - ok
19:14:20.0937 0480 [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:14:20.0937 0480 RDPWD - ok
19:14:21.0015 0480 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:14:21.0015 0480 RDSessMgr - ok
19:14:21.0062 0480 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:14:21.0062 0480 redbook - ok
19:14:21.0093 0480 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:14:21.0093 0480 RemoteAccess - ok
19:14:21.0140 0480 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:14:21.0140 0480 RemoteRegistry - ok
19:14:21.0187 0480 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:14:21.0187 0480 RpcLocator - ok
19:14:21.0234 0480 [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:14:21.0234 0480 RpcSs - ok
19:14:21.0296 0480 [ 743D7D59767073A617B1DCC6C546F234 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:14:21.0296 0480 rspndr - ok
19:14:21.0343 0480 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:14:21.0343 0480 RSVP - ok
19:14:21.0359 0480 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:14:21.0359 0480 SamSs - ok
19:14:21.0421 0480 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:14:21.0437 0480 SCardSvr - ok
19:14:21.0500 0480 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:14:21.0500 0480 Schedule - ok
19:14:21.0546 0480 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:14:21.0546 0480 Secdrv - ok
19:14:21.0593 0480 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:14:21.0593 0480 seclogon - ok
19:14:21.0671 0480 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
19:14:21.0687 0480 senfilt - ok
19:14:21.0750 0480 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:14:21.0750 0480 SENS - ok
19:14:21.0765 0480 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:14:21.0765 0480 serenum - ok
19:14:21.0796 0480 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:14:21.0796 0480 Serial - ok
19:14:21.0875 0480 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:14:21.0875 0480 Sfloppy - ok
19:14:21.0937 0480 [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:14:21.0937 0480 SharedAccess - ok
19:14:21.0984 0480 [ 888CD7B39C37E13A2419BECFAAF0A28C ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:14:22.0000 0480 ShellHWDetection - ok
19:14:22.0015 0480 Simbad - ok
19:14:22.0078 0480 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:14:22.0078 0480 sisagp - ok
19:14:22.0171 0480 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:14:22.0171 0480 smwdm - ok
19:14:22.0203 0480 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:14:22.0203 0480 Sparrow - ok
19:14:22.0218 0480 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:14:22.0218 0480 splitter - ok
19:14:22.0265 0480 [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:14:22.0281 0480 Spooler - ok
19:14:22.0343 0480 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] SR C:\WINDOWS\system32\DRIVERS\sr.sys
19:14:22.0343 0480 SR - ok
19:14:22.0390 0480 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:14:22.0390 0480 srservice - ok
19:14:22.0468 0480 [ 9B390283569EA58D43D2586032B892F5 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:14:22.0468 0480 Srv - ok
19:14:22.0531 0480 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:14:22.0531 0480 SSDPSRV - ok
19:14:22.0593 0480 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:14:22.0609 0480 stisvc - ok
19:14:22.0609 0480 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:14:22.0625 0480 swenum - ok
19:14:22.0640 0480 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:14:22.0640 0480 swmidi - ok
19:14:22.0640 0480 SwPrv - ok
19:14:22.0687 0480 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
19:14:22.0687 0480 symc810 - ok
19:14:22.0703 0480 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:14:22.0703 0480 symc8xx - ok
19:14:22.0703 0480 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:14:22.0703 0480 sym_hi - ok
19:14:22.0718 0480 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:14:22.0718 0480 sym_u3 - ok
19:14:22.0718 0480 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:14:22.0734 0480 sysaudio - ok
19:14:22.0765 0480 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:14:22.0781 0480 SysmonLog - ok
19:14:22.0828 0480 [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:14:22.0843 0480 TapiSrv - ok
19:14:22.0890 0480 [ 51E41F16ACD80B8B39C0AE703A213F09 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:14:22.0890 0480 Tcpip - ok
19:14:22.0921 0480 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:14:22.0921 0480 TDPIPE - ok
19:14:22.0953 0480 [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:14:22.0953 0480 TDTCP - ok
19:14:22.0984 0480 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:14:22.0984 0480 TermDD - ok
19:14:23.0015 0480 [ 5128852A18AE46C387F87BF27DA4C9DD ] TermService C:\WINDOWS\System32\termsrv.dll
19:14:23.0031 0480 TermService - ok
19:14:23.0062 0480 [ 888CD7B39C37E13A2419BECFAAF0A28C ] Themes C:\WINDOWS\System32\shsvcs.dll
19:14:23.0078 0480 Themes - ok
19:14:23.0125 0480 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:14:23.0140 0480 TlntSvr - ok
19:14:23.0187 0480 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
19:14:23.0187 0480 TosIde - ok
19:14:23.0234 0480 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:14:23.0234 0480 TrkWks - ok
19:14:23.0281 0480 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:14:23.0281 0480 Udfs - ok
19:14:23.0312 0480 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
19:14:23.0312 0480 ultra - ok
19:14:23.0390 0480 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:14:23.0406 0480 Update - ok
19:14:23.0468 0480 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:14:23.0468 0480 upnphost - ok
19:14:23.0515 0480 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:14:23.0515 0480 UPS - ok
19:14:23.0562 0480 [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:14:23.0562 0480 usbccgp - ok
19:14:23.0625 0480 [ 52674B5DBEE499342A599C7771ABECAA ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:14:23.0625 0480 usbehci - ok
19:14:23.0687 0480 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:14:23.0703 0480 usbhub - ok
19:14:23.0765 0480 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:14:23.0765 0480 usbprint - ok
19:14:23.0812 0480 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:14:23.0812 0480 USBSTOR - ok
19:14:23.0859 0480 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:14:23.0859 0480 usbuhci - ok
19:14:23.0937 0480 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:14:23.0937 0480 VgaSave - ok
19:14:23.0968 0480 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:14:23.0968 0480 viaagp - ok
19:14:23.0984 0480 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:14:23.0984 0480 ViaIde - ok
19:14:24.0015 0480 [ 82132036EE4D3E8AA3E73FEEBE1A9741 ] VMSCSI C:\WINDOWS\system32\DRIVERS\vmscsi.sys
19:14:24.0015 0480 VMSCSI - ok
19:14:24.0031 0480 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:14:24.0031 0480 VolSnap - ok
19:14:24.0078 0480 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:14:24.0078 0480 VSS - ok
19:14:24.0125 0480 [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time C:\WINDOWS\system32\w32time.dll
19:14:24.0140 0480 W32Time - ok
19:14:24.0171 0480 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:14:24.0171 0480 Wanarp - ok
19:14:24.0265 0480 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:14:24.0281 0480 Wdf01000 - ok
19:14:24.0296 0480 WDICA - ok
19:14:24.0328 0480 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:14:24.0328 0480 wdmaud - ok
19:14:24.0406 0480 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:14:24.0406 0480 WebClient - ok
19:14:24.0546 0480 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:14:24.0546 0480 winmgmt - ok
19:14:24.0625 0480 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
19:14:24.0656 0480 WinRM - ok
19:14:24.0734 0480 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:14:24.0734 0480 WmdmPmSN - ok
19:14:24.0812 0480 [ DA1BF58EE904C814E748C9FC90B37DA2 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:14:24.0812 0480 Wmi - ok
19:14:24.0890 0480 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:14:24.0890 0480 WmiApSrv - ok
19:14:25.0046 0480 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:14:25.0046 0480 WMPNetworkSvc - ok
19:14:25.0109 0480 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:14:25.0109 0480 WpdUsb - ok
19:14:25.0187 0480 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:14:25.0203 0480 WPFFontCache_v0400 - ok
19:14:25.0250 0480 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:14:25.0250 0480 WS2IFSL - ok
19:14:25.0296 0480 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:14:25.0312 0480 wscsvc - ok
19:14:25.0328 0480 WSearch - ok
19:14:25.0406 0480 [ FC1E3B06AE8D160B686C5D04B5E85371 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:14:25.0421 0480 wuauserv - ok
19:14:25.0437 0480 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:14:25.0437 0480 WudfPf - ok
19:14:25.0500 0480 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:14:25.0500 0480 WudfRd - ok
19:14:25.0546 0480 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:14:25.0562 0480 WudfSvc - ok
19:14:25.0625 0480 [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:14:25.0640 0480 WZCSVC - ok
19:14:25.0687 0480 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:14:25.0687 0480 xmlprov - ok
19:14:25.0734 0480 ================ Scan global ===============================
19:14:25.0781 0480 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:14:25.0859 0480 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
19:14:25.0875 0480 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
19:14:25.0906 0480 [ C519E15665CD89A91AD383FCE3CB556A ] C:\WINDOWS\system32\services.exe
19:14:25.0906 0480 [Global] - ok
19:14:25.0921 0480 ================ Scan MBR ==================================
19:14:25.0953 0480 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:14:26.0187 0480 \Device\Harddisk0\DR0 - ok
19:14:26.0218 0480 ================ Scan VBR ==================================
19:14:26.0218 0480 [ 20CD200491CEA82CF95E4AF41FE118B1 ] \Device\Harddisk0\DR0\Partition1
19:14:26.0218 0480 \Device\Harddisk0\DR0\Partition1 - ok
19:14:26.0234 0480 ============================================================
19:14:26.0234 0480 Scan finished
19:14:26.0234 0480 ============================================================
19:14:26.0250 3972 Detected object count: 0
19:14:26.0250 3972 Actual detected object count: 0
  • 0

#10
gringo_pr
Posted 02 December 2012 - 07:18 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

Advertisements

#11
FixDadsPC
Posted 02 December 2012 - 10:03 PM

FixDadsPC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
couldn't run aswMBR. crashed two separate times. no log available.
  • 0

#12
gringo_pr
Posted 02 December 2012 - 10:36 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#13
FixDadsPC
Posted 02 December 2012 - 11:03 PM

FixDadsPC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
not sure I understand this instruction. can you be more clear? I have never "run a script" before.
  • 0

#14
gringo_pr
Posted 02 December 2012 - 11:07 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
start by opening notepad and copy and paste the text that is inside the white box

save it as CFScript.txt and then when it is saved on the desktop I want you to drag onto the combofix icon
  • 0

#15
FixDadsPC
Posted 02 December 2012 - 11:58 PM

FixDadsPC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OK, got it done. No problems with running the CFSript. I'll turn virus scan back on and surf around to see how everything is doing.

Here is the log:


ComboFix 12-12-02.01 - Owner 12/03/2012 0:25.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.261 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-02 23:55 . 2012-12-02 23:56 -------- d-----w- c:\documents and settings\mark
2012-12-02 14:46 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CCEF523-9B6B-4581-A534-575DBFC6A45D}\mpengine.dll
2012-11-30 01:19 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-10 18:15 . 2012-11-10 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2012-11-10 18:14 . 2012-11-10 18:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PC_Drivers_Headquarters
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:43 . 2010-08-31 12:38 1875328 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2008-04-14 09:42 58368 ----a-w- c:\windows\system32\synceng.dll
2011-08-30 12:54 . 2011-08-30 12:54 75768 ----a-w- c:\program files\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll
2011-08-30 12:54 . 2011-08-30 12:54 63424 ----a-w- c:\program files\Microsoft.Practices.ObjectBuilder.dll
2011-08-30 12:54 . 2011-08-30 12:54 96216 ----a-w- c:\program files\Microsoft.Practices.EnterpriseLibrary.Common.dll
2011-08-30 12:54 . 2011-08-30 12:54 124864 ----a-w- c:\program files\Microsoft.ApplicationBlocks.Updater.dll
2011-08-30 12:54 . 2011-08-30 12:54 71664 ----a-w- c:\program files\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll
2011-08-30 12:54 . 2011-08-30 12:54 34784 ----a-w- c:\program files\Microsoft.ApplicationBlocks.Updater.Downloaders.dll
2011-08-30 12:54 . 2011-08-30 12:54 14224 ----a-w- c:\program files\ISUninstall.exe
2011-08-10 13:29 . 2011-08-10 13:29 206760 ----a-w- c:\program files\ICSharpCode.SharpZipLib.dll
2011-08-10 13:29 . 2011-08-10 13:29 92064 ----a-w- c:\program files\Interop.WUApiLib.dll
2011-08-10 13:29 . 2011-08-10 13:29 661392 ----a-w- c:\program files\cpuidsdk.dll
2011-08-10 13:29 . 2011-08-10 13:29 44432 ----a-w- c:\program files\Agent.CPU.exe
2011-08-10 13:29 . 2011-08-10 13:29 762784 ----a-w- c:\program files\ThemePack.Default.dll
2011-08-10 13:29 . 2011-08-10 13:29 297352 ----a-w- c:\program files\Common.dll
2011-08-10 13:29 . 2011-08-10 13:29 38816 ----a-w- c:\program files\ExceptionLogging.dll
2011-08-10 13:29 . 2011-08-10 13:29 2987968 ----a-w- c:\program files\DriversHQ.DriverDetective.Client.exe
2011-08-10 13:29 . 2011-08-10 13:29 55192 ----a-w- c:\program files\XPBurnComponent.dll
2011-08-10 13:28 . 2011-08-10 13:28 157592 ----a-w- c:\program files\Agent.Common.dll
2011-08-10 13:28 . 2011-08-10 13:28 128976 ----a-w- c:\program files\DriversHQ.DriverDetective.Client.Updater.exe
2011-08-10 13:28 . 2011-08-10 13:28 71592 ----a-w- c:\program files\Agent.ExceptionLogging.dll
2011-08-10 13:28 . 2011-08-10 13:28 22984 ----a-w- c:\program files\Agent.ExceptionLogging.XmlSerializers.dll
2011-08-10 13:28 . 2011-08-10 13:28 173984 ----a-w- c:\program files\Agent.Communication.dll
2011-08-10 13:28 . 2011-08-10 13:28 268224 ----a-w- c:\program files\Agent.Communication.XmlSerializers.dll
2012-01-31 20:10 . 2011-02-03 01:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PRISMSVR.EXE"="c:\windows\system32\PRISMSVR.EXE" [2003-11-20 282713]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2009-03-08 128512]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Disk Cleaner.lnk - c:\program files\Disk Cleaner\dclean.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2010-12-1 128000]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [11/17/2010 10:18 PM 5632]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [11/17/2010 10:18 PM 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [11/17/2010 10:18 PM 5632]
R0 VMSCSI;vmscsi;c:\windows\system32\drivers\vmscsi.sys [11/17/2010 10:18 PM 17968]
S0 Lsi_scsi;Lsi_scsi;c:\windows\system32\drivers\lsi_scsi.sys [12/2/2010 9:32 AM 93184]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [8/18/2009 6:50 AM 9472]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 87910927
*NewlyCreated* - ASWMBR
*Deregistered* - 87910927
*Deregistered* - aswMBR
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 75.75.76.76
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://acer.custhelp.com/euf/assets/activex/snret.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-03 00:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
- - - - - - - > 'explorer.exe'(2640)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-12-03 00:38:09
ComboFix-quarantined-files.txt 2012-12-03 05:38
ComboFix2.txt 2012-12-02 07:37
.
Pre-Run: 46,102,065,152 bytes free
Post-Run: 46,190,247,936 bytes free
.
- - End Of File - - 269835253EF6CBC448B4ED9A37B861EE


ComboFix 12-12-02.01 - Owner 12/03/2012 0:25.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.261 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-02 23:55 . 2012-12-02 23:56 -------- d-----w- c:\documents and settings\mark
2012-12-02 14:46 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CCEF523-9B6B-4581-A534-575DBFC6A45D}\mpengine.dll
2012-11-30 01:19 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-10 18:15 . 2012-11-10 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2012-11-10 18:14 . 2012-11-10 18:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PC_Drivers_Headquarters
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:43 . 2010-08-31 12:38 1875328 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2008-04-14 09:42 58368 ----a-w- c:\windows\system32\synceng.dll
2011-08-30 12:54 . 2011-08-30 12:54 75768 ----a-w- c:\program files\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll
2011-08-30 12:54 . 2011-08-30 12:54 63424 ----a-w- c:\program files\Microsoft.Practices.ObjectBuilder.dll
2011-08-30 12:54 . 2011-08-30 12:54 96216 ----a-w- c:\program files\Microsoft.Practices.EnterpriseLibrary.Common.dll
2011-08-30 12:54 . 2011-08-30 12:54 124864 ----a-w- c:\program files\Microsoft.ApplicationBlocks.Updater.dll
2011-08-30 12:54 . 2011-08-30 12:54 71664 ----a-w- c:\program files\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll
2011-08-30 12:54 . 2011-08-30 12:54 34784 ----a-w- c:\program files\Microsoft.ApplicationBlocks.Updater.Downloaders.dll
2011-08-30 12:54 . 2011-08-30 12:54 14224 ----a-w- c:\program files\ISUninstall.exe
2011-08-10 13:29 . 2011-08-10 13:29 206760 ----a-w- c:\program files\ICSharpCode.SharpZipLib.dll
2011-08-10 13:29 . 2011-08-10 13:29 92064 ----a-w- c:\program files\Interop.WUApiLib.dll
2011-08-10 13:29 . 2011-08-10 13:29 661392 ----a-w- c:\program files\cpuidsdk.dll
2011-08-10 13:29 . 2011-08-10 13:29 44432 ----a-w- c:\program files\Agent.CPU.exe
2011-08-10 13:29 . 2011-08-10 13:29 762784 ----a-w- c:\program files\ThemePack.Default.dll
2011-08-10 13:29 . 2011-08-10 13:29 297352 ----a-w- c:\program files\Common.dll
2011-08-10 13:29 . 2011-08-10 13:29 38816 ----a-w- c:\program files\ExceptionLogging.dll
2011-08-10 13:29 . 2011-08-10 13:29 2987968 ----a-w- c:\program files\DriversHQ.DriverDetective.Client.exe
2011-08-10 13:29 . 2011-08-10 13:29 55192 ----a-w- c:\program files\XPBurnComponent.dll
2011-08-10 13:28 . 2011-08-10 13:28 157592 ----a-w- c:\program files\Agent.Common.dll
2011-08-10 13:28 . 2011-08-10 13:28 128976 ----a-w- c:\program files\DriversHQ.DriverDetective.Client.Updater.exe
2011-08-10 13:28 . 2011-08-10 13:28 71592 ----a-w- c:\program files\Agent.ExceptionLogging.dll
2011-08-10 13:28 . 2011-08-10 13:28 22984 ----a-w- c:\program files\Agent.ExceptionLogging.XmlSerializers.dll
2011-08-10 13:28 . 2011-08-10 13:28 173984 ----a-w- c:\program files\Agent.Communication.dll
2011-08-10 13:28 . 2011-08-10 13:28 268224 ----a-w- c:\program files\Agent.Communication.XmlSerializers.dll
2012-01-31 20:10 . 2011-02-03 01:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PRISMSVR.EXE"="c:\windows\system32\PRISMSVR.EXE" [2003-11-20 282713]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2009-03-08 128512]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Disk Cleaner.lnk - c:\program files\Disk Cleaner\dclean.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2010-12-1 128000]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [11/17/2010 10:18 PM 5632]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [11/17/2010 10:18 PM 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [11/17/2010 10:18 PM 5632]
R0 VMSCSI;vmscsi;c:\windows\system32\drivers\vmscsi.sys [11/17/2010 10:18 PM 17968]
S0 Lsi_scsi;Lsi_scsi;c:\windows\system32\drivers\lsi_scsi.sys [12/2/2010 9:32 AM 93184]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [8/18/2009 6:50 AM 9472]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 87910927
*NewlyCreated* - ASWMBR
*Deregistered* - 87910927
*Deregistered* - aswMBR
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 75.75.76.76
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://acer.custhelp.com/euf/assets/activex/snret.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mup3n2lh.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-03 00:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
- - - - - - - > 'explorer.exe'(2640)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-12-03 00:38:09
ComboFix-quarantined-files.txt 2012-12-03 05:38
ComboFix2.txt 2012-12-02 07:37
.
Pre-Run: 46,102,065,152 bytes free
Post-Run: 46,190,247,936 bytes free
.
- - End Of File - - 269835253EF6CBC448B4ED9A37B861EE
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP