Jump to content

Rootkit detected!

city86

By city86
in Resolved Malware Removal Logs

 Share

Recommended Posts

city86

city86

Posted
Posted

Updated Malwarebytes and scanned, no dice. PC got infected maybe a week ago? I can run TDSSKiller and it brings up threats but I don't know what to do with it. Here's the DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86 

Internet Explorer: 8.0.6001.18702

Run by User at 0:49:38 on 2012-09-22

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.237 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\VIAudioi\SBADeck\ADeck.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

svchost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [C-Media Mixer] Mixer.exe /startup

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [AudioDeck] c:\program files\viaudioi\sbadeck\ADeck.exe 1 

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\ipwtbqzf.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-17 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-17 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-17 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-17 44768]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-5 113120]

.

=============== Created Last 30 ================

.

2012-09-22 04:08:43 -------- d-----w- c:\program files\HitmanPro

2012-09-22 04:08:37 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro

2012-09-22 03:58:06 -------- d-----w- c:\program files\ESET

.

==================== Find3M  ====================

.

2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-04 05:08:42 967 ----a-w- c:\windows\ScUnin.pif

2012-08-04 05:08:42 68096 ----a-w- c:\windows\ScUnin.exe

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec

.

============= FINISH:  0:50:16.35 ===============

And the Attach file:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/7/2012 2:52:50 PM

System Uptime: 9/22/2012 12:03:17 AM (0 hours ago)

.

Motherboard:   |  | KM266-8235

Processor: AMD Athlon XP 2600+ | Socket A | 2132/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 62.818 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Multimedia Controller

Device ID: PCI\VEN_123F&DEV_8120&SUBSYS_00011809&REV_B1\3&61AAA01&0&50

Manufacturer: 

Name: Multimedia Controller

PNP Device ID: PCI\VEN_123F&DEV_8120&SUBSYS_00011809&REV_B1\3&61AAA01&0&50

Service: 

.

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: Realtek AC'97 Audio for VIA ® Audio Controller

Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_F6141565&REV_50\3&61AAA01&0&8D

Manufacturer: Realtek

Name: Realtek AC'97 Audio for VIA ® Audio Controller

PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_F6141565&REV_50\3&61AAA01&0&8D

Service: ALCXWDM

.

==== System Restore Points ===================

.

RP1: 9/20/2012 12:08:28 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.4)

avast! Free Antivirus

CCleaner

ESET Online Scanner v3

ESPNMotion

GemMaster Mystic

Google Chrome

HiJackThis

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB981793)

LightScribe  1.4.136.1

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders  (English) 12

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

Nero 7 Essentials

NVIDIA Drivers

Otto

PCI Audio Driver

PowerDVD

Realtek AC'97 Audio

Realtek High Definition Audio Driver

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2699988)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Sonic Encoders

SpywareBlaster 4.6

Starcraft

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Media Player 10 (KB913800)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

VIA Audio Driver Setup Program

VIA Vinyl Audio Codecs Driver Setup Program

WebFldrs XP

Windows Internet Explorer 8

Windows Media Format Runtime

Windows Media Player Firefox Plugin

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908250

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

9/20/2012 12:08:27 AM, error: Service Control Manager [7034]  - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly.  It has done this 1 time(s).

9/19/2012 4:15:35 PM, error: Service Control Manager [7034]  - The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

9/17/2012 3:57:55 PM, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

9/17/2012 3:54:43 PM, error: Service Control Manager [7000]  - The NMIndexingService service failed to start due to the following error:  The system cannot find the file specified.

9/17/2012 3:54:43 PM, error: DCOM [10005]  - DCOM got error "%2" attempting to start the service NMIndexingService with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

9/17/2012 2:20:49 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

.

==== End Of File ===========================

Please help, thank you.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum. Can you post the log from TDSSKiller.

~~~~~~~~~~~~~~~~~~

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites
city86

city86

Posted
  • Author
Posted

Sure, here is the Kaspersky log:

12:12:12.0265 2744 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

12:12:12.0765 2744 ============================================================

12:12:12.0765 2744 Current date / time: 2012/09/22 12:12:12.0765

12:12:12.0765 2744 SystemInfo:

12:12:12.0765 2744

12:12:12.0765 2744 OS Version: 5.1.2600 ServicePack: 3.0

12:12:12.0765 2744 Product type: Workstation

12:12:12.0765 2744 ComputerName: HOME-F4DBC4DB54

12:12:12.0765 2744 UserName: User

12:12:12.0765 2744 Windows directory: C:\WINDOWS

12:12:12.0765 2744 System windows directory: C:\WINDOWS

12:12:12.0765 2744 Processor architecture: Intel x86

12:12:12.0765 2744 Number of processors: 1

12:12:12.0765 2744 Page size: 0x1000

12:12:12.0765 2744 Boot type: Normal boot

12:12:12.0765 2744 ============================================================

12:12:15.0500 2744 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

12:12:15.0656 2744 ============================================================

12:12:15.0656 2744 \Device\Harddisk0\DR0:

12:12:15.0671 2744 MBR partitions:

12:12:15.0671 2744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x951A0C5

12:12:15.0671 2744 ============================================================

12:12:15.0812 2744 C: <-> \Device\Harddisk0\DR0\Partition1

12:12:15.0828 2744 ============================================================

12:12:15.0828 2744 Initialize success

12:12:15.0828 2744 ============================================================

12:12:30.0906 2804 ============================================================

12:12:30.0906 2804 Scan started

12:12:30.0906 2804 Mode: Manual; SigCheck; TDLFS;

12:12:30.0906 2804 ============================================================

12:12:31.0140 2804 ================ Scan system memory ========================

12:12:31.0140 2804 System memory - ok

12:12:31.0171 2804 ================ Scan services =============================

12:12:31.0578 2804 [ B6DE0336F9F4B687B4FF57939F7B657A ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys

12:12:31.0906 2804 Aavmker4 - ok

12:12:31.0921 2804 Abiosdsk - ok

12:12:31.0953 2804 abp480n5 - ok

12:12:32.0109 2804 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:12:38.0109 2804 ACPI - ok

12:12:38.0203 2804 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

12:12:38.0468 2804 ACPIEC - ok

12:12:38.0500 2804 adpu160m - ok

12:12:38.0609 2804 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

12:12:38.0859 2804 aec - ok

12:12:39.0000 2804 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

12:12:39.0093 2804 AFD - ok

12:12:39.0156 2804 Aha154x - ok

12:12:39.0187 2804 aic78u2 - ok

12:12:39.0218 2804 aic78xx - ok

12:12:40.0781 2804 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS

12:12:44.0437 2804 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning

12:12:44.0437 2804 ALCXWDM - detected UnsignedFile.Multi.Generic (1)

12:12:44.0500 2804 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

12:12:44.0750 2804 Alerter - ok

12:12:44.0812 2804 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

12:12:45.0031 2804 ALG - ok

12:12:45.0046 2804 AliIde - ok

12:12:45.0140 2804 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys

12:12:45.0343 2804 AmdK7 - ok

12:12:45.0359 2804 amsint - ok

12:12:45.0484 2804 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

12:12:45.0765 2804 AppMgmt - ok

12:12:45.0859 2804 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

12:12:46.0062 2804 Arp1394 - ok

12:12:46.0093 2804 asc - ok

12:12:46.0125 2804 asc3350p - ok

12:12:46.0156 2804 asc3550 - ok

12:12:46.0343 2804 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

12:12:46.0390 2804 aspnet_state ( UnsignedFile.Multi.Generic ) - warning

12:12:46.0390 2804 aspnet_state - detected UnsignedFile.Multi.Generic (1)

12:12:46.0484 2804 [ 054DF24C92B55427E0757CFFF160E4F2 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys

12:12:46.0515 2804 aswFsBlk - ok

12:12:46.0609 2804 [ EF0E9AD83380724BD6FBBB51D2D0F5B8 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys

12:12:46.0671 2804 aswMon2 - ok

12:12:46.0734 2804 [ 352D5A48EBAB35A7693B048679304831 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys

12:12:46.0765 2804 aswRdr - ok

12:12:46.0953 2804 [ 8D34D2B24297E27D93E847319ABFDEC4 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys

12:12:47.0250 2804 aswSnx - ok

12:12:47.0390 2804 [ 010012597333DA1F46C3243F33F8409E ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys

12:12:47.0546 2804 aswSP - ok

12:12:47.0609 2804 [ F9F84364416658E9786235904D448D37 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys

12:12:47.0640 2804 aswTdi - ok

12:12:47.0687 2804 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:12:47.0890 2804 AsyncMac - ok

12:12:47.0968 2804 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

12:12:48.0218 2804 atapi - ok

12:12:48.0250 2804 Atdisk - ok

12:12:48.0312 2804 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:12:48.0531 2804 Atmarpc - ok

12:12:48.0640 2804 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

12:12:48.0859 2804 AudioSrv - ok

12:12:48.0921 2804 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

12:12:49.0171 2804 audstub - ok

12:12:49.0328 2804 [ 996E6D052438E8D8DFD501F31560B2E0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

12:12:49.0375 2804 avast! Antivirus - ok

12:12:49.0453 2804 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

12:12:49.0734 2804 Beep - ok

12:12:49.0968 2804 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

12:12:50.0468 2804 BITS - ok

12:12:50.0562 2804 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

12:12:50.0640 2804 Browser - ok

12:12:50.0703 2804 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

12:12:50.0984 2804 cbidf2k - ok

12:12:51.0015 2804 cd20xrnt - ok

12:12:51.0109 2804 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

12:12:51.0453 2804 Cdaudio - ok

12:12:51.0531 2804 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

12:12:51.0781 2804 Cdfs - ok

12:12:51.0828 2804 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:12:52.0031 2804 Cdrom - ok

12:12:52.0062 2804 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys

12:12:52.0109 2804 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

12:12:52.0109 2804 cercsr6 - detected UnsignedFile.Multi.Generic (1)

12:12:52.0156 2804 Changer - ok

12:12:52.0250 2804 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

12:12:52.0468 2804 CiSvc - ok

12:12:52.0531 2804 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

12:12:52.0750 2804 ClipSrv - ok

12:12:52.0781 2804 CmdIde - ok

12:12:52.0984 2804 [ 21D32A883613739D206166EC1AE561F1 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys

12:12:53.0406 2804 cmpci - ok

12:12:53.0421 2804 COMSysApp - ok

12:12:53.0484 2804 Cpqarray - ok

12:12:53.0578 2804 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

12:12:53.0812 2804 CryptSvc - ok

12:12:53.0843 2804 dac2w2k - ok

12:12:53.0875 2804 dac960nt - ok

12:12:54.0078 2804 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

12:12:54.0531 2804 DcomLaunch - ok

12:12:54.0640 2804 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

12:12:54.0906 2804 Dhcp - ok

12:12:54.0984 2804 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

12:12:55.0265 2804 Disk - ok

12:12:55.0296 2804 dmadmin - ok

12:12:55.0625 2804 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

12:12:56.0578 2804 dmboot - ok

12:12:56.0671 2804 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

12:12:56.0937 2804 dmio - ok

12:12:56.0984 2804 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

12:12:57.0281 2804 dmload - ok

12:12:57.0343 2804 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

12:12:57.0593 2804 dmserver - ok

12:12:57.0671 2804 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

12:12:57.0906 2804 DMusic - ok

12:12:57.0984 2804 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

12:12:58.0187 2804 Dnscache - ok

12:12:58.0343 2804 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

12:12:58.0640 2804 Dot3svc - ok

12:12:58.0671 2804 dpti2o - ok

12:12:58.0703 2804 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

12:12:58.0937 2804 drmkaud - ok

12:12:59.0046 2804 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

12:12:59.0312 2804 EapHost - ok

12:12:59.0562 2804 [ 8301243BDE5B6CD316D79C0191D50D9A ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe

12:12:59.0718 2804 ehRecvr - ok

12:12:59.0828 2804 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe

12:12:59.0906 2804 ehSched - ok

12:12:59.0953 2804 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

12:13:00.0156 2804 ERSvc - ok

12:13:00.0250 2804 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

12:13:00.0375 2804 Eventlog - ok

12:13:00.0546 2804 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

12:13:00.0718 2804 EventSystem - ok

12:13:00.0828 2804 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

12:13:01.0093 2804 Fastfat - ok

12:13:01.0187 2804 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

12:13:01.0359 2804 FastUserSwitchingCompatibility - ok

12:13:01.0453 2804 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

12:13:01.0687 2804 Fdc - ok

12:13:01.0718 2804 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys

12:13:02.0015 2804 FETNDIS - ok

12:13:02.0046 2804 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

12:13:02.0265 2804 Fips - ok

12:13:02.0296 2804 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

12:13:02.0515 2804 Flpydisk - ok

12:13:02.0625 2804 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

12:13:02.0921 2804 FltMgr - ok

12:13:02.0937 2804 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:13:03.0218 2804 Fs_Rec - ok

12:13:03.0328 2804 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:13:03.0671 2804 Ftdisk - ok

12:13:03.0734 2804 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys

12:13:03.0906 2804 gameenum - ok

12:13:03.0968 2804 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:13:04.0593 2804 Gpc - ok

12:13:04.0703 2804 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

12:13:04.0906 2804 helpsvc - ok

12:13:04.0937 2804 HidServ - ok

12:13:04.0968 2804 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:13:05.0187 2804 HidUsb - ok

12:13:05.0312 2804 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

12:13:05.0578 2804 hkmsvc - ok

12:13:05.0593 2804 hpn - ok

12:13:05.0765 2804 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

12:13:05.0937 2804 HTTP - ok

12:13:06.0015 2804 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

12:13:06.0218 2804 HTTPFilter - ok

12:13:06.0234 2804 i2omgmt - ok

12:13:06.0265 2804 i2omp - ok

12:13:06.0359 2804 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:13:06.0578 2804 i8042prt - ok

12:13:06.0671 2804 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

12:13:06.0875 2804 Imapi - ok

12:13:06.0984 2804 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

12:13:07.0265 2804 ImapiService - ok

12:13:07.0312 2804 ini910u - ok

12:13:07.0359 2804 IntelIde - ok

12:13:07.0453 2804 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

12:13:07.0703 2804 Ip6Fw - ok

12:13:07.0750 2804 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:13:08.0062 2804 IpFilterDriver - ok

12:13:08.0109 2804 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:13:08.0296 2804 IpInIp - ok

12:13:08.0390 2804 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:13:08.0640 2804 IpNat - ok

12:13:08.0734 2804 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:13:08.0968 2804 IPSec - ok

12:13:09.0000 2804 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

12:13:09.0203 2804 IRENUM - ok

12:13:09.0265 2804 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:13:09.0500 2804 isapnp - ok

12:13:09.0578 2804 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:13:09.0750 2804 Kbdclass - ok

12:13:09.0890 2804 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

12:13:10.0125 2804 kmixer - ok

12:13:10.0218 2804 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

12:13:10.0359 2804 KSecDD - ok

12:13:10.0453 2804 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

12:13:10.0562 2804 lanmanserver - ok

12:13:10.0671 2804 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

12:13:10.0765 2804 lanmanworkstation - ok

12:13:10.0812 2804 lbrtfdc - ok

12:13:10.0953 2804 [ 559C9B7800FAC92FC515CD0003D7C631 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

12:13:11.0000 2804 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

12:13:11.0000 2804 LightScribeService - detected UnsignedFile.Multi.Generic (1)

12:13:11.0062 2804 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

12:13:11.0250 2804 LmHosts - ok

12:13:11.0406 2804 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe

12:13:11.0500 2804 McrdSvc - ok

12:13:11.0562 2804 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

12:13:11.0796 2804 Messenger - ok

12:13:11.0875 2804 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll

12:13:11.0937 2804 MHN ( UnsignedFile.Multi.Generic ) - warning

12:13:11.0937 2804 MHN - detected UnsignedFile.Multi.Generic (1)

12:13:11.0984 2804 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys

12:13:12.0015 2804 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

12:13:12.0015 2804 MHNDRV - detected UnsignedFile.Multi.Generic (1)

12:13:12.0187 2804 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

12:13:12.0218 2804 Microsoft Office Groove Audit Service - ok

12:13:12.0281 2804 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

12:13:12.0578 2804 mnmdd - ok

12:13:12.0656 2804 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

12:13:12.0859 2804 mnmsrvc - ok

12:13:12.0953 2804 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

12:13:13.0171 2804 Modem - ok

12:13:13.0218 2804 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:13:13.0484 2804 Mouclass - ok

12:13:13.0515 2804 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:13:13.0796 2804 mouhid - ok

12:13:13.0859 2804 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

12:13:14.0062 2804 MountMgr - ok

12:13:14.0171 2804 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

12:13:14.0250 2804 MozillaMaintenance - ok

12:13:14.0281 2804 mraid35x - ok

12:13:14.0406 2804 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:13:14.0671 2804 MRxDAV - ok

12:13:14.0890 2804 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:13:15.0250 2804 MRxSmb - ok

12:13:15.0328 2804 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

12:13:15.0531 2804 MSDTC - ok

12:13:15.0578 2804 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

12:13:15.0796 2804 Msfs - ok

12:13:15.0812 2804 MSIServer - ok

12:13:15.0859 2804 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:13:16.0046 2804 MSKSSRV - ok

12:13:16.0093 2804 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:13:16.0375 2804 MSPCLOCK - ok

12:13:16.0406 2804 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

12:13:16.0593 2804 MSPQM - ok

12:13:16.0671 2804 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:13:16.0843 2804 mssmbios - ok

12:13:16.0906 2804 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys

12:13:17.0218 2804 ms_mpu401 - ok

12:13:17.0312 2804 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

12:13:17.0453 2804 Mup - ok

12:13:17.0656 2804 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

12:13:17.0953 2804 napagent - ok

12:13:18.0093 2804 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

12:13:18.0406 2804 NDIS - ok

12:13:18.0468 2804 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:13:18.0531 2804 NdisTapi - ok

12:13:18.0593 2804 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:13:18.0828 2804 Ndisuio - ok

12:13:18.0875 2804 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:13:19.0125 2804 NdisWan - ok

12:13:19.0203 2804 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

12:13:19.0343 2804 NDProxy - ok

12:13:19.0421 2804 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

12:13:19.0656 2804 NetBIOS - ok

12:13:19.0734 2804 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

12:13:19.0984 2804 NetBT - ok

12:13:20.0078 2804 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

12:13:20.0328 2804 NetDDE - ok

12:13:20.0390 2804 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

12:13:20.0578 2804 NetDDEdsdm - ok

12:13:20.0640 2804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

12:13:20.0828 2804 Netlogon - ok

12:13:20.0953 2804 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

12:13:21.0234 2804 Netman - ok

12:13:21.0281 2804 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

12:13:21.0500 2804 NIC1394 - ok

12:13:21.0625 2804 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

12:13:21.0781 2804 Nla - ok

12:13:21.0875 2804 NMIndexingService - ok

12:13:21.0968 2804 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

12:13:22.0171 2804 Npfs - ok

12:13:22.0453 2804 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

12:13:22.0937 2804 Ntfs - ok

12:13:23.0015 2804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

12:13:23.0203 2804 NtLmSsp - ok

12:13:23.0437 2804 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

12:13:23.0890 2804 NtmsSvc - ok

12:13:23.0953 2804 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

12:13:24.0765 2804 Null - ok

12:13:25.0546 2804 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

12:13:26.0875 2804 nv - ok

12:13:26.0937 2804 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:13:27.0281 2804 NwlnkFlt - ok

12:13:27.0343 2804 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:13:27.0671 2804 NwlnkFwd - ok

12:13:27.0968 2804 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:13:28.0250 2804 odserv - ok

12:13:28.0312 2804 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

12:13:28.0578 2804 ohci1394 - ok

12:13:28.0671 2804 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:13:28.0781 2804 ose - ok

12:13:28.0890 2804 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

12:13:29.0109 2804 Parport - ok

12:13:29.0140 2804 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

12:13:29.0359 2804 PartMgr - ok

12:13:29.0421 2804 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

12:13:29.0734 2804 ParVdm - ok

12:13:29.0781 2804 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

12:13:30.0000 2804 PCI - ok

12:13:30.0031 2804 PCIDump - ok

12:13:30.0078 2804 PCIIde - ok

12:13:30.0187 2804 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

12:13:30.0468 2804 Pcmcia - ok

12:13:30.0500 2804 PDCOMP - ok

12:13:30.0531 2804 PDFRAME - ok

12:13:30.0562 2804 PDRELI - ok

12:13:30.0609 2804 PDRFRAME - ok

12:13:30.0640 2804 perc2 - ok

12:13:30.0671 2804 perc2hib - ok

12:13:30.0812 2804 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

12:13:30.0890 2804 PlugPlay - ok

12:13:30.0937 2804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

12:13:31.0093 2804 PolicyAgent - ok

12:13:31.0156 2804 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:13:31.0375 2804 PptpMiniport - ok

12:13:31.0406 2804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

12:13:31.0593 2804 ProtectedStorage - ok

12:13:31.0625 2804 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

12:13:31.0875 2804 PSched - ok

12:13:31.0921 2804 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:13:32.0203 2804 Ptilink - ok

12:13:32.0265 2804 [ 617ACCADA2E0A0F43EC6030BBAC49513 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

12:13:32.0328 2804 PxHelp20 - ok

12:13:32.0359 2804 ql1080 - ok

12:13:32.0390 2804 Ql10wnt - ok

12:13:32.0421 2804 ql12160 - ok

12:13:32.0453 2804 ql1240 - ok

12:13:32.0484 2804 ql1280 - ok

12:13:32.0531 2804 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:13:32.0812 2804 RasAcd - ok

12:13:32.0921 2804 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

12:13:33.0156 2804 RasAuto - ok

12:13:33.0218 2804 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:13:33.0437 2804 Rasl2tp - ok

12:13:33.0578 2804 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

12:13:33.0812 2804 RasMan - ok

12:13:33.0875 2804 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:13:34.0078 2804 RasPppoe - ok

12:13:34.0125 2804 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

12:13:34.0437 2804 Raspti - ok

12:13:34.0562 2804 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:13:34.0812 2804 Rdbss - ok

12:13:34.0843 2804 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:13:35.0140 2804 RDPCDD - ok

12:13:35.0234 2804 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:13:35.0546 2804 rdpdr - ok

12:13:35.0671 2804 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

12:13:35.0796 2804 RDPWD - ok

12:13:35.0921 2804 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

12:13:36.0406 2804 RDSessMgr - ok

12:13:36.0500 2804 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

12:13:36.0703 2804 redbook - ok

12:13:36.0781 2804 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

12:13:37.0046 2804 RemoteAccess - ok

12:13:37.0125 2804 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

12:13:37.0343 2804 RemoteRegistry - ok

12:13:37.0406 2804 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

12:13:37.0625 2804 RpcLocator - ok

12:13:37.0812 2804 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

12:13:38.0000 2804 RpcSs - ok

12:13:38.0078 2804 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

12:13:38.0453 2804 RSVP - ok

12:13:38.0500 2804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

12:13:38.0687 2804 SamSs - ok

12:13:38.0781 2804 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

12:13:39.0015 2804 SCardSvr - ok

12:13:39.0156 2804 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

12:13:39.0468 2804 Schedule - ok

12:13:39.0562 2804 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:13:39.0781 2804 Secdrv - ok

12:13:39.0843 2804 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

12:13:40.0093 2804 seclogon - ok

12:13:40.0156 2804 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

12:13:40.0359 2804 SENS - ok

12:13:40.0421 2804 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

12:13:40.0625 2804 serenum - ok

12:13:40.0656 2804 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

12:13:40.0890 2804 Serial - ok

12:13:40.0937 2804 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

12:13:41.0109 2804 Sfloppy - ok

12:13:41.0312 2804 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

12:13:41.0703 2804 SharedAccess - ok

12:13:41.0812 2804 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

12:13:41.0890 2804 ShellHWDetection - ok

12:13:41.0906 2804 Simbad - ok

12:13:41.0937 2804 Sparrow - ok

12:13:42.0000 2804 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

12:13:42.0187 2804 splitter - ok

12:13:42.0281 2804 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

12:13:42.0390 2804 Spooler - ok

12:13:42.0437 2804 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

12:13:42.0656 2804 sr - ok

12:13:42.0781 2804 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

12:13:43.0218 2804 srservice - ok

12:13:43.0421 2804 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

12:13:43.0734 2804 Srv - ok

12:13:43.0812 2804 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

12:13:44.0171 2804 SSDPSRV - ok

12:13:44.0343 2804 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

12:13:44.0750 2804 stisvc - ok

12:13:44.0828 2804 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

12:13:45.0500 2804 swenum - ok

12:13:45.0562 2804 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

12:13:45.0765 2804 swmidi - ok

12:13:45.0781 2804 SwPrv - ok

12:13:45.0828 2804 symc810 - ok

12:13:45.0859 2804 symc8xx - ok

12:13:45.0890 2804 sym_hi - ok

12:13:45.0921 2804 sym_u3 - ok

12:13:45.0984 2804 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

12:13:46.0312 2804 sysaudio - ok

12:13:46.0390 2804 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

12:13:46.0609 2804 SysmonLog - ok

12:13:46.0765 2804 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

12:13:47.0062 2804 TapiSrv - ok

12:13:47.0250 2804 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:13:47.0562 2804 Tcpip - ok

12:13:47.0625 2804 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

12:13:47.0843 2804 TDPIPE - ok

12:13:47.0875 2804 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

12:13:48.0078 2804 TDTCP - ok

12:13:48.0156 2804 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

12:13:48.0343 2804 TermDD - ok

12:13:48.0531 2804 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

12:13:48.0890 2804 TermService - ok

12:13:48.0984 2804 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

12:13:49.0000 2804 Themes - ok

12:13:49.0078 2804 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

12:13:49.0281 2804 TlntSvr - ok

12:13:49.0296 2804 TosIde - ok

12:13:49.0406 2804 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

12:13:49.0625 2804 TrkWks - ok

12:13:49.0703 2804 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

12:13:49.0937 2804 Udfs - ok

12:13:49.0968 2804 ultra - ok

12:13:50.0046 2804 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe

12:13:50.0140 2804 UMWdf - ok

12:13:50.0359 2804 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

12:13:50.0796 2804 Update - ok

12:13:50.0921 2804 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

12:13:51.0234 2804 upnphost - ok

12:13:51.0281 2804 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

12:13:51.0484 2804 UPS - ok

12:13:51.0578 2804 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:13:51.0765 2804 usbccgp - ok

12:13:51.0859 2804 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:13:52.0062 2804 usbehci - ok

12:13:52.0156 2804 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:13:52.0375 2804 usbhub - ok

12:13:52.0453 2804 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:13:52.0625 2804 usbprint - ok

12:13:52.0671 2804 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:13:52.0906 2804 usbstor - ok

12:13:52.0953 2804 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:13:53.0140 2804 usbuhci - ok

12:13:53.0265 2804 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

12:13:53.0437 2804 VgaSave - ok

12:13:53.0484 2804 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys

12:13:53.0687 2804 viaagp - ok

12:13:53.0734 2804 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

12:13:53.0921 2804 ViaIde - ok

12:13:53.0968 2804 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

12:13:54.0171 2804 VolSnap - ok

12:13:54.0359 2804 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

12:13:54.0656 2804 VSS - ok

12:13:54.0781 2804 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

12:13:55.0093 2804 W32Time - ok

12:13:55.0156 2804 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:13:55.0343 2804 Wanarp - ok

12:13:55.0359 2804 WDICA - ok

12:13:55.0437 2804 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

12:13:55.0656 2804 wdmaud - ok

12:13:55.0765 2804 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

12:13:56.0000 2804 WebClient - ok

12:13:56.0187 2804 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

12:13:56.0656 2804 winmgmt - ok

12:13:56.0781 2804 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

12:13:56.0875 2804 WmdmPmSN - ok

12:13:57.0156 2804 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

12:13:57.0640 2804 Wmi - ok

12:13:57.0781 2804 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

12:13:58.0031 2804 WmiApSrv - ok

12:13:58.0125 2804 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

12:13:58.0375 2804 wscsvc - ok

12:13:58.0437 2804 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

12:13:58.0718 2804 wuauserv - ok

12:13:58.0984 2804 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

12:13:59.0484 2804 WZCSVC - ok

12:13:59.0593 2804 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

12:13:59.0843 2804 xmlprov - ok

12:13:59.0875 2804 ================ Scan global ===============================

12:13:59.0984 2804 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

12:14:00.0140 2804 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

12:14:00.0406 2804 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

12:14:00.0484 2804 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

12:14:00.0484 2804 [Global] - ok

12:14:00.0500 2804 ================ Scan MBR ==================================

12:14:00.0546 2804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

12:14:01.0000 2804 \Device\Harddisk0\DR0 - ok

12:14:01.0015 2804 ================ Scan VBR ==================================

12:14:01.0031 2804 [ A83E6D171C56C5965809AE3EFFA6FC1E ] \Device\Harddisk0\DR0\Partition1

12:14:01.0031 2804 \Device\Harddisk0\DR0\Partition1 - ok

12:14:01.0031 2804 ============================================================

12:14:01.0031 2804 Scan finished

12:14:01.0031 2804 ============================================================

12:14:01.0187 1300 Detected object count: 6

12:14:01.0187 1300 Actual detected object count: 6

12:14:13.0203 1300 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user

12:14:13.0203 1300 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:14:13.0203 1300 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user

12:14:13.0203 1300 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:14:13.0203 1300 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

12:14:13.0203 1300 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:14:13.0203 1300 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

12:14:13.0203 1300 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:14:13.0218 1300 MHN ( UnsignedFile.Multi.Generic ) - skipped by user

12:14:13.0218 1300 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:14:13.0218 1300 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

12:14:13.0218 1300 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

And the RogueKiller log:

RogueKiller V8.0.4 [09/19/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : User [Admin rights]

Mode : Scan -- Date : 09/22/2012 12:29:00

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP0802N +++++

--- User ---

[MBR] 63f0d0708370b2ad18e6d219d22b798b

[bSP] 0d1f8844aba514c471a13a0f52c1f291 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76340 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Thanks again.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Why do you say you have a rootkit?

The log from TDSSKiller is clean.

Please do this............

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

MrC

Link to post
Share on other sites
city86

city86

Posted
  • Author
Posted

My Avast Antivirus installion came up with it back on Monday, then my computer restarted and did a scan before booting into Windows. It may have gotten rid of it, but my comuter has gotten slower this past week and any Flash in Chrome causes my PC to freeze (YouTube, Google Maps). Here's the log you asked for:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-22 13:57:16

-----------------------------

13:57:16.250 OS Version: Windows 5.1.2600 Service Pack 3

13:57:16.250 Number of processors: 1 586 0x801

13:57:16.250 ComputerName: HOME-F4DBC4DB54 UserName: User

13:57:19.500 Initialize success

13:57:26.968 AVAST engine defs: 12092200

13:57:40.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

13:57:40.500 Disk 0 Vendor: SAMSUNG_SP0802N TK100-30 Size: 76351MB BusType: 3

13:57:40.546 Disk 0 MBR read successfully

13:57:40.546 Disk 0 MBR scan

13:57:40.890 Disk 0 Windows XP default MBR code

13:57:40.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76340 MB offset 63

13:57:40.921 Disk 0 scanning sectors +156344580

13:57:41.062 Disk 0 scanning C:\WINDOWS\system32\drivers

13:58:15.671 Service scanning

13:59:05.437 Modules scanning

13:59:32.640 Disk 0 trace - called modules:

13:59:32.656 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys

13:59:32.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f92ab8]

13:59:33.156 3 CLASSPNP.SYS[f87d6fd7] -> nt!IofCallDriver -> \Device\0000005a[0x82f492a0]

13:59:33.156 5 ACPI.sys[f872d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f96940]

13:59:34.437 AVAST engine scan C:\WINDOWS

13:59:47.546 AVAST engine scan C:\WINDOWS\system32

14:05:43.343 AVAST engine scan C:\WINDOWS\system32\drivers

14:06:12.875 AVAST engine scan C:\Documents and Settings\User

14:10:35.078 AVAST engine scan C:\Documents and Settings\All Users

14:10:54.875 Scan finished successfully

14:11:24.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\My Documents\MBR.dat"

14:11:24.578 The log file has been saved successfully to "C:\Documents and Settings\User\My Documents\aswMBR.txt"

Once again, thank you for your patience.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Use your installed CCleaner to clear out temp files.

~~~~~~~~~~~~~~~~~~~~

Then run TDSSKiller like this:

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Logs are clean.

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.