Page 1 of 7 12345 ... LastLast
Results 1 to 10 of 68

Thread: IDP.Trojan.1C8D1A13 & Crypt.AQLW

  1. #1
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default IDP.Trojan.1C8D1A13 & Crypt.AQLW

    G'day Guys I'm not a techo & new here. Was pointed in this direction to run ERUNT (this wouldn't run due to no internet access on pc) & DDS log.

    First can I say before I found your site & had discovered the virus (see notes below) I had tried to run Combofix but it didn't work (i think, as I have lost internet access on my PC)

    I hope I've done it right so far??

    --------------------------------------------------------------------------
    My 7 year old son mainly uses our pc for playing games & printing out coloring in pages etc.

    I run AVG & it's now coming up with following;
    IDP.Trojan.1C8D1A13 & Crypt.AQLW

    I've tried to find a tool to remove it (as avg cant get rid of it) but can't find anything. Don't really know what else to do?

    If you can an help me I would really appreciate it (fyi the pc runs xppro).

    Cheers Andy

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Cameron at 11:05:22 on 2012-04-25
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1410 [GMT 8:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\FingerPrint\FingerPrint.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - c:\program files\rewardsarcade\RewardsArcade.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Help the General-Search Project: {ca4520f3-ae13-4fb1-a513-58e23991c86d} - c:\docume~1\cameron\applic~1\mediaf~1\extens~1\GENCRA~1.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\9.0"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
    mRun: [uipre] rundll32.exe "c:\docume~1\cameron\locals~1\temp\uipre.dll",Vec3TransformCoord
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\cameron\startm~1\programs\startup\myprog~1.lnk - c:\program files\fingerprint\FingerPrint.exe
    StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
    IE: Download with &Media Finder - c:\program files\media finder\hook.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{A4A02AAB-A392-4FBC-8929-A0CB65998009} : DhcpNameServer = 10.1.1.1
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs:
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 295248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
    S2 antivirservice;Ctljystk;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 FingerPrint;FingerPrint Service;c:\program files\fingerprint\fingerprintservice.exe -start --> c:\program files\fingerprint\FingerPrintService.exe -start [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-28 116648]
    S2 mcvsrte;Roxmediadb;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 mks_scan;Z525obex;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 nod32krn;Kerbkey;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 ofcpfwsvc;Websensecpmcommunicationagent;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 pavdrv;Pnp680r;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 symantecantibotdriver;Tmesrv3;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 symantecantibotshim;Oracle%oracle_home_service%clientcache80;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 vsdatant;HFACSVC;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253088]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-5-10 1691480]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-28 116648]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-12-15 18432]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-04-24 05:19:22 -------- d-----w- c:\documents and settings\cameron\local settings\application data\NPE
    2012-04-24 05:19:22 -------- d-----w- c:\documents and settings\all users.windows\application data\Norton
    2012-04-24 05:08:19 -------- d-----w- c:\documents and settings\all users.windows\application data\COMODO
    2012-04-24 05:08:10 -------- d-----w- c:\documents and settings\cameron\application data\Comodo
    2012-04-23 00:07:36 -------- d-----w- c:\documents and settings\cameron\application data\Uqycux
    2012-04-23 00:07:36 -------- d-----w- c:\documents and settings\cameron\application data\Rofeen
    2012-04-22 15:48:12 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Identities
    2012-04-22 15:47:58 -------- d-----w- c:\documents and settings\cameron\application data\Ypaxad
    2012-04-22 15:47:58 -------- d-----w- c:\documents and settings\cameron\application data\Ydod
    2012-04-20 00:23:16 -------- d-----w- C:\sh4ldr
    2012-04-20 00:23:16 -------- d-----w- c:\program files\Enigma Software Group
    2012-04-20 00:21:59 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
    2012-04-20 00:21:30 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2012-04-19 23:49:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-04-19 23:48:04 -------- d-----w- c:\documents and settings\all users.windows\application data\F4D55F2C000BBBB74E027CC6D151FC4E
    2012-04-17 00:41:07 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJFAX
    2012-04-17 00:40:16 315392 ----a-w- c:\windows\system32\CNC410L.dll
    2012-04-17 00:40:16 1347584 ----a-w- c:\windows\system32\CNC410C.dll
    2012-04-17 00:40:16 114688 ----a-w- c:\windows\system32\CNC410I.dll
    2012-04-17 00:40:16 106496 ----a-w- c:\windows\system32\CNC410U.dll
    2012-04-17 00:36:39 -------- d-----w- c:\documents and settings\cameron\application data\Canon Easy-WebPrint EX
    2012-04-17 00:32:02 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
    2012-04-17 00:31:49 74752 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAL.DLL
    2012-04-17 00:31:49 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
    2012-04-17 00:31:49 28672 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAL.DLL
    2012-04-17 00:31:42 94208 ----a-w- c:\windows\system32\CNC410O.dll
    2012-04-17 00:31:39 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
    2012-04-07 08:55:58 -------- d-sh--w- C:\found.000
    2012-04-07 07:42:52 -------- d-----w- C:\big w prints
    2012-04-07 07:07:12 -------- d-----w- C:\Vuze
    2012-04-07 06:48:39 -------- d-----w- C:\To Transfer
    2012-04-06 00:19:51 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-01 03:09:26 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
    2012-03-28 07:22:27 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Plex
    2012-03-28 07:22:20 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Deployment
    2012-03-28 07:19:19 -------- d-----w- c:\documents and settings\all users.windows\application data\boost_interprocess
    2012-03-28 07:19:17 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Plex Media Server
    2012-03-28 07:19:01 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2012-03-28 07:18:44 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2012-03-28 07:18:33 -------- d-----w- c:\windows\Logs
    2012-03-28 07:16:08 -------- d-----w- c:\program files\Plex
    2012-03-26 11:07:43 -------- d-----w- c:\documents and settings\cameron\application data\searchquband
    2012-03-26 11:07:43 -------- d-----w- c:\documents and settings\cameron\AppData
    .
    ==================== Find3M ====================
    .
    2012-04-14 15:02:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
    2012-02-15 03:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-15 03:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-02-07 03:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-02-03 09:22:18 1860096 ------w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 11:06:10.65 ===============
    Last edited by tashi; 2012-04-25 at 06:54. Reason: Copy pasted log into topic :-)

  2. #2
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jacknjaspa, welcome to the forum.

    To make cleaning this machine easier
    • Please do not uninstall/install any programs unless asked to
      It is more difficult when files/programs are appearing in/disappearing from the logs.
    • Please do not run any scans other than those requested
    • Please follow all instructions in the order posted
    • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
    • Do not attach any logs/reports, etc.. unless specifically requested to do so.
    • If you have problems with or do not understand the instructions, Please ask before continuing.
    • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


    I take it you are posting from a different computer?

    Please download Farbar Service Scanner, transfer it to the effected computer.
    • double click the file to run it
    • make sure Internet Service is checked (RpcSs and PlugPlay should be checked by default and greyed out)
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
    Member of UNITE and ASAP

  3. #3
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default

    G'day mate yeh I have a wireles connection at home & have an old notebook that that I am using to post. I'll do what you said but hope it doesn't matter that I can't get an Internet connection on my pc?

    I'll do it as soon as I can & post the file as instructed.

  4. #4
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default

    G'day mate heres the FSS.txt log. Thanks for your help

    Farbar Service Scanner Version: 24-04-2012
    Ran by Cameron (administrator) on 25-04-2012 at 17:34:57
    Running from "H:\"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error: Google IP is unreachable
    Attempt to access Yahoo IP returned error: Yahoo IP is unreachable

    RpcSs Service is not running. Checking service configuration:
    The start type of RpcSs service is OK.
    The ImagePath of RpcSs service is OK.


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys
    [2008-04-14 20:00] - [2011-08-17 21:49] - 0138496 ____A () 1D495EE1D3A836801D1FD816FF4A93F9

    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    AegisP(1) Avgtdix(2) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x080000000500000003000000040000000800000002000000060000000700000001000000
    IpSec Tag value is correct.

    **** End of log ****

  5. #5
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jacknjaspa

    We're just going to work on getting the internet back. Once we do that we will work directly on the infected computer. Until then we will need to transfer the tools.

    Download the latest version of TDSSKiller from here and transfer it to the infected computer's desktop.


    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


    • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.


    • Click the Start Scan button.


    • If a suspicious object is detected, the default action will be Skip, click on Continue.


    • If malicious objects are found, they will show in the Scan results and offer three (3) options.
    • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.


    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



    Can you now access the internet?
    Member of UNITE and ASAP

  6. #6
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default

    Yep I'm back on the internet & sending this form my pc.

    Heres the TDSSKiller log;

    You guys are legends!!


    21:16:27.0828 1836 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
    21:16:27.0843 1836 ============================================================
    21:16:27.0843 1836 Current date / time: 2012/04/25 21:16:27.0843
    21:16:27.0843 1836 SystemInfo:
    21:16:27.0843 1836
    21:16:27.0843 1836 OS Version: 5.1.2600 ServicePack: 3.0
    21:16:27.0843 1836 Product type: Workstation
    21:16:27.0843 1836 ComputerName: B03F21AE66BF49C
    21:16:27.0843 1836 UserName: Cameron
    21:16:27.0843 1836 Windows directory: C:\WINDOWS
    21:16:27.0843 1836 System windows directory: C:\WINDOWS
    21:16:27.0843 1836 Processor architecture: Intel x86
    21:16:27.0843 1836 Number of processors: 2
    21:16:27.0843 1836 Page size: 0x1000
    21:16:27.0843 1836 Boot type: Normal boot
    21:16:27.0843 1836 ============================================================
    21:16:28.0765 1836 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    21:16:28.0765 1836 Drive \Device\Harddisk1\DR14 - Size: 0x3CDD2200 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    21:16:28.0765 1836 Drive \Device\Harddisk2\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    21:16:31.0718 1836 ============================================================
    21:16:31.0718 1836 \Device\Harddisk0\DR0:
    21:16:31.0734 1836 MBR partitions:
    21:16:31.0734 1836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
    21:16:31.0734 1836 \Device\Harddisk1\DR14:
    21:16:31.0734 1836 MBR partitions:
    21:16:31.0734 1836 \Device\Harddisk1\DR14\Partition0: MBR, Type 0xB, StartLBA 0xF7, BlocksNum 0x1E6B69
    21:16:31.0734 1836 \Device\Harddisk2\DR3:
    21:16:31.0734 1836 MBR partitions:
    21:16:31.0734 1836 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
    21:16:31.0734 1836 ============================================================
    21:16:31.0765 1836 C: <-> \Device\Harddisk0\DR0\Partition0
    21:16:31.0843 1836 G: <-> \Device\Harddisk2\DR3\Partition0
    21:16:31.0843 1836 ============================================================
    21:16:31.0843 1836 Initialize success
    21:16:31.0843 1836 ============================================================
    21:17:10.0218 2452 ============================================================
    21:17:10.0218 2452 Scan started
    21:17:10.0218 2452 Mode: Manual; SigCheck; TDLFS;
    21:17:10.0218 2452 ============================================================
    21:17:10.0625 2452 .avgtdix - ok
    21:17:11.0187 2452 2wirepcp - ok
    21:17:11.0187 2452 3dkeybd - ok
    21:17:11.0187 2452 61883 - ok
    21:17:11.0203 2452 Abiosdsk - ok
    21:17:11.0203 2452 abp480n5 - ok
    21:17:11.0250 2452 ACPI (ea38c961260f29295c6d03070fa9d0b5) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    21:17:11.0250 2452 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: ea38c961260f29295c6d03070fa9d0b5, Fake md5: 8fd99680a539792a30e97944fdaecf17
    21:17:11.0250 2452 ACPI ( Virus.Win32.Rloader.a ) - infected
    21:17:11.0250 2452 ACPI - detected Virus.Win32.Rloader.a (0)
    21:17:11.0265 2452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    21:17:11.0796 2452 ACPIEC - ok
    21:17:11.0812 2452 ACS (233235123f3d73228ec3d2bba0e7143d) C:\WINDOWS\system32\acs.exe
    21:17:11.0812 2452 ACS ( UnsignedFile.Multi.Generic ) - warning
    21:17:11.0812 2452 ACS - detected UnsignedFile.Multi.Generic (1)
    21:17:11.0812 2452 admjoy - ok
    21:17:11.0875 2452 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    21:17:11.0890 2452 AdobeFlashPlayerUpdateSvc - ok
    21:17:11.0890 2452 adpu160m - ok
    21:17:11.0921 2452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    21:17:11.0984 2452 aec - ok
    21:17:12.0015 2452 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    21:17:12.0031 2452 AegisP ( UnsignedFile.Multi.Generic ) - warning
    21:17:12.0031 2452 AegisP - detected UnsignedFile.Multi.Generic (1)
    21:17:12.0062 2452 AFD (1d495ee1d3a836801d1fd816ff4a93f9) C:\WINDOWS\System32\drivers\afd.sys
    21:17:12.0062 2452 AFD ( Virus.Win32.ZAccess.c ) - infected
    21:17:12.0062 2452 AFD - detected Virus.Win32.ZAccess.c (0)
    21:17:12.0062 2452 Aha154x - ok
    21:17:12.0078 2452 aic78u2 - ok
    21:17:12.0078 2452 aic78xx - ok
    21:17:12.0078 2452 aksusb - ok
    21:17:12.0109 2452 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    21:17:12.0203 2452 Alerter - ok
    21:17:12.0218 2452 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    21:17:12.0250 2452 ALG - ok
    21:17:12.0250 2452 AliIde - ok
    21:17:12.0250 2452 AlKernel - ok
    21:17:12.0343 2452 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
    21:17:12.0453 2452 Ambfilt - ok
    21:17:12.0468 2452 ami0nt - ok
    21:17:12.0484 2452 amsint - ok
    21:17:12.0484 2452 ANC - ok
    21:17:12.0484 2452 antivirservice - ok
    21:17:12.0546 2452 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:17:12.0562 2452 Apple Mobile Device - ok
    21:17:12.0593 2452 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    21:17:12.0640 2452 AppMgmt - ok
    21:17:12.0640 2452 appnnode - ok
    21:17:12.0687 2452 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WG311T13.sys
    21:17:12.0718 2452 AR5211 - ok
    21:17:12.0750 2452 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    21:17:12.0812 2452 Arp1394 - ok
    21:17:12.0828 2452 asc - ok
    21:17:12.0828 2452 asc3350p - ok
    21:17:12.0828 2452 asc3550 - ok
    21:17:12.0828 2452 aslm75 - ok
    21:17:12.0828 2452 ASMMAP - ok
    21:17:12.0921 2452 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    21:17:12.0937 2452 aspnet_state - ok
    21:17:12.0937 2452 aswmon2 - ok
    21:17:12.0953 2452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    21:17:13.0031 2452 AsyncMac - ok
    21:17:13.0046 2452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    21:17:13.0140 2452 atapi - ok
    21:17:13.0140 2452 Atdisk - ok
    21:17:13.0156 2452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    21:17:13.0234 2452 Atmarpc - ok
    21:17:13.0250 2452 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    21:17:13.0328 2452 AudioSrv - ok
    21:17:13.0343 2452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    21:17:13.0421 2452 audstub - ok
    21:17:13.0421 2452 AVCSTRM - ok
    21:17:13.0421 2452 AVerBDA - ok
    21:17:13.0640 2452 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    21:17:13.0828 2452 AVGIDSAgent - ok
    21:17:13.0937 2452 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    21:17:13.0937 2452 AVGIDSDriver - ok
    21:17:13.0953 2452 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    21:17:13.0968 2452 AVGIDSEH - ok
    21:17:13.0984 2452 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    21:17:13.0984 2452 AVGIDSFilter - ok
    21:17:14.0000 2452 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    21:17:14.0015 2452 AVGIDSShim - ok
    21:17:14.0031 2452 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    21:17:14.0046 2452 Avgldx86 - ok
    21:17:14.0046 2452 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    21:17:14.0062 2452 Avgmfx86 - ok
    21:17:14.0078 2452 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    21:17:14.0078 2452 Avgrkx86 - ok
    21:17:14.0093 2452 Avgtdix (d9a14d3bf565a33d9878ac6a8117b4f0) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    21:17:14.0109 2452 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\avgtdix.sys. md5: d9a14d3bf565a33d9878ac6a8117b4f0
    21:17:14.0109 2452 Avgtdix ( Virus.Win32.ZAccess.c ) - infected
    21:17:14.0109 2452 Avgtdix - detected Virus.Win32.ZAccess.c (0)
    21:17:14.0187 2452 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    21:17:14.0203 2452 avgwd - ok
    21:17:14.0203 2452 backuplauncher - ok
    21:17:14.0218 2452 bcm43xx - ok
    21:17:14.0218 2452 beatjammusicstreamingserver - ok
    21:17:14.0250 2452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    21:17:14.0328 2452 Beep - ok
    21:17:14.0328 2452 belgium_id_card_service - ok
    21:17:14.0328 2452 besclient - ok
    21:17:14.0328 2452 bglivesvc - ok
    21:17:14.0328 2452 bhmonitorservice - ok
    21:17:14.0390 2452 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    21:17:14.0484 2452 BITS - ok
    21:17:14.0484 2452 BoiHwsetup - ok
    21:17:14.0531 2452 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    21:17:14.0546 2452 Bonjour Service - ok
    21:17:14.0546 2452 bridgemp - ok
    21:17:14.0593 2452 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    21:17:14.0656 2452 Browser - ok
    21:17:14.0671 2452 BrPar - ok
    21:17:14.0671 2452 btfirst - ok
    21:17:14.0671 2452 bthidenum - ok
    21:17:14.0671 2452 cachemgr - ok
    21:17:14.0671 2452 CAMFLT - ok
    21:17:14.0703 2452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    21:17:14.0781 2452 cbidf2k - ok
    21:17:14.0781 2452 CBN - ok
    21:17:14.0781 2452 ccalib8 - ok
    21:17:14.0812 2452 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    21:17:14.0890 2452 CCDECODE - ok
    21:17:14.0890 2452 cd20xrnt - ok
    21:17:14.0906 2452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    21:17:15.0000 2452 Cdaudio - ok
    21:17:15.0015 2452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    21:17:15.0093 2452 Cdfs - ok
    21:17:15.0093 2452 Changer - ok
    21:17:15.0140 2452 CinemaNow Service (127d4d0e9f78834ffd1eeea3fcfb47c1) C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    21:17:15.0156 2452 CinemaNow Service - ok
    21:17:15.0187 2452 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    21:17:15.0265 2452 CiSvc - ok
    21:17:15.0296 2452 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    21:17:15.0375 2452 ClipSrv - ok
    21:17:15.0390 2452 clisvc - ok
    21:17:15.0468 2452 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:17:15.0484 2452 clr_optimization_v2.0.50727_32 - ok
    21:17:15.0531 2452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:17:15.0546 2452 clr_optimization_v4.0.30319_32 - ok
    21:17:15.0546 2452 CmdIde - ok
    21:17:15.0546 2452 cmigameport - ok
    21:17:15.0546 2452 COMSysApp - ok
    21:17:15.0546 2452 Cpqarray - ok
    21:17:15.0562 2452 cpqdmi - ok
    21:17:15.0562 2452 cq_mem - ok
    21:17:15.0593 2452 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    21:17:15.0671 2452 CryptSvc - ok
    21:17:15.0671 2452 dac2w2k - ok
    21:17:15.0687 2452 dac960nt - ok
    21:17:15.0687 2452 DCamUSBMke - ok
    21:17:15.0734 2452 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    21:17:15.0750 2452 DcomLaunch - ok
    21:17:15.0750 2452 deventagent - ok
    21:17:15.0796 2452 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    21:17:15.0875 2452 Dhcp - ok
    21:17:15.0875 2452 dirms_defragmentation - ok
    21:17:15.0890 2452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    21:17:15.0984 2452 Disk - ok
    21:17:16.0000 2452 dktknsrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\QWAVE.dll
    21:17:16.0000 2452 dktknsrv ( Backdoor.Multi.ZAccess.gen ) - infected
    21:17:16.0000 2452 dktknsrv - detected Backdoor.Multi.ZAccess.gen (0)
    21:17:16.0000 2452 dlaudfam - ok
    21:17:16.0015 2452 DM9102 - ok
    21:17:16.0015 2452 dmadmin - ok
    21:17:16.0062 2452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    21:17:16.0156 2452 dmboot - ok
    21:17:16.0156 2452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    21:17:16.0234 2452 dmio - ok
    21:17:16.0250 2452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    21:17:16.0328 2452 dmload - ok
    21:17:16.0359 2452 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    21:17:16.0437 2452 dmserver - ok
    21:17:16.0453 2452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    21:17:16.0546 2452 DMusic - ok
    21:17:16.0578 2452 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    21:17:16.0593 2452 Dnscache - ok
    21:17:16.0593 2452 dnwhodisp - ok
    21:17:16.0609 2452 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    21:17:16.0687 2452 Dot3svc - ok
    21:17:16.0687 2452 dot4print - ok
    21:17:16.0687 2452 dpti2o - ok
    21:17:16.0703 2452 DritekPortIO - ok
    21:17:16.0703 2452 driverhardwarev2 - ok
    21:17:16.0718 2452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    21:17:16.0796 2452 drmkaud - ok
    21:17:16.0796 2452 dsbrokerservice - ok
    21:17:16.0796 2452 dtscsi - ok
    21:17:16.0796 2452 EagleNT - ok
    21:17:16.0828 2452 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    21:17:16.0906 2452 EapHost - ok
    21:17:16.0906 2452 EIO_XP - ok
    21:17:16.0906 2452 elnkservice - ok
    21:17:16.0906 2452 enodpl - ok
    21:17:16.0921 2452 enxpsvc - ok
    21:17:16.0921 2452 epsonbidirectionalagent - ok
    21:17:16.0921 2452 epson_pm_rpcv2_02 - ok
    21:17:16.0937 2452 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    21:17:17.0015 2452 ERSvc - ok
    21:17:17.0046 2452 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    21:17:17.0062 2452 Eventlog - ok
    21:17:17.0093 2452 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    21:17:17.0109 2452 EventSystem - ok
    21:17:17.0109 2452 FA312 - ok
    21:17:17.0140 2452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    21:17:17.0250 2452 Fastfat - ok
    21:17:17.0281 2452 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    21:17:17.0312 2452 FastUserSwitchingCompatibility - ok
    21:17:17.0312 2452 fcprintservice - ok
    21:17:17.0328 2452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    21:17:17.0406 2452 Fdc - ok
    21:17:17.0406 2452 FETNDIS - ok
    21:17:17.0453 2452 FingerPrint - ok
    21:17:17.0468 2452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    21:17:17.0546 2452 Fips - ok
    21:17:17.0546 2452 flashcomadmin - ok
    21:17:17.0546 2452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    21:17:17.0625 2452 Flpydisk - ok
    21:17:17.0640 2452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    21:17:17.0718 2452 FltMgr - ok
    21:17:17.0828 2452 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    21:17:17.0828 2452 FontCache3.0.0.0 - ok
    21:17:17.0828 2452 freepops - ok
    21:17:17.0859 2452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    21:17:17.0953 2452 Fs_Rec - ok
    21:17:17.0953 2452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    21:17:18.0046 2452 Ftdisk - ok
    21:17:18.0062 2452 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    21:17:18.0078 2452 GEARAspiWDM - ok
    21:17:18.0093 2452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    21:17:18.0187 2452 Gpc - ok
    21:17:18.0187 2452 GT680x - ok
    21:17:18.0187 2452 GTF32BUS - ok
    21:17:18.0250 2452 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
    21:17:18.0265 2452 gupdate - ok
    21:17:18.0281 2452 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
    21:17:18.0281 2452 gupdatem - ok
    21:17:18.0312 2452 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    21:17:18.0328 2452 gusvc - ok
    21:17:18.0343 2452 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    21:17:18.0437 2452 HDAudBus - ok
    21:17:18.0468 2452 helpsvc - ok
    21:17:18.0468 2452 hidgame - ok
    21:17:18.0500 2452 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    21:17:18.0578 2452 HidServ - ok
    21:17:18.0609 2452 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    21:17:18.0687 2452 hidusb - ok
    21:17:18.0703 2452 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    21:17:18.0781 2452 hkmsvc - ok
    21:17:18.0781 2452 HPFECP20 - ok
    21:17:18.0781 2452 hpn - ok
    21:17:18.0781 2452 HpqKbFiltr - ok
    21:17:18.0781 2452 HSFHWICH - ok
    21:17:18.0796 2452 hsf_dp - ok
    21:17:18.0796 2452 HssTrayService - ok
    21:17:18.0828 2452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    21:17:18.0843 2452 HTTP - ok
    21:17:18.0859 2452 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    21:17:18.0937 2452 HTTPFilter - ok
    21:17:18.0937 2452 i2omgmt - ok
    21:17:18.0953 2452 i2omp - ok
    21:17:18.0953 2452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    21:17:19.0031 2452 i8042prt - ok
    21:17:19.0031 2452 iaimfp2 - ok
    21:17:19.0031 2452 iaimtv2 - ok
    21:17:19.0281 2452 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    21:17:19.0453 2452 ialm - ok
    21:17:19.0500 2452 ibmfilter - ok
    21:17:19.0515 2452 ibmpmdrv - ok
    21:17:19.0515 2452 ibmpmsvc - ok
    21:17:19.0671 2452 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    21:17:19.0687 2452 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    21:17:19.0687 2452 IDriverT - detected UnsignedFile.Multi.Generic (1)
    21:17:19.0812 2452 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    21:17:19.0859 2452 idsvc - ok
    21:17:19.0859 2452 igniteservice.exe - ok
    21:17:19.0906 2452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    21:17:20.0000 2452 Imapi - ok
    21:17:20.0015 2452 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    21:17:20.0109 2452 ImapiService - ok
    21:17:20.0109 2452 ini910u - ok
    21:17:20.0359 2452 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    21:17:20.0515 2452 IntcAzAudAddService - ok
    21:17:20.0593 2452 IntelC53 - ok
    21:17:20.0609 2452 IntelIde - ok
    21:17:20.0640 2452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    21:17:20.0703 2452 intelppm - ok
    21:17:20.0718 2452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    21:17:20.0796 2452 Ip6Fw - ok
    21:17:20.0828 2452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    21:17:20.0906 2452 IpFilterDriver - ok
    21:17:20.0921 2452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    21:17:20.0984 2452 IpInIp - ok
    21:17:21.0015 2452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    21:17:21.0093 2452 IpNat - ok
    21:17:21.0156 2452 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
    21:17:21.0203 2452 iPod Service - ok
    21:17:21.0234 2452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    21:17:21.0312 2452 IPSec - ok
    21:17:21.0328 2452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    21:17:21.0375 2452 IRENUM - ok
    21:17:21.0406 2452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    21:17:21.0484 2452 isapnp - ok
    21:17:21.0484 2452 IWCA - ok
    21:17:21.0484 2452 ixiaendpoint - ok
    21:17:21.0546 2452 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
    21:17:21.0562 2452 JavaQuickStarterService - ok
    21:17:21.0578 2452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    21:17:21.0656 2452 Kbdclass - ok
    21:17:21.0656 2452 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    21:17:21.0734 2452 kbdhid - ok
    21:17:21.0765 2452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    21:17:21.0843 2452 kmixer - ok
    21:17:21.0843 2452 KMW_USB - ok
    21:17:21.0875 2452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    21:17:21.0921 2452 KSecDD - ok
    21:17:21.0968 2452 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    21:17:21.0984 2452 LanmanServer - ok
    21:17:22.0000 2452 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    21:17:22.0031 2452 lanmanworkstation - ok
    21:17:22.0031 2452 lbrtfdc - ok
    21:17:22.0062 2452 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    21:17:22.0125 2452 LmHosts - ok
    21:17:22.0140 2452 ltmodem5 - ok
    21:17:22.0140 2452 ltxred - ok
    21:17:22.0140 2452 lusbaudio - ok
    21:17:22.0156 2452 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    21:17:22.0171 2452 LVPr2Mon - ok
    21:17:22.0234 2452 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    21:17:22.0250 2452 LVPrcSrv - ok
    21:17:22.0250 2452 lxby_device - ok
    21:17:22.0250 2452 lxcj_device - ok
    21:17:22.0250 2452 lxdm_device - ok
    21:17:22.0250 2452 Machnm32 - ok
    21:17:22.0265 2452 mcdbus - ok
    21:17:22.0265 2452 mcvsrte - ok
    21:17:22.0312 2452 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    21:17:22.0328 2452 MDM ( UnsignedFile.Multi.Generic ) - warning
    21:17:22.0328 2452 MDM - detected UnsignedFile.Multi.Generic (1)
    21:17:22.0375 2452 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    21:17:22.0468 2452 Messenger - ok
    21:17:22.0468 2452 mfeapfk - ok
    21:17:22.0468 2452 mks_scan - ok
    21:17:22.0500 2452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    21:17:22.0578 2452 mnmdd - ok
    21:17:22.0593 2452 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    21:17:22.0671 2452 mnmsrvc - ok
    21:17:22.0703 2452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    21:17:22.0765 2452 Modem - ok
    21:17:22.0859 2452 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
    21:17:22.0906 2452 Monfilt - ok
    21:17:22.0953 2452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    21:17:23.0031 2452 Mouclass - ok
    21:17:23.0031 2452 moufiltr - ok
    21:17:23.0062 2452 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    21:17:23.0140 2452 mouhid - ok
    21:17:23.0156 2452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    21:17:23.0234 2452 MountMgr - ok
    21:17:23.0234 2452 mraid35x - ok
    21:17:23.0250 2452 MRESP50a64 - ok
    21:17:23.0250 2452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    21:17:23.0343 2452 MRxDAV - ok
    21:17:23.0375 2452 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    21:17:23.0406 2452 MRxSmb - ok
    21:17:23.0406 2452 MSCamSvc - ok
    21:17:23.0453 2452 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    21:17:23.0531 2452 MSDTC - ok
    21:17:23.0546 2452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    21:17:23.0625 2452 Msfs - ok
    21:17:23.0625 2452 MSFWHLPR - ok
    21:17:23.0625 2452 MSIServer - ok
    21:17:23.0656 2452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    21:17:23.0718 2452 MSKSSRV - ok
    21:17:23.0734 2452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    21:17:23.0828 2452 MSPCLOCK - ok
    21:17:23.0828 2452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    21:17:23.0921 2452 MSPQM - ok
    21:17:23.0937 2452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    21:17:24.0015 2452 mssmbios - ok
    21:17:24.0046 2452 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    21:17:24.0125 2452 MSTEE - ok
    21:17:24.0156 2452 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    21:17:24.0171 2452 Mup - ok
    21:17:24.0187 2452 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    21:17:24.0265 2452 NABTSFEC - ok
    21:17:24.0296 2452 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    21:17:24.0406 2452 napagent - ok
    21:17:24.0406 2452 NCPro - ok
    21:17:24.0437 2452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    21:17:24.0531 2452 NDIS - ok
    21:17:24.0546 2452 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    21:17:24.0609 2452 NdisIP - ok
    21:17:24.0640 2452 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    21:17:24.0640 2452 NdisTapi - ok
    21:17:24.0671 2452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    21:17:24.0750 2452 Ndisuio - ok
    21:17:24.0765 2452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    21:17:24.0859 2452 NdisWan - ok
    21:17:24.0875 2452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    21:17:24.0890 2452 NDProxy - ok
    21:17:24.0906 2452 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
    21:17:24.0921 2452 Netaapl - ok
    21:17:24.0937 2452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    21:17:25.0015 2452 NetBIOS - ok
    21:17:25.0046 2452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    21:17:25.0125 2452 NetBT - ok
    21:17:25.0156 2452 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    21:17:25.0234 2452 NetDDE - ok
    21:17:25.0234 2452 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    21:17:25.0312 2452 NetDDEdsdm - ok
    21:17:25.0312 2452 netdevio - ok
    21:17:25.0343 2452 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:17:25.0421 2452 Netlogon - ok
    21:17:25.0468 2452 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    21:17:25.0546 2452 Netman - ok
    21:17:25.0625 2452 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    21:17:25.0640 2452 NetTcpPortSharing - ok
    21:17:25.0671 2452 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    21:17:25.0750 2452 NIC1394 - ok
    21:17:25.0750 2452 nim32 - ok
    21:17:25.0796 2452 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    21:17:25.0812 2452 Nla - ok
    21:17:25.0812 2452 nod32krn - ok
    21:17:25.0812 2452 npfmntor - ok
    21:17:25.0828 2452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    21:17:25.0906 2452 Npfs - ok
    21:17:25.0953 2452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    21:17:26.0031 2452 Ntfs - ok
    21:17:26.0046 2452 ntiopnp - ok
    21:17:26.0046 2452 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:17:26.0109 2452 NtLmSsp - ok
    21:17:26.0140 2452 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    21:17:26.0218 2452 NtmsSvc - ok
    21:17:26.0234 2452 ntsyslog - ok
    21:17:26.0250 2452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    21:17:26.0328 2452 Null - ok
    21:17:26.0328 2452 NWADI - ok
    21:17:26.0359 2452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    21:17:26.0437 2452 NwlnkFlt - ok
    21:17:26.0437 2452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    21:17:26.0515 2452 NwlnkFwd - ok
    21:17:26.0515 2452 NWSNS - ok
    21:17:26.0515 2452 NxSysMon - ok
    21:17:26.0640 2452 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:17:26.0671 2452 odserv - ok
    21:17:26.0671 2452 ofcpfwsvc - ok
    21:17:26.0703 2452 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    21:17:26.0781 2452 ohci1394 - ok
    21:17:26.0781 2452 opcenum - ok
    21:17:26.0781 2452 oracleorahome92tnslistener - ok
    21:17:26.0812 2452 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:17:26.0843 2452 ose - ok
    21:17:26.0843 2452 p2psvc - ok
    21:17:26.0843 2452 papycpu2 - ok
    21:17:26.0875 2452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    21:17:26.0968 2452 Parport - ok
    21:17:26.0968 2452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    21:17:27.0031 2452 PartMgr - ok
    21:17:27.0062 2452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    21:17:27.0140 2452 ParVdm - ok
    21:17:27.0140 2452 pavdrv - ok
    21:17:27.0156 2452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    21:17:27.0234 2452 PCI - ok
    21:17:27.0234 2452 PCIDump - ok
    21:17:27.0265 2452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    21:17:27.0328 2452 PCIIde - ok
    21:17:27.0375 2452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    21:17:27.0437 2452 Pcmcia - ok
    21:17:27.0453 2452 pcscnsrv - ok
    21:17:27.0453 2452 PDCOMP - ok
    21:17:27.0453 2452 pdengine - ok
    21:17:27.0453 2452 PDFRAME - ok
    21:17:27.0453 2452 pdlnctdl - ok
    21:17:27.0468 2452 pdlnemsg - ok
    21:17:27.0468 2452 PDRELI - ok
    21:17:27.0468 2452 PDRFRAME - ok
    21:17:27.0468 2452 pepifilter - ok
    21:17:27.0468 2452 perc2 - ok
    21:17:27.0484 2452 perc2hib - ok
    21:17:27.0484 2452 phc600 - ok
    21:17:27.0609 2452 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
    21:17:27.0687 2452 PID_PEPI - ok
    21:17:27.0750 2452 pilogsrv - ok
    21:17:27.0781 2452 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    21:17:27.0796 2452 PlugPlay - ok
    21:17:27.0796 2452 pmsveh - ok
    21:17:27.0796 2452 pnrouter - ok
    21:17:27.0828 2452 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:17:27.0890 2452 PolicyAgent - ok
    21:17:27.0921 2452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    21:17:28.0015 2452 PptpMiniport - ok
    21:17:28.0015 2452 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:17:28.0093 2452 ProtectedStorage - ok
    21:17:28.0093 2452 proxyhostdriver - ok
    21:17:28.0093 2452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    21:17:28.0171 2452 PSched - ok
    21:17:28.0171 2452 pshost - ok
    21:17:28.0187 2452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    21:17:28.0281 2452 Ptilink - ok
    21:17:28.0281 2452 ql1080 - ok
    21:17:28.0281 2452 Ql10wnt - ok
    21:17:28.0281 2452 ql12160 - ok
    21:17:28.0296 2452 ql1240 - ok
    21:17:28.0296 2452 ql1280 - ok
    21:17:28.0312 2452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    21:17:28.0375 2452 RasAcd - ok
    21:17:28.0406 2452 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    21:17:28.0515 2452 RasAuto - ok
    21:17:28.0546 2452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    21:17:28.0625 2452 Rasl2tp - ok
    21:17:28.0656 2452 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    21:17:28.0734 2452 RasMan - ok
    21:17:28.0750 2452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    21:17:28.0828 2452 RasPppoe - ok
    21:17:28.0828 2452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    21:17:28.0890 2452 Raspti - ok
    21:17:28.0937 2452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    21:17:29.0015 2452 Rdbss - ok
    21:17:29.0015 2452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    21:17:29.0093 2452 RDPCDD - ok
    21:17:29.0125 2452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    21:17:29.0187 2452 rdpdr - ok
    21:17:29.0234 2452 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    21:17:29.0265 2452 RDPWD - ok
    21:17:29.0296 2452 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    21:17:29.0390 2452 RDSessMgr - ok
    21:17:29.0406 2452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    21:17:29.0484 2452 redbook - ok
    21:17:29.0515 2452 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    21:17:29.0609 2452 RemoteAccess - ok
    21:17:29.0640 2452 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    21:17:29.0703 2452 RemoteRegistry - ok
    21:17:29.0796 2452 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    21:17:29.0812 2452 RichVideo - ok
    21:17:29.0828 2452 RimUsb - ok
    21:17:29.0843 2452 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    21:17:29.0875 2452 RimVSerPort - ok
    21:17:29.0890 2452 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    21:17:29.0968 2452 ROOTMODEM - ok
    21:17:30.0031 2452 RoxLiveShare9 - ok
    21:17:30.0078 2452 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    21:17:30.0156 2452 RpcLocator - ok
    21:17:30.0187 2452 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    21:17:30.0218 2452 RpcSs - ok
    21:17:30.0218 2452 rslinxng - ok
    21:17:30.0265 2452 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    21:17:30.0343 2452 RSVP - ok
    21:17:30.0343 2452 rt73 - ok
    21:17:30.0390 2452 RTLE8023xp (c48e7bbc6a17a0676079e11a13e82549) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    21:17:30.0390 2452 RTLE8023xp - ok
    21:17:30.0406 2452 s616mgmt - ok
    21:17:30.0437 2452 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    21:17:30.0500 2452 SamSs - ok
    21:17:30.0500 2452 sandboxu - ok
    21:17:30.0515 2452 sbcssvc - ok
    21:17:30.0515 2452 sbhooksvc - ok
    21:17:30.0515 2452 scarddrv - ok
    21:17:30.0546 2452 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    21:17:30.0625 2452 SCardSvr - ok
    21:17:30.0656 2452 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    21:17:30.0734 2452 Schedule - ok
    21:17:30.0734 2452 scsiaccess - ok
    21:17:30.0734 2452 SE2Cmdm - ok
    21:17:30.0734 2452 se44mgmt - ok
    21:17:30.0765 2452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    21:17:30.0796 2452 Secdrv - ok
    21:17:30.0828 2452 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    21:17:30.0906 2452 seclogon - ok
    21:17:30.0921 2452 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
    21:17:31.0000 2452 SENS - ok
    21:17:31.0015 2452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    21:17:31.0093 2452 serenum - ok
    21:17:31.0125 2452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    21:17:31.0187 2452 Serial - ok
    21:17:31.0203 2452 serialkeys - ok
    21:17:31.0218 2452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    21:17:31.0296 2452 Sfloppy - ok
    21:17:31.0343 2452 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    21:17:31.0421 2452 SharedAccess - ok
    21:17:31.0453 2452 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    21:17:31.0453 2452 ShellHWDetection - ok
    21:17:31.0468 2452 Si3114r5 - ok
    21:17:31.0468 2452 Simbad - ok
    21:17:31.0468 2452 SiRemFil - ok
    21:17:31.0468 2452 SiSRaid2 - ok
    21:17:31.0468 2452 sit_flt - ok
    21:17:31.0484 2452 Sk99202k - ok
    21:17:31.0515 2452 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    21:17:31.0578 2452 SLIP - ok
    21:17:31.0593 2452 snac - ok
    21:17:31.0593 2452 snapman - ok
    21:17:31.0593 2452 sonytvc - ok
    21:17:31.0593 2452 Sparrow - ok
    21:17:31.0609 2452 spcsutilityservice - ok
    21:17:31.0640 2452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    21:17:31.0703 2452 splitter - ok
    21:17:31.0734 2452 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    21:17:31.0750 2452 Spooler - ok
    21:17:31.0750 2452 sprtsvc_ddoctorv2 - ok
    21:17:31.0750 2452 sqlserveragent - ok
    21:17:31.0781 2452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    21:17:31.0828 2452 sr - ok
    21:17:31.0843 2452 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    21:17:31.0890 2452 srservice - ok
    21:17:31.0921 2452 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    21:17:31.0937 2452 Srv - ok
    21:17:31.0937 2452 SrvcEPIOMngr - ok
    21:17:31.0968 2452 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    21:17:32.0000 2452 SSDPSRV - ok
    21:17:32.0015 2452 sshrmd - ok
    21:17:32.0015 2452 StickyMesger - ok
    21:17:32.0046 2452 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    21:17:32.0140 2452 stisvc - ok
    21:17:32.0140 2452 stllssvr - ok
    21:17:32.0156 2452 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    21:17:32.0234 2452 streamip - ok
    21:17:32.0250 2452 susbser - ok
    21:17:32.0265 2452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    21:17:32.0328 2452 swenum - ok
    21:17:32.0359 2452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    21:17:32.0437 2452 swmidi - ok
    21:17:32.0437 2452 SwPrv - ok
    21:17:32.0437 2452 symantecantibotdriver - ok
    21:17:32.0453 2452 symantecantibotshim - ok
    21:17:32.0453 2452 symc810 - ok
    21:17:32.0453 2452 symc8xx - ok
    21:17:32.0453 2452 sym_hi - ok
    21:17:32.0468 2452 sym_u3 - ok
    21:17:32.0484 2452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    21:17:32.0562 2452 sysaudio - ok
    21:17:32.0625 2452 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    21:17:32.0703 2452 SysmonLog - ok
    21:17:32.0734 2452 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    21:17:32.0812 2452 TapiSrv - ok
    21:17:32.0843 2452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    21:17:32.0859 2452 Tcpip - ok
    21:17:32.0890 2452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    21:17:32.0953 2452 TDPIPE - ok
    21:17:32.0953 2452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    21:17:33.0046 2452 TDTCP - ok
    21:17:33.0078 2452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    21:17:33.0156 2452 TermDD - ok
    21:17:33.0187 2452 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    21:17:33.0265 2452 TermService - ok
    21:17:33.0265 2452 tfsnopio - ok
    21:17:33.0296 2452 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    21:17:33.0312 2452 Themes - ok
    21:17:33.0343 2452 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    21:17:33.0375 2452 TlntSvr - ok
    21:17:33.0375 2452 TMHIDSRV - ok
    21:17:33.0390 2452 TosIde - ok
    21:17:33.0421 2452 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    21:17:33.0500 2452 TrkWks - ok
    21:17:33.0500 2452 tversitymediaserver - ok
    21:17:33.0500 2452 tzontservice - ok
    21:17:33.0515 2452 UDFReadr - ok
    21:17:33.0546 2452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    21:17:33.0625 2452 Udfs - ok
    21:17:33.0640 2452 uhcd - ok
    21:17:33.0640 2452 ultra - ok
    21:17:33.0640 2452 UPATC - ok
    21:17:33.0687 2452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    21:17:33.0765 2452 Update - ok
    21:17:33.0781 2452 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    21:17:33.0828 2452 upnphost - ok
    21:17:33.0828 2452 upperdev - ok
    21:17:33.0843 2452 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    21:17:33.0906 2452 UPS - ok
    21:17:33.0937 2452 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
    21:17:33.0937 2452 USBAAPL - ok
    21:17:33.0953 2452 usbatapi2000 - ok
    21:17:33.0968 2452 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    21:17:34.0046 2452 usbaudio - ok
    21:17:34.0078 2452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    21:17:34.0156 2452 usbccgp - ok
    21:17:34.0171 2452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    21:17:34.0250 2452 usbehci - ok
    21:17:34.0281 2452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    21:17:34.0359 2452 usbhub - ok
    21:17:34.0375 2452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    21:17:34.0453 2452 usbprint - ok
    21:17:34.0468 2452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    21:17:34.0546 2452 usbscan - ok
    21:17:34.0578 2452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    21:17:34.0656 2452 USBSTOR - ok
    21:17:34.0671 2452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    21:17:34.0734 2452 usbuhci - ok
    21:17:34.0734 2452 USB_RNDIS - ok
    21:17:34.0750 2452 useraccess - ok
    21:17:34.0765 2452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    21:17:34.0828 2452 VgaSave - ok
    21:17:34.0843 2452 ViaIde - ok
    21:17:34.0843 2452 videoacceleratorengine - ok
    21:17:34.0843 2452 vmparport - ok
    21:17:34.0859 2452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    21:17:34.0937 2452 VolSnap - ok
    21:17:34.0937 2452 vsdatant - ok
    21:17:34.0984 2452 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    21:17:35.0015 2452 VSS - ok
    21:17:35.0046 2452 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    21:17:35.0109 2452 W32Time - ok
    21:17:35.0140 2452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    21:17:35.0218 2452 Wanarp - ok
    21:17:35.0250 2452 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    21:17:35.0265 2452 WDC_SAM - ok
    21:17:35.0328 2452 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    21:17:35.0375 2452 Wdf01000 - ok
    21:17:35.0375 2452 WDICA - ok
    21:17:35.0390 2452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    21:17:35.0468 2452 wdmaud - ok
    21:17:35.0500 2452 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    21:17:35.0562 2452 WebClient - ok
    21:17:35.0578 2452 websensecamreportserver - ok
    21:17:35.0578 2452 whoisd32 - ok
    21:17:35.0578 2452 winachcf - ok
    21:17:35.0640 2452 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    21:17:35.0718 2452 winmgmt - ok
    21:17:35.0734 2452 wlancfg - ok
    21:17:35.0734 2452 wlluc48 - ok
    21:17:35.0734 2452 wmccdsls - ok
    21:17:35.0765 2452 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    21:17:35.0812 2452 WmdmPmSN - ok
    21:17:35.0843 2452 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    21:17:35.0890 2452 Wmi - ok
    21:17:35.0921 2452 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    21:17:35.0984 2452 WmiApSrv - ok
    21:17:36.0093 2452 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    21:17:36.0140 2452 WMPNetworkSvc - ok
    21:17:36.0281 2452 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    21:17:36.0312 2452 WPFFontCache_v0400 - ok
    21:17:36.0359 2452 wpshelper - ok
    21:17:36.0390 2452 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    21:17:36.0468 2452 WSTCODEC - ok
    21:17:36.0500 2452 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    21:17:36.0562 2452 wuauserv - ok
    21:17:36.0609 2452 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    21:17:36.0656 2452 WudfPf - ok
    21:17:36.0703 2452 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    21:17:36.0718 2452 WudfRd - ok
    21:17:36.0765 2452 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    21:17:36.0765 2452 WudfSvc - ok
    21:17:36.0828 2452 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    21:17:36.0937 2452 WZCSVC - ok
    21:17:36.0968 2452 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    21:17:37.0046 2452 xmlprov - ok
    21:17:37.0046 2452 Xponaut_WBD - ok
    21:17:37.0046 2452 zendcoreapache - ok
    21:17:37.0046 2452 ZuneWlanCfgSvc - ok
    21:17:37.0093 2452 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    21:17:37.0312 2452 \Device\Harddisk0\DR0 - ok
    21:17:37.0328 2452 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR14
    21:17:37.0500 2452 \Device\Harddisk1\DR14 - ok
    21:17:37.0546 2452 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk2\DR3
    21:17:53.0062 2452 \Device\Harddisk2\DR3 - ok
    21:17:53.0062 2452 Boot (0x1200) (ba8e3f9f280e677b1a053430c0bb4fe5) \Device\Harddisk0\DR0\Partition0
    21:17:53.0078 2452 \Device\Harddisk0\DR0\Partition0 - ok
    21:17:53.0078 2452 Boot (0x1200) (b11ea20c0c893a8f3492cd347145f0c0) \Device\Harddisk1\DR14\Partition0
    21:17:53.0078 2452 \Device\Harddisk1\DR14\Partition0 - ok
    21:17:53.0078 2452 Boot (0x1200) (fee9c7855dd1239cae89a9e4488e0700) \Device\Harddisk2\DR3\Partition0
    21:17:53.0109 2452 \Device\Harddisk2\DR3\Partition0 - ok
    21:17:53.0109 2452 ============================================================
    21:17:53.0109 2452 Scan finished
    21:17:53.0109 2452 ============================================================
    21:17:53.0218 1376 Detected object count: 8
    21:17:53.0218 1376 Actual detected object count: 8
    21:18:50.0625 1376 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
    21:18:50.0718 1376 Backup copy found, using it..
    21:18:50.0734 1376 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
    21:18:50.0734 1376 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
    21:18:50.0734 1376 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
    21:18:50.0734 1376 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:18:50.0734 1376 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
    21:18:50.0734 1376 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:18:50.0796 1376 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
    21:18:50.0828 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\@ - copied to quarantine
    21:18:50.0843 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\cfg.ini - copied to quarantine
    21:18:50.0875 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\Desktop.ini - copied to quarantine
    21:18:50.0906 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\L\ehuhiilp - copied to quarantine
    21:18:50.0921 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\oemid - copied to quarantine
    21:18:50.0968 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000001.@ - copied to quarantine
    21:18:51.0015 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000002.@ - copied to quarantine
    21:18:51.0031 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000004.@ - copied to quarantine
    21:18:51.0062 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000000.@ - copied to quarantine
    21:18:51.0062 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000004.@ - copied to quarantine
    21:18:51.0109 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000032.@ - copied to quarantine
    21:18:51.0156 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\version - copied to quarantine
    21:18:51.0187 1376 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
    21:18:51.0281 1376 Backup copy found, using it..
    21:18:51.0312 1376 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
    21:18:52.0421 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\@ - will be deleted on reboot
    21:18:52.0421 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\cfg.ini - will be deleted on reboot
    21:18:52.0468 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\Desktop.ini - will be deleted on reboot
    21:18:52.0484 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\oemid - will be deleted on reboot
    21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000001.@ - will be deleted on reboot
    21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000002.@ - will be deleted on reboot
    21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000004.@ - will be deleted on reboot
    21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000000.@ - will be deleted on reboot
    21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000004.@ - will be deleted on reboot
    21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000032.@ - will be deleted on reboot
    21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\version - will be deleted on reboot
    21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\4069655542 - will be deleted on reboot
    21:18:52.0515 1376 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
    21:18:52.0593 1376 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - copied to quarantine
    21:18:52.0640 1376 Backup copy not found, trying to cure infected file..
    21:18:52.0640 1376 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - Cure failed (FFFFFFFF)
    21:18:52.0640 1376 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - processing error
    21:18:53.0625 1376 Avgtdix ( Virus.Win32.ZAccess.c ) - User select action: Cure
    21:18:53.0656 1376 C:\WINDOWS\system32\QWAVE.dll - copied to quarantine
    21:18:53.0656 1376 HKLM\SYSTEM\ControlSet001\services\dktknsrv - will be deleted on reboot
    21:18:53.0656 1376 HKLM\SYSTEM\ControlSet002\services\dktknsrv - will be deleted on reboot
    21:18:53.0671 1376 C:\WINDOWS\system32\QWAVE.dll - will be deleted on reboot
    21:18:53.0671 1376 dktknsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    21:18:53.0687 1376 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    21:18:53.0687 1376 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:18:53.0687 1376 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
    21:18:53.0687 1376 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:21:34.0000 0648 Deinitialize success

  7. #7
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jacknjaspa,

    Ok good. We'll work directly on the infected computer.

    Your system has been infected by one or more Rootkits/Backdoor Trojans.

    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

    More information on Remote Access Trojans can be found here.

    I strongly suggest you do the following immediately:
    • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
    • DO NOT change passwords or do any transactions while using the infected computer because the new passwords could be compromised.


    Given there were several files infected before we go poking around, please rerun TDSSKiller with the same instructions so we can see how successful it was.

    Please post the log and we will continue.
    Member of UNITE and ASAP

  8. #8
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default

    Ran it again, went through but it didn't make me reboot (I guess this is still OK)
    FYI AVG warnings still popping up with threats detected.......anyway here is the file


    06:48:20.0125 57244 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
    06:48:21.0125 57244 ============================================================
    06:48:21.0125 57244 Current date / time: 2012/04/26 06:48:21.0125
    06:48:21.0125 57244 SystemInfo:
    06:48:21.0125 57244
    06:48:21.0125 57244 OS Version: 5.1.2600 ServicePack: 3.0
    06:48:21.0125 57244 Product type: Workstation
    06:48:21.0125 57244 ComputerName: B03F21AE66BF49C
    06:48:21.0125 57244 UserName: Cameron
    06:48:21.0125 57244 Windows directory: C:\WINDOWS
    06:48:21.0125 57244 System windows directory: C:\WINDOWS
    06:48:21.0125 57244 Processor architecture: Intel x86
    06:48:21.0125 57244 Number of processors: 2
    06:48:21.0125 57244 Page size: 0x1000
    06:48:21.0125 57244 Boot type: Normal boot
    06:48:21.0125 57244 ============================================================
    06:48:21.0781 57244 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    06:48:21.0781 57244 Drive \Device\Harddisk2\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    06:48:21.0796 57244 ============================================================
    06:48:21.0796 57244 \Device\Harddisk0\DR0:
    06:48:21.0796 57244 MBR partitions:
    06:48:21.0796 57244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
    06:48:21.0796 57244 \Device\Harddisk2\DR3:
    06:48:21.0812 57244 MBR partitions:
    06:48:21.0812 57244 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
    06:48:21.0812 57244 ============================================================
    06:48:21.0890 57244 C: <-> \Device\Harddisk0\DR0\Partition0
    06:48:21.0968 57244 G: <-> \Device\Harddisk2\DR3\Partition0
    06:48:21.0968 57244 ============================================================
    06:48:21.0968 57244 Initialize success
    06:48:21.0968 57244 ============================================================
    06:48:27.0375 57748 ============================================================
    06:48:27.0375 57748 Scan started
    06:48:27.0375 57748 Mode: Manual; SigCheck; TDLFS;
    06:48:27.0375 57748 ============================================================
    06:48:27.0875 57748 .avgtdix - ok
    06:48:27.0968 57748 2wirepcp - ok
    06:48:27.0984 57748 3dkeybd - ok
    06:48:27.0984 57748 61883 - ok
    06:48:27.0984 57748 Abiosdsk - ok
    06:48:27.0984 57748 abp480n5 - ok
    06:48:28.0031 57748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    06:48:28.0218 57748 ACPI - ok
    06:48:28.0250 57748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    06:48:28.0312 57748 ACPIEC - ok
    06:48:28.0343 57748 ACS (233235123f3d73228ec3d2bba0e7143d) C:\WINDOWS\system32\acs.exe
    06:48:28.0343 57748 ACS ( UnsignedFile.Multi.Generic ) - warning
    06:48:28.0343 57748 ACS - detected UnsignedFile.Multi.Generic (1)
    06:48:28.0343 57748 admjoy - ok
    06:48:28.0406 57748 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    06:48:28.0421 57748 AdobeFlashPlayerUpdateSvc - ok
    06:48:28.0421 57748 adpu160m - ok
    06:48:28.0484 57748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    06:48:28.0546 57748 aec - ok
    06:48:28.0578 57748 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    06:48:28.0578 57748 AegisP ( UnsignedFile.Multi.Generic ) - warning
    06:48:28.0578 57748 AegisP - detected UnsignedFile.Multi.Generic (1)
    06:48:28.0609 57748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    06:48:28.0609 57748 AFD - ok
    06:48:28.0609 57748 Aha154x - ok
    06:48:28.0625 57748 aic78u2 - ok
    06:48:28.0625 57748 aic78xx - ok
    06:48:28.0625 57748 aksusb - ok
    06:48:28.0671 57748 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    06:48:28.0750 57748 Alerter - ok
    06:48:28.0765 57748 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    06:48:28.0812 57748 ALG - ok
    06:48:28.0812 57748 AliIde - ok
    06:48:28.0812 57748 AlKernel - ok
    06:48:28.0890 57748 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
    06:48:28.0953 57748 Ambfilt - ok
    06:48:29.0015 57748 ami0nt - ok
    06:48:29.0015 57748 amsint - ok
    06:48:29.0015 57748 ANC - ok
    06:48:29.0015 57748 antivirservice - ok
    06:48:29.0078 57748 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    06:48:29.0078 57748 Apple Mobile Device - ok
    06:48:29.0125 57748 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    06:48:29.0156 57748 AppMgmt - ok
    06:48:29.0156 57748 appnnode - ok
    06:48:29.0203 57748 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WG311T13.sys
    06:48:29.0218 57748 AR5211 - ok
    06:48:29.0234 57748 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    06:48:29.0296 57748 Arp1394 - ok
    06:48:29.0296 57748 asc - ok
    06:48:29.0312 57748 asc3350p - ok
    06:48:29.0312 57748 asc3550 - ok
    06:48:29.0312 57748 aslm75 - ok
    06:48:29.0312 57748 ASMMAP - ok
    06:48:29.0390 57748 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    06:48:29.0390 57748 aspnet_state - ok
    06:48:29.0406 57748 aswmon2 - ok
    06:48:29.0421 57748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    06:48:29.0500 57748 AsyncMac - ok
    06:48:29.0515 57748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    06:48:29.0609 57748 atapi - ok
    06:48:29.0609 57748 Atdisk - ok
    06:48:29.0656 57748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    06:48:29.0734 57748 Atmarpc - ok
    06:48:29.0765 57748 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    06:48:29.0828 57748 AudioSrv - ok
    06:48:29.0843 57748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    06:48:29.0921 57748 audstub - ok
    06:48:29.0921 57748 AVCSTRM - ok
    06:48:29.0921 57748 AVerBDA - ok
    06:48:30.0171 57748 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    06:48:30.0281 57748 AVGIDSAgent - ok
    06:48:30.0375 57748 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    06:48:30.0390 57748 AVGIDSDriver - ok
    06:48:30.0406 57748 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    06:48:30.0406 57748 AVGIDSEH - ok
    06:48:30.0421 57748 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    06:48:30.0437 57748 AVGIDSFilter - ok
    06:48:30.0437 57748 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    06:48:30.0453 57748 AVGIDSShim - ok
    06:48:30.0468 57748 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    06:48:30.0468 57748 Avgldx86 - ok
    06:48:30.0484 57748 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    06:48:30.0484 57748 Avgmfx86 - ok
    06:48:30.0500 57748 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    06:48:30.0500 57748 Avgrkx86 - ok
    06:48:30.0515 57748 Avgtdix (d9a14d3bf565a33d9878ac6a8117b4f0) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    06:48:30.0531 57748 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\avgtdix.sys. md5: d9a14d3bf565a33d9878ac6a8117b4f0
    06:48:30.0531 57748 Avgtdix ( Virus.Win32.ZAccess.c ) - infected
    06:48:30.0531 57748 Avgtdix - detected Virus.Win32.ZAccess.c (0)
    06:48:30.0609 57748 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    06:48:30.0625 57748 avgwd - ok
    06:48:30.0625 57748 backuplauncher - ok
    06:48:30.0625 57748 bcm43xx - ok
    06:48:30.0640 57748 beatjammusicstreamingserver - ok
    06:48:30.0671 57748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    06:48:30.0734 57748 Beep - ok
    06:48:30.0750 57748 belgium_id_card_service - ok
    06:48:30.0750 57748 besclient - ok
    06:48:30.0750 57748 bglivesvc - ok
    06:48:30.0750 57748 bhmonitorservice - ok
    06:48:30.0781 57748 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    06:48:30.0859 57748 BITS - ok
    06:48:30.0875 57748 BoiHwsetup - ok
    06:48:30.0906 57748 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    06:48:30.0921 57748 Bonjour Service - ok
    06:48:30.0921 57748 bridgemp - ok
    06:48:30.0968 57748 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    06:48:31.0031 57748 Browser - ok
    06:48:31.0046 57748 BrPar - ok
    06:48:31.0046 57748 btfirst - ok
    06:48:31.0046 57748 bthidenum - ok
    06:48:31.0046 57748 cachemgr - ok
    06:48:31.0046 57748 CAMFLT - ok
    06:48:31.0078 57748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    06:48:31.0156 57748 cbidf2k - ok
    06:48:31.0156 57748 CBN - ok
    06:48:31.0156 57748 ccalib8 - ok
    06:48:31.0187 57748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    06:48:31.0265 57748 CCDECODE - ok
    06:48:31.0265 57748 cd20xrnt - ok
    06:48:31.0265 57748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    06:48:31.0343 57748 Cdaudio - ok
    06:48:31.0375 57748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    06:48:31.0453 57748 Cdfs - ok
    06:48:31.0453 57748 Changer - ok
    06:48:31.0500 57748 CinemaNow Service (127d4d0e9f78834ffd1eeea3fcfb47c1) C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    06:48:31.0500 57748 CinemaNow Service - ok
    06:48:31.0531 57748 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    06:48:31.0609 57748 CiSvc - ok
    06:48:31.0640 57748 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    06:48:31.0703 57748 ClipSrv - ok
    06:48:31.0703 57748 clisvc - ok
    06:48:31.0796 57748 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    06:48:31.0796 57748 clr_optimization_v2.0.50727_32 - ok
    06:48:31.0843 57748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    06:48:31.0859 57748 clr_optimization_v4.0.30319_32 - ok
    06:48:31.0859 57748 CmdIde - ok
    06:48:31.0875 57748 cmigameport - ok
    06:48:31.0875 57748 COMSysApp - ok
    06:48:31.0875 57748 Cpqarray - ok
    06:48:31.0875 57748 cpqdmi - ok
    06:48:31.0875 57748 cq_mem - ok
    06:48:31.0906 57748 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    06:48:31.0984 57748 CryptSvc - ok
    06:48:31.0984 57748 dac2w2k - ok
    06:48:31.0984 57748 dac960nt - ok
    06:48:31.0984 57748 DCamUSBMke - ok
    06:48:32.0031 57748 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    06:48:32.0046 57748 DcomLaunch - ok
    06:48:32.0046 57748 deventagent - ok
    06:48:32.0062 57748 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    06:48:32.0140 57748 Dhcp - ok
    06:48:32.0140 57748 dirms_defragmentation - ok
    06:48:32.0156 57748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    06:48:32.0234 57748 Disk - ok
    06:48:32.0234 57748 dlaudfam - ok
    06:48:32.0234 57748 DM9102 - ok
    06:48:32.0250 57748 dmadmin - ok
    06:48:32.0328 57748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    06:48:32.0406 57748 dmboot - ok
    06:48:32.0421 57748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    06:48:32.0500 57748 dmio - ok
    06:48:32.0500 57748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    06:48:32.0578 57748 dmload - ok
    06:48:32.0609 57748 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    06:48:32.0687 57748 dmserver - ok
    06:48:32.0718 57748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    06:48:32.0781 57748 DMusic - ok
    06:48:32.0812 57748 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    06:48:32.0828 57748 Dnscache - ok
    06:48:32.0828 57748 dnwhodisp - ok
    06:48:32.0843 57748 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    06:48:32.0921 57748 Dot3svc - ok
    06:48:32.0937 57748 dot4print - ok
    06:48:32.0937 57748 dpti2o - ok
    06:48:32.0937 57748 DritekPortIO - ok
    06:48:32.0937 57748 driverhardwarev2 - ok
    06:48:32.0968 57748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    06:48:33.0046 57748 drmkaud - ok
    06:48:33.0062 57748 dsbrokerservice - ok
    06:48:33.0062 57748 dtscsi - ok
    06:48:33.0062 57748 EagleNT - ok
    06:48:33.0109 57748 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    06:48:33.0187 57748 EapHost - ok
    06:48:33.0187 57748 EIO_XP - ok
    06:48:33.0187 57748 elnkservice - ok
    06:48:33.0187 57748 enodpl - ok
    06:48:33.0187 57748 enxpsvc - ok
    06:48:33.0187 57748 epsonbidirectionalagent - ok
    06:48:33.0203 57748 epson_pm_rpcv2_02 - ok
    06:48:33.0218 57748 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    06:48:33.0312 57748 ERSvc - ok
    06:48:33.0343 57748 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    06:48:33.0343 57748 Eventlog - ok
    06:48:33.0375 57748 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    06:48:33.0390 57748 EventSystem - ok
    06:48:33.0390 57748 FA312 - ok
    06:48:33.0421 57748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    06:48:33.0484 57748 Fastfat - ok
    06:48:33.0515 57748 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    06:48:33.0515 57748 FastUserSwitchingCompatibility - ok
    06:48:33.0515 57748 fcprintservice - ok
    06:48:33.0531 57748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    06:48:33.0609 57748 Fdc - ok
    06:48:33.0609 57748 FETNDIS - ok
    06:48:33.0671 57748 FingerPrint - ok
    06:48:33.0687 57748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    06:48:33.0765 57748 Fips - ok
    06:48:33.0765 57748 flashcomadmin - ok
    06:48:33.0765 57748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    06:48:33.0843 57748 Flpydisk - ok
    06:48:33.0859 57748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    06:48:33.0937 57748 FltMgr - ok
    06:48:34.0046 57748 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    06:48:34.0046 57748 FontCache3.0.0.0 - ok
    06:48:34.0046 57748 freepops - ok
    06:48:34.0093 57748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    06:48:34.0171 57748 Fs_Rec - ok
    06:48:34.0171 57748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    06:48:34.0250 57748 Ftdisk - ok
    06:48:34.0281 57748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    06:48:34.0281 57748 GEARAspiWDM - ok
    06:48:34.0312 57748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    06:48:34.0390 57748 Gpc - ok
    06:48:34.0390 57748 GT680x - ok
    06:48:34.0390 57748 GTF32BUS - ok
    06:48:34.0453 57748 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
    06:48:34.0468 57748 gupdate - ok
    06:48:34.0468 57748 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
    06:48:34.0484 57748 gupdatem - ok
    06:48:34.0515 57748 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    06:48:34.0531 57748 gusvc - ok
    06:48:34.0562 57748 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    06:48:34.0656 57748 HDAudBus - ok
    06:48:34.0703 57748 helpsvc - ok
    06:48:34.0703 57748 hidgame - ok
    06:48:34.0734 57748 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    06:48:34.0812 57748 HidServ - ok
    06:48:34.0843 57748 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    06:48:34.0921 57748 hidusb - ok
    06:48:34.0953 57748 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    06:48:35.0015 57748 hkmsvc - ok
    06:48:35.0015 57748 HPFECP20 - ok
    06:48:35.0031 57748 hpn - ok
    06:48:35.0031 57748 HpqKbFiltr - ok
    06:48:35.0031 57748 HSFHWICH - ok
    06:48:35.0031 57748 hsf_dp - ok
    06:48:35.0031 57748 HssTrayService - ok
    06:48:35.0078 57748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    06:48:35.0078 57748 HTTP - ok
    06:48:35.0109 57748 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    06:48:35.0187 57748 HTTPFilter - ok
    06:48:35.0187 57748 i2omgmt - ok
    06:48:35.0187 57748 i2omp - ok
    06:48:35.0218 57748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    06:48:35.0296 57748 i8042prt - ok
    06:48:35.0296 57748 iaimfp2 - ok
    06:48:35.0296 57748 iaimtv2 - ok
    06:48:35.0546 57748 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    06:48:35.0687 57748 ialm - ok
    06:48:35.0734 57748 ibmfilter - ok
    06:48:35.0750 57748 ibmpmdrv - ok
    06:48:35.0750 57748 ibmpmsvc - ok
    06:48:35.0875 57748 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    06:48:35.0875 57748 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    06:48:35.0875 57748 IDriverT - detected UnsignedFile.Multi.Generic (1)
    06:48:36.0015 57748 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    06:48:36.0046 57748 idsvc - ok
    06:48:36.0046 57748 igniteservice.exe - ok
    06:48:36.0093 57748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    06:48:36.0156 57748 Imapi - ok
    06:48:36.0187 57748 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    06:48:36.0281 57748 ImapiService - ok
    06:48:36.0281 57748 ini910u - ok
    06:48:36.0515 57748 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    06:48:36.0671 57748 IntcAzAudAddService - ok
    06:48:36.0734 57748 IntelC53 - ok
    06:48:36.0750 57748 IntelIde - ok
    06:48:36.0781 57748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    06:48:36.0843 57748 intelppm - ok
    06:48:36.0859 57748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    06:48:36.0937 57748 Ip6Fw - ok
    06:48:36.0984 57748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    06:48:37.0062 57748 IpFilterDriver - ok
    06:48:37.0062 57748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    06:48:37.0140 57748 IpInIp - ok
    06:48:37.0171 57748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    06:48:37.0250 57748 IpNat - ok
    06:48:37.0328 57748 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
    06:48:37.0343 57748 iPod Service - ok
    06:48:37.0375 57748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    06:48:37.0453 57748 IPSec - ok
    06:48:37.0484 57748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    06:48:37.0515 57748 IRENUM - ok
    06:48:37.0531 57748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    06:48:37.0625 57748 isapnp - ok
    06:48:37.0625 57748 IWCA - ok
    06:48:37.0625 57748 ixiaendpoint - ok
    06:48:37.0687 57748 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
    06:48:37.0703 57748 JavaQuickStarterService - ok
    06:48:37.0765 57748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    06:48:37.0843 57748 Kbdclass - ok
    06:48:37.0859 57748 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    06:48:37.0937 57748 kbdhid - ok
    06:48:37.0968 57748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    06:48:38.0046 57748 kmixer - ok
    06:48:38.0046 57748 KMW_USB - ok
    06:48:38.0078 57748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    06:48:38.0093 57748 KSecDD - ok
    06:48:38.0140 57748 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    06:48:38.0140 57748 LanmanServer - ok
    06:48:38.0171 57748 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    06:48:38.0187 57748 lanmanworkstation - ok
    06:48:38.0187 57748 lbrtfdc - ok
    06:48:38.0203 57748 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    06:48:38.0281 57748 LmHosts - ok
    06:48:38.0281 57748 ltmodem5 - ok
    06:48:38.0281 57748 ltxred - ok
    06:48:38.0296 57748 lusbaudio - ok
    06:48:38.0328 57748 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
    06:48:38.0328 57748 LVPr2Mon - ok
    06:48:38.0390 57748 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    06:48:38.0406 57748 LVPrcSrv - ok
    06:48:38.0406 57748 lxby_device - ok
    06:48:38.0406 57748 lxcj_device - ok
    06:48:38.0406 57748 lxdm_device - ok
    06:48:38.0406 57748 Machnm32 - ok
    06:48:38.0421 57748 mcdbus - ok
    06:48:38.0421 57748 mcvsrte - ok
    06:48:38.0468 57748 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    06:48:38.0484 57748 MDM ( UnsignedFile.Multi.Generic ) - warning
    06:48:38.0484 57748 MDM - detected UnsignedFile.Multi.Generic (1)
    06:48:38.0515 57748 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    06:48:38.0593 57748 Messenger - ok
    06:48:38.0593 57748 mfeapfk - ok
    06:48:38.0609 57748 mks_scan - ok
    06:48:38.0640 57748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    06:48:38.0718 57748 mnmdd - ok
    06:48:38.0765 57748 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    06:48:38.0828 57748 mnmsrvc - ok
    06:48:38.0859 57748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    06:48:38.0937 57748 Modem - ok
    06:48:39.0031 57748 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
    06:48:39.0078 57748 Monfilt - ok
    06:48:39.0125 57748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    06:48:39.0203 57748 Mouclass - ok
    06:48:39.0203 57748 moufiltr - ok
    06:48:39.0234 57748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    06:48:39.0312 57748 mouhid - ok
    06:48:39.0328 57748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    06:48:39.0406 57748 MountMgr - ok
    06:48:39.0421 57748 mraid35x - ok
    06:48:39.0421 57748 MRESP50a64 - ok
    06:48:39.0437 57748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    06:48:39.0515 57748 MRxDAV - ok
    06:48:39.0546 57748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    06:48:39.0578 57748 MRxSmb - ok
    06:48:39.0578 57748 MSCamSvc - ok
    06:48:39.0625 57748 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    06:48:39.0703 57748 MSDTC - ok
    06:48:39.0734 57748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    06:48:39.0796 57748 Msfs - ok
    06:48:39.0796 57748 MSFWHLPR - ok
    06:48:39.0812 57748 MSIServer - ok
    06:48:40.0062 57748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    06:48:40.0125 57748 MSKSSRV - ok
    06:48:40.0156 57748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    06:48:40.0218 57748 MSPCLOCK - ok
    06:48:40.0234 57748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    06:48:40.0312 57748 MSPQM - ok
    06:48:40.0328 57748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    06:48:40.0406 57748 mssmbios - ok
    06:48:40.0437 57748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    06:48:40.0500 57748 MSTEE - ok
    06:48:40.0531 57748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    06:48:40.0546 57748 Mup - ok
    06:48:40.0562 57748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    06:48:40.0640 57748 NABTSFEC - ok
    06:48:40.0687 57748 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    06:48:40.0750 57748 napagent - ok
    06:48:40.0765 57748 NCPro - ok
    06:48:40.0796 57748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    06:48:40.0875 57748 NDIS - ok
    06:48:40.0875 57748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    06:48:40.0953 57748 NdisIP - ok
    06:48:40.0968 57748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    06:48:40.0984 57748 NdisTapi - ok
    06:48:41.0000 57748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    06:48:41.0078 57748 Ndisuio - ok
    06:48:41.0109 57748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    06:48:41.0171 57748 NdisWan - ok
    06:48:41.0187 57748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    06:48:41.0203 57748 NDProxy - ok
    06:48:41.0218 57748 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
    06:48:41.0234 57748 Netaapl - ok
    06:48:41.0250 57748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    06:48:41.0312 57748 NetBIOS - ok
    06:48:41.0343 57748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    06:48:41.0421 57748 NetBT - ok
    06:48:41.0453 57748 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    06:48:41.0515 57748 NetDDE - ok
    06:48:41.0531 57748 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    06:48:41.0593 57748 NetDDEdsdm - ok
    06:48:41.0593 57748 netdevio - ok
    06:48:41.0625 57748 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    06:48:41.0703 57748 Netlogon - ok
    06:48:41.0734 57748 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    06:48:41.0812 57748 Netman - ok
    06:48:41.0859 57748 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    06:48:41.0875 57748 NetTcpPortSharing - ok
    06:48:41.0906 57748 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    06:48:41.0968 57748 NIC1394 - ok
    06:48:41.0984 57748 nim32 - ok
    06:48:42.0015 57748 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    06:48:42.0031 57748 Nla - ok
    06:48:42.0031 57748 nod32krn - ok
    06:48:42.0031 57748 npfmntor - ok
    06:48:42.0046 57748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    06:48:42.0125 57748 Npfs - ok
    06:48:42.0140 57748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    06:48:42.0218 57748 Ntfs - ok
    06:48:42.0218 57748 ntiopnp - ok
    06:48:42.0234 57748 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    06:48:42.0296 57748 NtLmSsp - ok
    06:48:42.0343 57748 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    06:48:42.0421 57748 NtmsSvc - ok
    06:48:42.0421 57748 ntsyslog - ok
    06:48:42.0437 57748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    06:48:42.0515 57748 Null - ok
    06:48:42.0515 57748 NWADI - ok
    06:48:42.0546 57748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    06:48:42.0609 57748 NwlnkFlt - ok
    06:48:42.0609 57748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    06:48:42.0687 57748 NwlnkFwd - ok
    06:48:42.0687 57748 NWSNS - ok
    06:48:42.0687 57748 NxSysMon - ok
    06:48:42.0812 57748 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    06:48:42.0828 57748 odserv - ok
    06:48:42.0828 57748 ofcpfwsvc - ok
    06:48:42.0859 57748 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    06:48:42.0937 57748 ohci1394 - ok
    06:48:42.0937 57748 opcenum - ok
    06:48:42.0937 57748 oracleorahome92tnslistener - ok
    06:48:42.0968 57748 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    06:48:42.0984 57748 ose - ok
    06:48:42.0984 57748 p2psvc - ok
    06:48:42.0984 57748 papycpu2 - ok
    06:48:43.0015 57748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    06:48:43.0078 57748 Parport - ok
    06:48:43.0093 57748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    06:48:43.0156 57748 PartMgr - ok
    06:48:43.0187 57748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    06:48:43.0250 57748 ParVdm - ok
    06:48:43.0250 57748 pavdrv - ok
    06:48:43.0265 57748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    06:48:43.0343 57748 PCI - ok
    06:48:43.0343 57748 PCIDump - ok
    06:48:43.0359 57748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    06:48:43.0437 57748 PCIIde - ok
    06:48:43.0468 57748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    06:48:43.0531 57748 Pcmcia - ok
    06:48:43.0531 57748 pcscnsrv - ok
    06:48:43.0546 57748 PDCOMP - ok
    06:48:43.0546 57748 pdengine - ok
    06:48:43.0546 57748 PDFRAME - ok
    06:48:43.0546 57748 pdlnctdl - ok
    06:48:43.0546 57748 pdlnemsg - ok
    06:48:43.0562 57748 PDRELI - ok
    06:48:43.0562 57748 PDRFRAME - ok
    06:48:43.0562 57748 pepifilter - ok
    06:48:43.0562 57748 perc2 - ok
    06:48:43.0562 57748 perc2hib - ok
    06:48:43.0578 57748 phc600 - ok
    06:48:43.0703 57748 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
    06:48:43.0781 57748 PID_PEPI - ok
    06:48:43.0859 57748 pilogsrv - ok
    06:48:43.0890 57748 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    06:48:43.0906 57748 PlugPlay - ok
    06:48:43.0906 57748 pmsveh - ok
    06:48:43.0906 57748 pnrouter - ok
    06:48:43.0937 57748 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    06:48:44.0000 57748 PolicyAgent - ok
    06:48:44.0031 57748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    06:48:44.0093 57748 PptpMiniport - ok
    06:48:44.0109 57748 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    06:48:44.0171 57748 ProtectedStorage - ok
    06:48:44.0187 57748 proxyhostdriver - ok
    06:48:44.0187 57748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    06:48:44.0250 57748 PSched - ok
    06:48:44.0265 57748 pshost - ok
    06:48:44.0281 57748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    06:48:44.0343 57748 Ptilink - ok
    06:48:44.0343 57748 ql1080 - ok
    06:48:44.0359 57748 Ql10wnt - ok
    06:48:44.0359 57748 ql12160 - ok
    06:48:44.0359 57748 ql1240 - ok
    06:48:44.0359 57748 ql1280 - ok
    06:48:44.0359 57748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    06:48:44.0437 57748 RasAcd - ok
    06:48:44.0484 57748 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    06:48:44.0562 57748 RasAuto - ok
    06:48:44.0593 57748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    06:48:44.0671 57748 Rasl2tp - ok
    06:48:44.0687 57748 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    06:48:44.0765 57748 RasMan - ok
    06:48:44.0765 57748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    06:48:44.0843 57748 RasPppoe - ok
    06:48:44.0843 57748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    06:48:44.0906 57748 Raspti - ok
    06:48:44.0953 57748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    06:48:45.0031 57748 Rdbss - ok
    06:48:45.0031 57748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    06:48:45.0093 57748 RDPCDD - ok
    06:48:45.0156 57748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    06:48:45.0234 57748 rdpdr - ok
    06:48:45.0265 57748 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    06:48:45.0265 57748 RDPWD - ok
    06:48:45.0312 57748 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    06:48:45.0375 57748 RDSessMgr - ok
    06:48:45.0406 57748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    06:48:45.0468 57748 redbook - ok
    06:48:45.0500 57748 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    06:48:45.0578 57748 RemoteAccess - ok
    06:48:45.0609 57748 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    06:48:45.0687 57748 RemoteRegistry - ok
    06:48:45.0765 57748 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    06:48:45.0781 57748 RichVideo - ok
    06:48:45.0781 57748 RimUsb - ok
    06:48:45.0812 57748 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    06:48:45.0828 57748 RimVSerPort - ok
    06:48:45.0843 57748 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    06:48:45.0921 57748 ROOTMODEM - ok
    06:48:45.0984 57748 RoxLiveShare9 - ok
    06:48:46.0031 57748 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    06:48:46.0109 57748 RpcLocator - ok
    06:48:46.0140 57748 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    06:48:46.0156 57748 RpcSs - ok
    06:48:46.0156 57748 rslinxng - ok
    06:48:46.0187 57748 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    06:48:46.0250 57748 RSVP - ok
    06:48:46.0265 57748 rt73 - ok
    06:48:46.0296 57748 RTLE8023xp (c48e7bbc6a17a0676079e11a13e82549) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    06:48:46.0296 57748 RTLE8023xp - ok
    06:48:46.0312 57748 s616mgmt - ok
    06:48:46.0343 57748 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    06:48:46.0406 57748 SamSs - ok
    06:48:46.0421 57748 sandboxu - ok
    06:48:46.0421 57748 sbcssvc - ok
    06:48:46.0421 57748 sbhooksvc - ok
    06:48:46.0421 57748 scarddrv - ok
    06:48:46.0453 57748 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    06:48:46.0515 57748 SCardSvr - ok
    06:48:46.0546 57748 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    06:48:46.0625 57748 Schedule - ok
    06:48:46.0625 57748 scsiaccess - ok
    06:48:46.0625 57748 SE2Cmdm - ok
    06:48:46.0640 57748 se44mgmt - ok
    06:48:46.0640 57748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    06:48:46.0671 57748 Secdrv - ok
    06:48:46.0703 57748 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    06:48:46.0781 57748 seclogon - ok
    06:48:46.0796 57748 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
    06:48:46.0875 57748 SENS - ok
    06:48:46.0890 57748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    06:48:46.0968 57748 serenum - ok
    06:48:46.0984 57748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    06:48:47.0062 57748 Serial - ok
    06:48:47.0062 57748 serialkeys - ok
    06:48:47.0078 57748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    06:48:47.0156 57748 Sfloppy - ok
    06:48:47.0187 57748 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    06:48:47.0265 57748 SharedAccess - ok
    06:48:47.0281 57748 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    06:48:47.0296 57748 ShellHWDetection - ok
    06:48:47.0296 57748 Si3114r5 - ok
    06:48:47.0296 57748 Simbad - ok
    06:48:47.0296 57748 SiRemFil - ok
    06:48:47.0312 57748 SiSRaid2 - ok
    06:48:47.0312 57748 sit_flt - ok
    06:48:47.0312 57748 Sk99202k - ok
    06:48:47.0343 57748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    06:48:47.0406 57748 SLIP - ok
    06:48:47.0421 57748 snac - ok
    06:48:47.0421 57748 snapman - ok
    06:48:47.0421 57748 sonytvc - ok
    06:48:47.0421 57748 Sparrow - ok
    06:48:47.0421 57748 spcsutilityservice - ok
    06:48:47.0453 57748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    06:48:47.0515 57748 splitter - ok
    06:48:47.0546 57748 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    06:48:47.0562 57748 Spooler - ok
    06:48:47.0562 57748 sprtsvc_ddoctorv2 - ok
    06:48:47.0562 57748 sqlserveragent - ok
    06:48:47.0593 57748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    06:48:47.0625 57748 sr - ok
    06:48:47.0640 57748 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    06:48:47.0671 57748 srservice - ok
    06:48:47.0718 57748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    06:48:47.0734 57748 Srv - ok
    06:48:47.0734 57748 SrvcEPIOMngr - ok
    06:48:47.0781 57748 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    06:48:47.0812 57748 SSDPSRV - ok
    06:48:47.0812 57748 sshrmd - ok
    06:48:47.0812 57748 StickyMesger - ok
    06:48:47.0843 57748 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    06:48:47.0921 57748 stisvc - ok
    06:48:47.0921 57748 stllssvr - ok
    06:48:47.0953 57748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    06:48:48.0031 57748 streamip - ok
    06:48:48.0031 57748 susbser - ok
    06:48:48.0046 57748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    06:48:48.0125 57748 swenum - ok
    06:48:48.0156 57748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    06:48:48.0234 57748 swmidi - ok
    06:48:48.0234 57748 SwPrv - ok
    06:48:48.0234 57748 symantecantibotdriver - ok
    06:48:48.0234 57748 symantecantibotshim - ok
    06:48:48.0250 57748 symc810 - ok
    06:48:48.0250 57748 symc8xx - ok
    06:48:48.0250 57748 sym_hi - ok
    06:48:48.0250 57748 sym_u3 - ok
    06:48:48.0265 57748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    06:48:48.0343 57748 sysaudio - ok
    06:48:48.0375 57748 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    06:48:48.0453 57748 SysmonLog - ok
    06:48:48.0484 57748 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    06:48:48.0562 57748 TapiSrv - ok
    06:48:48.0593 57748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    06:48:48.0609 57748 Tcpip - ok
    06:48:48.0656 57748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    06:48:48.0718 57748 TDPIPE - ok
    06:48:48.0734 57748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    06:48:48.0796 57748 TDTCP - ok
    06:48:48.0828 57748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    06:48:48.0890 57748 TermDD - ok
    06:48:48.0921 57748 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    06:48:49.0000 57748 TermService - ok
    06:48:49.0000 57748 tfsnopio - ok
    06:48:49.0046 57748 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    06:48:49.0046 57748 Themes - ok
    06:48:49.0093 57748 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    06:48:49.0125 57748 TlntSvr - ok
    06:48:49.0125 57748 TMHIDSRV - ok
    06:48:49.0125 57748 TosIde - ok
    06:48:49.0156 57748 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    06:48:49.0234 57748 TrkWks - ok
    06:48:49.0234 57748 tversitymediaserver - ok
    06:48:49.0250 57748 tzontservice - ok
    06:48:49.0250 57748 UDFReadr - ok
    06:48:49.0281 57748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    06:48:49.0343 57748 Udfs - ok
    06:48:49.0343 57748 uhcd - ok
    06:48:49.0343 57748 ultra - ok
    06:48:49.0359 57748 UPATC - ok
    06:48:49.0406 57748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    06:48:49.0484 57748 Update - ok
    06:48:49.0500 57748 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    06:48:49.0546 57748 upnphost - ok
    06:48:49.0546 57748 upperdev - ok
    06:48:49.0562 57748 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    06:48:49.0625 57748 UPS - ok
    06:48:49.0671 57748 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
    06:48:49.0687 57748 USBAAPL - ok
    06:48:49.0687 57748 usbatapi2000 - ok
    06:48:49.0718 57748 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    06:48:49.0781 57748 usbaudio - ok
    06:48:49.0812 57748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    06:48:49.0875 57748 usbccgp - ok
    06:48:49.0906 57748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    06:48:49.0968 57748 usbehci - ok
    06:48:50.0000 57748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    06:48:50.0078 57748 usbhub - ok
    06:48:50.0109 57748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    06:48:50.0171 57748 usbprint - ok
    06:48:50.0187 57748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    06:48:50.0265 57748 usbscan - ok
    06:48:50.0296 57748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    06:48:50.0359 57748 USBSTOR - ok
    06:48:50.0375 57748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    06:48:50.0453 57748 usbuhci - ok
    06:48:50.0453 57748 USB_RNDIS - ok
    06:48:50.0453 57748 useraccess - ok
    06:48:50.0484 57748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    06:48:50.0546 57748 VgaSave - ok
    06:48:50.0546 57748 ViaIde - ok
    06:48:50.0562 57748 videoacceleratorengine - ok
    06:48:50.0562 57748 vmparport - ok
    06:48:50.0578 57748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    06:48:50.0656 57748 VolSnap - ok
    06:48:50.0656 57748 vsdatant - ok
    06:48:50.0687 57748 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    06:48:50.0718 57748 VSS - ok
    06:48:50.0765 57748 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    06:48:50.0828 57748 W32Time - ok
    06:48:50.0843 57748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    06:48:50.0921 57748 Wanarp - ok
    06:48:50.0937 57748 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    06:48:50.0953 57748 WDC_SAM - ok
    06:48:51.0000 57748 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    06:48:51.0015 57748 Wdf01000 - ok
    06:48:51.0015 57748 WDICA - ok
    06:48:51.0078 57748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    06:48:51.0140 57748 wdmaud - ok
    06:48:51.0156 57748 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    06:48:51.0234 57748 WebClient - ok
    06:48:51.0234 57748 websensecamreportserver - ok
    06:48:51.0250 57748 whoisd32 - ok
    06:48:51.0250 57748 winachcf - ok
    06:48:51.0296 57748 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    06:48:51.0359 57748 winmgmt - ok
    06:48:51.0375 57748 wlancfg - ok
    06:48:51.0375 57748 wlluc48 - ok
    06:48:51.0375 57748 wmccdsls - ok
    06:48:51.0406 57748 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    06:48:51.0421 57748 WmdmPmSN - ok
    06:48:51.0484 57748 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    06:48:51.0500 57748 Wmi - ok
    06:48:51.0515 57748 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    06:48:51.0593 57748 WmiApSrv - ok
    06:48:51.0687 57748 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    06:48:51.0718 57748 WMPNetworkSvc - ok
    06:48:51.0875 57748 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    06:48:51.0906 57748 WPFFontCache_v0400 - ok
    06:48:51.0937 57748 wpshelper - ok
    06:48:51.0984 57748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    06:48:52.0046 57748 WSTCODEC - ok
    06:48:52.0062 57748 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    06:48:52.0140 57748 wuauserv - ok
    06:48:52.0187 57748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    06:48:52.0187 57748 WudfPf - ok
    06:48:52.0234 57748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    06:48:52.0250 57748 WudfRd - ok
    06:48:52.0281 57748 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    06:48:52.0281 57748 WudfSvc - ok
    06:48:52.0343 57748 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    06:48:52.0421 57748 WZCSVC - ok
    06:48:52.0453 57748 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    06:48:52.0515 57748 xmlprov - ok
    06:48:52.0515 57748 Xponaut_WBD - ok
    06:48:52.0531 57748 zendcoreapache - ok
    06:48:52.0531 57748 ZuneWlanCfgSvc - ok
    06:48:52.0546 57748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    06:48:52.0781 57748 \Device\Harddisk0\DR0 - ok
    06:48:52.0828 57748 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk2\DR3
    06:49:08.0406 57748 \Device\Harddisk2\DR3 - ok
    06:49:08.0406 57748 Boot (0x1200) (ba8e3f9f280e677b1a053430c0bb4fe5) \Device\Harddisk0\DR0\Partition0
    06:49:08.0406 57748 \Device\Harddisk0\DR0\Partition0 - ok
    06:49:08.0421 57748 Boot (0x1200) (fee9c7855dd1239cae89a9e4488e0700) \Device\Harddisk2\DR3\Partition0
    06:49:08.0437 57748 \Device\Harddisk2\DR3\Partition0 - ok
    06:49:08.0437 57748 ============================================================
    06:49:08.0437 57748 Scan finished
    06:49:08.0437 57748 ============================================================
    06:49:08.0546 57740 Detected object count: 5
    06:49:08.0546 57740 Actual detected object count: 5
    06:49:13.0078 57740 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
    06:49:13.0078 57740 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
    06:49:13.0078 57740 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
    06:49:13.0078 57740 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
    06:49:13.0109 57740 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - copied to quarantine
    06:49:13.0156 57740 Backup copy not found, trying to cure infected file..
    06:49:13.0156 57740 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - Cure failed (FFFFFFFF)
    06:49:13.0156 57740 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - processing error
    06:49:13.0984 57740 Avgtdix ( Virus.Win32.ZAccess.c ) - User select action: Cure
    06:49:13.0984 57740 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    06:49:13.0984 57740 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    06:49:13.0984 57740 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
    06:49:13.0984 57740 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

  9. #9
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi jacknjaspa,

    It looks like AVG itself may be infected. Let's have a closer look.

    Download OTL to your desktop.
    • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the boxes beside LOP Check and Purity Check.
    • In the window under Custom Scans/Fixes copy and paste the following


      netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lîk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      Avgtdix.*
      /md5stop
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgtdix /s
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.avgtdix /s
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antivirservice /s

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    Member of UNITE and ASAP

  10. #10
    Member
    Join Date
    Apr 2012
    Posts
    42

    Default

    OTL Extras logfile created on: 26/04/2012 7:41:25 AM - Run 1
    OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.78% Memory free
    4.87 Gb Paging File | 4.16 Gb Available in Paging File | 85.32% Paging File free
    Paging file location(s): C:\pagefile.sys 3100 3100 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 35.56 Gb Free Space | 11.93% Space Free | Partition Type: NTFS
    Drive G: | 149.05 Gb Total Space | 75.29 Gb Free Space | 50.51% Space Free | Partition Type: NTFS

    Computer Name: B03F21AE66BF49C | User Name: Cameron | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .reg [@ = regfile] -- regedit.exe "%1"

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1
    htafile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1"
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
    "C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
    "C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
    "C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
    "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\FingerPrint\FingerPrintService.exe" = C:\Program Files\FingerPrint\FingerPrintService.exe:*:Enabled:FingerPrint Service -- (Collobos Software)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe" = C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe:*:Enabled:Plex Media Server -- (Plex, Inc.)
    "C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe" = C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe:*:Enabled:Plex Scripting Host -- ()
    "C:\Program Files\Plex\Plex Media Center\Plex.exe" = C:\Program Files\Plex\Plex Media Center\Plex.exe:*:Enabled:Plex Media Center -- (Plex, Inc.)
    "C:\Program Files\Safari\Safari.exe" = C:\Program Files\Safari\Safari.exe:*:Enabled:Safari -- (Apple Inc.)
    "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40F0DEB7-21A6-4166-B021-CE9675665985}" = Plex Media Server
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
    "{54DFC275-7F2F-4F01-B8B5-304E1DD03B04}" = Garfield G1 Spelling
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{85D5BFBB-8BC4-467B-BADA-D574A3CDC139}_is1" = FingerPrint 1.2.0.278
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{BAF227A2-E214-49E3-9137-94A300EA85BA}" = iPhone Configuration Utility
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "AVG" = AVG 2012
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "CCleaner" = CCleaner
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome Frame" = Google Chrome Frame
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HFSExplorer" = HFSExplorer 0.21
    "iBackupBot for iTunes" = iBackupBot for iTunes 3.1.6
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
    "Logitech Vid" = Logitech Vid HD
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "Speed Dial Utility" = Canon Speed Dial Utility
    "VLC media player" = VLC media player 1.1.10
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Plex" = Plex
    "RewardsArcade" = RewardsArcade
    "Smart Fortress 2012" = Smart Fortress 2012
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 18

    Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 19

    Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 20

    Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 21

    Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 22

    Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 23

    Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 24

    Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 3

    Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
    Description = ERROR: handle_resolve_request bad interfaceIndex 3

    Error - 25/04/2012 7:41:09 PM | Computer Name = B03F21AE66BF49C | Source = Application Hang | ID = 1002
    Description = Hanging application OTL.exe, version 3.2.42.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ OSession Events ]
    Error - 20/08/2011 2:49:44 AM | Computer Name = B03F21AE66BF49C | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 803260
    seconds with 2100 seconds of active time. This session ended with a crash.

    Error - 29/02/2012 4:00:32 AM | Computer Name = B03F21AE66BF49C | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 339531
    seconds with 3180 seconds of active time. This session ended with a crash.


    < End of report >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •