WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Registry repair/still having issues [Solved]

Started by btbenoit , Jan 27 2014 09:24 AM

This topic is locked

132 replies to this topic

#16 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 31 January 2014 - 12:01 AM

Well... to be perfectly honest... I'm not sure what is going on with your system. Some scans indicate a rootkit... that doesn't seem to be there. Then scan show signs of other infections... that turn out to be "oddly" named files that appear to be legitimate. All I know to do is chip away and keep digging.

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
```
AtJob::
File::



Folder::
c:\Program Files\BitTorrent
```
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Advertisements

Register to Remove

#17 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 31 January 2014 - 06:34 AM

ComboFix 14-01-29.01 - Beaub 01/31/2014 6:22.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1331 [GMT -6:00]

Running from: c:\documents and settings\Beaub\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Beaub\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\program files\BitTorrent

c:\program files\BitTorrent\BitTorrent.exe

((((((((((((((((((((((((( Files Created from 2013-12-28 to 2014-01-31 )))))))))))))))))))))))))))))))

2014-01-31 12:12 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A520A8DA-FC22-46BE-AAC5-D9C2F1E234D9}\mpengine.dll

2014-01-31 03:29 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-01-26 14:49 . 2014-01-26 14:50 -------- d-----w- c:\windows\LastGood

2014-01-26 03:35 . 2014-01-26 03:35 -------- d-----w- c:\program files\CCleaner

2014-01-17 03:23 . 2014-01-17 03:24 -------- d-----w- c:\windows\system32\NtmsData

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-01-24 21:27 . 2013-12-02 23:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-24 21:27 . 2011-06-10 18:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-19 07:32 . 2009-12-30 23:44 231584 ------w- c:\windows\system32\MpSigStub.exe

2013-12-19 01:56 . 2013-12-19 01:56 4558848 ----a-w- c:\windows\system32\GPhotos.scr

2013-12-11 09:01 . 2013-12-11 09:01 9272200 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-12-02 19:25 . 2013-11-30 13:49 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-11-27 20:21 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2013-11-19 03:57 . 2013-11-30 01:33 101664 ----a-w- c:\windows\system32\BootDefrag.exe

2013-11-18 01:18 . 2013-11-30 01:33 13504 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys

2013-11-13 02:59 . 2004-08-04 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll

2013-11-12 20:33 . 2013-06-06 12:32 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-11-07 05:38 . 2004-08-04 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-11-06 01:03 . 2009-12-30 19:15 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-11-04 12:42 . 2013-11-04 12:42 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]

"FPPhotoMiddleWare"="c:\program files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe" [2010-07-30 62864]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-04-14 295512]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2012-8-3 494920]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk * \0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [11/29/2013 7:33 PM 13504]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/30/2009 9:22 AM 664064]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [6/6/2013 6:32 AM 37664]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 3:23 PM 35088]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [3/6/2013 1:21 AM 39056]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [11/4/2013 6:42 AM 660184]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2013 3:57 PM 93072]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 2:31 PM 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]

R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [12/16/2013 7:34 PM 247968]

S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [12/16/2013 7:34 PM 193696]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/29/2010 7:54 PM 16512]

S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [8/20/2013 4:55 PM 30464]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [11/4/2013 6:42 AM 16024]

S3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys --> c:\windows\system32\DRIVERS\revoflt.sys [?]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [11/4/2013 6:42 AM 1228504]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/9/2010 10:27 AM 11520]

S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [5/14/2009 11:21 AM 98304]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 08566285

*NewlyCreated* - ASWMBR

*NewlyCreated* - MPFILTER

*NewlyCreated* - PXTDQPOB

*Deregistered* - 08566285

*Deregistered* - aswMBR

*Deregistered* - pxtdqpob

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2014-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 21:27]

2014-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]

2014-01-30 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]

2014-01-31 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]

2014-01-30 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]

2014-01-30 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]

2014-01-26 c:\windows\Tasks\GlaryInitialize 4.job

- c:\program files\Glary Utilities 4\Initialize.exe [2013-11-19 03:53]

2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]

2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]

2014-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004Core.job

- c:\documents and settings\Beaub\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 06:08]

2014-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004UA.job

- c:\documents and settings\Beaub\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 06:08]

2014-01-31 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 21:01]

2014-01-26 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]

2014-01-26 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]

2014-01-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]

2014-01-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]

------- Supplementary Scan -------

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z005&form=ZGAPHP

FF - prefs.js: browser.search.selectedEngine - Google

FF - ExtSQL: !HIDDEN! 2010-01-10 14:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

- - - - ORPHANS REMOVED - - - -

AddRemove-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe

AddRemove-Military AI Works - RAF Lakenheath 48th FW - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-01-31 06:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

Completion time: 2014-01-31 06:33:40

ComboFix-quarantined-files.txt 2014-01-31 12:33

ComboFix2.txt 2014-01-31 04:08

Pre-Run: 31,374,712,832 bytes free

Post-Run: 31,360,221,184 bytes free

- - End Of File - - 3FBDD37B0B57263E6330E759CAAD289F

8F558EB6672622401DA993E1E865C861

#18 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 31 January 2014 - 09:28 AM

This tool is technically still in Beta... but it has been being used for a long time now (like maybe two years) and seems to be quite stabel.

Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.
Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
Scan your system for malware
If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#19 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 31 January 2014 - 04:57 PM

It detected 14 malware items. Do I need to press the clean button???

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_21

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED

CPU speed: 2.004000 GHz

Memory total: 2011611136, free: 1171161088

Downloaded database version: v2014.01.31.09

Downloaded database version: v2013.12.18.01

=======================================

Initializing...

------------ Kernel report ------------

01/31/2014 13:07:02

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

sptd.sys

\WINDOWS\System32\Drivers\SPTD4733.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

atapi.sys

nvata.sys

cercsr6.sys

\WINDOWS\System32\Drivers\SCSIPORT.SYS

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

DRVMCDB.SYS

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

Mup.sys

BootDefragDriver.sys

\SystemRoot\system32\DRIVERS\AmdK8.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\System32\Drivers\DLACDBHM.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\bcm4sbxp.sys

\SystemRoot\system32\DRIVERS\HSFHWBS2.sys

\SystemRoot\system32\DRIVERS\HSF_DP.sys

\SystemRoot\system32\DRIVERS\HSF_CNXT.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\drivers\sthda.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\DLARTL_M.SYS

\??\C:\WINDOWS\system32\drivers\avgtpx86.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\System32\Drivers\StarOpen.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\HPZius12.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\HPZid412.sys

\SystemRoot\system32\DRIVERS\HPZipr12.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_nvata.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\System32\Drivers\DRVNDDM.SYS

\SystemRoot\System32\DLA\DLADResM.SYS

\SystemRoot\System32\DLA\DLAIFS_M.SYS

\SystemRoot\System32\DLA\DLAOPIOM.SYS

\SystemRoot\System32\DLA\DLAPoolM.SYS

\SystemRoot\System32\DLA\DLABMFSM.SYS

\SystemRoot\System32\DLA\DLABOIOM.SYS

\SystemRoot\System32\DLA\DLAUDFAM.SYS

\SystemRoot\System32\DLA\DLAUDF_M.SYS

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\System32\Drivers\HTTP.sys

\??\C:\DOCUME~1\Beaub\LOCALS~1\Temp\aswMBR.sys

\SystemRoot\system32\drivers\36620771.sys

\??\C:\DOCUME~1\Beaub\LOCALS~1\Temp\pxtdqpob.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

\??\C:\DOCUME~1\Beaub\LOCALS~1\Temp\catchme.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

IRP handler 0 of \Driver\Disk points to an unknown module

Unhooking enabled.

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR6

Upper Device Object: 0xffffffff8a118030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000078\

Lower Device Object: 0xffffffff8a004030

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff8a445ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000068\

Lower Device Object: 0xffffffff8a472030

Lower Device Driver Name: \Driver\nvata\

Driver name found: nvata

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a3d4628

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000064\

Lower Device Object: 0xffffffff8a3de030

Lower Device Driver Name: \Driver\nvata\

Driver name found: nvata

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a3d4628, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a3d4368, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a3d4628, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a497f18, DeviceName: \Device\00000066\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a3de030, DeviceName: \Device\00000064\, DriverName: \Driver\nvata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xffffffffe3f630e8, 0xffffffff8a3d4628, 0xffffffff86585ab8

Lower DeviceData: 0xffffffffe1b6e9b0, 0xffffffff8a3de030, 0xffffffff8819d728

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E0000000

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 81920 Numsec = 20971520

Partition 2 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 21053440 Numsec = 467224576

Partition is not bootable

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250000000000 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffffff8a445ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a496b90, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a445ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a3b1f18, DeviceName: \Device\00000069\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a472030, DeviceName: \Device\00000068\, DriverName: \Driver\nvata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0xffffffffe3bf79c0, 0xffffffff8a445ab8, 0xffffffff85f60758

Lower DeviceData: 0xffffffffe2160258, 0xffffffff8a472030, 0xffffffff882ebde8

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: EDF01A2A

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 3907026081

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff8a118030, DeviceName: \Device\Harddisk2\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89d95020, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a118030, DeviceName: \Device\Harddisk2\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a004030, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\

------------ End ----------

Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\❤≸⋙ --> [Trojan.0Access]

Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]

Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]

Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{07a07410-d3fa-1d04-d2d7-5711f807753f} --> [Trojan.0Access]

Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f} --> [Trojan.0Access]

Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\ --> [Trojan.0Access]

Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\ \ --> [Trojan.0Access]

Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\ \ \‮ﯹ๛ --> [Trojan.0Access]

Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\ \ \‮ﯹ๛\{07a07410-d3fa-1d04-d2d7-5711f807753f} --> [Trojan.0Access]

Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\ \ \‮ﯹ๛\{07a07410-d3fa-1d04-d2d7-5711f807753f}\l --> [Trojan.0Access]

Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\ \ \‮ﯹ๛\{07a07410-d3fa-1d04-d2d7-5711f807753f}\u --> [Trojan.0Access]

Infected: C:\Program Files\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f} --> [Trojan.0Access]

Scan finished

#20 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 31 January 2014 - 07:04 PM

Yes... clean them. ZeroAccess is a nasty one.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#21 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 31 January 2014 - 07:23 PM

Ok cleanup and PC rebooted.

#22 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 31 January 2014 - 07:29 PM

Now please run me a new set of DDS logs.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#23 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 31 January 2014 - 07:40 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_2012-11-20.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume3

Install Date: 12/30/2009 8:29:26 AM

System Uptime: 1/31/2014 7:18:33 PM (0 hours ago)

Motherboard: Dell Inc | | 0UW457

Processor: AMD Athlon™ 64 Processor 3200+ | Socket M2 | 2004/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 29.227 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 6.007 GiB free.

E: is CDROM (CDFS)

G: is FIXED (NTFS) - 1863 GiB total, 1669.266 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP2996: 12/21/2013 4:00:18 AM - Software Distribution Service 3.0

RP2997: 12/22/2013 4:00:19 AM - Software Distribution Service 3.0

RP2998: 12/22/2013 4:16:17 AM - Software Distribution Service 3.0

RP2999: 12/22/2013 10:42:28 PM - Software Distribution Service 3.0

RP3000: 12/23/2013 4:00:19 AM - Software Distribution Service 3.0

RP3001: 12/24/2013 4:00:22 AM - Software Distribution Service 3.0

RP3002: 12/24/2013 4:17:39 AM - Software Distribution Service 3.0

RP3003: 12/25/2013 4:00:22 AM - Software Distribution Service 3.0

RP3004: 12/25/2013 6:04:15 AM - Software Distribution Service 3.0

RP3005: 12/26/2013 4:00:27 AM - Software Distribution Service 3.0

RP3006: 12/27/2013 4:00:23 AM - Software Distribution Service 3.0

RP3007: 12/27/2013 4:17:47 AM - Software Distribution Service 3.0

RP3008: 12/28/2013 4:00:24 AM - Software Distribution Service 3.0

RP3009: 12/29/2013 4:00:22 AM - Software Distribution Service 3.0

RP3010: 12/29/2013 4:18:54 AM - Software Distribution Service 3.0

RP3011: 12/29/2013 11:30:04 PM - Software Distribution Service 3.0

RP3012: 12/30/2013 4:00:21 AM - Software Distribution Service 3.0

RP3013: 12/31/2013 4:08:10 AM - Software Distribution Service 3.0

RP3014: 12/31/2013 10:33:08 AM - Software Distribution Service 3.0

RP3015: 1/1/2014 4:00:19 AM - Software Distribution Service 3.0

RP3016: 1/2/2014 4:00:21 AM - Software Distribution Service 3.0

RP3017: 1/2/2014 4:17:24 AM - Software Distribution Service 3.0

RP3018: 1/3/2014 4:00:24 AM - Software Distribution Service 3.0

RP3019: 1/4/2014 4:00:21 AM - Software Distribution Service 3.0

RP3020: 1/4/2014 4:16:47 AM - Software Distribution Service 3.0

RP3021: 1/5/2014 4:00:19 AM - Software Distribution Service 3.0

RP3022: 1/5/2014 10:47:58 AM - Software Distribution Service 3.0

RP3023: 1/6/2014 3:15:54 AM - Software Distribution Service 3.0

RP3024: 1/6/2014 4:13:43 AM - Software Distribution Service 3.0

RP3025: 1/7/2014 4:07:09 AM - Software Distribution Service 3.0

RP3026: 1/8/2014 4:06:49 AM - Software Distribution Service 3.0

RP3027: 1/8/2014 6:56:36 PM - Software Distribution Service 3.0

RP3028: 1/9/2014 4:07:10 AM - Software Distribution Service 3.0

RP3029: 1/10/2014 4:07:47 AM - Software Distribution Service 3.0

RP3030: 1/10/2014 1:23:43 PM - Software Distribution Service 3.0

RP3031: 1/11/2014 4:02:37 AM - Software Distribution Service 3.0

RP3032: 1/11/2014 6:37:20 PM - Software Distribution Service 3.0

RP3033: 1/12/2014 9:28:08 AM - Software Distribution Service 3.0

RP3034: 1/12/2014 5:05:21 PM - System Checkpoint

RP3035: 1/12/2014 11:04:42 PM - Software Distribution Service 3.0

RP3036: 1/13/2014 4:00:18 AM - Software Distribution Service 3.0

RP3037: 1/14/2014 4:00:19 AM - Software Distribution Service 3.0

RP3038: 1/14/2014 4:16:36 AM - Software Distribution Service 3.0

RP3039: 1/15/2014 4:00:30 AM - Software Distribution Service 3.0

RP3040: 1/16/2014 4:06:27 AM - Software Distribution Service 3.0

RP3041: 1/16/2014 9:20:10 PM - Software Distribution Service 3.0

RP3042: 1/17/2014 4:00:19 AM - Software Distribution Service 3.0

RP3043: 1/18/2014 4:00:20 AM - Software Distribution Service 3.0

RP3044: 1/18/2014 4:17:55 AM - Software Distribution Service 3.0

RP3045: 1/19/2014 4:00:24 AM - Software Distribution Service 3.0

RP3046: 1/19/2014 10:57:18 PM - Software Distribution Service 3.0

RP3047: 1/20/2014 4:00:19 AM - Software Distribution Service 3.0

RP3048: 1/21/2014 4:00:18 AM - Software Distribution Service 3.0

RP3049: 1/21/2014 4:16:10 AM - Software Distribution Service 3.0

RP3050: 1/22/2014 4:00:18 AM - Software Distribution Service 3.0

RP3051: 1/23/2014 4:00:20 AM - Software Distribution Service 3.0

RP3052: 1/23/2014 4:17:06 AM - Software Distribution Service 3.0

RP3053: 1/24/2014 4:06:45 AM - Software Distribution Service 3.0

RP3054: 1/24/2014 7:24:26 AM - Software Distribution Service 3.0

RP3055: 1/25/2014 4:06:23 AM - Software Distribution Service 3.0

RP3056: 1/25/2014 7:33:15 AM - Software Distribution Service 3.0

RP3057: 1/26/2014 8:45:07 AM - Software Distribution Service 3.0

RP3058: 1/26/2014 9:04:18 AM - Software Distribution Service 3.0

RP3059: 1/26/2014 11:23:41 PM - Software Distribution Service 3.0

RP3060: 1/27/2014 4:00:18 AM - Software Distribution Service 3.0

RP3061: 1/28/2014 4:00:19 AM - Software Distribution Service 3.0

RP3062: 1/28/2014 4:16:35 AM - Software Distribution Service 3.0

RP3063: 1/29/2014 4:00:22 AM - Software Distribution Service 3.0

RP3064: 1/30/2014 4:00:19 AM - Software Distribution Service 3.0

RP3065: 1/30/2014 4:17:12 AM - Software Distribution Service 3.0

RP3066: 1/31/2014 7:22:21 AM - System Checkpoint

RP3067: 1/31/2014 7:16:56 PM - Malwarebytes Anti-Rootkit Restore Point

==== Installed Programs ======================

32 Bit HP CIO Components Installer

3ivx MPEG-4 5.0.2 (remove only)

Acrobat.com

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Flash Player 12 ActiveX

Adobe Photoshop 7.0

Adobe Reader X (10.1.9)

Adobe Shockwave Player 12.0

Adobe SVG Viewer 3.0

AI-Aircraft Editor Version 2.1.0.23

AIO_Scan

AMR to MP3 Converter 1.4

AnyToISO

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Mover

ArcSoft Panorama Maker 4

ASPCA Reminder by We-Care.com v4.1.22.1

Athlon 64 Processor Driver

Avanquest update

AviSynth 2.5

Bing Bar

Bonjour

Broadcom 440x 10/100 Integrated Controller

Broadcom Management Programs

BufferChm

C5200

C5200_doccd

c5200_Help

CardRd81

CCleaner

CCScore

ClipGrab 3.3.0.2

Compatibility Pack for the 2007 Office system

Content Transfer

Copy

CR2

Critical Security Update

CustomerResearchQFolder

CutePDF Writer 3.0

Dealio Toolbar v8.2

Defraggler

Delta Force - Black Hawk Down

Destination Component

DeviceDiscovery

DeviceManagementQFolder

Digital Line Detect

DocProc

DocProcQFolder

EditVoicepack

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

eSupportQFolder

Expstudio Audio Editor FREE

Fax

File Uploader

Fisher-Price Photo Software

Flight Deck 6 for FS2004

Free M4a to MP3 Converter 7.1

Free Mp3 Wma Converter V 1.9

Glary Utilities 4.0

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Google+ Auto Backup

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB954550-v5)

HP Customer Participation Program 9.0

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Officejet 6700 Basic Device Software

HP Officejet 6700 Help

HP Officejet 6700 Product Improvement Study

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Solution Center 9.0

HP Update

HPProductAssistant

HPSSupply

I.R.I.S. OCR

iTunes

Java Auto Updater

Java™ 6 Update 21

K-Lite Codec Pack 7.0.0 (Standard)

KATL Atlanta

KEDDS

Kodak EasyShare digital display software

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Flight Simulator 2004 A Century of Flight

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Professional Edition 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Military AI Works - RAF Lakenheath 48th FW

MobileMe Control Panel

Motorola Driver Installation 4.5.0

Mouse Suite for Desktop Computers

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NASCAR® Racing 2007 Season

netbrdg

Nikon Message Center

Nikon Transfer

NNC Series Mod

NRatings

NVIDIA Drivers

OfotoXMI

PanoStandAlone

PGA Championship Golf 2000

Picasa 3

Prop-Liners Collection

PS Panels 737NG Version 1.1

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_min

PSSWCORE

QuickTime

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

RealUpgrade 1.1

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio Update Manager

Safari

SAMSUNG CDMA Modem Driver Set

SAMSUNG Mobile Composite Device Software

SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio 3 USB Driver Installer

Samsung Samples Installer

Scan

Secunia PSI (3.0.0.9015)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2838727)

Security Update for Windows Internet Explorer 8 (KB2846071)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB2862772)

Security Update for Windows Internet Explorer 8 (KB2870699)

Security Update for Windows Internet Explorer 8 (KB2879017)

Security Update for Windows Internet Explorer 8 (KB2888505)

Security Update for Windows Internet Explorer 8 (KB2898785)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2834904-v2)

Security Update for Windows Media Player (KB2834904)

Security Update for Windows Media Player (KB975558)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2839229)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2847311)

Security Update for Windows XP (KB2849470)

Security Update for Windows XP (KB2850851)

Security Update for Windows XP (KB2850869)

Security Update for Windows XP (KB2859537)

Security Update for Windows XP (KB2862152)

Security Update for Windows XP (KB2862330)

Security Update for Windows XP (KB2862335)

Security Update for Windows XP (KB2864063)

Security Update for Windows XP (KB2868038)

Security Update for Windows XP (KB2868626)

Security Update for Windows XP (KB2876217)

Security Update for Windows XP (KB2876315)

Security Update for Windows XP (KB2876331)

Security Update for Windows XP (KB2883150)

Security Update for Windows XP (KB2884256)

Security Update for Windows XP (KB2892075)

Security Update for Windows XP (KB2893294)

Security Update for Windows XP (KB2893984)

Security Update for Windows XP (KB2898715)

Security Update for Windows XP (KB2900986)

Security Update for Windows XP (KB2914368)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982802)

SFR

SHASTA

SigmaTel Audio

SimCity 2000® Special Edition

skin0001

SKINXSDK

SolutionCenter

Sonic Activation Module

Spy Sweeper

staticcr

Status

swMSM

TomTom HOME

TomTom HOME Visual Studio Merge Modules

Toolbox

tooltips

TrayApp

Unity Web Player

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB2863058)

Update for Windows XP (KB2904266)

Update for Windows XP (KB971029)

VideoToolkit01

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VPRINTOL

WD SmartWare

WebFldrs XP

WebReg

WinDirStat 1.1.2

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

WinPcap 4.1.2

WinX Free AVI to WMV Converter 4.0.15

WinX Free FLV to MP3 Converter 2.0.7

WinX Free FLV to WMV Converter 4.1.9

WinX Free MOV to MP4 Converter 4.1.11

WinX Free MOV to WMV Converter 4.1.11

WinX Free MP4 to AVI Converter 4.1.12

WinX Free MP4 to WMV Converter 4.1.10

WinZip 14.5

WIRELESS

WOT for Internet Explorer

==== Event Viewer Messages From Past Week ========

1/31/2014 7:19:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde

1/31/2014 7:17:00 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.

1/31/2014 4:12:32 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.2960.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/31/2014 4:12:32 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.2960.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/30/2014 10:00:06 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

1/26/2014 8:50:53 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Office 2003 Service Pack 3 (SP3).

1/26/2014 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error

1/26/2014 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error

1/26/2014 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error

1/26/2014 1:14:00 PM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error

1/25/2014 9:47:37 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

1/25/2014 5:01:37 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/25/2014 5:01:36 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.

1/25/2014 4:43:55 AM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/25/2014 4:43:53 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.

1/25/2014 4:43:40 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

1/24/2014 7:14:10 AM, error: Service Control Manager [7000] - The Process creation detector. service failed to start due to the following error: The system cannot find the file specified.

1/24/2014 7:13:58 AM, error: Service Control Manager [7000] - The vToolbarUpdater17.1.2 service failed to start due to the following error: The system cannot find the file specified.

1/24/2014 7:13:38 AM, error: sptd [4] - Driver detected an internal error in its data structures for .

1/24/2014 7:13:28 AM, error: Print [23] - Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.

1/24/2014 7:12:40 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2863822).

1/24/2014 7:12:40 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Office 2003 (KB907417).

1/24/2014 7:12:18 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).

1/24/2014 4:10:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Office 2003 Service Pack 3 (SP3).

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2

Run by Beaub at 19:37:35 on 2014-01-31

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1158 [GMT -6:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

============== Running Processes ================

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Glary Utilities 4\Integrator.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Creative\Mixer\CTSVolFE.exe

C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe

C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll

BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll

TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll

mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [FPPhotoMiddleWare] c:\program files\fisher-price\photo software\util\Fisher-Price Photo Software Middleware.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262200055895

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369003957641

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{67A097C5-EA5A-4A00-B984-FC00705A6157} : DHCPNameServer = 192.168.2.1

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\documents and settings\beaub\application data\mozilla\firefox\profiles\0ixibutj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z005&form=ZGAPHP

FF - prefs.js: browser.search.selectedEngine - Google

FF - ExtSQL: !HIDDEN! 2010-01-10 14:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [2013-11-29 13504]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 214696]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-6 37664]

R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-11-4 660184]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-29 16512]

S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-8-20 30464]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-11-4 16024]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys --> c:\windows\system32\drivers\revoflt.sys [?]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-11-4 1228504]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-9 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2009-5-14 98304]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

=============== Created Last 30 ================

2014-01-31 19:07:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)

2014-01-31 19:07:02 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-01-31 19:02:01 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-01-31 13:06:18 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d685c25f-2ecf-4e9d-bbe3-443ea0bfcb17}\mpengine.dll

2014-01-31 03:59:24 98816 ----a-w- c:\windows\sed.exe

2014-01-31 03:59:24 256000 ----a-w- c:\windows\PEV.exe

2014-01-31 03:59:24 208896 ----a-w- c:\windows\MBR.exe

2014-01-31 03:29:53 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2014-01-26 03:35:34 -------- d-----w- c:\program files\CCleaner

2014-01-17 03:23:22 -------- d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2014-01-24 21:27:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-24 21:27:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe

2013-12-19 01:56:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr

2013-12-11 09:01:26 9272200 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-12-02 19:25:48 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2013-11-19 03:57:02 101664 ----a-w- c:\windows\system32\BootDefrag.exe

2013-11-18 01:18:34 13504 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys

2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll

2013-11-12 20:33:41 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-11-04 12:42:02 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_SP2504C rev.VT100-52 -> Harddisk0\DR0 -> \Device\00000064

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe >>UNKNOWN [0x8A4E0A40]<<

_asm { MOV EAX, 0x8a4e0960; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a4030d4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }

1 ntkrnlpa!IofCallDriver[0x804EE1A0] -> \Device\Harddisk0\DR0[0x8A3A7030]

\Driver\Disk[0x8A428CD0] -> IRP_MJ_CREATE -> 0x8A4E0A40

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\Disk -> 0x8a4e0a40

user & kernel MBR OK

Warning: possible MBR rootkit infection !

============= FINISH: 19:38:58.21 ===============

#24 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 31 January 2014 - 08:24 PM

Still something funky their.

I'm going to have you repeat some things we already did... hoping that as we've made a little progress... the remaining problems will show themselves.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#25 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 31 January 2014 - 09:01 PM

20:45:22.0622 0x0aac TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50

20:45:28.0060 0x0aac ============================================================

20:45:28.0060 0x0aac Current date / time: 2014/01/31 20:45:28.0060

20:45:28.0060 0x0aac SystemInfo:

20:45:28.0060 0x0aac

20:45:28.0060 0x0aac OS Version: 5.1.2600 ServicePack: 3.0

20:45:28.0060 0x0aac Product type: Workstation

20:45:28.0060 0x0aac ComputerName: BEAU

20:45:28.0060 0x0aac UserName: Beaub

20:45:28.0060 0x0aac Windows directory: C:\WINDOWS

20:45:28.0060 0x0aac System windows directory: C:\WINDOWS

20:45:28.0060 0x0aac Processor architecture: Intel x86

20:45:28.0060 0x0aac Number of processors: 1

20:45:28.0060 0x0aac Page size: 0x1000

20:45:28.0060 0x0aac Boot type: Normal boot

20:45:28.0060 0x0aac ============================================================

20:45:28.0794 0x0aac KLMD registered as C:\WINDOWS\system32\drivers\55908034.sys

20:45:29.0075 0x0aac System UUID: {FC4B0D00-9922-5F55-AF76-811A9AE123D7}

20:45:30.0216 0x0aac Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:45:30.0231 0x0aac Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B24B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050

20:45:30.0231 0x0aac ============================================================

20:45:30.0231 0x0aac \Device\Harddisk0\DR0:

20:45:30.0231 0x0aac MBR partitions:

20:45:30.0231 0x0aac \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1400000

20:45:30.0231 0x0aac \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1414000, BlocksNum 0x1BD94800

20:45:30.0231 0x0aac \Device\Harddisk1\DR1:

20:45:30.0231 0x0aac MBR partitions:

20:45:30.0231 0x0aac \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07CA1

20:45:30.0231 0x0aac ============================================================

20:45:30.0278 0x0aac C: <-> \Device\Harddisk0\DR0\Partition2

20:45:30.0372 0x0aac D: <-> \Device\Harddisk0\DR0\Partition1

20:45:31.0012 0x0aac G: <-> \Device\Harddisk1\DR1\Partition1

20:45:31.0012 0x0aac ============================================================

20:45:31.0012 0x0aac Initialize success

20:45:31.0012 0x0aac ============================================================

20:45:48.0621 0x0d80 ============================================================

20:45:48.0621 0x0d80 Scan started

20:45:48.0621 0x0d80 Mode: Manual; TDLFS;

20:45:48.0621 0x0d80 ============================================================

20:45:48.0621 0x0d80 KSN ping started

20:46:02.0558 0x0d80 KSN ping finished: true

20:46:03.0339 0x0d80 ================ Scan system memory ========================

20:46:03.0339 0x0d80 System memory - ok

20:46:03.0339 0x0d80 ================ Scan services =============================

20:46:03.0417 0x0d80 Abiosdsk - ok

20:46:03.0417 0x0d80 abp480n5 - ok

20:46:03.0464 0x0d80 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:46:03.0479 0x0d80 ACPI - ok

20:46:03.0651 0x0d80 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

20:46:03.0667 0x0d80 ACPIEC - ok

20:46:03.0745 0x0d80 [ 2471BCB6E1388A3484E78243A1BE5F33, CB7FBA6C15791554594228A5A1A7A5040BEB1BD725F08947D780E301D8AE788A ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

20:46:03.0745 0x0d80 AdobeFlashPlayerUpdateSvc - ok

20:46:03.0761 0x0d80 adpu160m - ok

20:46:03.0776 0x0d80 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys

20:46:03.0839 0x0d80 aec - ok

20:46:03.0886 0x0d80 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys

20:46:03.0886 0x0d80 AFD - ok

20:46:03.0901 0x0d80 AFGMp50 - ok

20:46:03.0901 0x0d80 AFGSp50 - ok

20:46:03.0917 0x0d80 Aha154x - ok

20:46:03.0917 0x0d80 aic78u2 - ok

20:46:03.0932 0x0d80 aic78xx - ok

20:46:03.0964 0x0d80 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

20:46:03.0964 0x0d80 Alerter - ok

20:46:03.0995 0x0d80 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe

20:46:03.0995 0x0d80 ALG - ok

20:46:04.0011 0x0d80 AliIde - ok

20:46:04.0057 0x0d80 [ 0A4D13B388C814560BD69C3A496ECFA8, 71ADD4C4A5C6465EA27F572DE608C348896C4C557D136718CCDD9919144F7986 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys

20:46:04.0057 0x0d80 AmdK8 - ok

20:46:04.0057 0x0d80 amsint - ok

20:46:04.0167 0x0d80 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:46:04.0167 0x0d80 Apple Mobile Device - ok

20:46:04.0182 0x0d80 AppMgmt - ok

20:46:04.0182 0x0d80 asc - ok

20:46:04.0198 0x0d80 asc3350p - ok

20:46:04.0198 0x0d80 asc3550 - ok

20:46:04.0245 0x0d80 [ 54AB078660E536DA72B21A27F56B035B, 41FA4D644EBC12AC8768D3D0EC12FF4E31FE0A7FE5E049432132710A1ED4E500 ] ASPI C:\WINDOWS\System32\DRIVERS\ASPI32.sys

20:46:04.0261 0x0d80 ASPI - ok

20:46:04.0386 0x0d80 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

20:46:04.0386 0x0d80 aspnet_state - ok

20:46:04.0417 0x0d80 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:46:04.0448 0x0d80 AsyncMac - ok

20:46:04.0464 0x0d80 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

20:46:04.0479 0x0d80 atapi - ok

20:46:04.0479 0x0d80 Atdisk - ok

20:46:04.0495 0x0d80 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:46:04.0526 0x0d80 Atmarpc - ok

20:46:04.0557 0x0d80 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

20:46:04.0573 0x0d80 AudioSrv - ok

20:46:04.0620 0x0d80 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

20:46:04.0636 0x0d80 audstub - ok

20:46:04.0667 0x0d80 [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys

20:46:04.0667 0x0d80 avgtp - ok

20:46:04.0745 0x0d80 [ F2E8CEFC8CF4D6454F4121C5FF93136A, DFD05AD328BD0FDD8BF44043C40084A6DF98BF6F5CEAE71BF793176AF6ADFBBB ] BBSvc C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe

20:46:04.0761 0x0d80 BBSvc - ok

20:46:04.0792 0x0d80 [ 6E1BCC590C9D30FEE8FC14DBD053CE94, 4F698D399225A890B7FDCE3773E504B2880534ED1C0F4C37589568C44BA51743 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe

20:46:04.0792 0x0d80 BBUpdate - ok

20:46:04.0854 0x0d80 [ CD4646067CC7DCBA1907FA0ACF7E3966, 705DF801ACB8719213E95D6214E6C30F7A217663305DBB718F7ECD40F0084340 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

20:46:04.0854 0x0d80 bcm4sbxp - ok

20:46:04.0901 0x0d80 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys

20:46:04.0932 0x0d80 Beep - ok

20:46:05.0011 0x0d80 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll

20:46:05.0026 0x0d80 BITS - ok

20:46:05.0104 0x0d80 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

20:46:05.0120 0x0d80 Bonjour Service - ok

20:46:05.0167 0x0d80 [ 3722F97E33CACAB1D08B76ABFCCC2966, A40BD18AA7B0B4C5F5912438C0B8AD427C709FD1918C0C57FA3979A5CF73D890 ] BootDefragDriver C:\WINDOWS\system32\drivers\BootDefragDriver.sys

20:46:05.0167 0x0d80 BootDefragDriver - ok

20:46:05.0198 0x0d80 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll

20:46:05.0198 0x0d80 Browser - ok

20:46:05.0276 0x0d80 catchme - ok

20:46:05.0292 0x0d80 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

20:46:05.0307 0x0d80 cbidf2k - ok

20:46:05.0307 0x0d80 cd20xrnt - ok

20:46:05.0370 0x0d80 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

20:46:05.0401 0x0d80 Cdaudio - ok

20:46:05.0432 0x0d80 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

20:46:05.0432 0x0d80 Cdfs - ok

20:46:05.0495 0x0d80 [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:46:05.0526 0x0d80 Cdrom - ok

20:46:05.0557 0x0d80 [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys

20:46:05.0604 0x0d80 cercsr6 - ok

20:46:05.0620 0x0d80 Changer - ok

20:46:05.0651 0x0d80 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe

20:46:05.0682 0x0d80 CiSvc - ok

20:46:05.0714 0x0d80 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

20:46:05.0760 0x0d80 ClipSrv - ok

20:46:05.0807 0x0d80 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:46:05.0823 0x0d80 clr_optimization_v2.0.50727_32 - ok

20:46:05.0854 0x0d80 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:46:05.0870 0x0d80 clr_optimization_v4.0.30319_32 - ok

20:46:05.0870 0x0d80 CmdIde - ok

20:46:05.0885 0x0d80 COMSysApp - ok

20:46:05.0901 0x0d80 Cpqarray - ok

20:46:05.0917 0x0d80 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

20:46:05.0917 0x0d80 CryptSvc - ok

20:46:05.0917 0x0d80 dac2w2k - ok

20:46:05.0932 0x0d80 dac960nt - ok

20:46:05.0995 0x0d80 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

20:46:05.0995 0x0d80 DcomLaunch - ok

20:46:06.0042 0x0d80 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

20:46:06.0057 0x0d80 Dhcp - ok

20:46:06.0073 0x0d80 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

20:46:06.0073 0x0d80 Disk - ok

20:46:06.0151 0x0d80 [ 0659E6E0A95564F958D9DF7313F7701E, CDE805D797853D37149678A5A9BE9B5C8F637F5629AAAE9545509E5686F87C20 ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS

20:46:06.0151 0x0d80 DLABMFSM - ok

20:46:06.0167 0x0d80 [ 8691C78908F0BD66170669DB268369F2, 7CEDECA3C6A4BBC3195589D7B6A7B9C9F2D8CD4D0513B055C55B867FB14EB58F ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS

20:46:06.0167 0x0d80 DLABOIOM - ok

20:46:06.0167 0x0d80 [ 76167B5EB2DFFC729EDC36386876B40B, 4116749A6C6D9473564AE7B3BEB3555867BAA6A7081920B9B8921F89DAA7A3C0 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

20:46:06.0167 0x0d80 DLACDBHM - ok

20:46:06.0182 0x0d80 [ 5615744A1056933B90E6AC54FEB86F35, 4A7A34E01F829C1E3430166CCBB604490D0A61E39ED9F5B663DFD46DA6C7CE4B ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS

20:46:06.0182 0x0d80 DLADResM - ok

20:46:06.0214 0x0d80 [ 1AECA2AFA5005CE4A550CF8EB55A8C88, E42DCC29F2D5FE811BC4200D676EC60D8FDB9F86C9204B14754B496E8D8E6E28 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

20:46:06.0214 0x0d80 DLAIFS_M - ok

20:46:06.0229 0x0d80 [ 840E7F6ABB885C72B9FFDDB022EF5B6D, 4F2CF773652E93E9DA5A57BAF505190B608D96923E00B7A589294E2D1EEEC115 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

20:46:06.0229 0x0d80 DLAOPIOM - ok

20:46:06.0245 0x0d80 [ 0294D18731AC05DA80132CE88F8A876B, 913CFA7D0868E1C95F116B2C583803E9138BAA5A52524F0D26026B1661C20392 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS

20:46:06.0245 0x0d80 DLAPoolM - ok

20:46:06.0260 0x0d80 [ 91886FED52A3F9966207BCE46CFD794F, 808425C5ECA163626ED23EC0BB203C77870932C23AD9FEEB39FE907314BB3997 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

20:46:06.0260 0x0d80 DLARTL_M - ok

20:46:06.0276 0x0d80 [ CCA4E121D599D7D1706A30F603731E59, 2776BB5384A210184F0BEC0A3CBC1076BEBEAE00D74D4D6B7CED5711291BBB9E ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

20:46:06.0276 0x0d80 DLAUDFAM - ok

20:46:06.0292 0x0d80 [ 7DAB85C33135DF24419951DA4E7D38E5, 87FC6BD347C7DC68130FDE862389DD0B9321FB51D5ED62B39985EA4437486EDA ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

20:46:06.0292 0x0d80 DLAUDF_M - ok

20:46:06.0307 0x0d80 dmadmin - ok

20:46:06.0339 0x0d80 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

20:46:06.0417 0x0d80 dmboot - ok

20:46:06.0448 0x0d80 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys

20:46:06.0510 0x0d80 dmio - ok

20:46:06.0542 0x0d80 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys

20:46:06.0557 0x0d80 dmload - ok

20:46:06.0589 0x0d80 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll

20:46:06.0604 0x0d80 dmserver - ok

20:46:06.0651 0x0d80 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

20:46:06.0667 0x0d80 DMusic - ok

20:46:06.0714 0x0d80 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

20:46:06.0714 0x0d80 Dnscache - ok

20:46:06.0776 0x0d80 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

20:46:06.0854 0x0d80 Dot3svc - ok

20:46:06.0870 0x0d80 dpti2o - ok

20:46:06.0901 0x0d80 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

20:46:06.0917 0x0d80 drmkaud - ok

20:46:06.0979 0x0d80 [ C00440385CF9F3D142917C63F989E244, 5DD3684D3C6DE4E9C82778C4097E9017E1DB0617DDD1D04831263B1E390B2D08 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

20:46:06.0979 0x0d80 DRVMCDB - ok

20:46:06.0979 0x0d80 [ 6E6AB29D3C06E64CE81FEACDA85394B5, 82BB4F82D4C0DA7FC426FDF363E232183CD0DC7F3357CF930ACEE21DA71F62B8 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

20:46:06.0995 0x0d80 DRVNDDM - ok

20:46:07.0042 0x0d80 [ 6461E57BB51A848AAE26F52427B7CF9E, A5730998362CB5C3A7B288A3DCD02E3165ACBBB98AB39F7A0FE2029D946EA95D ] dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys

20:46:07.0042 0x0d80 dtscsi - ok

20:46:07.0057 0x0d80 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll

20:46:07.0120 0x0d80 EapHost - ok

20:46:07.0135 0x0d80 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll

20:46:07.0135 0x0d80 ERSvc - ok

20:46:07.0182 0x0d80 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe

20:46:07.0182 0x0d80 Eventlog - ok

20:46:07.0229 0x0d80 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll

20:46:07.0229 0x0d80 EventSystem - ok

20:46:07.0260 0x0d80 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

20:46:07.0292 0x0d80 Fastfat - ok

20:46:07.0354 0x0d80 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

20:46:07.0354 0x0d80 FastUserSwitchingCompatibility - ok

20:46:07.0385 0x0d80 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

20:46:07.0401 0x0d80 Fdc - ok

20:46:07.0417 0x0d80 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys

20:46:07.0432 0x0d80 Fips - ok

20:46:07.0448 0x0d80 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

20:46:07.0479 0x0d80 Flpydisk - ok

20:46:07.0526 0x0d80 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

20:46:07.0526 0x0d80 FltMgr - ok

20:46:07.0573 0x0d80 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:46:07.0573 0x0d80 FontCache3.0.0.0 - ok

20:46:07.0604 0x0d80 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:46:07.0620 0x0d80 Fs_Rec - ok

20:46:07.0635 0x0d80 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:46:07.0635 0x0d80 Ftdisk - ok

20:46:07.0682 0x0d80 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:46:07.0682 0x0d80 GEARAspiWDM - ok

20:46:07.0714 0x0d80 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:46:07.0745 0x0d80 Gpc - ok

20:46:07.0838 0x0d80 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

20:46:07.0838 0x0d80 gupdate - ok

20:46:07.0854 0x0d80 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

20:46:07.0854 0x0d80 gupdatem - ok

20:46:07.0901 0x0d80 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

20:46:07.0917 0x0d80 gusvc - ok

20:46:07.0932 0x0d80 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:46:07.0932 0x0d80 HDAudBus - ok

20:46:07.0979 0x0d80 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:46:07.0979 0x0d80 helpsvc - ok

20:46:07.0995 0x0d80 HidServ - ok

20:46:08.0010 0x0d80 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:46:08.0026 0x0d80 hidusb - ok

20:46:08.0042 0x0d80 [ 4ADF0F441F26B0BA70B82E703BD72D2C, 4EEEA588A8F4253F40F0389EBFBC76B0EC888B40FCA9FB367EC5B8AEA9EA3F3F ] hitmanpro37 C:\WINDOWS\system32\drivers\hitmanpro37.sys

20:46:08.0042 0x0d80 hitmanpro37 - ok

20:46:08.0088 0x0d80 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

20:46:08.0120 0x0d80 hkmsvc - ok

20:46:08.0120 0x0d80 hpn - ok

20:46:08.0229 0x0d80 [ 38D6B51F04DEF7FB248FA56E4C47407E, 9D2A53553AF2FB2E8424BE6B6388EFFC69240EA5BBE043AC542029BE39BACB25 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

20:46:08.0229 0x0d80 hpqcxs08 - ok

20:46:08.0276 0x0d80 [ 3EE4A63539EC04EE2D4BD293985087AB, 754826BC906F69AEE5D2CFEA1B22B7179767999C834B70D561F8B0CB4CAE9A59 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

20:46:08.0276 0x0d80 hpqddsvc - ok

20:46:08.0292 0x0d80 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys

20:46:08.0323 0x0d80 HPZid412 - ok

20:46:08.0338 0x0d80 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

20:46:08.0354 0x0d80 HPZipr12 - ok

20:46:08.0370 0x0d80 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys

20:46:08.0385 0x0d80 HPZius12 - ok

20:46:08.0432 0x0d80 [ 77E4FF0B73BC0AEAAF39BF0C8104231F, A5D35FCD9E52003D990EB97DF1634DE9B516647C8DAAD3152550CD875DBBDA82 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

20:46:08.0463 0x0d80 HSFHWBS2 - ok

20:46:08.0510 0x0d80 [ 60E1604729A15EF4A3B05F298427B3B1, 139DE473F645A300DD436B4AA8359A23FCE3BB9688B6B597E89F8ADBC36A71B9 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

20:46:08.0588 0x0d80 HSF_DP - ok

20:46:08.0635 0x0d80 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

20:46:08.0651 0x0d80 HTTP - ok

20:46:08.0667 0x0d80 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

20:46:08.0682 0x0d80 HTTPFilter - ok

20:46:08.0698 0x0d80 i2omgmt - ok

20:46:08.0698 0x0d80 i2omp - ok

20:46:08.0713 0x0d80 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys

20:46:08.0745 0x0d80 i8042prt - ok

20:46:08.0792 0x0d80 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

20:46:08.0854 0x0d80 IDriverT - ok

20:46:08.0932 0x0d80 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:46:08.0963 0x0d80 idsvc - ok

20:46:08.0979 0x0d80 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

20:46:09.0010 0x0d80 Imapi - ok

20:46:09.0057 0x0d80 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe

20:46:09.0057 0x0d80 ImapiService - ok

20:46:09.0073 0x0d80 ini910u - ok

20:46:09.0073 0x0d80 IntelIde - ok

20:46:09.0120 0x0d80 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

20:46:09.0151 0x0d80 Ip6Fw - ok

20:46:09.0167 0x0d80 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:46:09.0182 0x0d80 IpFilterDriver - ok

20:46:09.0213 0x0d80 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:46:09.0260 0x0d80 IpInIp - ok

20:46:09.0292 0x0d80 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:46:09.0292 0x0d80 IpNat - ok

20:46:09.0354 0x0d80 [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

20:46:09.0370 0x0d80 iPod Service - ok

20:46:09.0401 0x0d80 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:46:09.0448 0x0d80 IPSec - ok

20:46:09.0479 0x0d80 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

20:46:09.0495 0x0d80 IRENUM - ok

20:46:09.0510 0x0d80 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:46:09.0510 0x0d80 isapnp - ok

20:46:09.0667 0x0d80 [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

20:46:09.0682 0x0d80 JavaQuickStarterService - ok

20:46:09.0698 0x0d80 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:46:09.0713 0x0d80 Kbdclass - ok

20:46:09.0729 0x0d80 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:46:09.0745 0x0d80 kbdhid - ok

20:46:09.0776 0x0d80 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

20:46:09.0776 0x0d80 kmixer - ok

20:46:09.0854 0x0d80 [ 9646A100ACF21516DB1052BC419332BA, 231A21866983E5D2BA32F2F76B1180880F68908D54FCF13ECE377354FA847D62 ] KodakDigitalDisplayService C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe

20:46:09.0948 0x0d80 KodakDigitalDisplayService - ok

20:46:09.0979 0x0d80 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

20:46:09.0979 0x0d80 KSecDD - ok

20:46:10.0026 0x0d80 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

20:46:10.0026 0x0d80 lanmanserver - ok

20:46:10.0073 0x0d80 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

20:46:10.0073 0x0d80 lanmanworkstation - ok

20:46:10.0088 0x0d80 Lavasoft Ad-Aware Service - ok

20:46:10.0104 0x0d80 Lavasoft Kernexplorer - ok

20:46:10.0104 0x0d80 lbrtfdc - ok

20:46:10.0151 0x0d80 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

20:46:10.0166 0x0d80 LmHosts - ok

20:46:10.0182 0x0d80 [ EEAEA6514BA7C9D273B5E87C4E1AAB30, 3B724C6A8867B1B7A45D832150E0CFAC1004D3B972A2A7BFDD2ADDDB2488BB1E ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

20:46:10.0182 0x0d80 mdmxsdk - ok

20:46:10.0198 0x0d80 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll

20:46:10.0229 0x0d80 Messenger - ok

20:46:10.0260 0x0d80 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

20:46:10.0276 0x0d80 mnmdd - ok

20:46:10.0307 0x0d80 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

20:46:10.0385 0x0d80 mnmsrvc - ok

20:46:10.0401 0x0d80 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys

20:46:10.0401 0x0d80 Modem - ok

20:46:10.0432 0x0d80 [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

20:46:10.0448 0x0d80 MODEMCSA - ok

20:46:10.0479 0x0d80 [ 54FEE02961C70FD9D4D7E2F87AFA23FA, 63DFA8340ECD3150AE29291502B10812661CF975FCAC4DA74267588E85A0B0B5 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys

20:46:10.0526 0x0d80 motmodem - ok

20:46:10.0526 0x0d80 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:46:10.0557 0x0d80 Mouclass - ok

20:46:10.0573 0x0d80 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:46:10.0588 0x0d80 mouhid - ok

20:46:10.0635 0x0d80 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

20:46:10.0635 0x0d80 MountMgr - ok

20:46:10.0698 0x0d80 [ 825BF0E46B4470A463AEB641480C5FCA, 321F37EA5D2AF7E3F55399ABE94AC3788B90E254E4A6859059C6BB1C6BEF19D0 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

20:46:10.0698 0x0d80 MozillaMaintenance - ok

20:46:10.0745 0x0d80 [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys

20:46:10.0760 0x0d80 MpFilter - ok

20:46:10.0885 0x0d80 [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsl3450b2a1 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D685C25F-2ECF-4E9D-BBE3-443EA0BFCB17}\MpKsl3450b2a1.sys

20:46:10.0885 0x0d80 MpKsl3450b2a1 - ok

20:46:10.0901 0x0d80 mraid35x - ok

20:46:10.0916 0x0d80 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:46:10.0932 0x0d80 MRxDAV - ok

20:46:10.0979 0x0d80 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:46:10.0995 0x0d80 MRxSmb - ok

20:46:11.0010 0x0d80 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe

20:46:11.0041 0x0d80 MSDTC - ok

20:46:11.0057 0x0d80 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

20:46:11.0057 0x0d80 Msfs - ok

20:46:11.0057 0x0d80 MSIServer - ok

20:46:11.0088 0x0d80 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:46:11.0104 0x0d80 MSKSSRV - ok

20:46:11.0166 0x0d80 [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe

20:46:11.0166 0x0d80 MsMpSvc - ok

20:46:11.0182 0x0d80 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:46:11.0213 0x0d80 MSPCLOCK - ok

20:46:11.0245 0x0d80 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

20:46:11.0276 0x0d80 MSPQM - ok

20:46:11.0276 0x0d80 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:46:11.0276 0x0d80 mssmbios - ok

20:46:11.0307 0x0d80 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

20:46:11.0323 0x0d80 Mup - ok

20:46:11.0354 0x0d80 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll

20:46:11.0416 0x0d80 napagent - ok

20:46:11.0432 0x0d80 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

20:46:11.0448 0x0d80 NDIS - ok

20:46:11.0463 0x0d80 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:46:11.0463 0x0d80 NdisTapi - ok

20:46:11.0479 0x0d80 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:46:11.0495 0x0d80 Ndisuio - ok

20:46:11.0510 0x0d80 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:46:11.0573 0x0d80 NdisWan - ok

20:46:11.0604 0x0d80 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

20:46:11.0604 0x0d80 NDProxy - ok

20:46:11.0635 0x0d80 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll

20:46:11.0635 0x0d80 Net Driver HPZ12 - ok

20:46:11.0666 0x0d80 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

20:46:11.0666 0x0d80 NetBIOS - ok

20:46:11.0713 0x0d80 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

20:46:11.0745 0x0d80 NetBT - ok

20:46:11.0791 0x0d80 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe

20:46:11.0870 0x0d80 NetDDE - ok

20:46:11.0885 0x0d80 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

20:46:11.0885 0x0d80 NetDDEdsdm - ok

20:46:11.0916 0x0d80 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe

20:46:11.0932 0x0d80 Netlogon - ok

20:46:11.0948 0x0d80 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll

20:46:11.0948 0x0d80 Netman - ok

20:46:11.0979 0x0d80 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:46:11.0979 0x0d80 NetTcpPortSharing - ok

20:46:12.0041 0x0d80 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll

20:46:12.0057 0x0d80 Nla - ok

20:46:12.0104 0x0d80 [ B48DC6ABCD3AEFF8618350CCBDC6B09A, 824D8B03E061DDD0D33EF9F03C669B13E7B6E339684009BD44D69178C45E2DE1 ] npf C:\WINDOWS\system32\drivers\npf.sys

20:46:12.0104 0x0d80 npf - ok

20:46:12.0120 0x0d80 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

20:46:12.0120 0x0d80 Npfs - ok

20:46:12.0182 0x0d80 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

20:46:12.0198 0x0d80 Ntfs - ok

20:46:12.0198 0x0d80 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

20:46:12.0198 0x0d80 NtLmSsp - ok

20:46:12.0244 0x0d80 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

20:46:12.0291 0x0d80 NtmsSvc - ok

20:46:12.0307 0x0d80 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys

20:46:12.0323 0x0d80 Null - ok

20:46:12.0541 0x0d80 [ 15A6306A0B958BF60F09688D0EE70479, BE4AD7CF12EAA8D62B7B8A0153B1F1E8C163DCC61C4C977E8EC06D78239DC91E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

20:46:12.0729 0x0d80 nv - ok

20:46:12.0776 0x0d80 [ 6B37162E91A7005BAA753CB611ACEA2D, 7B0776F21A1EFBDC519682236A630BDBF598AAAFFD240149F2CFABAC65DF2503 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys

20:46:12.0776 0x0d80 nvata - ok

20:46:12.0807 0x0d80 [ 986D6666E076AFD2B60ACAFD5B01A00F, 074EC1BD13D2B5626AFF7DD966E7F2D0ECE9C64577B8BD6C157B274A44FF3F9A ] NVSvc C:\WINDOWS\system32\nvsvc32.exe

20:46:12.0823 0x0d80 NVSvc - ok

20:46:12.0854 0x0d80 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:46:12.0869 0x0d80 NwlnkFlt - ok

20:46:12.0885 0x0d80 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:46:12.0916 0x0d80 NwlnkFwd - ok

20:46:12.0932 0x0d80 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys

20:46:12.0932 0x0d80 Parport - ok

20:46:12.0979 0x0d80 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

20:46:12.0994 0x0d80 PartMgr - ok

20:46:13.0010 0x0d80 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

20:46:13.0026 0x0d80 ParVdm - ok

20:46:13.0057 0x0d80 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

20:46:13.0057 0x0d80 PCI - ok

20:46:13.0057 0x0d80 PCIDump - ok

20:46:13.0104 0x0d80 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

20:46:13.0119 0x0d80 PCIIde - ok

20:46:13.0151 0x0d80 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

20:46:13.0166 0x0d80 Pcmcia - ok

20:46:13.0182 0x0d80 PDCOMP - ok

20:46:13.0182 0x0d80 PDFRAME - ok

20:46:13.0198 0x0d80 PDRELI - ok

20:46:13.0198 0x0d80 PDRFRAME - ok

20:46:13.0213 0x0d80 perc2 - ok

20:46:13.0213 0x0d80 perc2hib - ok

20:46:13.0244 0x0d80 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe

20:46:13.0260 0x0d80 PlugPlay - ok

20:46:13.0291 0x0d80 [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll

20:46:13.0307 0x0d80 Pml Driver HPZ12 - ok

20:46:13.0323 0x0d80 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

20:46:13.0323 0x0d80 PolicyAgent - ok

20:46:13.0338 0x0d80 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:46:13.0385 0x0d80 PptpMiniport - ok

20:46:13.0385 0x0d80 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

20:46:13.0416 0x0d80 Processor - ok

20:46:13.0416 0x0d80 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

20:46:13.0416 0x0d80 ProtectedStorage - ok

20:46:13.0463 0x0d80 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

20:46:13.0494 0x0d80 PSched - ok

20:46:13.0526 0x0d80 [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys

20:46:13.0557 0x0d80 PSI - ok

20:46:13.0588 0x0d80 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:46:13.0604 0x0d80 Ptilink - ok

20:46:13.0619 0x0d80 [ FEFFCFDC528764A04C8ED63D5FA6E711, BECC9174DA5860FCF011957CB6A12DE5074A770DC14076C0C94E63AD42ECF19E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:46:13.0619 0x0d80 PxHelp20 - ok

20:46:13.0635 0x0d80 ql1080 - ok

20:46:13.0635 0x0d80 Ql10wnt - ok

20:46:13.0651 0x0d80 ql12160 - ok

20:46:13.0651 0x0d80 ql1240 - ok

20:46:13.0666 0x0d80 ql1280 - ok

20:46:13.0682 0x0d80 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:46:13.0698 0x0d80 RasAcd - ok

20:46:13.0729 0x0d80 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll

20:46:13.0776 0x0d80 RasAuto - ok

20:46:13.0791 0x0d80 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:46:13.0791 0x0d80 Rasl2tp - ok

20:46:13.0854 0x0d80 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll

20:46:13.0869 0x0d80 RasMan - ok

20:46:13.0885 0x0d80 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:46:13.0901 0x0d80 RasPppoe - ok

20:46:13.0916 0x0d80 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

20:46:13.0932 0x0d80 Raspti - ok

20:46:13.0948 0x0d80 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:46:13.0963 0x0d80 Rdbss - ok

20:46:13.0963 0x0d80 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:46:13.0979 0x0d80 RDPCDD - ok

20:46:14.0026 0x0d80 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

20:46:14.0026 0x0d80 RDPWD - ok

20:46:14.0057 0x0d80 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

20:46:14.0104 0x0d80 RDSessMgr - ok

20:46:14.0166 0x0d80 [ 89525CC2DBAD44F7199B9CC188B3F9C5, 09708EFA65BC1CCF92E6F2E143FCF88C645B1633AFE0DED833CDF945CB077D8C ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

20:46:14.0182 0x0d80 RealNetworks Downloader Resolver Service - ok

20:46:14.0213 0x0d80 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

20:46:14.0260 0x0d80 redbook - ok

20:46:14.0291 0x0d80 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

20:46:14.0323 0x0d80 RemoteAccess - ok

20:46:14.0338 0x0d80 Revoflt - ok

20:46:14.0354 0x0d80 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe

20:46:14.0401 0x0d80 RpcLocator - ok

20:46:14.0447 0x0d80 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll

20:46:14.0447 0x0d80 RpcSs - ok

20:46:14.0494 0x0d80 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe

20:46:14.0526 0x0d80 RSVP - ok

20:46:14.0557 0x0d80 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe

20:46:14.0557 0x0d80 SamSs - ok

20:46:14.0604 0x0d80 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

20:46:14.0666 0x0d80 SCardSvr - ok

20:46:14.0697 0x0d80 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll

20:46:14.0729 0x0d80 Schedule - ok

20:46:14.0744 0x0d80 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:46:14.0776 0x0d80 Secdrv - ok

20:46:14.0791 0x0d80 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll

20:46:14.0791 0x0d80 seclogon - ok

20:46:14.0916 0x0d80 [ DA6C0E0B15CD0B135FD385AEABAE3A4C, 1DBED093D4BD1E800828D8E0EB19EDA7FD1E963AABD4F71D61F1AD04F669290F ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe

20:46:15.0088 0x0d80 Secunia PSI Agent - ok

20:46:15.0135 0x0d80 [ 71761EDC432A0E39CF621105884E738E, 935133326B794F6DEAA97B9B6B6295AC6A884C3B73ABCD5662A79CEAD8EEA5EE ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe

20:46:15.0166 0x0d80 Secunia Update Agent - ok

20:46:15.0182 0x0d80 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll

20:46:15.0182 0x0d80 SENS - ok

20:46:15.0197 0x0d80 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys

20:46:15.0197 0x0d80 Serial - ok

20:46:15.0244 0x0d80 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

20:46:15.0260 0x0d80 Sfloppy - ok

20:46:15.0307 0x0d80 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

20:46:15.0322 0x0d80 SharedAccess - ok

20:46:15.0338 0x0d80 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

20:46:15.0338 0x0d80 ShellHWDetection - ok

20:46:15.0354 0x0d80 Simbad - ok

20:46:15.0369 0x0d80 Sparrow - ok

20:46:15.0385 0x0d80 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys

20:46:15.0401 0x0d80 splitter - ok

20:46:15.0463 0x0d80 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe

20:46:15.0463 0x0d80 Spooler - ok

20:46:15.0510 0x0d80 [ 610522607B15DC6D5D8E20827D07B282, 86F5E40AEAB77C9381DDB0938FFFC98FAF2A060F3CAD5F0B63278568005511B8 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys

20:46:15.0541 0x0d80 sptd - ok

20:46:15.0557 0x0d80 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

20:46:15.0557 0x0d80 sr - ok

20:46:15.0619 0x0d80 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll

20:46:15.0619 0x0d80 srservice - ok

20:46:15.0682 0x0d80 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

20:46:15.0697 0x0d80 Srv - ok

20:46:15.0729 0x0d80 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

20:46:15.0744 0x0d80 SSDPSRV - ok

20:46:15.0791 0x0d80 [ 306521935042FC0A6988D528643619B3, 6FCC06EA71F5C83A8C3A8B7152E9FF48BCFBD35ED8C134A0879735F9135BB20C ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys

20:46:15.0791 0x0d80 StarOpen - ok

20:46:15.0885 0x0d80 [ 8990440E4B2A7CA5A56A1833B03741FD, 55FE82DAE2D15D02AB12777045E2A3FE71560E53ECF1B1C03C25A603D5D90EBB ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

20:46:15.0932 0x0d80 STHDA - ok

20:46:15.0963 0x0d80 [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys

20:46:15.0979 0x0d80 StillCam - ok

20:46:16.0057 0x0d80 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll

20:46:16.0072 0x0d80 stisvc - ok

20:46:16.0104 0x0d80 [ 51778FD315C9882F1CBD932743E62A72, 5127292970ABC2966723CC5535DD547C77AAC132AAA849BCBD90D0F00EDD08C0 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

20:46:16.0166 0x0d80 stllssvr - ok

20:46:16.0197 0x0d80 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

20:46:16.0213 0x0d80 swenum - ok

20:46:16.0229 0x0d80 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

20:46:16.0260 0x0d80 swmidi - ok

20:46:16.0260 0x0d80 SwPrv - ok

20:46:16.0276 0x0d80 symc810 - ok

20:46:16.0276 0x0d80 symc8xx - ok

20:46:16.0291 0x0d80 sym_hi - ok

20:46:16.0291 0x0d80 sym_u3 - ok

20:46:16.0307 0x0d80 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

20:46:16.0338 0x0d80 sysaudio - ok

20:46:16.0354 0x0d80 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

20:46:16.0401 0x0d80 SysmonLog - ok

20:46:16.0447 0x0d80 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

20:46:16.0447 0x0d80 TapiSrv - ok

20:46:16.0494 0x0d80 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:46:16.0510 0x0d80 Tcpip - ok

20:46:16.0525 0x0d80 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

20:46:16.0525 0x0d80 TDPIPE - ok

20:46:16.0541 0x0d80 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

20:46:16.0541 0x0d80 TDTCP - ok

20:46:16.0572 0x0d80 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

20:46:16.0572 0x0d80 TermDD - ok

20:46:16.0619 0x0d80 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll

20:46:16.0635 0x0d80 TermService - ok

20:46:16.0666 0x0d80 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll

20:46:16.0666 0x0d80 Themes - ok

20:46:16.0744 0x0d80 [ E4FAD21646088D79F8889B6531396ACF, D0C8F0E3293D423245FD2233F283A1FE2463E15F8B9F4ED6AC96C2164EC51F75 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

20:46:16.0744 0x0d80 TomTomHOMEService - ok

20:46:16.0744 0x0d80 TosIde - ok

20:46:16.0775 0x0d80 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll

20:46:16.0775 0x0d80 TrkWks - ok

20:46:16.0822 0x0d80 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

20:46:16.0854 0x0d80 Udfs - ok

20:46:16.0854 0x0d80 ultra - ok

20:46:16.0900 0x0d80 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

20:46:16.0947 0x0d80 Update - ok

20:46:16.0979 0x0d80 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll

20:46:16.0994 0x0d80 upnphost - ok

20:46:17.0025 0x0d80 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe

20:46:17.0104 0x0d80 UPS - ok

20:46:17.0135 0x0d80 [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

20:46:17.0166 0x0d80 USBAAPL - ok

20:46:17.0197 0x0d80 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:46:17.0197 0x0d80 usbccgp - ok

20:46:17.0213 0x0d80 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:46:17.0213 0x0d80 usbehci - ok

20:46:17.0229 0x0d80 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:46:17.0260 0x0d80 usbhub - ok

20:46:17.0291 0x0d80 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

20:46:17.0307 0x0d80 usbohci - ok

20:46:17.0338 0x0d80 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:46:17.0369 0x0d80 usbprint - ok

20:46:17.0400 0x0d80 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:46:17.0400 0x0d80 usbscan - ok

20:46:17.0416 0x0d80 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:46:17.0432 0x0d80 USBSTOR - ok

20:46:17.0447 0x0d80 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

20:46:17.0463 0x0d80 VgaSave - ok

20:46:17.0479 0x0d80 ViaIde - ok

20:46:17.0494 0x0d80 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

20:46:17.0494 0x0d80 VolSnap - ok

20:46:17.0541 0x0d80 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe

20:46:17.0619 0x0d80 VSS - ok

20:46:17.0650 0x0d80 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll

20:46:17.0666 0x0d80 W32Time - ok

20:46:17.0682 0x0d80 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:46:17.0713 0x0d80 Wanarp - ok

20:46:17.0760 0x0d80 [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys

20:46:17.0807 0x0d80 WDC_SAM - ok

20:46:17.0885 0x0d80 [ 8530B35284AA20D9C614CCB3725CEF37, 38EDA7CEF28F830C2FF999EA5783152BEF39D61299DBDACEF8AE7865FB605152 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

20:46:17.0885 0x0d80 WDDMService - ok

20:46:17.0963 0x0d80 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

20:46:17.0979 0x0d80 Wdf01000 - ok

20:46:17.0979 0x0d80 WDICA - ok

20:46:18.0025 0x0d80 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

20:46:18.0057 0x0d80 wdmaud - ok

20:46:18.0057 0x0d80 [ 138AB06ADBBF300AA804D7974A5AEC82, 61A99CB8176C291E858F9D964A9B2EC36970F3BFFF3D5F933A16E9B28BF922DD ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

20:46:18.0057 0x0d80 WDSmartWareBackgroundService - ok

20:46:18.0072 0x0d80 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll

20:46:18.0072 0x0d80 WebClient - ok

20:46:18.0166 0x0d80 [ F59ED5A43B988A18EF582BB07B2327A7, E870821C9C4E31D3B05049FBA5D81358F9C30E6A67F600D4EA3A5736CA344028 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

20:46:18.0213 0x0d80 winachsf - ok

20:46:18.0307 0x0d80 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

20:46:18.0307 0x0d80 winmgmt - ok

20:46:18.0432 0x0d80 [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:46:18.0479 0x0d80 wlidsvc - ok

20:46:18.0525 0x0d80 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

20:46:18.0541 0x0d80 WmdmPmSN - ok

20:46:18.0588 0x0d80 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:46:18.0682 0x0d80 WmiApSrv - ok

20:46:18.0807 0x0d80 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

20:46:19.0072 0x0d80 WMPNetworkSvc - ok

20:46:19.0103 0x0d80 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys

20:46:19.0135 0x0d80 WpdUsb - ok

20:46:19.0228 0x0d80 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:46:19.0244 0x0d80 WPFFontCache_v0400 - ok

20:46:19.0291 0x0d80 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

20:46:19.0307 0x0d80 WS2IFSL - ok

20:46:19.0353 0x0d80 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\System32\wscsvc.dll

20:46:19.0353 0x0d80 wscsvc - ok

20:46:19.0369 0x0d80 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll

20:46:19.0369 0x0d80 wuauserv - ok

20:46:19.0385 0x0d80 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:46:19.0385 0x0d80 WudfPf - ok

20:46:19.0416 0x0d80 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:46:19.0463 0x0d80 WudfRd - ok

20:46:19.0494 0x0d80 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

20:46:19.0510 0x0d80 WudfSvc - ok

20:46:19.0572 0x0d80 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

20:46:19.0588 0x0d80 WZCSVC - ok

20:46:19.0619 0x0d80 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll

20:46:19.0666 0x0d80 xmlprov - ok

20:46:19.0666 0x0d80 ================ Scan global ===============================

20:46:19.0697 0x0d80 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll

20:46:19.0775 0x0d80 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll

20:46:19.0791 0x0d80 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll

20:46:19.0822 0x0d80 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe

20:46:19.0822 0x0d80 [ Global ] - ok

20:46:19.0822 0x0d80 ================ Scan MBR ==================================

20:46:19.0838 0x0d80 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

20:46:19.0978 0x0d80 \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )

20:46:19.0978 0x0d80 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:46:22.0760 0x0d80 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

20:46:23.0400 0x0d80 \Device\Harddisk1\DR1 - ok

20:46:23.0400 0x0d80 ================ Scan VBR ==================================

20:46:23.0431 0x0d80 [ C343C9F5943295F45F4DDAE291FC0A48 ] \Device\Harddisk0\DR0\Partition1

20:46:23.0447 0x0d80 \Device\Harddisk0\DR0\Partition1 - ok

20:46:23.0447 0x0d80 [ 77F76699DDB661A6C8D7C7004050FB1E ] \Device\Harddisk0\DR0\Partition2

20:46:23.0447 0x0d80 \Device\Harddisk0\DR0\Partition2 - ok

20:46:23.0447 0x0d80 [ 8EE92F04D5EB4A28A82C1F0E2A3213BA ] \Device\Harddisk1\DR1\Partition1

20:46:23.0463 0x0d80 \Device\Harddisk1\DR1\Partition1 - ok

20:46:23.0463 0x0d80 Waiting for KSN requests completion. In queue: 184

20:46:24.0463 0x0d80 Waiting for KSN requests completion. In queue: 184

20:46:25.0494 0x0d80 AV detected via SS1: Microsoft Security Essentials, 4.4.0304.0, enabled, updated

20:46:25.0494 0x0d80 Win FW state via NFM: enabled

20:46:28.0275 0x0d80 ============================================================

20:46:28.0275 0x0d80 Scan finished

20:46:28.0275 0x0d80 ============================================================

20:46:28.0275 0x0fd0 Detected object count: 1

20:46:28.0275 0x0fd0 Actual detected object count: 1

20:57:23.0596 0x0fd0 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:57:23.0596 0x0fd0 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Advertisements

Register to Remove

#26 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 31 January 2014 - 09:30 PM

Just before the TDSSkiller scan completes... it should have brought up a window listing suspicious objects. In your case, there should have just been one. The you should have had the option to: Skip, Delete, Quarantine, or Cure.

You didn't see anything like this?

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#27 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 31 January 2014 - 09:37 PM

i kept it on skip like on the first run of it. I just noticed this, that Malware Anti Rootkit said in the instructions that if items were detected, to do cleanup, and then run it again until nothing is found?

#28 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 31 January 2014 - 10:30 PM

Yes... that is true. Go ahead and run it again to verify it reads clean.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#29 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 01 February 2014 - 07:44 AM

Ran scan, no malware found.

#30 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 01 February 2014 - 09:31 AM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Body Background

skin color theme

Registry repair/still having issues [Solved]

#16 Tomk

Advertisements

Register to Remove

#17 btbenoit

#18 Tomk

#19 btbenoit

#20 Tomk

#21 btbenoit

#22 Tomk

#23 btbenoit

#24 Tomk

#25 btbenoit

Advertisements

Register to Remove

#26 Tomk

#27 btbenoit

#28 Tomk

#29 btbenoit

#30 Tomk

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Registry repair/still having issues [Solved]

#16 Tomk

Advertisements Register to Remove

#17 btbenoit

#18 Tomk

#19 btbenoit

#20 Tomk

#21 btbenoit

#22 Tomk

#23 btbenoit

#24 Tomk

#25 btbenoit

Advertisements Register to Remove

#26 Tomk

#27 btbenoit

#28 Tomk

#29 btbenoit

#30 Tomk

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove