Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help please trojan.format c and pup.optional


  • Please log in to reply

#1
Pat_54

Pat_54

    Member

  • Member
  • PipPipPip
  • 212 posts
Hi

I have had some problems for about two weeks now. Computer started running slow. When I open browser sometimes I connect to internet and sometimes not. It says can't display this page. After connecting sometimes its very slow at responding. Sometimes I have got disconnected up to ten times in an hour. Very frustrating. I have contacted my internet server provider and they came out and changed my wireless router, they say everything is working fine on their end. I don't no what else to do. I thought maybe its something with the computer. I ran a full virus scan through my microsoft security essentials, a full scan through super antispyware and nothing showed up. I did a full scan on malwarebytes and it showed three things, two pup.optional.bearshare tb.a and trojan.format c. I don't know if this is the problem but I'm ready to scream. It seems like since I ran scans the disconnects are more frequent and computer getting slower. Please help me. Thank you Patty. Here is a copy of the OTL.

OTL logfile created on: 11/7/2013 11:37:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.61% Memory free
3.84 Gb Paging File | 3.27 Gb Available in Paging File | 85.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.71 Gb Total Space | 46.17 Gb Free Space | 67.20% Space Free | Partition Type: NTFS
Drive D: | 5.80 Gb Total Space | 2.95 Gb Free Space | 50.79% Space Free | Partition Type: FAT32

Computer Name: PATTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/07 11:36:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/11/07 02:20:15 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/10/16 23:25:50 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/08/12 09:11:20 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/04/17 16:18:55 | 000,422,632 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/14 15:42:18 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/03/14 15:40:52 | 001,376,340 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2004/10/08 14:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/08/02 02:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 02:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/10/16 23:25:50 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/08/12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/03/09 20:30:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2008/07/24 03:02:46 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D4F028B-5575-4E24-A989-132875308BEA}\MpKsla9f1a1b7.sys -- (MpKsla9f1a1b7)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/22 00:47:50 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MP4ConverterAudio.sys -- (MP4ConverterAudio)
DRV - [2010/09/27 13:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/06/14 08:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/31 10:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/06/04 09:19:18 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCVideo32.sys -- (MusCVideo32)
DRV - [2008/06/04 09:19:16 | 000,508,544 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCDriverV32.sys -- (MusCDriverV32)
DRV - [2007/12/14 09:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/09/14 12:03:52 | 000,980,736 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/08/02 03:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/03/14 15:21:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/03/14 15:19:24 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/03/14 15:18:00 | 000,851,402 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/03/14 15:15:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/03/14 15:15:24 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/03/14 15:14:52 | 000,065,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/03/14 15:12:02 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/03/14 15:10:56 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2005/09/09 17:15:32 | 001,032,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/06/30 04:50:00 | 000,072,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003/06/30 04:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/06/30 04:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...s=PTB&M=NX860XL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7EDA56B3-0B62-4F78-9D62-F73F5C654949}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 20:30:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/03/09 19:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/03/14 17:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h4vxsm2x.default\extensions
[2013/03/14 17:53:53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h4vxsm2x.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/03/10 18:04:01 | 000,531,283 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h4vxsm2x.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/03/09 20:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/09 20:30:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/15 19:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/15 19:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/14 17:28:25 | 000,572,148 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 15484 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2698A5C7-EA98-4195-ADC3-6AB12C1614C6}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/07 11:35:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/11/01 08:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2013/10/23 15:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\equifax report me
[2013/10/23 13:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\equifax report
[2013/10/16 23:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/16 23:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/16 23:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2009/01/01 02:14:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/11/07 11:36:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/11/07 10:16:03 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/11/07 10:06:06 | 000,194,401 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/11/07 10:05:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/07 02:19:33 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\Administrator\random.dat
[2013/11/06 23:41:56 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
[2013/11/03 01:54:11 | 000,442,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/03 01:54:11 | 000,072,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/02 22:37:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/20 18:53:40 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/10/15 17:08:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/10/09 20:11:18 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/09 20:06:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2013/05/17 02:12:18 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2013/03/18 00:51:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\sfc
[2013/01/01 07:16:06 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\ud-boot-time.ini
[2012/10/25 23:30:19 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_cl_loginapplet_LIVE.dat
[2012/06/21 19:00:42 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE1.dat
[2012/06/01 22:30:20 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
[2012/05/12 18:53:16 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Administrator\random.dat
[2012/02/25 20:00:35 | 000,000,316 | ---- | C] () -- C:\WINDOWS\w32demo8.ini
[2012/02/17 11:03:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/30 00:20:18 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2012/01/30 00:20:15 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2012/01/30 00:20:15 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2012/01/30 00:20:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2012/01/30 00:20:10 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2012/01/30 00:20:10 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2012/01/30 00:20:05 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2012/01/30 00:20:04 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/12/20 20:24:07 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ESGAppInfo.dll
[2011/11/20 12:41:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/28 22:53:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2011/01/25 07:14:21 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/02 23:49:05 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\setup_ldm.iss
[2009/04/07 19:38:36 | 000,000,364 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2009/02/10 00:47:28 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ghH6NSCmtt.gif
[2009/02/10 00:47:28 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ghH6NSCmnn.gif
[2009/02/10 00:47:28 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ghH6NSCmyy.gif
[2009/02/05 19:04:32 | 003,670,016 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.bak
[2009/01/31 23:59:44 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\tt.gif
[2009/01/31 23:59:44 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\nn.gif
[2009/01/31 23:59:44 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\yy.gif
[2009/01/01 20:48:48 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/01/01 02:14:27 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
[2009/01/01 02:14:27 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2009/01/01 02:14:27 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/08/14 20:04:24 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
[2008/07/29 21:37:50 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/06/17 04:37:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/02/01 00:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2012/02/26 00:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2009/05/09 10:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blitware
[2011/03/11 18:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\bsbandmltbpi
[2011/12/20 19:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/05/09 09:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2013/06/09 11:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
[2013/07/28 15:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2009/02/01 00:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2008/07/24 03:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008/07/24 02:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2009/05/28 19:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Musicmatch
[2011/02/27 20:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2011/04/08 08:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2011/12/20 21:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/05/11 11:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2011/07/20 15:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
[2008/08/13 23:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2008/08/15 00:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ringtone
[2008/12/29 23:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RipIt4Me
[2008/07/24 02:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/10/29 01:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2011/07/21 23:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartDVDCreator
[2010/10/06 18:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2009/04/07 19:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2011/11/15 13:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2011/07/20 20:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2013/03/18 01:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2013/03/12 04:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2012/07/04 15:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/07/19 22:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/11/15 12:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2009/05/09 10:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2012/01/29 23:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverWizard
[2010/11/03 11:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/08/13 20:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2013/04/25 10:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/02/27 20:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/02/25 02:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/09 08:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/08/13 23:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2013/03/12 02:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/10/28 22:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/01/01 20:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 11/7/2013 11:37:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.61% Memory free
3.84 Gb Paging File | 3.27 Gb Available in Paging File | 85.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.71 Gb Total Space | 46.17 Gb Free Space | 67.20% Space Free | Partition Type: NTFS
Drive D: | 5.80 Gb Total Space | 2.95 Gb Free Space | 50.79% Space Free | Partition Type: FAT32

Computer Name: PATTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Bluetooth Software
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{4D24F198-A2CB-46B5-BB16-41B69C644B6C}" = Microsoft Security Client
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.78
"{607398CF-354B-4E21-B1BC-549424BFD04C}" = TIPCI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6CF4996E-9A09-4C7A-BB2B-22CB4D7F33BE}" = nav-u tool
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"CLO" = CLO
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.18
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.24.430
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"Hardwood Euchre" = Hardwood Euchre
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{607398CF-354B-4E21-B1BC-549424BFD04C}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 16.0" = RealPlayer
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Speccy" = Speccy
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"UltraDefrag" = Ultra Defragmenter
"Uninstall_is1" = Uninstall 1.0.0.1
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/1/2013 9:54:04 AM | Computer Name = PATTY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ System Events ]
Error - 10/7/2013 5:36:45 PM | Computer Name = PATTY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/7/2013 5:36:53 PM | Computer Name = PATTY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/7/2013 5:37:00 PM | Computer Name = PATTY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/7/2013 5:37:07 PM | Computer Name = PATTY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/28/2013 4:55:17 PM | Computer Name = PATTY | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/28/2013 4:55:17 PM | Computer Name = PATTY | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/1/2013 9:40:07 AM | Computer Name = PATTY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.161.1109.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10003.0

Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 11/1/2013 12:09:22 PM | Computer Name = PATTY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 11/2/2013 11:38:27 PM | Computer Name = PATTY | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/2/2013 11:38:27 PM | Computer Name = PATTY | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >



  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.



Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
  • 0

#3
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi RKinner. Thanks for the help. I keep getting the post is to long so I guess I try this in pieces here. First I ran the event viewer and did what you asked and had two logs but now can only find one so that is in this post.

Posted Image

Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/11/2013 7:55:06 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



  • 0

#4
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Process CPU Private Bytes Working Set PID Verified Signer
alg.exe 1,212 K 3,696 K 2840 (Verified) Microsoft Windows Component Publisher
BTStackServer.exe 6,204 K 10,208 K 2236 (No signature was present in the subject) Broadcom Corporation.
BTTray.exe 3,828 K 6,484 K 1788 (No signature was present in the subject) Broadcom Corporation.
btwdins.exe 1,840 K 2,560 K 1476 (No signature was present in the subject) Broadcom Corporation.
csrss.exe 1,700 K 3,976 K 916 (Verified) Microsoft Windows Component Publisher
dllhost.exe 2,296 K 6,392 K 736 (Verified) Microsoft Windows Component Publisher
ehrecvr.exe 2,512 K 4,712 K 1516 (Verified) Microsoft Windows
ehSched.exe 720 K 2,748 K 1536 (Verified) Microsoft Windows Publisher
EvtEng.exe 8,140 K 12,088 K 1496 (No signature was present in the subject) Intel Corporation
explorer.exe 17,416 K 24,736 K 1700 (Verified) Microsoft Windows Component Publisher
iexplore.exe 7,232 K 1,404 K 3552 (Verified) Microsoft Windows
iexplore.exe 24,348 K 32,100 K 2320 (Verified) Microsoft Windows
jqs.exe 2,148 K 1,456 K 1564 (Verified) Oracle America
jusched.exe 924 K 3,184 K 3736 (Verified) Oracle America
lsass.exe 2,380 K 1,408 K 1012 (Verified) Microsoft Windows Component Publisher
mcrdsvc.exe 868 K 3,160 K 852 (Verified) Microsoft Windows Publisher
MsMpEng.exe 62,204 K 53,556 K 1320 (Verified) Microsoft Corporation
msseces.exe 4,648 K 9,472 K 3456 (Verified) Microsoft Corporation
notepad.exe 1,044 K 724 K 716 (Verified) Microsoft Windows Component Publisher
notepad.exe 1,044 K 540 K 2576 (Verified) Microsoft Windows Component Publisher
notepad.exe 1,928 K 732 K 3920 (Verified) Microsoft Windows Component Publisher
nvsvc32.exe 2,732 K 4,368 K 2044 (Verified) Microsoft Windows Hardware Compatibility Publisher
RegSrvc.exe 892 K 3,264 K 696 (No signature was present in the subject) Intel Corporation
S24EvMon.exe 6,732 K 10,852 K 1692 (No signature was present in the subject) Intel Corporation
SASCore.exe 632 K 2,248 K 292 (Verified) SUPERAntiSpyware.com
services.exe 1,976 K 4,032 K 1000 (Verified) Microsoft Windows Component Publisher
smss.exe 172 K 444 K 856 (Verified) Microsoft Windows Component Publisher
spoolsv.exe 5,676 K 8,160 K 288 (Verified) Microsoft Windows Component Publisher
SUPERANTISPYWARE.EXE 139,840 K 824 K 3792 (Verified) SUPERAntiSpyware.com
svchost.exe 3,232 K 5,700 K 1180 (Verified) Microsoft Windows Component Publisher
svchost.exe 2,072 K 4,984 K 1260 (Verified) Microsoft Windows Component Publisher
svchost.exe 23,528 K 35,860 K 1356 (Verified) Microsoft Windows Component Publisher
svchost.exe 2,368 K 3,468 K 1400 (Verified) Microsoft Windows Component Publisher
svchost.exe 4,768 K 7,136 K 1844 (Verified) Microsoft Windows Component Publisher
svchost.exe 1,244 K 3,344 K 1888 (Verified) Microsoft Windows Component Publisher
svchost.exe 1,392 K 3,936 K 440 (Verified) Microsoft Windows Component Publisher
svchost.exe 4,156 K 6,252 K 548 (Verified) Microsoft Windows Component Publisher
svchost.exe 1,608 K 3,564 K 3656 (Verified) Microsoft Windows Component Publisher
svchost.exe 8,608 K 10,120 K 2832 (Verified) Microsoft Windows Component Publisher
SynTPEnh.exe 1,592 K 4,500 K 3356 (Verified) Microsoft Windows Hardware Compatibility Publisher
SynTPLpr.exe 876 K 2,772 K 3328 (Verified) Microsoft Windows Hardware Compatibility Publisher
System 0 K 240 K 4
winlogon.exe 6,712 K 3,628 K 952 (Verified) Microsoft Windows Component Publisher
WinPatrol.exe 2,032 K 5,408 K 3604 (Verified) BillP Studios
wmiprvse.exe 1,908 K 5,216 K 2052 (Verified) Microsoft Windows Component Publisher
Interrupts < 0.01 0 K 0 K n/a
procexp.exe 0.78 35,704 K 42,504 K 144 (Verified) Microsoft Corporation
System Idle Process 99.22 0 K 28 K 0




  • 0

#5
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Administrator (administrator) on PATTY on 07-11-2013 20:15:18
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [98394 2004-10-08] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [688218 2004-10-08] (Synaptics, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [422632 2013-04-17] (BillP Studios)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\LMIinit: C:\Windows\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [5717272 2013-11-07] (SUPERAntiSpyware)
HKU\Default User\...\Run: [Power2GoExpress] - NA
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
SearchScopes: HKCU - {7EDA56B3-0B62-4F78-9D62-F73F5C654949} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h4vxsm2x.default
FF SelectedSearchEngine: Bing
FF Homepage: www.msn.com
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h4vxsm2x.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: noscript - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h4vxsm2x.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S4 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [196608 2008-07-24] (New Boundary Technologies, Inc.)
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-08-02] (Intel Corporation )
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S4 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [x]

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2008-07-24] (Meetinghouse Data Communications)
R3 btaudio; C:\Windows\System32\drivers\btaudio.sys [328237 2006-03-14] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30427 2006-03-14] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [851402 2006-03-14] (Broadcom Corporation.)
R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-03-14] (Broadcom Corporation.)
R3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148900 2006-03-14] (Broadcom Corporation.)
S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [45683 2006-03-14] (Broadcom Corporation.)
R3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [30285 2006-03-14] (Broadcom Corporation.)
R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [65784 2006-03-14] (Broadcom Corporation.)
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2006-03-19] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2006-03-19] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-03-19] (HP)
S3 LHidUsb; C:\Windows\System32\Drivers\LHidUsb.Sys [37884 2003-06-30] (Logitech, Inc.)
R2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2010-05-31] (LogMeIn, Inc.)
S3 MP4ConverterAudio; C:\Windows\System32\drivers\MP4ConverterAudio.sys [23608 2011-03-22] (Windows ® Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsl8f3d048a; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CE9BA08-AA8D-45F7-83CC-02B87CCE4614}\MpKsl8f3d048a.sys [40392 2013-11-07] (Microsoft Corporation)
S3 MusCDriverV32; C:\Windows\System32\drivers\MusCDriverV32.sys [508544 2008-06-04] (Windows ® 2000/XP)
S3 MusCVideo32; C:\Windows\System32\DRIVERS\MusCVideo32.sys [3768 2008-06-04] (Windows ® 2000 DDK provider)
R3 NETw3x32; C:\Windows\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-27] (Intel® Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12544 2006-08-02] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1032472 2005-09-09] (SigmaTel, Inc.)
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 usbser; C:\Windows\System32\Drivers\usbser.sys [26240 2013-08-28] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-11-07 20:14 - 2013-11-07 20:14 - 00000000 ____D C:\FRST
2013-11-07 20:13 - 2013-11-07 20:13 - 01089445 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2013-11-07 20:12 - 2013-11-07 20:12 - 00003816 _____ C:\Documents and Settings\Administrator\Desktop\Hardware Interrupts and DPCs.txt
2013-11-07 20:04 - 2013-11-07 20:04 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Administrator\Desktop\procexp.exe
2013-11-07 20:02 - 2013-11-07 20:02 - 00437285 _____ C:\Documents and Settings\Administrator\Desktop\PATTY.txt
2013-11-07 19:59 - 2013-11-07 19:59 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2013-11-07 19:59 - 2013-11-07 19:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2013-11-07 19:57 - 2013-11-07 19:57 - 05552488 _____ (Piriform Ltd) C:\Documents and Settings\Administrator\Desktop\spsetup123.exe
2013-11-07 11:41 - 2013-11-07 11:41 - 00065550 _____ C:\Documents and Settings\Administrator\Desktop\OTL.Txt
2013-11-07 11:41 - 2013-11-07 11:41 - 00036760 _____ C:\Documents and Settings\Administrator\Desktop\Extras.Txt
2013-11-07 11:35 - 2013-11-07 11:36 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2013-11-01 08:54 - 2013-11-01 08:54 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2013-10-23 15:56 - 2013-10-23 15:56 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\equifax report me
2013-10-23 13:29 - 2013-10-23 13:37 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\equifax report
2013-10-16 23:26 - 2013-10-16 23:26 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-16 23:26 - 2013-10-16 23:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-16 23:26 - 2013-10-16 23:25 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-16 23:26 - 2013-10-16 23:25 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-16 23:26 - 2013-10-16 23:25 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-16 23:26 - 2013-10-16 23:25 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-16 23:26 - 2013-10-16 23:25 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-16 23:25 - 2013-10-16 23:25 - 00000000 ____D C:\Program Files\Java
2013-10-09 20:07 - 2013-10-09 20:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-09 20:06 - 2013-10-09 20:06 - 00129646 _____ C:\WINDOWS\KB2862335.log
2013-10-09 20:06 - 2013-10-09 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-09 20:02 - 2013-10-09 20:02 - 00012034 _____ C:\WINDOWS\KB2868038.log
2013-10-09 20:02 - 2013-10-09 20:02 - 00010639 _____ C:\WINDOWS\KB2884256.log
2013-10-09 20:02 - 2013-10-09 20:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-10-09 20:02 - 2013-10-09 20:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-09 20:01 - 2013-10-09 20:01 - 00012545 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-09 20:01 - 2013-10-09 20:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-09 20:00 - 2013-10-09 20:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-09 18:24 - 2013-10-09 20:07 - 00133970 _____ C:\WINDOWS\KB2847311.log

==================== One Month Modified Files and Folders =======

2013-11-07 20:14 - 2013-11-07 20:14 - 00000000 ____D C:\FRST
2013-11-07 20:13 - 2013-11-07 20:13 - 01089445 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2013-11-07 20:12 - 2013-11-07 20:12 - 00003816 _____ C:\Documents and Settings\Administrator\Desktop\Hardware Interrupts and DPCs.txt
2013-11-07 20:05 - 2006-06-17 04:39 - 01142267 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-07 20:04 - 2013-11-07 20:04 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Administrator\Desktop\procexp.exe
2013-11-07 20:03 - 2013-09-27 12:55 - 00043262 _____ C:\WINDOWS\setupapi.log
2013-11-07 20:02 - 2013-11-07 20:02 - 00437285 _____ C:\Documents and Settings\Administrator\Desktop\PATTY.txt
2013-11-07 19:59 - 2013-11-07 19:59 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2013-11-07 19:59 - 2013-11-07 19:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2013-11-07 19:59 - 2013-03-17 23:54 - 00000000 ____D C:\Program Files\Speccy
2013-11-07 19:57 - 2013-11-07 19:57 - 05552488 _____ (Piriform Ltd) C:\Documents and Settings\Administrator\Desktop\spsetup123.exe
2013-11-07 19:56 - 2013-02-24 15:03 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-07 19:55 - 2013-07-28 18:28 - 00000358 _____ C:\VEW.txt
2013-11-07 19:48 - 2012-03-27 21:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-07 19:47 - 2012-01-30 00:21 - 00194401 _____ C:\WINDOWS\system32\nvapps.xml
2013-11-07 19:47 - 2006-06-17 04:36 - 00000000 ____D C:\WINDOWS\Registration
2013-11-07 18:56 - 2006-06-16 21:34 - 00000216 _____ C:\WINDOWS\wiadebug.log
2013-11-07 18:56 - 2006-06-16 21:34 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-11-07 18:53 - 2013-07-07 11:32 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
2013-11-07 11:41 - 2013-11-07 11:41 - 00065550 _____ C:\Documents and Settings\Administrator\Desktop\OTL.Txt
2013-11-07 11:41 - 2013-11-07 11:41 - 00036760 _____ C:\Documents and Settings\Administrator\Desktop\Extras.Txt
2013-11-07 11:36 - 2013-11-07 11:35 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2013-11-07 02:19 - 2012-05-12 18:53 - 00000024 _____ C:\Documents and Settings\Administrator\random.dat
2013-11-06 23:41 - 2012-06-01 22:30 - 00000069 _____ C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
2013-11-03 01:54 - 2006-06-16 21:31 - 00522918 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-02 22:37 - 2006-06-17 04:23 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-01 11:08 - 2013-09-12 09:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-11-01 08:54 - 2013-11-01 08:54 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2013-10-23 15:56 - 2013-10-23 15:56 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\equifax report me
2013-10-23 13:37 - 2013-10-23 13:29 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\equifax report
2013-10-20 18:53 - 2008-12-31 00:27 - 00000049 _____ C:\WINDOWS\NeroDigital.ini
2013-10-16 23:26 - 2013-10-16 23:26 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-16 23:26 - 2013-10-16 23:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-16 23:25 - 2013-10-16 23:26 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-16 23:25 - 2013-10-16 23:26 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-16 23:25 - 2013-10-16 23:26 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-16 23:25 - 2013-10-16 23:26 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-16 23:25 - 2013-10-16 23:26 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-16 23:25 - 2013-10-16 23:25 - 00000000 ____D C:\Program Files\Java
2013-10-15 17:08 - 2012-04-30 21:23 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-10-15 17:08 - 2012-01-26 14:01 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-10-15 17:08 - 2012-01-26 14:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-15 17:07 - 2013-03-02 16:14 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-15 17:07 - 2013-03-02 16:14 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-13 20:29 - 2006-06-17 04:36 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-09 20:11 - 2006-06-16 21:30 - 00200936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 20:07 - 2013-10-09 20:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-09 20:07 - 2013-10-09 18:24 - 00133970 _____ C:\WINDOWS\KB2847311.log
2013-10-09 20:07 - 2006-06-18 23:33 - 00676719 _____ C:\WINDOWS\updspapi.log
2013-10-09 20:07 - 2006-06-16 21:31 - 02884365 _____ C:\WINDOWS\FaxSetup.log
2013-10-09 20:07 - 2006-06-16 21:31 - 01433668 _____ C:\WINDOWS\ocgen.log
2013-10-09 20:07 - 2006-06-16 21:31 - 01341894 _____ C:\WINDOWS\tsoc.log
2013-10-09 20:07 - 2006-06-16 21:31 - 01258213 _____ C:\WINDOWS\iis6.log
2013-10-09 20:07 - 2006-06-16 21:31 - 00934057 _____ C:\WINDOWS\comsetup.log
2013-10-09 20:07 - 2006-06-16 21:31 - 00909630 _____ C:\WINDOWS\msmqinst.log
2013-10-09 20:07 - 2006-06-16 21:31 - 00575654 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-09 20:07 - 2006-06-16 21:31 - 00522180 _____ C:\WINDOWS\netfxocm.log
2013-10-09 20:07 - 2006-06-16 21:31 - 00366761 _____ C:\WINDOWS\MedCtrOC.log
2013-10-09 20:07 - 2006-06-16 21:31 - 00339635 _____ C:\WINDOWS\plusoc.log
2013-10-09 20:07 - 2006-06-16 21:31 - 00163074 _____ C:\WINDOWS\ehOCGen.log
2013-10-09 20:07 - 2006-06-16 21:31 - 00156365 _____ C:\WINDOWS\ocmsn.log
2013-10-09 20:07 - 2006-06-16 21:31 - 00145974 _____ C:\WINDOWS\msgsocm.log
2013-10-09 20:07 - 2006-06-16 21:31 - 00145133 _____ C:\WINDOWS\tabletoc.log
2013-10-09 20:07 - 2006-06-16 21:31 - 00001374 _____ C:\WINDOWS\imsins.log
2013-10-09 20:06 - 2013-10-09 20:06 - 00129646 _____ C:\WINDOWS\KB2862335.log
2013-10-09 20:06 - 2013-10-09 20:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-09 20:06 - 2013-07-27 22:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 20:06 - 2006-06-16 21:31 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-10-09 20:03 - 2010-06-03 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-09 20:03 - 2008-07-25 11:33 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-09 20:02 - 2013-10-09 20:02 - 00012034 _____ C:\WINDOWS\KB2868038.log
2013-10-09 20:02 - 2013-10-09 20:02 - 00010639 _____ C:\WINDOWS\KB2884256.log
2013-10-09 20:02 - 2013-10-09 20:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-10-09 20:02 - 2013-10-09 20:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-09 20:02 - 2009-08-14 14:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 20:01 - 2013-10-09 20:01 - 00012545 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-09 20:01 - 2013-10-09 20:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-09 20:00 - 2013-10-09 20:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$

Files to move or delete:
====================
C:\Documents and Settings\Administrator\jagex_cl_loginapplet_LIVE.dat
C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE1.dat
C:\Documents and Settings\Administrator\random.dat


Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\temp\_is4.exe
C:\Documents and Settings\Administrator\Local Settings\temp\_isA.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


  • 0

#6
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Administrator at 2013-11-07 20:16:39
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
Could not list Security Center items. Check WMI.


==================== Installed Programs ======================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Active@ ISO Burner (Version: 2.1.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Amazon MP3 Downloader 1.0.3
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Auslogics Disk Defrag (Version: 3.6)
Bluetooth Software (Version: 5.0.1.2200)
CLO
Critical Update for Windows Media Player 11 (KB959772)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Solution
ERUNT 1.1j
Free 3GP Video Converter version 3.7.18
Free Audio CD Burner version 1.4.7
Free Video to MP3 Converter version 5.0.24.430 (Version: 5.0.24.430)
Free YouTube Download version 3.2.1.320 (Version: 3.2.1.320)
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
Hardwood Euchre
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
ImgBurn (Version: 2.5.7.0)
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software (Version: 10.50.0000)
Internet Explorer (Enable DEP)
iTunes (Version: 10.4.1.10)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Learn2 Player (Uninstall Only)
Logitech MouseWare 9.78
Logitech Registration (Version: 0.70.206)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
mCore (Version: 7.10.0000)
mDriver (Version: 7.10.0000)
mDrWiFi (Version: 7.10.0000)
mHelp (Version: 7.10.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
mIWA (Version: 7.10.0000)
mLogView (Version: 7.10.0000)
mMHouse (Version: 7.10.0000)
Motorola SM56 Data Fax Modem
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
mPfMgr (Version: 7.10.0000)
mPfWiz (Version: 7.10.0000)
mProSafe (Version: 9.00.0000)
MSVC80_x86 (Version: 1.0.1.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicmatch® Jukebox (Version: 9.00.5067)
mWlsSafe (Version: 7.10.0000)
mXML (Version: 7.10.0000)
mZConfig (Version: 7.10.0000)
nav-u tool (Version: 2.0.3.12130)
Nero Media Player
Nero OEM
NeroVision Express 2
NVIDIA Drivers (Version: 1.3)
NVIDIA PhysX (Version: 9.09.0203)
OpenOffice.org 3.3 (Version: 3.3.9567)
Power2Go 4.0
PowerDVD
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
Recovery Software Suite Gateway (Version: 1.00.0000)
SigmaTel Audio (Version: 5.10.4600.0)
Sonic Encoders (Version: 1.00)
Speccy (Version: 1.23)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SUPERAntiSpyware (Version: 5.6.1020)
Switch Sound File Converter
Synaptics Pointing Device Driver (Version: 7.12.3.0)
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0003)
TIPCI (Version: 2.00.0003)
U3Launcher (Version: 1.0.0)
Ultra Defragmenter (Version: 6.0.2)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
WavePad Sound Editor
WebFldrs XP (Version: 9.50.7523)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 28.0.2013.0)
Yahoo! Messenger

==================== Restore Points =========================


==================== Hosts content: ==========================

2006-06-17 04:23 - 2013-03-14 17:28 - 00572148 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1 cms.ad2click.nl
127.0.0.1 ad2games.com
127.0.0.1 ads.ad2games.com
127.0.0.1 content.ad20.net
127.0.0.1 core.ad20.net
127.0.0.1 banner.ad.nu

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{0DF11486-C0E5-4357-ACD4-F56E8651E456}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\wavepadShakeIcon.job => C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe

==================== Loaded Modules (whitelisted) =============

2006-08-02 02:24 - 2006-08-02 02:24 - 00348160 _____ () C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
2006-08-02 02:26 - 2006-08-02 02:26 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2006-06-17 04:23 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2006-06-17 04:23 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2006-06-17 04:23 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-06-17 04:23 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-03-18 01:18 - 2012-12-09 20:46 - 00600868 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 2046.04 MB
Available physical RAM: 1504.57 MB
Total Pagefile: 3936.57 MB
Available Pagefile: 3440.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.71 GB) (Free:46.1 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:5.8 GB) (Free:2.95 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: EDAAEDAA)
Partition 1: (Active) - (Size=69 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6 GB) - (Type=0B)

==================== End Of Log ============================


  • 0

#7
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
[attachment=67522:PATTY.txt] it wouldn't add this file so did in attachment
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Download aswMBR.exe to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
  • 0

#9
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Here's the results after doing the event viewer.
Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/11/2013 1:48:33 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/11/2013 1:47:54 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



  • 0

#10
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-08 01:49:36
-----------------------------
01:49:36.578 OS Version: Windows 5.1.2600 Service Pack 3
01:49:36.578 Number of processors: 2 586 0xF06
01:49:36.578 ComputerName: PATTY UserName:
01:49:37.640 Initialize success
01:50:58.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:50:58.359 Disk 0 Vendor: HTS72108 MC4O Size: 76319MB BusType: 3
01:50:58.531 Disk 0 MBR read successfully
01:50:58.546 Disk 0 MBR scan
01:50:58.546 Disk 0 unknown MBR code
01:50:58.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 70362 MB offset 12193335
01:50:58.562 Disk 0 Partition 2 00 0B FAT32 RECOVERY 5953 MB offset 63
01:50:58.562 Disk 0 scanning sectors +156296385
01:50:58.640 Disk 0 scanning C:\WINDOWS\system32\drivers
01:51:07.265 Service scanning
01:51:14.859 Service MpKsl65f17da0 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CE9BA08-AA8D-45F7-83CC-02B87CCE4614}\MpKsl65f17da0.sys **LOCKED** 32
01:51:22.781 Modules scanning
01:51:32.421 Scan finished successfully
02:00:16.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
02:00:16.031 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"





  • 0

Advertisements


#11
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
ComboFix 13-11-07.01 - Administrator 11/08/2013 2:35.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1550 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2013-10-08 to 2013-11-08 )))))))))))))))))))))))))))))))
.
.
2013-11-08 06:43 . 2013-11-08 06:43 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CE9BA08-AA8D-45F7-83CC-02B87CCE4614}\MpKsl65f17da0.sys
2013-11-08 01:14 . 2013-11-08 01:14 -------- d-----w- C:\FRST
2013-11-08 00:58 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CE9BA08-AA8D-45F7-83CC-02B87CCE4614}\mpengine.dll
2013-11-06 23:24 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-01 13:54 . 2013-11-01 13:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2013-10-17 04:26 . 2013-10-17 04:26 -------- d-----w- c:\program files\Common Files\Java
2013-10-17 04:26 . 2013-10-17 04:25 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-17 04:26 . 2013-10-17 04:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 04:25 . 2013-10-17 04:25 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-15 22:07 . 2013-03-02 21:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-15 22:07 . 2013-03-02 21:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33 . 2006-06-17 09:23 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2006-06-17 09:23 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2006-06-17 09:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2006-06-17 09:23 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2006-06-17 09:23 385024 ------w- c:\windows\system32\html.iec
2013-08-29 01:31 . 2006-06-17 09:23 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2008-08-14 02:01 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-03-10 01:30 . 2013-03-10 01:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-07 5717272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13594624]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-17 422632]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-3-14 622653]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-27 18:49 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=c:\windows\pss\LaunchU3.exe.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-02-10 23:35 295072 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"PCPitstop Scheduling"=2 (0x2)
"idsvc"=3 (0x3)
"RealNetworks Downloader Resolver Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
R1 MpKsl65f17da0;MpKsl65f17da0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CE9BA08-AA8D-45F7-83CC-02B87CCE4614}\MpKsl65f17da0.sys [11/8/2013 1:43 AM 40392]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [5/23/2013 3:11 PM 119056]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/19/2010 4:14 PM 12184]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/1/2009 2:14 AM 47360]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/28/2011 10:53 PM 36608]
S3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [5/7/2011 5:17 PM 23608]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [8/14/2008 2:37 PM 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [8/14/2008 2:37 PM 3768]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL65F17DA0
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-08-12 14:12]
.
2013-08-06 c:\windows\Tasks\User_Feed_Synchronization-{0DF11486-C0E5-4357-ACD4-F56E8651E456}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2013-04-25 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-02-28 01:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = https://pccreg.trend...G=&PID=CIF0=
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h4vxsm2x.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.msn.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-08 02:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4230808171-790681429-768623690-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,77,2b,95,81,9f,26,48,90,28,4d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,77,2b,95,81,9f,26,48,90,28,4d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,b2,38,05,e7,2d,ca,45,8e,13,e1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,b2,38,05,e7,2d,ca,45,8e,13,e1,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,b2,38,05,e7,2d,ca,45,8e,13,e1,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3052)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-11-08 02:40:45
ComboFix-quarantined-files.txt 2013-11-08 07:40
.
Pre-Run: 49,427,505,152 bytes free
Post-Run: 49,451,757,568 bytes free
.
- - End Of File - - B951D447143AC24B583749BB4EC566FD
B20939CD98B7710036274839082AE757
  • 0

#12
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
02:47:15.0828 0x0dd4 TDSS rootkit removing tool 3.0.0.16 Nov 1 2013 15:53:38
02:47:19.0000 0x0dd4 ============================================================
02:47:19.0000 0x0dd4 Current date / time: 2013/11/08 02:47:19.0000
02:47:19.0000 0x0dd4 SystemInfo:
02:47:19.0000 0x0dd4
02:47:19.0000 0x0dd4 OS Version: 5.1.2600 ServicePack: 3.0
02:47:19.0015 0x0dd4 Product type: Workstation
02:47:19.0015 0x0dd4 ComputerName: PATTY
02:47:19.0015 0x0dd4 UserName: Administrator
02:47:19.0015 0x0dd4 Windows directory: C:\WINDOWS
02:47:19.0015 0x0dd4 System windows directory: C:\WINDOWS
02:47:19.0015 0x0dd4 Processor architecture: Intel x86
02:47:19.0015 0x0dd4 Number of processors: 2
02:47:19.0015 0x0dd4 Page size: 0x1000
02:47:19.0015 0x0dd4 Boot type: Normal boot
02:47:19.0015 0x0dd4 ============================================================
02:47:20.0156 0x0dd4 System UUID: {82387B0A-BD10-D71F-EBBF-5BEFFA389DFD}
02:47:20.0921 0x0dd4 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:47:20.0921 0x0dd4 ============================================================
02:47:20.0921 0x0dd4 \Device\Harddisk0\DR0:
02:47:20.0921 0x0dd4 MBR partitions:
02:47:20.0921 0x0dd4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBA0E37, BlocksNum 0x896D68A
02:47:20.0921 0x0dd4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xBA0DF8
02:47:20.0921 0x0dd4 ============================================================
02:47:20.0968 0x0dd4 C: <-> \Device\Harddisk0\DR0\Partition1
02:47:20.0968 0x0dd4 D: <-> \Device\Harddisk0\DR0\Partition2
02:47:20.0968 0x0dd4 ============================================================
02:47:20.0968 0x0dd4 Initialize success
02:47:20.0968 0x0dd4 ============================================================
02:47:26.0093 0x0f54 ============================================================
02:47:26.0093 0x0f54 Scan started
02:47:26.0093 0x0f54 Mode: Manual;
02:47:26.0093 0x0f54 ============================================================
02:47:26.0093 0x0f54 KSN ping started
02:47:28.0687 0x0f54 KSN ping finished: true
02:47:29.0234 0x0f54 ================ Scan system memory ========================
02:47:29.0234 0x0f54 Scan was interrupted by user!
02:47:29.0375 0x0f54 AV detected via SS1: Microsoft Security Essentials, 4.3.0219.0, disabled, updated
02:47:29.0375 0x0f54 Win FW state via NFM: enabled
02:47:31.0812 0x0f54 ============================================================
02:47:31.0812 0x0f54 Scan finished
02:47:31.0812 0x0f54 ============================================================
02:47:31.0812 0x0b30 Detected object count: 0
02:47:31.0812 0x0b30 Actual detected object count: 0
02:48:27.0078 0x0dbc ============================================================
02:48:27.0078 0x0dbc Scan started
02:48:27.0078 0x0dbc Mode: Manual;
02:48:27.0078 0x0dbc ============================================================
02:48:27.0078 0x0dbc KSN ping started
02:48:29.0500 0x0dbc KSN ping finished: true
02:48:29.0906 0x0dbc ================ Scan system memory ========================
02:48:29.0906 0x0dbc System memory - ok
02:48:29.0906 0x0dbc ================ Scan services =============================
02:48:30.0031 0x0dbc [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF, 558231A81D30F98D2285D3AC63E0B33D0BB8BA182115E263436CC431BA4CC0CD ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
02:48:30.0031 0x0dbc !SASCORE - ok
02:48:30.0234 0x0dbc Abiosdsk - ok
02:48:30.0250 0x0dbc [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
02:48:30.0250 0x0dbc abp480n5 - ok
02:48:30.0296 0x0dbc [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:48:30.0312 0x0dbc ACPI - ok
02:48:30.0343 0x0dbc [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
02:48:30.0343 0x0dbc ACPIEC - ok
02:48:30.0390 0x0dbc [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
02:48:30.0390 0x0dbc Adobe LM Service - ok
02:48:30.0406 0x0dbc [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
02:48:30.0406 0x0dbc adpu160m - ok
02:48:30.0437 0x0dbc [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:48:30.0453 0x0dbc aec - ok
02:48:30.0546 0x0dbc [ 15E655BAA989444F56787EF558823643, CAAD1CD268C83DFABA28CA4686128A62FA8D4DCA2C3D267A2EE6AA41F0AC9347 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
02:48:30.0546 0x0dbc AegisP - ok
02:48:30.0593 0x0dbc [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:48:30.0609 0x0dbc AFD - ok
02:48:30.0640 0x0dbc [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
02:48:30.0640 0x0dbc agp440 - ok
02:48:30.0656 0x0dbc [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
02:48:30.0656 0x0dbc agpCPQ - ok
02:48:30.0656 0x0dbc [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
02:48:30.0656 0x0dbc Aha154x - ok
02:48:30.0671 0x0dbc [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
02:48:30.0671 0x0dbc aic78u2 - ok
02:48:30.0703 0x0dbc [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
02:48:30.0703 0x0dbc aic78xx - ok
02:48:30.0750 0x0dbc [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:48:30.0750 0x0dbc Alerter - ok
02:48:30.0781 0x0dbc [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
02:48:30.0781 0x0dbc ALG - ok
02:48:30.0796 0x0dbc [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
02:48:30.0796 0x0dbc AliIde - ok
02:48:30.0812 0x0dbc [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
02:48:30.0812 0x0dbc alim1541 - ok
02:48:30.0812 0x0dbc [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
02:48:30.0828 0x0dbc amdagp - ok
02:48:30.0828 0x0dbc [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
02:48:30.0828 0x0dbc amsint - ok
02:48:30.0890 0x0dbc [ 20F6F19FE9E753F2780DC2FA083AD597, 5106F0F9BA8A7DE49260A9B13BF8EC45ACA6A166FA8B10B4F69C3BB54F6840A1 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:48:30.0890 0x0dbc Apple Mobile Device - ok
02:48:30.0937 0x0dbc [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
02:48:30.0937 0x0dbc AppMgmt - ok
02:48:30.0984 0x0dbc [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:48:30.0984 0x0dbc Arp1394 - ok
02:48:31.0000 0x0dbc [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
02:48:31.0000 0x0dbc asc - ok
02:48:31.0000 0x0dbc [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
02:48:31.0000 0x0dbc asc3350p - ok
02:48:31.0015 0x0dbc [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
02:48:31.0015 0x0dbc asc3550 - ok
02:48:31.0125 0x0dbc [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:48:31.0125 0x0dbc aspnet_state - ok
02:48:31.0140 0x0dbc [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:48:31.0140 0x0dbc AsyncMac - ok
02:48:31.0171 0x0dbc [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:48:31.0187 0x0dbc atapi - ok
02:48:31.0187 0x0dbc Atdisk - ok
02:48:31.0218 0x0dbc [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:48:31.0218 0x0dbc Atmarpc - ok
02:48:31.0265 0x0dbc [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:48:31.0265 0x0dbc AudioSrv - ok
02:48:31.0296 0x0dbc [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:48:31.0296 0x0dbc audstub - ok
02:48:31.0312 0x0dbc [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:48:31.0312 0x0dbc Beep - ok
02:48:31.0390 0x0dbc [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
02:48:31.0406 0x0dbc BITS - ok
02:48:31.0421 0x0dbc [ F934D1B230F84E1D19DD00AC5A7A83ED, 32CD3A7A1F06DCCE2A4D9FA6E2AE7B3E2B57FA2D5F1C74EA79D72E5E0E352E60 ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
02:48:31.0437 0x0dbc Bridge - ok
02:48:31.0437 0x0dbc [ F934D1B230F84E1D19DD00AC5A7A83ED, 32CD3A7A1F06DCCE2A4D9FA6E2AE7B3E2B57FA2D5F1C74EA79D72E5E0E352E60 ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
02:48:31.0437 0x0dbc BridgeMP - ok
02:48:31.0484 0x0dbc [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
02:48:31.0484 0x0dbc Browser - ok
02:48:31.0546 0x0dbc [ FA187AC38057B7A2C011C8BB408E90BA, 5D0349D8AB654503D40E234CC910BB4226542B9B98EBDB95372AA5D7CC03DEE7 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
02:48:31.0562 0x0dbc btaudio - ok
02:48:31.0593 0x0dbc [ DF23F5B9432D14DE8E830B3DD8B212EA, 9A9B509B9843EDEAE237384F626F36B3268B8342A3C74C4FE3B6EE165ED77665 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
02:48:31.0609 0x0dbc BTDriver - ok
02:48:31.0703 0x0dbc [ 521330DF69F782D8D016CA02F4F2A922, CADE6C0C31C6052140C05ED786D49E8ED27E92F5C5A1114276D92771336A4FA1 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
02:48:31.0734 0x0dbc BTKRNL - ok
02:48:31.0781 0x0dbc [ 2AE804679C3455745D847F5024809BCC, 4396976ACC9E3C396A044C22D6D5F65FB493104824504B0A0FDAAA4360F29E09 ] BTSERIAL C:\WINDOWS\system32\drivers\btserial.sys
02:48:31.0781 0x0dbc BTSERIAL - ok
02:48:31.0828 0x0dbc [ 9C71A62AF03D6D2ED6CEC2889B6D7496, AB0033D2CF9534FED5388015BD6E6458E738683F00D8F6FF17F8B27BFF369F62 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
02:48:31.0843 0x0dbc btwdins - ok
02:48:31.0859 0x0dbc [ 84CB1C76543E06606A885420A941AA27, 8B7B2A031F3B9E5CE29D7F4CF9C1BD2BC2DB49671CCFD860224C651780A3AFE3 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
02:48:31.0859 0x0dbc BTWDNDIS - ok
02:48:31.0906 0x0dbc [ 8252AFDC28EA6714452D96868370B1E7, 26745FDF2BBD764BCA4CC4BA42E668DE003A506482236F039F188DFABA0EFBF8 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
02:48:31.0906 0x0dbc btwhid - ok
02:48:31.0921 0x0dbc [ AC4587C47965414F6A47350CBC17ADEE, 58E33012E0C4894F5D2C9143538925CDD2962B45597CE8AF487513E3F7025347 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
02:48:31.0921 0x0dbc btwmodem - ok
02:48:31.0968 0x0dbc [ 9803BE8F1AE813E8814C8FE1A869CC0F, 81D16134604829D6ED5E26642035715B01F83E6FC859F36411CD2CB69DF984FB ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
02:48:31.0968 0x0dbc BTWUSB - ok
02:48:32.0078 0x0dbc catchme - ok
02:48:32.0093 0x0dbc [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
02:48:32.0093 0x0dbc cbidf - ok
02:48:32.0109 0x0dbc [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:48:32.0109 0x0dbc cbidf2k - ok
02:48:32.0109 0x0dbc [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
02:48:32.0109 0x0dbc cd20xrnt - ok
02:48:32.0171 0x0dbc [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:48:32.0171 0x0dbc Cdaudio - ok
02:48:32.0187 0x0dbc [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:48:32.0187 0x0dbc Cdfs - ok
02:48:32.0234 0x0dbc [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:48:32.0250 0x0dbc Cdrom - ok
02:48:32.0328 0x0dbc [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:48:32.0328 0x0dbc CiSvc - ok
02:48:32.0343 0x0dbc [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:48:32.0343 0x0dbc ClipSrv - ok
02:48:32.0375 0x0dbc [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:48:32.0375 0x0dbc clr_optimization_v2.0.50727_32 - ok
02:48:32.0406 0x0dbc [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
02:48:32.0406 0x0dbc CmBatt - ok
02:48:32.0406 0x0dbc [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
02:48:32.0406 0x0dbc CmdIde - ok
02:48:32.0421 0x0dbc [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
02:48:32.0421 0x0dbc Compbatt - ok
02:48:32.0421 0x0dbc COMSysApp - ok
02:48:32.0437 0x0dbc [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
02:48:32.0437 0x0dbc Cpqarray - ok
02:48:32.0468 0x0dbc [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:48:32.0484 0x0dbc CryptSvc - ok
02:48:32.0500 0x0dbc [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
02:48:32.0500 0x0dbc dac2w2k - ok
02:48:32.0515 0x0dbc [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
02:48:32.0515 0x0dbc dac960nt - ok
02:48:32.0578 0x0dbc [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:48:32.0593 0x0dbc DcomLaunch - ok
02:48:32.0625 0x0dbc [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:48:32.0625 0x0dbc Dhcp - ok
02:48:32.0640 0x0dbc [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:48:32.0640 0x0dbc Disk - ok
02:48:32.0656 0x0dbc dmadmin - ok
02:48:32.0734 0x0dbc [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:48:32.0765 0x0dbc dmboot - ok
02:48:32.0781 0x0dbc [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:48:32.0796 0x0dbc dmio - ok
02:48:32.0812 0x0dbc [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:48:32.0812 0x0dbc dmload - ok
02:48:32.0843 0x0dbc [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
02:48:32.0843 0x0dbc dmserver - ok
02:48:32.0875 0x0dbc [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:48:32.0875 0x0dbc DMusic - ok
02:48:32.0906 0x0dbc [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:48:32.0921 0x0dbc Dnscache - ok
02:48:32.0968 0x0dbc [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:48:32.0968 0x0dbc Dot3svc - ok
02:48:32.0984 0x0dbc [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
02:48:33.0000 0x0dbc dpti2o - ok
02:48:33.0031 0x0dbc [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:48:33.0031 0x0dbc drmkaud - ok
02:48:33.0078 0x0dbc [ E1FA10ED8F9F700C1BE1EAE05A80EF57, F3A7CA45F495723260B25E383206275471B31BFABADB6BDB802BA06359577DF0 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
02:48:33.0093 0x0dbc e1express - ok
02:48:33.0109 0x0dbc [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:48:33.0109 0x0dbc EapHost - ok
02:48:33.0203 0x0dbc [ 5D1347AA5AE6E2F77D7F4F8372D95AC9, F3CA10753B7D76C87A71A0FEDB5EACE77E2E10E8DD44BEE7C66BCE17BD3EFD71 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
02:48:33.0218 0x0dbc ehRecvr - ok
02:48:33.0234 0x0dbc [ A53243709439AC2A4C216B817F8D7411, AF4624EEA9B165DE873B7D104D1EA3BE9A14BBC5B4CABE26544F90B78689EEF9 ] ehSched C:\WINDOWS\eHome\ehSched.exe
02:48:33.0250 0x0dbc ehSched - ok
02:48:33.0250 0x0dbc [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:48:33.0250 0x0dbc ERSvc - ok
02:48:33.0296 0x0dbc [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
02:48:33.0296 0x0dbc Eventlog - ok
02:48:33.0359 0x0dbc [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
02:48:33.0375 0x0dbc EventSystem - ok
02:48:33.0484 0x0dbc [ 6A197698A141FFE7651B962AE3172008, 9B484AF80B1DF21B2AE149854779ED6DE6537965E30029334BD67F9456B36B48 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
02:48:33.0515 0x0dbc EvtEng - ok
02:48:33.0562 0x0dbc [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:48:33.0562 0x0dbc Fastfat - ok
02:48:33.0609 0x0dbc [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:48:33.0625 0x0dbc FastUserSwitchingCompatibility - ok
02:48:33.0640 0x0dbc [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
02:48:33.0640 0x0dbc Fdc - ok
02:48:33.0656 0x0dbc [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:48:33.0656 0x0dbc Fips - ok
02:48:33.0671 0x0dbc [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
02:48:33.0671 0x0dbc Flpydisk - ok
02:48:33.0703 0x0dbc [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:48:33.0703 0x0dbc FltMgr - ok
02:48:33.0765 0x0dbc [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:48:33.0765 0x0dbc FontCache3.0.0.0 - ok
02:48:33.0796 0x0dbc [ CBE5F69A5E5B918225F420BA748F3742, 930C81195346239A7843CAE140896698675E8025BF32C3E71D2BDDA53FAB0264 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
02:48:33.0812 0x0dbc FsUsbExDisk - ok
02:48:33.0828 0x0dbc [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:48:33.0828 0x0dbc Fs_Rec - ok
02:48:33.0843 0x0dbc [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:48:33.0843 0x0dbc Ftdisk - ok
02:48:33.0875 0x0dbc [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
02:48:33.0875 0x0dbc GEARAspiWDM - ok
02:48:33.0906 0x0dbc [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:48:33.0921 0x0dbc Gpc - ok
02:48:33.0937 0x0dbc [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:48:33.0937 0x0dbc HDAudBus - ok
02:48:34.0015 0x0dbc [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:48:34.0015 0x0dbc helpsvc - ok
02:48:34.0062 0x0dbc [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
02:48:34.0062 0x0dbc HidServ - ok
02:48:34.0109 0x0dbc [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:48:34.0109 0x0dbc HidUsb - ok
02:48:34.0140 0x0dbc [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:48:34.0140 0x0dbc hkmsvc - ok
02:48:34.0171 0x0dbc [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
02:48:34.0171 0x0dbc hpn - ok
02:48:34.0218 0x0dbc [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
02:48:34.0218 0x0dbc HPZid412 - ok
02:48:34.0218 0x0dbc [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
02:48:34.0218 0x0dbc HPZipr12 - ok
02:48:34.0265 0x0dbc [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
02:48:34.0265 0x0dbc HPZius12 - ok
02:48:34.0296 0x0dbc [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:48:34.0312 0x0dbc HTTP - ok
02:48:34.0343 0x0dbc [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:48:34.0343 0x0dbc HTTPFilter - ok
02:48:34.0359 0x0dbc [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
02:48:34.0359 0x0dbc i2omgmt - ok
02:48:34.0359 0x0dbc [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
02:48:34.0359 0x0dbc i2omp - ok
02:48:34.0375 0x0dbc [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:48:34.0390 0x0dbc i8042prt - ok
02:48:34.0484 0x0dbc [ 309C4D86D989FB1FCF64BD30DC81C51B, 90412120B005D5178E27EFD09D52005BE6CE1965E5CBB59612EAD02C5896A8A7 ] iaStor C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
02:48:34.0531 0x0dbc iaStor - ok
02:48:34.0640 0x0dbc [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:48:34.0671 0x0dbc idsvc - ok
02:48:34.0703 0x0dbc [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:48:34.0703 0x0dbc Imapi - ok
02:48:34.0765 0x0dbc [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
02:48:34.0765 0x0dbc ImapiService - ok
02:48:34.0812 0x0dbc [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
02:48:34.0812 0x0dbc ini910u - ok
02:48:34.0812 0x0dbc [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
02:48:34.0812 0x0dbc IntelIde - ok
02:48:34.0859 0x0dbc [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:48:34.0859 0x0dbc intelppm - ok
02:48:34.0890 0x0dbc [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:48:34.0890 0x0dbc Ip6Fw - ok
02:48:34.0890 0x0dbc [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:48:34.0890 0x0dbc IpFilterDriver - ok
02:48:34.0906 0x0dbc [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:48:34.0906 0x0dbc IpInIp - ok
02:48:34.0953 0x0dbc [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:48:34.0953 0x0dbc IpNat - ok
02:48:35.0046 0x0dbc [ F62C69376A95795FE7CDB1C778EDACA4, 0DF0EC4330021B6CB862018A1226699F539FE1F479323AC714E58BC412CDAF9E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:48:35.0078 0x0dbc iPod Service - ok
02:48:35.0125 0x0dbc [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:48:35.0125 0x0dbc IPSec - ok
02:48:35.0156 0x0dbc [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:48:35.0156 0x0dbc IRENUM - ok
02:48:35.0187 0x0dbc [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:48:35.0187 0x0dbc isapnp - ok
02:48:35.0343 0x0dbc [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
02:48:35.0359 0x0dbc JavaQuickStarterService - ok
02:48:35.0390 0x0dbc [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:48:35.0390 0x0dbc Kbdclass - ok
02:48:35.0406 0x0dbc [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:48:35.0406 0x0dbc kbdhid - ok
02:48:35.0468 0x0dbc [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:48:35.0468 0x0dbc kmixer - ok
02:48:35.0500 0x0dbc [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:48:35.0500 0x0dbc KSecDD - ok
02:48:35.0546 0x0dbc [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:48:35.0562 0x0dbc lanmanserver - ok
02:48:35.0593 0x0dbc [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:48:35.0609 0x0dbc lanmanworkstation - ok
02:48:35.0625 0x0dbc [ BE2DC24D403643A2D1D98F33C7087B38, 0E72CAABFD41A30E6BD8E8EC7C75CAC6F96C4C32D578B58913686F1326116678 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
02:48:35.0625 0x0dbc LBeepKE - ok
02:48:35.0656 0x0dbc [ 01CC7FB6E790EF044B411377F3A1FF41, A935C0C45F7A8EA7D6A462064928B6F982709FB33C21DE6424232297F3A1948B ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
02:48:35.0656 0x0dbc LHidFilt - ok
02:48:35.0703 0x0dbc [ A5F179CD36EB1CCF41D5412E1998662C, 12D3ED4914B64F2F53323EB1EDC7EFCC677E8ED66E7E127F76B9F8837024E25A ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
02:48:35.0703 0x0dbc LHidFlt2 - ok
02:48:35.0718 0x0dbc [ F9F8E8CF9043DF4E359DD4FF1B350948, 656028D955F69535B6C5AB730C926C5E9AC21473F905FC203E2B94ED0DCA4EE0 ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys
02:48:35.0718 0x0dbc LHidUsb - ok
02:48:35.0750 0x0dbc [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:48:35.0765 0x0dbc LmHosts - ok
02:48:35.0781 0x0dbc [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
02:48:35.0796 0x0dbc lmimirr - ok
02:48:35.0796 0x0dbc LMIRfsClientNP - ok
02:48:35.0812 0x0dbc [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
02:48:35.0828 0x0dbc LMIRfsDriver - ok
02:48:35.0843 0x0dbc [ A2E7EAE8898D7B4B8C302B8F4E836BB5, 1F3C1228891C90B4567DE07AD8A9EF1F5005ED74A71EC5E814906FEF44D02ADC ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
02:48:35.0843 0x0dbc LMouFilt - ok
02:48:35.0875 0x0dbc [ C1875D6671505F8A54B5CF2B457AD82A, 238F44E37A7855E58D3BD9841D70535246E3EE927689CD934250498DD3430EB5 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
02:48:35.0875 0x0dbc LMouFlt2 - ok
02:48:35.0890 0x0dbc McAfee SiteAdvisor Service - ok
02:48:35.0937 0x0dbc [ DF0A511F38F16016BF658FCA0090CB87, 6D2F6360A4E1D369607F2F394B4A8C6EE8EEE9FA46A67394769E9C0044529B6C ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
02:48:35.0937 0x0dbc McrdSvc - ok
02:48:35.0953 0x0dbc [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:48:35.0968 0x0dbc Messenger - ok
02:48:36.0000 0x0dbc [ B7521F69C0A9B29D356157229376FB21, A77C89BDC181038DD0F9A8AC0F7164B10EF9C54B0C57D8BAB8BC27932EBF890B ] MHN C:\WINDOWS\System32\mhn.dll
02:48:36.0015 0x0dbc MHN - ok
02:48:36.0046 0x0dbc [ 7F2F1D2815A6449D346FCCCBC569FBD6, 1C5A321CE95CE4D9AA2CB5A00E9B7E711521A6BBB25D36F7F49A397C361585C6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
02:48:36.0046 0x0dbc MHNDRV - ok
02:48:36.0062 0x0dbc [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:48:36.0062 0x0dbc mnmdd - ok
02:48:36.0109 0x0dbc [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:48:36.0109 0x0dbc mnmsrvc - ok
02:48:36.0156 0x0dbc [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:48:36.0156 0x0dbc Modem - ok
02:48:36.0203 0x0dbc [ FE80C18BA448DDD76B7BEAD9EB203D37, FC8C14EAD60ACD4AA5B4F61032FAE331F76C36FBC2D881D25BBBC6EB86682166 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
02:48:36.0203 0x0dbc motmodem - ok
02:48:36.0218 0x0dbc [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:48:36.0218 0x0dbc Mouclass - ok
02:48:36.0250 0x0dbc [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:48:36.0250 0x0dbc mouhid - ok
02:48:36.0265 0x0dbc [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:48:36.0265 0x0dbc MountMgr - ok
02:48:36.0328 0x0dbc [ 8A7C8F4C713E70D73946833D76B77035, 75D07F56B8F7D50E85F6576427E8DAA3A27384F53AC31753B6213CBD011C1DEF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:48:36.0328 0x0dbc MozillaMaintenance - ok
02:48:36.0359 0x0dbc [ 95E2480DC60ABE97B4D1069097072AF9, E0D676116519C0D56FE2CD2D8241EBBC72A6347C78770E7089BAB9558F23AFAD ] MP4ConverterAudio C:\WINDOWS\system32\drivers\MP4ConverterAudio.sys
02:48:36.0359 0x0dbc MP4ConverterAudio - ok
02:48:36.0421 0x0dbc [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
02:48:36.0437 0x0dbc MpFilter - ok
02:48:36.0500 0x0dbc [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsl65f17da0 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CE9BA08-AA8D-45F7-83CC-02B87CCE4614}\MpKsl65f17da0.sys
02:48:36.0500 0x0dbc MpKsl65f17da0 - ok
02:48:36.0531 0x0dbc [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
02:48:36.0531 0x0dbc mraid35x - ok
02:48:36.0562 0x0dbc [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:48:36.0578 0x0dbc MRxDAV - ok
02:48:36.0640 0x0dbc [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:48:36.0656 0x0dbc MRxSmb - ok
02:48:36.0703 0x0dbc [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:48:36.0703 0x0dbc MSDTC - ok
02:48:36.0718 0x0dbc [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:48:36.0718 0x0dbc Msfs - ok
02:48:36.0718 0x0dbc MSIServer - ok
02:48:36.0750 0x0dbc [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:48:36.0750 0x0dbc MSKSSRV - ok
02:48:36.0812 0x0dbc [ 0A7F86657755ADA92C57E597BF5151F7, E226DFF12C4930DF1D0F1D2E7CE7BFFDF62F6DC402200EEFE196D14172A59B63 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
02:48:36.0812 0x0dbc MsMpSvc - ok
02:48:36.0828 0x0dbc [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:48:36.0828 0x0dbc MSPCLOCK - ok
02:48:36.0859 0x0dbc [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:48:36.0859 0x0dbc MSPQM - ok
02:48:36.0906 0x0dbc [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:48:36.0906 0x0dbc mssmbios - ok
02:48:36.0937 0x0dbc [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:48:36.0937 0x0dbc Mup - ok
02:48:37.0000 0x0dbc [ 690F2309C475DA6AABA1DA2902288DCF, 2CE666C0F8F9E6DC139E2004ACC176852830321726DD6E0CE24FAF908664464C ] MusCDriverV32 C:\WINDOWS\system32\drivers\MusCDriverV32.sys
02:48:37.0015 0x0dbc MusCDriverV32 - ok
02:48:37.0031 0x0dbc [ CDD8B9BA186874F11618FF4B835FAD75, DBA8C8DAC4E96E57F5782402EEC4DF298166F769EF9B85A6783FFA202E7E3C47 ] MusCVideo32 C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys
02:48:37.0031 0x0dbc MusCVideo32 - ok
02:48:37.0078 0x0dbc [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
02:48:37.0093 0x0dbc napagent - ok
02:48:37.0140 0x0dbc [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:48:37.0156 0x0dbc NDIS - ok
02:48:37.0187 0x0dbc [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:48:37.0203 0x0dbc NdisTapi - ok
02:48:37.0218 0x0dbc [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:48:37.0218 0x0dbc Ndisuio - ok
02:48:37.0234 0x0dbc [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:48:37.0234 0x0dbc NdisWan - ok
02:48:37.0265 0x0dbc [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:48:37.0281 0x0dbc NDProxy - ok
02:48:37.0312 0x0dbc [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:48:37.0328 0x0dbc NetBIOS - ok
02:48:37.0375 0x0dbc [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:48:37.0375 0x0dbc NetBT - ok
02:48:37.0421 0x0dbc [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
02:48:37.0437 0x0dbc NetDDE - ok
02:48:37.0437 0x0dbc [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:48:37.0453 0x0dbc NetDDEdsdm - ok
02:48:37.0484 0x0dbc [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:48:37.0484 0x0dbc Netlogon - ok
02:48:37.0515 0x0dbc [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
02:48:37.0531 0x0dbc Netman - ok
02:48:37.0562 0x0dbc [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:48:37.0578 0x0dbc NetTcpPortSharing - ok
02:48:37.0734 0x0dbc [ E2F396F71A793A04839DBB6AF304A026, EF7203E0E48AE6FB3084BC8A4D8A452C8F4F76C34628DB7BD81E5A1AA62C8095 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
02:48:37.0812 0x0dbc NETw3x32 - ok
02:48:37.0890 0x0dbc [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:48:37.0890 0x0dbc NIC1394 - ok
02:48:37.0921 0x0dbc [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
02:48:37.0937 0x0dbc Nla - ok
02:48:37.0937 0x0dbc [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:48:37.0953 0x0dbc Npfs - ok
02:48:37.0968 0x0dbc [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:48:37.0984 0x0dbc Ntfs - ok
02:48:38.0000 0x0dbc [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:48:38.0000 0x0dbc NtLmSsp - ok
02:48:38.0062 0x0dbc [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:48:38.0062 0x0dbc NtmsSvc - ok
02:48:38.0093 0x0dbc [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
02:48:38.0093 0x0dbc Null - ok
02:48:38.0468 0x0dbc [ D42FB8615E810901779294F5627364FE, 2D74EE4525F816387017E56F23B08EFB14BE0AD7FC5663758B71639BA46EA9B9 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:48:38.0609 0x0dbc nv - ok
02:48:38.0687 0x0dbc [ 755D3A2DE4B05024F90430FE32FF26A5, 07ED1CED388A10D6A3F6A814D4879FDA2D62C64A30D82330A23B49828BA5760C ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
02:48:38.0687 0x0dbc NVSvc - ok
02:48:38.0703 0x0dbc [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:48:38.0703 0x0dbc NwlnkFlt - ok
02:48:38.0718 0x0dbc [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:48:38.0718 0x0dbc NwlnkFwd - ok
02:48:38.0750 0x0dbc [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:48:38.0750 0x0dbc ohci1394 - ok
02:48:38.0781 0x0dbc [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
02:48:38.0781 0x0dbc Parport - ok
02:48:38.0796 0x0dbc [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:48:38.0796 0x0dbc PartMgr - ok
02:48:38.0812 0x0dbc [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:48:38.0812 0x0dbc ParVdm - ok
02:48:38.0812 0x0dbc [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:48:38.0812 0x0dbc PCI - ok
02:48:38.0828 0x0dbc PCIDump - ok
02:48:38.0828 0x0dbc [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:48:38.0828 0x0dbc PCIIde - ok
02:48:38.0843 0x0dbc [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
02:48:38.0843 0x0dbc Pcmcia - ok
02:48:38.0859 0x0dbc [ 5B6C11DE7E839C05248CED8825470FEF, DB57DFD02C18461B1B383DF759730FFEE9C7FA8577E1679FD4740A590303EE79 ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
02:48:38.0875 0x0dbc pcouffin - ok
02:48:38.0875 0x0dbc [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
02:48:38.0875 0x0dbc perc2 - ok
02:48:38.0890 0x0dbc [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
02:48:38.0890 0x0dbc perc2hib - ok
02:48:38.0906 0x0dbc [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
02:48:38.0906 0x0dbc PlugPlay - ok
02:48:38.0921 0x0dbc [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:48:38.0921 0x0dbc PolicyAgent - ok
02:48:38.0953 0x0dbc [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:48:38.0968 0x0dbc PptpMiniport - ok
02:48:39.0015 0x0dbc [ F3C8D6E59A36D4DD5729782015E685A8, 9BDEEFF8E286F4B2539838AF98EF0366EA9EF8B93FB73B4C813CC8063F7F902B ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
02:48:39.0015 0x0dbc PrismXL - ok
02:48:39.0031 0x0dbc [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:48:39.0031 0x0dbc ProtectedStorage - ok
02:48:39.0031 0x0dbc [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:48:39.0031 0x0dbc PSched - ok
02:48:39.0046 0x0dbc [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:48:39.0046 0x0dbc Ptilink - ok
02:48:39.0046 0x0dbc [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:48:39.0046 0x0dbc PxHelp20 - ok
02:48:39.0062 0x0dbc [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
02:48:39.0062 0x0dbc ql1080 - ok
02:48:39.0062 0x0dbc [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
02:48:39.0062 0x0dbc Ql10wnt - ok
02:48:39.0078 0x0dbc [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
02:48:39.0078 0x0dbc ql12160 - ok
02:48:39.0078 0x0dbc [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
02:48:39.0078 0x0dbc ql1240 - ok
02:48:39.0093 0x0dbc [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
02:48:39.0093 0x0dbc ql1280 - ok
02:48:39.0109 0x0dbc [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:48:39.0109 0x0dbc RasAcd - ok
02:48:39.0140 0x0dbc [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:48:39.0140 0x0dbc RasAuto - ok
02:48:39.0171 0x0dbc [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:48:39.0187 0x0dbc Rasl2tp - ok
02:48:39.0234 0x0dbc [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:48:39.0250 0x0dbc RasMan - ok
02:48:39.0250 0x0dbc [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:48:39.0265 0x0dbc RasPppoe - ok
02:48:39.0281 0x0dbc [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:48:39.0281 0x0dbc Raspti - ok
02:48:39.0328 0x0dbc [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:48:39.0328 0x0dbc Rdbss - ok
02:48:39.0328 0x0dbc [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:48:39.0343 0x0dbc RDPCDD - ok
02:48:39.0375 0x0dbc [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:48:39.0390 0x0dbc rdpdr - ok
02:48:39.0437 0x0dbc [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:48:39.0453 0x0dbc RDPWD - ok
02:48:39.0484 0x0dbc [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:48:39.0500 0x0dbc RDSessMgr - ok
02:48:39.0515 0x0dbc [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:48:39.0515 0x0dbc redbook - ok
02:48:39.0578 0x0dbc [ D8F61AAAE73A1FBDE6F538BECC891F2F, 6644EEE021C9A68F9B131C86CD9FB11FDC47A2E54441DA818B920E9F8AC6572D ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
02:48:39.0593 0x0dbc RegSrvc - ok
02:48:39.0625 0x0dbc [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:48:39.0625 0x0dbc RemoteAccess - ok
02:48:39.0671 0x0dbc [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:48:39.0671 0x0dbc RemoteRegistry - ok
02:48:39.0687 0x0dbc [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
02:48:39.0687 0x0dbc RpcLocator - ok
02:48:39.0734 0x0dbc [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
02:48:39.0750 0x0dbc RpcSs - ok
02:48:39.0796 0x0dbc [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:48:39.0796 0x0dbc RSVP - ok
02:48:39.0890 0x0dbc [ 25F697E3AFA7B337BBCADDBCE38E6934, 65112AE91DB44CE41F3896635FFCEB0704ED736C83EB81C632D3C727EF7A1756 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
02:48:39.0921 0x0dbc S24EventMonitor - ok
02:48:39.0968 0x0dbc [ 2862ADB14481AC28F98105FF33A99EB0, 8C490A93A2CF3CC8DDCCFA07A597EAB1F04228FA9FA54BA9F312EFDBB7413CE6 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
02:48:39.0968 0x0dbc s24trans - ok
02:48:39.0984 0x0dbc [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
02:48:39.0984 0x0dbc SamSs - ok
02:48:40.0046 0x0dbc [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:48:40.0046 0x0dbc SASDIFSV - ok
02:48:40.0062 0x0dbc [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:48:40.0062 0x0dbc SASKUTIL - ok
02:48:40.0109 0x0dbc [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:48:40.0125 0x0dbc SCardSvr - ok
02:48:40.0171 0x0dbc [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:48:40.0187 0x0dbc Schedule - ok
02:48:40.0218 0x0dbc [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
02:48:40.0234 0x0dbc sdbus - ok
02:48:40.0265 0x0dbc [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:48:40.0265 0x0dbc Secdrv - ok
02:48:40.0296 0x0dbc [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
02:48:40.0312 0x0dbc seclogon - ok
02:48:40.0328 0x0dbc [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
02:48:40.0328 0x0dbc SENS - ok
02:48:40.0406 0x0dbc [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
02:48:40.0406 0x0dbc Serial - ok
02:48:40.0468 0x0dbc [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
02:48:40.0468 0x0dbc Sfloppy - ok
02:48:40.0531 0x0dbc [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:48:40.0546 0x0dbc SharedAccess - ok
02:48:40.0562 0x0dbc [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:48:40.0578 0x0dbc ShellHWDetection - ok
02:48:40.0578 0x0dbc Simbad - ok
02:48:40.0593 0x0dbc [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
02:48:40.0593 0x0dbc sisagp - ok
02:48:40.0718 0x0dbc [ 552B76F57B541B3A8BDF2942BB43E64E, B94B6816DF5313C9355B5A547272440E094F01A199BFEAC58CF4627797557BB1 ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
02:48:40.0750 0x0dbc smserial - ok
02:48:40.0796 0x0dbc [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
02:48:40.0796 0x0dbc Sparrow - ok
02:48:40.0812 0x0dbc [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:48:40.0812 0x0dbc splitter - ok
02:48:40.0859 0x0dbc [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:48:40.0859 0x0dbc Spooler - ok
02:48:40.0875 0x0dbc [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:48:40.0890 0x0dbc sr - ok
02:48:40.0937 0x0dbc [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
02:48:40.0937 0x0dbc srservice - ok
02:48:40.0984 0x0dbc [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:48:41.0000 0x0dbc Srv - ok
02:48:41.0015 0x0dbc [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:48:41.0031 0x0dbc SSDPSRV - ok
02:48:41.0125 0x0dbc [ 0467A93B1E7FDA167E01FDEC79783154, 37360DDFF4203B7A2E11998A8937245DF02F2C12008C7077172FBE6D3F79A97C ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
02:48:41.0171 0x0dbc STHDA - ok
02:48:41.0203 0x0dbc [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:48:41.0218 0x0dbc stisvc - ok
02:48:41.0250 0x0dbc [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:48:41.0250 0x0dbc swenum - ok
02:48:41.0281 0x0dbc [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:48:41.0281 0x0dbc swmidi - ok
02:48:41.0281 0x0dbc SwPrv - ok
02:48:41.0328 0x0dbc [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
02:48:41.0328 0x0dbc symc810 - ok
02:48:41.0343 0x0dbc [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
02:48:41.0343 0x0dbc symc8xx - ok
02:48:41.0375 0x0dbc [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
02:48:41.0375 0x0dbc sym_hi - ok
02:48:41.0375 0x0dbc [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
02:48:41.0375 0x0dbc sym_u3 - ok
02:48:41.0421 0x0dbc [ EB363DDFBE8B6D51003CCAB29D93D744, 971589D7662670F6B3080476787E5DBCE67193144B423639200F2034CE2C0D21 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
02:48:41.0421 0x0dbc SynTP - ok
02:48:41.0453 0x0dbc [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:48:41.0453 0x0dbc sysaudio - ok
02:48:41.0500 0x0dbc [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:48:41.0500 0x0dbc SysmonLog - ok
02:48:41.0546 0x0dbc [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:48:41.0562 0x0dbc TapiSrv - ok
02:48:41.0625 0x0dbc [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:48:41.0640 0x0dbc Tcpip - ok
02:48:41.0687 0x0dbc [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:48:41.0687 0x0dbc TDPIPE - ok
02:48:41.0703 0x0dbc [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:48:41.0703 0x0dbc TDTCP - ok
02:48:41.0718 0x0dbc [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:48:41.0718 0x0dbc TermDD - ok
02:48:41.0765 0x0dbc [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
02:48:41.0781 0x0dbc TermService - ok
02:48:41.0812 0x0dbc [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
02:48:41.0812 0x0dbc Themes - ok
02:48:41.0859 0x0dbc [ C424F991494E5674F2E9B3CF9F5F55D1, CC799C9154431763D052AB8B41EFAE71A039EDD6EAC5E6D892E22C8BEF1D2BB5 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
02:48:41.0875 0x0dbc tifm21 - ok
02:48:41.0921 0x0dbc [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:48:41.0921 0x0dbc TlntSvr - ok
02:48:41.0953 0x0dbc [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
02:48:41.0953 0x0dbc TosIde - ok
02:48:42.0000 0x0dbc [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:48:42.0015 0x0dbc TrkWks - ok
02:48:42.0046 0x0dbc [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:48:42.0046 0x0dbc Udfs - ok
02:48:42.0046 0x0dbc [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
02:48:42.0062 0x0dbc ultra - ok
02:48:42.0125 0x0dbc [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:48:42.0140 0x0dbc Update - ok
02:48:42.0171 0x0dbc [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
02:48:42.0187 0x0dbc upnphost - ok
02:48:42.0203 0x0dbc [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
02:48:42.0218 0x0dbc UPS - ok
02:48:42.0250 0x0dbc [ 83CAFCB53201BBAC04D822F32438E244, E3F6FDE4D429FB630B19417DD9752A2CE9F6C9FD58918D714B5438A3D4136853 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
02:48:42.0265 0x0dbc USBAAPL - ok
02:48:42.0281 0x0dbc [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:48:42.0281 0x0dbc usbccgp - ok
02:48:42.0312 0x0dbc [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:48:42.0312 0x0dbc usbehci - ok
02:48:42.0359 0x0dbc [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:48:42.0375 0x0dbc usbhub - ok
02:48:42.0390 0x0dbc [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:48:42.0390 0x0dbc usbprint - ok
02:48:42.0421 0x0dbc [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:48:42.0421 0x0dbc usbscan - ok
02:48:42.0453 0x0dbc [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:48:42.0453 0x0dbc usbstor - ok
02:48:42.0468 0x0dbc [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:48:42.0484 0x0dbc usbuhci - ok
02:48:42.0484 0x0dbc [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:48:42.0484 0x0dbc VgaSave - ok
02:48:42.0531 0x0dbc [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
02:48:42.0531 0x0dbc viaagp - ok
02:48:42.0531 0x0dbc [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
02:48:42.0546 0x0dbc ViaIde - ok
02:48:42.0546 0x0dbc [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:48:42.0546 0x0dbc VolSnap - ok
02:48:42.0609 0x0dbc [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
02:48:42.0625 0x0dbc VSS - ok
02:48:42.0656 0x0dbc [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
02:48:42.0671 0x0dbc W32Time - ok
02:48:42.0687 0x0dbc [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:48:42.0687 0x0dbc Wanarp - ok
02:48:42.0750 0x0dbc [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
02:48:42.0781 0x0dbc Wdf01000 - ok
02:48:42.0796 0x0dbc [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:48:42.0796 0x0dbc wdmaud - ok
02:48:42.0843 0x0dbc [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
02:48:42.0843 0x0dbc WebClient - ok
02:48:42.0921 0x0dbc [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:48:42.0937 0x0dbc winmgmt - ok
02:48:42.0968 0x0dbc [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:48:42.0984 0x0dbc WmdmPmSN - ok
02:48:43.0062 0x0dbc [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
02:48:43.0078 0x0dbc Wmi - ok
02:48:43.0109 0x0dbc [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:48:43.0109 0x0dbc WmiApSrv - ok
02:48:43.0234 0x0dbc [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
02:48:43.0281 0x0dbc WMPNetworkSvc - ok
02:48:43.0296 0x0dbc [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:48:43.0312 0x0dbc WpdUsb - ok
02:48:43.0328 0x0dbc [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:48:43.0328 0x0dbc WS2IFSL - ok
02:48:43.0375 0x0dbc [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:48:43.0375 0x0dbc wscsvc - ok
02:48:43.0390 0x0dbc [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
02:48:43.0390 0x0dbc wuauserv - ok
02:48:43.0437 0x0dbc [ 50EB9E21963B4F06FD010D007D54351B, 0918EABC0EBFE39EFFAE15A0286A8193D18474665B572CCD5E857A127EA1055B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:48:43.0453 0x0dbc WudfPf - ok
02:48:43.0484 0x0dbc [ 6E209664BDEA8A15B5E8E480D6C607C2, 3A3C4C34DB39DE9660E68D40A0D4D351F7684A08B5B40C3B281436CEBD0DED62 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:48:43.0484 0x0dbc WudfRd - ok
02:48:43.0515 0x0dbc [ AE93084D2D236887BA56467AE42B4955, EC0B076A2B3EDA17A613219C2888EBB86A337E9C47862F0F35919C3A02942909 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:48:43.0515 0x0dbc WudfSvc - ok
02:48:43.0593 0x0dbc [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:48:43.0625 0x0dbc WZCSVC - ok
02:48:43.0656 0x0dbc [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:48:43.0656 0x0dbc xmlprov - ok
02:48:43.0671 0x0dbc ================ Scan global ===============================
02:48:43.0703 0x0dbc [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
02:48:43.0765 0x0dbc [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
02:48:43.0812 0x0dbc [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
02:48:43.0859 0x0dbc [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
02:48:43.0859 0x0dbc [ Global ] - ok
02:48:43.0859 0x0dbc ================ Scan MBR ==================================
02:48:43.0875 0x0dbc [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
02:48:44.0390 0x0dbc \Device\Harddisk0\DR0 - ok
02:48:44.0390 0x0dbc ================ Scan VBR ==================================
02:48:44.0406 0x0dbc [ 58626272034B8905393FF8F2AA9449C0 ] \Device\Harddisk0\DR0\Partition1
02:48:44.0406 0x0dbc \Device\Harddisk0\DR0\Partition1 - ok
02:48:44.0421 0x0dbc [ 3604C52CA3B930A95C760221836833AA ] \Device\Harddisk0\DR0\Partition2
02:48:44.0421 0x0dbc \Device\Harddisk0\DR0\Partition2 - ok
02:48:44.0421 0x0dbc Waiting for KSN requests completion. In queue: 231
02:48:45.0421 0x0dbc Waiting for KSN requests completion. In queue: 231
02:48:46.0421 0x0dbc Waiting for KSN requests completion. In queue: 231
02:48:47.0453 0x0dbc AV detected via SS1: Microsoft Security Essentials, 4.3.0219.0, disabled, updated
02:48:47.0453 0x0dbc Win FW state via NFM: enabled
02:48:49.0906 0x0dbc ============================================================
02:48:49.0906 0x0dbc Scan finished
02:48:49.0906 0x0dbc ============================================================
02:48:49.0906 0x0bac Detected object count: 0
02:48:49.0906 0x0bac Actual detected object count: 0
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
  • 0

#14
Pat_54

Pat_54

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Hi RKinner

I ran the eset online scanner and it took 2 hrs to complete. After completed it said no threats found.
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I'd say your PC was clean. Are you still having problems?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP