1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.Agent.H + plenty more

Discussion in 'Virus & Other Malware Removal' started by bsacco, Feb 7, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    854
    I went to a site called Ufonts and downloaded a font.

    The problem was that the option had this check box that I didn't see that said "Use our installer"

    Well anyhow, Malwarebytes caught the following:

    PUP.Offerware
    PUP.Offerware
    Trojan.Agent.H
    Adware.Dropper

    So, I immediately removed all quaranteed items then updated and ran Malwarebytes again. THen ran Microsoft essential. THen ran AntiSpyware. Then ran Eset online free scanner. Nothing more was found.

    THen I restarted. All the sudden a program called NCDownloader appeared magically on my desktop. I immediately went to control panel and removed it.

    I was very scared that my PC now has been infected with crap that is hidden. How can i be sure I've got all the bad stuff off my PC.

    PC - running Windows XP Pro
    E8200 @ 2.66Ghz
    2.66 Ghz - .325 GB of RAM
    Service pack 3
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    Please post the log from MalwareBytes so I can see what was removed.

    Then, please do the following:


    Please download DDS by sUBs to your desktop from the following location:

    http://download.bleepingcomputer.com/sUBs/dds.scr

    Double-click the dds.scr file to run the program.

    It will automatically run in silent mode and then you will see the following note:

    "Two logs shall be created n your Desktop".

    The logs will be named dds.txt and attach.txt.

    Wait until the logs appear and then copy and paste their contents in your post.


    Please download GMER from: http://www.gmer.net

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

    Open the ark.txt file and copy and paste the contents of the log here please.
     
  3. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    854
    LOG FILE(S) FROM MALWAREBYTES:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4116

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/18/2010 11:04:36 PM
    mbam-log-2010-05-18 (23-04-36).txt

    Scan type: Quick scan
    Objects scanned: 139803
    Time elapsed: 12 minute(s), 27 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 6

    Memory Processes Infected:
    C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.
    C:\autoexec.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

    ---------------------------------------------------

    Malwarebytes' Anti-Malware 1.44
    Database version: 3826
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    3/5/2010 9:52:40 AM
    mbam-log-2010-03-05 (09-52-40).txt

    Scan type: Quick Scan
    Objects scanned: 136844
    Time elapsed: 3 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ---------------------------------------------------
     
  4. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    854
    DDS LOG FILE:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/20/2008 10:20:07 AM
    System Uptime: 2/8/2013 8:14:20 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0GM819
    Processor: Intel Pentium III Xeon processor | CPU | 2659/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 119.949 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    F: is Removable
    M: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
    T: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
    U: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
    V: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
    W: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
    X: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
    Y: is NetworkDisk (NTFS) - 1843 GiB total, 265.126 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 2/7/2013 9:38:42 AM - System Checkpoint
    RP2: 2/7/2013 2:28:34 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    µTorrent
    32 Bit HP CIO Components Installer
    3ivx MPEG-4 5.0.3 (remove only)
    Ace Utilities
    Add or Remove Adobe Creative Suite 3 Design Premium
    Addictive Drums
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8.1.3 Professional
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Design Premium
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server {ko_KR}
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AIO_Scan
    Airfoil
    Amazon MP3 Downloader 1.0.17
    AMD Catalyst Install Manager
    Any Video Converter 3.2.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASAP Utilities
    ATI Catalyst Control Center
    Audacity 2.0
    Belarc Advisor 8.3
    Bonjour
    BrowseToSave 1.74
    BufferChm
    Cakewalk Audio FX Pack 2
    Cakewalk Audio FX Pack 3
    Canon Easy-WebPrint EX
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 3.1
    Canon MX870 series MP Drivers
    Canon MX870 series User Registration
    Canon Speed Dial Utility
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CCleaner
    CDBurnerXP
    Costco Photo Organizer
    Data Lifeguard Diagnostic for Windows 1.24
    Dell Resource CD
    Dropbox
    Duplicate Music Files Finder 1.5.5
    ESET Online Scanner v3
    Fast Duplicate File Finder 2.0.0.1
    FFmpeg for Audacity on Windows
    File Renamer - Basic
    FileZilla Client 3.2.4.1
    FlipShare
    Foxit Reader
    Free Video Dub version 2.0.3.1228
    FreeRIP v3.6
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    GoToAssist Corporate
    GoToMeeting 5.2.0.952
    HiJackThis
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB954550-v5)
    HP MediaSmart Server 3.0 Update 1
    HP Update
    Intel(R) PRO Network Connections Drivers
    Intel® Active Management Technology
    Intel® Management Engine Interface
    iPhone Configuration Utility
    iTunes
    iTunes Library Updater
    Java 7 Update 13
    Java Auto Updater
    Java(TM) 6 Update 31
    JavaFX 2.1.1
    Jing
    join.me
    LADSPA_plugins-win-0.4.15
    LAME v3.98.3 for Audacity
    Line 6 Uninstaller
    Magical Jelly Bean KeyFinder
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.70.0.1100
    MediaMonkey 4.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Easy Assist v2
    Microsoft Expression Web 2
    Microsoft Expression Web 2 MUI (English)
    Microsoft IntelliPoint 8.2
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC90_CRT_x86
    MIDI-OX
    MiniTool Power Data Recovery
    MobileMe Control Panel
    Mozilla Firefox 16.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mp3tag v2.54
    MSN
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Plugin 1.0
    Native Instruments Guitar Rig 3
    Native Instruments Service Center
    neroxml
    Ontrack EasyRecovery Professional
    PDF Settings
    PHOTOfunSTUDIO 8.1 PE
    PHOTOfunSTUDIO HD Edition
    Plex Media Server
    PS_AIO_Software_min
    QuickTime
    ReaPlugs
    SeaTools for Windows
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB923789)
    Similarity 1.1.0
    SIW version 2011.10.29
    Skype™ 6.0
    SONAR 8.0 Producer Edition
    Sound Blaster Audigy
    SoundMAX
    Spotify
    SUPERAntiSpyware
    swMSM
    The KMPlayer (remove only)
    Toolbox
    Total Video Converter 3.71 100812
    Tweakui Powertoy for Windows XP
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Expression Web 2 (KB957827)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB2632503)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Virus Guard - powered by BitDefender
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VLC media player 2.0.4
    WD Diagnostics
    WD Drive Manager (x86)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Home Server Connector
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Search 4.0
    Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip
    XML Paper Specification Shared Components Pack 1.0
    Xobni
    Xobni Core
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/5/2013 2:23:11 AM, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    .
    ==== End Of File ===========================
     
  5. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    854
    DDS.txt LOG FILE:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2
    Run by bsacco at 9:16:40 on 2013-02-08
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1751 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ================
    .
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Intel\AMT\atchksrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Intel\AMT\UNS.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Xobni\XobniService.exe
    C:\Program Files\Windows Home Server\WHSConnector.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\Program Files\Intel\AMT\atchk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\Windows Home Server\WHSTrayApp.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?hl=en&source=webhp
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = hxxp://outlookweb.invision.net/
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - c:\program files\windows home server\WHSDeskBands.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - c:\program files\windows home server\WHSDeskBands.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: {6576EBAA-B570-4345-98E4-96153C77CF24} - <orphaned>
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] "c:\documents and settings\administrator\local settings\application data\google\chrome\application\chrome.exe" --type=service
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [P17Helper] Rundll32 P17.dll,P17Helper
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
    mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\administrator\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~2.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: $talisma_url$
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} - hxxps://atlas.atlassolutions.com/dl/AtlasCtrl.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358756641328
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349385223937
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} - file:///D:/html/nafcom.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {ABC26C81-D7D5-4B0C-A764-95BD0622BB67} - hxxp://www.livehelper.com/download/NewRemoteHelp.cab
    DPF: {B87A4DE2-57A3-41CA-8781-89D43EA6EEF4} - hxxp://videomessages.live.com/Portal/ClientBin/VCaptCtl.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{DDAF0FD6-A7E5-4EDC-A9CB-E63FE9565669} : DHCPNameServer = 192.168.1.254
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
    AppInit_DLLs= airfoilinject3.dll c:\progra~1\browse~1\sprote~1.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar.dll
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar_ff36.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
    FF - ExtSQL: 2013-01-21 00:20; [email protected]; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\[email protected]
    FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
    R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-15 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-18 682344]
    R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-5-20 2521880]
    R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]
    R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
    R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2011-5-18 62184]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2012-5-7 45288]
    R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [2012-4-3 583296]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-18 21104]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-2-8 40776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-10-7 44776]
    S3 EVault InfoStage Agent;OSP EVault Agent;c:\program files\osp evault\agent\VVAgent.exe [2008-11-11 3223552]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-02-08 17:12:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-02-07 22:28:37 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98a07645-28bf-4a2a-bf3b-cc91d19b379b}\mpengine.dll
    2013-02-07 22:24:41 -------- d-----w- c:\documents and settings\administrator\application data\NCdownloader
    2013-02-07 17:28:59 -------- d-----w- c:\documents and settings\all users\application data\RightClick
    2013-02-07 17:28:45 -------- d-----w- c:\program files\BrowseToSave
    2013-02-07 17:27:39 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
    2013-02-06 15:23:19 6991832 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-02-05 15:52:47 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-02-04 21:49:31 -------- d-----w- c:\windows\system32\winrm
    2013-02-04 21:49:22 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2013-02-04 21:49:09 -------- d-----w- c:\documents and settings\administrator\application data\Windows Desktop Search
    2013-02-02 22:05:19 -------- d-----w- C:\PSTools
    .
    ==================== Find3M ====================
    .
    2013-02-08 17:11:16 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-08 17:11:15 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-05 15:52:31 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-05 15:52:30 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-02-05 15:52:30 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
    2012-12-18 19:58:08 163584 ----a-w- c:\windows\system32\AirfoilInject3.dll
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-29 20:24:27 60304 ----a-w- c:\documents and settings\administrator\g2mdlhlpx.exe
    2012-11-18 22:21:20 121254 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-10-15 21:57:23 22657136 ----a-w- c:\program files\vlc-2.0.2-win32.exe
    .
    ============= FINISH: 9:22:58.54 ===============
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    I assume you're still running GMER so I'll wait for that log.
     
  7. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    854
    Yes, I'm running GMER but its taking forever....

    Your instructions are kind of confusing:

    "If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C)."

    I unchecked IAT/EAT as instructed above then unchecked everything BUT the "C" drive. But when I hit the SCAN button nothing happened. It wouldn't run the scan. So i went back and selected all the rest of the checkboxes EXCEPT IAT/EAT and the scan is running now....but it's taking forever.

    Please advise if i did the right thing.
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    You understood the instructions correctly.

    It won't hurt to do the full scan, it will just a very long time.
     
  9. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    854
    OK, while it was running the GMER scan...I popped my head into my office to see how it was going and to my horror I found the blue screen of death.

    STOP: c000021a Fatal System Error

    I shut the PC down. And restarted it. It immediately is now running a CHKDSK routine. Please advise.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    When chkdsk has finished please post the report.

    To view results log:

    Go to Start - Run and type in eventvwr.msc, and hit enter.
    When Event Viewer opens, click on "Application", then scroll down to "Winlogon" and double-click on it to open it up. This is the log created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.


    Then also please do this:

    Please go here and download the TDSSKiller.exe to your desktop.
    • Double-click to TDSSKiller.exe on your desktop to run it.
    • Click on Start Scan
    • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
    It will produce a log once it finishes in the root drive which should look like this example:

    C:\TDSSKiller.<version_date_time>log.txt

    Please copy and paste the contents of that log in your next reply.
     
  11. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    854
    winlogon results:

    Event Type: Information
    Event Source: Winlogon
    Event Category: None
    Event ID: 1001
    Date: 2/8/2013
    Time: 4:05:09 PM
    User: N/A
    Computer: BS-TOWER
    Description:
    Checking file system on C:
    The type of the file system is NTFS.


    One of your disks needs to be checked for consistency. You
    may cancel the disk check, but it is strongly recommended
    that you continue.
    Windows will now check the disk.
    Cleaning up instance tags for file 0x491a9.
    Cleaning up minor inconsistencies on the drive.
    Cleaning up 93 unused index entries from index $SII of file 0x9.
    Cleaning up 93 unused index entries from index $SDH of file 0x9.
    Cleaning up 93 unused security descriptors.
    CHKDSK is verifying Usn Journal...
    Usn Journal verification completed.
    Correcting errors in the Volume Bitmap.
    Windows has made corrections to the file system.

    244059479 KB total disk space.
    117372976 KB in 299451 files.
    169592 KB in 115335 indexes.
    0 KB in bad sectors.
    679219 KB in use by the system.
    65536 KB occupied by the log file.
    125837692 KB available on disk.

    4096 bytes in each allocation unit.
    61014869 total allocation units on disk.
    31459423 allocation units available on disk.

    Internal Info:
    b0 80 06 00 4d 54 06 00 8e 41 0a 00 00 00 00 00 ....MT...A......
    27 56 00 00 04 00 00 00 3a 05 00 00 00 00 00 00 'V......:.......
    32 97 39 25 00 00 00 00 d2 73 0d 47 01 00 00 00 2.9%.....s.G....
    ce b3 7c 42 00 00 00 00 00 00 00 00 00 00 00 00 ..|B............
    00 00 00 00 00 00 00 00 e8 fc 83 b8 01 00 00 00 ................
    30 d6 8c 9e 00 00 00 00 80 38 07 00 bb 91 04 00 0........8......
    00 00 00 00 00 c0 e0 fb 1b 00 00 00 87 c2 01 00 ................

    Windows has finished checking your disk.
    Please wait while your computer restarts.


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
     
  12. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    854
    TDSS Killer log file:

    16:33:57.0265 4184 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    16:33:57.0796 4184 ============================================================
    16:33:57.0796 4184 Current date / time: 2013/02/08 16:33:57.0796
    16:33:57.0796 4184 SystemInfo:
    16:33:57.0796 4184
    16:33:57.0796 4184 OS Version: 5.1.2600 ServicePack: 3.0
    16:33:57.0796 4184 Product type: Workstation
    16:33:57.0796 4184 ComputerName: BS-TOWER
    16:33:57.0796 4184 UserName: bsacco
    16:33:57.0796 4184 Windows directory: C:\WINDOWS
    16:33:57.0796 4184 System windows directory: C:\WINDOWS
    16:33:57.0796 4184 Processor architecture: Intel x86
    16:33:57.0796 4184 Number of processors: 2
    16:33:57.0796 4184 Page size: 0x1000
    16:33:57.0796 4184 Boot type: Normal boot
    16:33:57.0796 4184 ============================================================
    16:33:58.0625 4184 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    16:33:58.0703 4184 ============================================================
    16:33:58.0703 4184 \Device\Harddisk0\DR0:
    16:33:58.0718 4184 MBR partitions:
    16:33:58.0718 4184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x1D181AB0
    16:33:58.0718 4184 ============================================================
    16:33:58.0828 4184 C: <-> \Device\Harddisk0\DR0\Partition1
    16:33:58.0828 4184 ============================================================
    16:33:58.0828 4184 Initialize success
    16:33:58.0828 4184 ============================================================
    16:34:22.0015 5528 ============================================================
    16:34:22.0015 5528 Scan started
    16:34:22.0015 5528 Mode: Manual;
    16:34:22.0015 5528 ============================================================
    16:34:22.0265 5528 ================ Scan system memory ========================
    16:34:22.0265 5528 System memory - ok
    16:34:22.0265 5528 ================ Scan services =============================
    16:34:22.0390 5528 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    16:34:22.0390 5528 !SASCORE - ok
    16:34:22.0484 5528 Abiosdsk - ok
    16:34:22.0484 5528 abp480n5 - ok
    16:34:22.0531 5528 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    16:34:22.0546 5528 ACPI - ok
    16:34:22.0578 5528 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    16:34:22.0578 5528 ACPIEC - ok
    16:34:22.0609 5528 [ DE25FC7DE3A464E455C0D0012757B0AC ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
    16:34:22.0609 5528 ADIHdAudAddService - ok
    16:34:22.0671 5528 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    16:34:22.0671 5528 Adobe Version Cue CS3 - ok
    16:34:22.0734 5528 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    16:34:22.0734 5528 AdobeFlashPlayerUpdateSvc - ok
    16:34:22.0734 5528 adpu160m - ok
    16:34:22.0750 5528 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    16:34:22.0765 5528 aec - ok
    16:34:22.0796 5528 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
    16:34:22.0796 5528 Afc - ok
    16:34:22.0843 5528 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    16:34:22.0843 5528 AFD - ok
    16:34:22.0843 5528 Aha154x - ok
    16:34:22.0843 5528 aic78u2 - ok
    16:34:22.0843 5528 aic78xx - ok
    16:34:22.0875 5528 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    16:34:22.0875 5528 Alerter - ok
    16:34:22.0906 5528 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    16:34:22.0906 5528 ALG - ok
    16:34:22.0906 5528 AliIde - ok
    16:34:22.0906 5528 amsint - ok
    16:34:23.0000 5528 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:34:23.0000 5528 Apple Mobile Device - ok
    16:34:23.0031 5528 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    16:34:23.0031 5528 AppMgmt - ok
    16:34:23.0031 5528 asc - ok
    16:34:23.0031 5528 asc3350p - ok
    16:34:23.0046 5528 asc3550 - ok
    16:34:23.0156 5528 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    16:34:23.0171 5528 aspnet_state - ok
    16:34:23.0218 5528 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    16:34:23.0218 5528 AsyncMac - ok
    16:34:23.0234 5528 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    16:34:23.0234 5528 atapi - ok
    16:34:23.0328 5528 [ EECC1D40AA10F85126708796ABA1E7D5 ] atchksrv C:\Program Files\Intel\AMT\atchksrv.exe
    16:34:23.0328 5528 atchksrv - ok
    16:34:23.0328 5528 Atdisk - ok
    16:34:23.0375 5528 [ 6A9420C302E3ABF99B58426FBA694C51 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    16:34:23.0390 5528 Ati HotKey Poller - ok
    16:34:23.0437 5528 [ AF33838A8D5198C12CF06D693F4DEE0C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
    16:34:23.0437 5528 ATI Smart - ok
    16:34:23.0593 5528 [ 011388DDC5B83EF4A0B2B829735C646F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    16:34:23.0640 5528 ati2mtag - ok
    16:34:23.0656 5528 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    16:34:23.0656 5528 Atmarpc - ok
    16:34:23.0703 5528 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    16:34:23.0703 5528 AudioSrv - ok
    16:34:23.0734 5528 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    16:34:23.0734 5528 audstub - ok
    16:34:23.0781 5528 [ 22F769C67CB88EF32A985132041A6169 ] BackupReader C:\WINDOWS\system32\DRIVERS\BackupReader.sys
    16:34:23.0781 5528 BackupReader - ok
    16:34:23.0812 5528 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
    16:34:23.0812 5528 BANTExt - ok
    16:34:23.0859 5528 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    16:34:23.0859 5528 Beep - ok
    16:34:23.0890 5528 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
    16:34:23.0890 5528 bgsvcgen - ok
    16:34:23.0937 5528 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    16:34:23.0968 5528 BITS - ok
    16:34:24.0031 5528 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    16:34:24.0046 5528 Bonjour Service - ok
    16:34:24.0078 5528 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    16:34:24.0078 5528 Browser - ok
    16:34:24.0109 5528 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    16:34:24.0109 5528 BVRPMPR5 - ok
    16:34:24.0125 5528 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    16:34:24.0125 5528 cbidf2k - ok
    16:34:24.0171 5528 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    16:34:24.0171 5528 CCDECODE - ok
    16:34:24.0171 5528 cd20xrnt - ok
    16:34:24.0234 5528 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    16:34:24.0234 5528 Cdaudio - ok
    16:34:24.0281 5528 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    16:34:24.0281 5528 Cdfs - ok
    16:34:24.0328 5528 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
    16:34:24.0328 5528 cdrbsdrv - ok
    16:34:24.0328 5528 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    16:34:24.0328 5528 Cdrom - ok
    16:34:24.0359 5528 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    16:34:24.0359 5528 cercsr6 - ok
    16:34:24.0359 5528 Changer - ok
    16:34:24.0390 5528 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    16:34:24.0390 5528 CiSvc - ok
    16:34:24.0421 5528 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    16:34:24.0421 5528 ClipSrv - ok
    16:34:24.0500 5528 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:34:24.0500 5528 clr_optimization_v2.0.50727_32 - ok
    16:34:24.0546 5528 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:34:24.0656 5528 clr_optimization_v4.0.30319_32 - ok
    16:34:24.0656 5528 CmdIde - ok
    16:34:24.0671 5528 COMSysApp - ok
    16:34:24.0671 5528 Cpqarray - ok
    16:34:24.0671 5528 Crypkey License - ok
    16:34:24.0718 5528 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    16:34:24.0718 5528 CryptSvc - ok
    16:34:24.0750 5528 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
    16:34:24.0750 5528 ctsfm2k - ok
    16:34:24.0750 5528 dac2w2k - ok
    16:34:24.0765 5528 dac960nt - ok
    16:34:24.0812 5528 [ CA812B19C0E2BC044214AD3F6436E730 ] dc3d C:\WINDOWS\system32\DRIVERS\dc3d.sys
    16:34:24.0812 5528 dc3d - ok
    16:34:24.0859 5528 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    16:34:24.0859 5528 DcomLaunch - ok
    16:34:24.0921 5528 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    16:34:24.0921 5528 Dhcp - ok
    16:34:24.0921 5528 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    16:34:24.0921 5528 Disk - ok
    16:34:24.0921 5528 dmadmin - ok
    16:34:24.0968 5528 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    16:34:24.0968 5528 dmboot - ok
    16:34:25.0000 5528 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    16:34:25.0000 5528 dmio - ok
    16:34:25.0046 5528 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    16:34:25.0046 5528 dmload - ok
    16:34:25.0078 5528 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    16:34:25.0093 5528 dmserver - ok
    16:34:25.0093 5528 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    16:34:25.0093 5528 DMusic - ok
    16:34:25.0140 5528 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    16:34:25.0140 5528 Dnscache - ok
    16:34:25.0171 5528 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    16:34:25.0171 5528 Dot3svc - ok
    16:34:25.0171 5528 dpti2o - ok
    16:34:25.0187 5528 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    16:34:25.0187 5528 drmkaud - ok
    16:34:25.0218 5528 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    16:34:25.0218 5528 e1express - ok
    16:34:25.0250 5528 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    16:34:25.0250 5528 EapHost - ok
    16:34:25.0265 5528 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    16:34:25.0265 5528 ERSvc - ok
    16:34:25.0375 5528 [ 812C794F71715AE088DBCCDEA5C5B02B ] EVault InfoStage Agent C:\Program Files\OSP EVault\Agent\VVAgent.exe
    16:34:26.0843 5528 EVault InfoStage Agent - ok
    16:34:26.0875 5528 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    16:34:26.0875 5528 Eventlog - ok
    16:34:26.0921 5528 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    16:34:26.0921 5528 EventSystem - ok
    16:34:26.0968 5528 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    16:34:26.0968 5528 Fastfat - ok
    16:34:27.0015 5528 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    16:34:27.0015 5528 FastUserSwitchingCompatibility - ok
    16:34:27.0031 5528 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    16:34:27.0031 5528 Fdc - ok
    16:34:27.0031 5528 FilterService - ok
    16:34:27.0031 5528 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    16:34:27.0031 5528 Fips - ok
    16:34:27.0093 5528 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    16:34:27.0093 5528 FLEXnet Licensing Service - ok
    16:34:27.0171 5528 [ 1C8401072E39784CDA54E1BA8D8EE845 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    16:34:27.0281 5528 FlipShare Service - ok
    16:34:27.0312 5528 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    16:34:27.0312 5528 Flpydisk - ok
    16:34:27.0359 5528 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    16:34:27.0359 5528 FltMgr - ok
    16:34:27.0453 5528 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    16:34:27.0453 5528 FontCache3.0.0.0 - ok
    16:34:27.0453 5528 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    16:34:27.0453 5528 Fs_Rec - ok
    16:34:27.0453 5528 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    16:34:27.0453 5528 Ftdisk - ok
    16:34:27.0500 5528 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    16:34:27.0500 5528 GEARAspiWDM - ok
    16:34:27.0578 5528 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
    16:34:27.0578 5528 GoToAssist - ok
    16:34:27.0625 5528 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    16:34:27.0625 5528 Gpc - ok
    16:34:27.0703 5528 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    16:34:27.0703 5528 gupdate - ok
    16:34:27.0703 5528 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    16:34:27.0718 5528 gupdatem - ok
    16:34:27.0765 5528 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    16:34:27.0765 5528 HDAudBus - ok
    16:34:27.0812 5528 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
    16:34:27.0812 5528 HECI - ok
    16:34:27.0890 5528 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    16:34:27.0890 5528 helpsvc - ok
    16:34:27.0937 5528 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    16:34:27.0953 5528 HidServ - ok
    16:34:27.0953 5528 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    16:34:27.0953 5528 hidusb - ok
    16:34:27.0984 5528 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    16:34:27.0984 5528 hkmsvc - ok
    16:34:28.0031 5528 [ 4092496C2E1B1438665B086548512B13 ] HPMSSConnectorSvc C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
    16:34:28.0078 5528 HPMSSConnectorSvc - ok
    16:34:28.0078 5528 hpn - ok
    16:34:28.0109 5528 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    16:34:28.0109 5528 HPZid412 - ok
    16:34:28.0109 5528 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    16:34:28.0109 5528 HPZipr12 - ok
    16:34:28.0125 5528 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    16:34:28.0125 5528 HPZius12 - ok
    16:34:28.0171 5528 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    16:34:28.0171 5528 HTTP - ok
    16:34:28.0187 5528 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    16:34:28.0187 5528 HTTPFilter - ok
    16:34:28.0187 5528 i2omgmt - ok
    16:34:28.0203 5528 i2omp - ok
    16:34:28.0234 5528 [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys
    16:34:28.0234 5528 iastor - ok
    16:34:28.0296 5528 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    16:34:28.0437 5528 idsvc - ok
    16:34:28.0484 5528 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    16:34:28.0484 5528 Imapi - ok
    16:34:28.0546 5528 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    16:34:28.0546 5528 ImapiService - ok
    16:34:28.0546 5528 ini910u - ok
    16:34:28.0546 5528 IntelIde - ok
    16:34:28.0593 5528 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    16:34:28.0593 5528 intelppm - ok
    16:34:28.0625 5528 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    16:34:28.0625 5528 Ip6Fw - ok
    16:34:28.0656 5528 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    16:34:28.0656 5528 IpFilterDriver - ok
    16:34:28.0671 5528 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    16:34:28.0671 5528 IpInIp - ok
    16:34:28.0703 5528 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    16:34:28.0703 5528 IpNat - ok
    16:34:28.0765 5528 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    16:34:28.0765 5528 iPod Service - ok
    16:34:28.0781 5528 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    16:34:28.0781 5528 IPSec - ok
    16:34:28.0812 5528 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    16:34:28.0812 5528 IRENUM - ok
    16:34:28.0843 5528 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    16:34:28.0843 5528 isapnp - ok
    16:34:28.0984 5528 [ CC54FD59486BEF7CE70275FAC2FD9D34 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    16:34:28.0984 5528 JavaQuickStarterService - ok
    16:34:28.0984 5528 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    16:34:28.0984 5528 Kbdclass - ok
    16:34:28.0984 5528 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    16:34:29.0000 5528 kbdhid - ok
    16:34:29.0000 5528 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    16:34:29.0000 5528 kmixer - ok
    16:34:29.0046 5528 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    16:34:29.0046 5528 KSecDD - ok
    16:34:29.0093 5528 [ 8142AFBFA731ED939E506301425A2BB2 ] L6TPortB C:\WINDOWS\system32\Drivers\L6TPortB.sys
    16:34:29.0109 5528 L6TPortB - ok
    16:34:29.0140 5528 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    16:34:29.0140 5528 lanmanserver - ok
    16:34:29.0203 5528 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    16:34:29.0218 5528 lanmanworkstation - ok
    16:34:29.0218 5528 lbrtfdc - ok
    16:34:29.0265 5528 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    16:34:29.0265 5528 LmHosts - ok
    16:34:29.0265 5528 [ C518D248041C259FCFA7175C866915C3 ] LMS C:\Program Files\Intel\AMT\LMS.exe
    16:34:29.0265 5528 LMS - ok
    16:34:29.0265 5528 lvpopflt - ok
    16:34:29.0265 5528 LVUSBSta - ok
    16:34:29.0265 5528 LVUVC - ok
    16:34:29.0312 5528 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    16:34:29.0312 5528 MBAMProtector - ok
    16:34:29.0406 5528 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    16:34:29.0421 5528 MBAMScheduler - ok
    16:34:29.0468 5528 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    16:34:29.0468 5528 MBAMService - ok
    16:34:29.0546 5528 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
    16:34:29.0640 5528 McciCMService - ok
    16:34:29.0687 5528 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    16:34:29.0687 5528 mcdbus - ok
    16:34:29.0734 5528 [ 75E31D760FF9A57DA66CB2E336C40316 ] MediaCollectorService C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
    16:34:29.0750 5528 MediaCollectorService - ok
    16:34:29.0781 5528 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    16:34:29.0781 5528 Messenger - ok
    16:34:29.0812 5528 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    16:34:29.0812 5528 mnmdd - ok
    16:34:29.0859 5528 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    16:34:29.0859 5528 mnmsrvc - ok
    16:34:29.0875 5528 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    16:34:29.0875 5528 Modem - ok
    16:34:29.0890 5528 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    16:34:29.0890 5528 Mouclass - ok
    16:34:29.0937 5528 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    16:34:29.0937 5528 mouhid - ok
    16:34:29.0953 5528 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    16:34:29.0953 5528 MountMgr - ok
    16:34:30.0000 5528 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    16:34:30.0000 5528 MozillaMaintenance - ok
    16:34:30.0046 5528 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    16:34:30.0046 5528 MpFilter - ok
    16:34:30.0218 5528 [ A69630D039C38018689190234F866D77 ] MpKsl26e5846d c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E3C6135-A18C-4A7B-A630-B70D7237866C}\MpKsl26e5846d.sys
    16:34:30.0218 5528 MpKsl26e5846d - ok
    16:34:30.0218 5528 mraid35x - ok
    16:34:30.0234 5528 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    16:34:30.0234 5528 MREMP50 - ok
    16:34:30.0234 5528 MREMPR5 - ok
    16:34:30.0250 5528 MRENDIS5 - ok
    16:34:30.0250 5528 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    16:34:30.0250 5528 MRESP50 - ok
    16:34:30.0250 5528 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    16:34:30.0250 5528 MRxDAV - ok
    16:34:30.0296 5528 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    16:34:30.0296 5528 MRxSmb - ok
    16:34:30.0343 5528 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    16:34:30.0343 5528 MSDTC - ok
    16:34:30.0359 5528 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    16:34:30.0359 5528 Msfs - ok
    16:34:30.0359 5528 MSIServer - ok
    16:34:30.0406 5528 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    16:34:30.0406 5528 MSKSSRV - ok
    16:34:30.0468 5528 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    16:34:30.0468 5528 MsMpSvc - ok
    16:34:30.0484 5528 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    16:34:30.0484 5528 MSPCLOCK - ok
    16:34:30.0500 5528 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    16:34:30.0500 5528 MSPQM - ok
    16:34:30.0515 5528 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    16:34:30.0515 5528 mssmbios - ok
    16:34:30.0562 5528 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    16:34:30.0562 5528 MSTEE - ok
    16:34:30.0593 5528 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    16:34:30.0593 5528 Mup - ok
    16:34:30.0625 5528 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    16:34:30.0625 5528 NABTSFEC - ok
    16:34:30.0656 5528 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    16:34:30.0656 5528 napagent - ok
    16:34:30.0687 5528 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    16:34:30.0687 5528 NDIS - ok
    16:34:30.0703 5528 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    16:34:30.0703 5528 NdisIP - ok
    16:34:30.0734 5528 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    16:34:30.0734 5528 NdisTapi - ok
    16:34:30.0781 5528 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    16:34:30.0781 5528 Ndisuio - ok
    16:34:30.0781 5528 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    16:34:30.0781 5528 NdisWan - ok
    16:34:30.0828 5528 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    16:34:30.0828 5528 NDProxy - ok
    16:34:30.0875 5528 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    16:34:30.0875 5528 Net Driver HPZ12 - ok
    16:34:30.0921 5528 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    16:34:30.0921 5528 NetBIOS - ok
    16:34:30.0921 5528 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    16:34:30.0921 5528 NetBT - ok
    16:34:30.0968 5528 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    16:34:31.0015 5528 NetDDE - ok
    16:34:31.0015 5528 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    16:34:31.0015 5528 NetDDEdsdm - ok
    16:34:31.0046 5528 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    16:34:31.0062 5528 Netlogon - ok
    16:34:31.0062 5528 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    16:34:31.0062 5528 Netman - ok
    16:34:31.0093 5528 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    16:34:31.0109 5528 NetTcpPortSharing - ok
    16:34:31.0156 5528 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
    16:34:31.0156 5528 NetworkX - ok
    16:34:31.0203 5528 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    16:34:31.0203 5528 Nla - ok
    16:34:31.0265 5528 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
    16:34:31.0265 5528 NMSAccess - ok
    16:34:31.0312 5528 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    16:34:31.0312 5528 Npfs - ok
    16:34:31.0328 5528 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    16:34:31.0328 5528 Ntfs - ok
    16:34:31.0375 5528 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    16:34:31.0375 5528 NtLmSsp - ok
    16:34:31.0406 5528 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    16:34:31.0406 5528 NtmsSvc - ok
    16:34:31.0453 5528 [ 37BE10FF10A92031FC5A01E8363925CC ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    16:34:31.0453 5528 NuidFltr - ok
    16:34:31.0453 5528 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    16:34:31.0453 5528 Null - ok
    16:34:31.0484 5528 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    16:34:31.0484 5528 NwlnkFlt - ok
    16:34:31.0500 5528 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    16:34:31.0500 5528 NwlnkFwd - ok
    16:34:31.0609 5528 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    16:34:31.0609 5528 odserv - ok
    16:34:31.0656 5528 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:34:31.0656 5528 ose - ok
    16:34:31.0703 5528 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
    16:34:31.0703 5528 ossrv - ok
    16:34:31.0734 5528 [ DF886FFED69AEAD0CF608B89B18C3F6F ] P17 C:\WINDOWS\system32\drivers\P17.sys
    16:34:31.0734 5528 P17 - ok
    16:34:31.0781 5528 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    16:34:31.0781 5528 Parport - ok
    16:34:31.0781 5528 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    16:34:31.0781 5528 PartMgr - ok
    16:34:31.0828 5528 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    16:34:31.0828 5528 ParVdm - ok
    16:34:31.0828 5528 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    16:34:31.0828 5528 PCI - ok
    16:34:31.0828 5528 PCIDump - ok
    16:34:31.0843 5528 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    16:34:31.0843 5528 PCIIde - ok
    16:34:31.0859 5528 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    16:34:31.0859 5528 Pcmcia - ok
    16:34:31.0875 5528 PDCOMP - ok
    16:34:31.0875 5528 PDFRAME - ok
    16:34:31.0875 5528 PDRELI - ok
    16:34:31.0875 5528 PDRFRAME - ok
    16:34:31.0875 5528 perc2 - ok
    16:34:31.0875 5528 perc2hib - ok
    16:34:31.0890 5528 [ D1779C14ABB7992F5C20C262BA5C7AF2 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
    16:34:31.0890 5528 pfc - ok
    16:34:31.0921 5528 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    16:34:31.0921 5528 PlugPlay - ok
    16:34:31.0937 5528 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    16:34:31.0937 5528 Pml Driver HPZ12 - ok
    16:34:31.0968 5528 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
    16:34:31.0968 5528 Point32 - ok
    16:34:31.0968 5528 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    16:34:31.0968 5528 PolicyAgent - ok
    16:34:31.0984 5528 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    16:34:31.0984 5528 PptpMiniport - ok
    16:34:31.0984 5528 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    16:34:31.0984 5528 ProtectedStorage - ok
    16:34:31.0984 5528 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    16:34:31.0984 5528 PSched - ok
    16:34:31.0984 5528 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    16:34:31.0984 5528 Ptilink - ok
    16:34:31.0984 5528 ql1080 - ok
    16:34:32.0000 5528 Ql10wnt - ok
    16:34:32.0000 5528 ql12160 - ok
    16:34:32.0000 5528 ql1240 - ok
    16:34:32.0000 5528 ql1280 - ok
    16:34:32.0046 5528 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    16:34:32.0046 5528 RasAcd - ok
    16:34:32.0078 5528 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    16:34:32.0078 5528 RasAuto - ok
    16:34:32.0109 5528 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    16:34:32.0109 5528 Rasl2tp - ok
    16:34:32.0156 5528 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    16:34:32.0156 5528 RasMan - ok
    16:34:32.0156 5528 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    16:34:32.0156 5528 RasPppoe - ok
    16:34:32.0156 5528 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    16:34:32.0156 5528 Raspti - ok
    16:34:32.0171 5528 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    16:34:32.0171 5528 Rdbss - ok
    16:34:32.0171 5528 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    16:34:32.0171 5528 RDPCDD - ok
    16:34:32.0187 5528 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    16:34:32.0187 5528 rdpdr - ok
    16:34:32.0234 5528 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    16:34:32.0234 5528 RDPWD - ok
    16:34:32.0265 5528 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    16:34:32.0265 5528 RDSessMgr - ok
    16:34:32.0296 5528 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    16:34:32.0312 5528 redbook - ok
    16:34:32.0328 5528 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    16:34:32.0343 5528 RemoteAccess - ok
    16:34:32.0359 5528 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    16:34:32.0359 5528 RemoteRegistry - ok
    16:34:32.0390 5528 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    16:34:32.0390 5528 RpcLocator - ok
    16:34:32.0421 5528 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    16:34:32.0421 5528 RpcSs - ok
    16:34:32.0453 5528 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    16:34:32.0453 5528 RSVP - ok
    16:34:32.0484 5528 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    16:34:32.0484 5528 SamSs - ok
    16:34:32.0531 5528 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    16:34:32.0531 5528 SASDIFSV - ok
    16:34:32.0562 5528 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    16:34:32.0562 5528 SASKUTIL - ok
    16:34:32.0578 5528 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    16:34:32.0578 5528 SCardSvr - ok
    16:34:32.0609 5528 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    16:34:32.0625 5528 Schedule - ok
    16:34:32.0640 5528 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    16:34:32.0640 5528 Secdrv - ok
    16:34:32.0671 5528 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    16:34:32.0671 5528 seclogon - ok
    16:34:32.0734 5528 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
    16:34:32.0734 5528 SenFiltService - ok
    16:34:32.0734 5528 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    16:34:32.0734 5528 SENS - ok
    16:34:32.0750 5528 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    16:34:32.0750 5528 serenum - ok
    16:34:32.0750 5528 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    16:34:32.0750 5528 Serial - ok
    16:34:32.0765 5528 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    16:34:32.0765 5528 Sfloppy - ok
    16:34:32.0812 5528 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    16:34:32.0828 5528 SharedAccess - ok
    16:34:32.0828 5528 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    16:34:32.0828 5528 ShellHWDetection - ok
    16:34:32.0828 5528 Simbad - ok
    16:34:32.0890 5528 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    16:34:32.0890 5528 SkypeUpdate - ok
    16:34:32.0937 5528 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    16:34:32.0937 5528 SLIP - ok
    16:34:32.0937 5528 Sparrow - ok
    16:34:32.0968 5528 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    16:34:32.0968 5528 splitter - ok
    16:34:33.0000 5528 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    16:34:33.0000 5528 Spooler - ok
    16:34:33.0031 5528 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    16:34:33.0031 5528 sr - ok
    16:34:33.0062 5528 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    16:34:33.0062 5528 srservice - ok
    16:34:33.0109 5528 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    16:34:33.0109 5528 Srv - ok
    16:34:33.0125 5528 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    16:34:33.0125 5528 SSDPSRV - ok
    16:34:33.0156 5528 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
    16:34:33.0156 5528 StarOpen - ok
    16:34:33.0187 5528 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    16:34:33.0187 5528 stisvc - ok
    16:34:33.0203 5528 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    16:34:33.0218 5528 streamip - ok
    16:34:33.0250 5528 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    16:34:33.0250 5528 swenum - ok
    16:34:33.0250 5528 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    16:34:33.0250 5528 swmidi - ok
    16:34:33.0250 5528 SwPrv - ok
    16:34:33.0265 5528 symc810 - ok
    16:34:33.0265 5528 symc8xx - ok
    16:34:33.0265 5528 sym_hi - ok
    16:34:33.0265 5528 sym_u3 - ok
    16:34:33.0328 5528 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    16:34:33.0328 5528 sysaudio - ok
    16:34:33.0343 5528 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    16:34:33.0343 5528 SysmonLog - ok
    16:34:33.0375 5528 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    16:34:33.0375 5528 TapiSrv - ok
    16:34:33.0421 5528 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    16:34:33.0421 5528 Tcpip - ok
    16:34:33.0453 5528 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    16:34:33.0453 5528 TDPIPE - ok
    16:34:33.0453 5528 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    16:34:33.0453 5528 TDTCP - ok
    16:34:33.0484 5528 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    16:34:33.0484 5528 TermDD - ok
    16:34:33.0484 5528 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    16:34:33.0500 5528 TermService - ok
    16:34:33.0500 5528 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    16:34:33.0515 5528 Themes - ok
    16:34:33.0546 5528 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    16:34:33.0578 5528 TlntSvr - ok
    16:34:33.0578 5528 TosIde - ok
    16:34:33.0609 5528 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    16:34:33.0609 5528 TrkWks - ok
    16:34:33.0640 5528 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    16:34:33.0640 5528 Udfs - ok
    16:34:33.0640 5528 ultra - ok
    16:34:33.0718 5528 [ 0558985BD646203DF5F36BF0FBD241A3 ] UNS C:\Program Files\Intel\AMT\UNS.exe
    16:34:33.0718 5528 UNS - ok
    16:34:33.0750 5528 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    16:34:33.0750 5528 Update - ok
    16:34:33.0781 5528 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    16:34:33.0781 5528 upnphost - ok
    16:34:33.0781 5528 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    16:34:33.0796 5528 UPS - ok
    16:34:33.0828 5528 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    16:34:33.0828 5528 USBAAPL - ok
    16:34:33.0859 5528 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    16:34:33.0859 5528 usbaudio - ok
    16:34:33.0890 5528 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    16:34:33.0890 5528 usbccgp - ok
    16:34:33.0937 5528 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    16:34:33.0937 5528 usbehci - ok
    16:34:33.0953 5528 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    16:34:33.0953 5528 usbhub - ok
    16:34:33.0953 5528 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    16:34:33.0953 5528 usbprint - ok
    16:34:34.0000 5528 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    16:34:34.0000 5528 usbscan - ok
    16:34:34.0031 5528 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    16:34:34.0031 5528 USBSTOR - ok
    16:34:34.0031 5528 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    16:34:34.0031 5528 usbuhci - ok
    16:34:34.0062 5528 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    16:34:34.0062 5528 VgaSave - ok
    16:34:34.0062 5528 ViaIde - ok
    16:34:34.0078 5528 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    16:34:34.0078 5528 VolSnap - ok
    16:34:34.0125 5528 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    16:34:34.0125 5528 VSS - ok
    16:34:34.0140 5528 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    16:34:34.0140 5528 W32Time - ok
    16:34:34.0140 5528 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    16:34:34.0140 5528 Wanarp - ok
    16:34:34.0234 5528 [ 78FAC39D52FD2FC169971986079270DA ] WDBtnMgrSvc.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    16:34:34.0250 5528 WDBtnMgrSvc.exe - ok
    16:34:34.0312 5528 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    16:34:34.0312 5528 Wdf01000 - ok
    16:34:34.0312 5528 WDICA - ok
    16:34:34.0328 5528 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    16:34:34.0328 5528 wdmaud - ok
    16:34:34.0375 5528 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    16:34:34.0375 5528 WebClient - ok
    16:34:34.0437 5528 [ 9CBB79BF4786D141096FCDFB2B831690 ] WHSConnector C:\Program Files\Windows Home Server\WHSConnector.exe
    16:34:34.0437 5528 WHSConnector - ok
    16:34:34.0546 5528 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    16:34:34.0546 5528 winmgmt - ok
    16:34:34.0593 5528 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    16:34:34.0687 5528 WinRM - ok
    16:34:34.0718 5528 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    16:34:34.0718 5528 WmdmPmSN - ok
    16:34:34.0765 5528 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    16:34:34.0781 5528 Wmi - ok
    16:34:34.0812 5528 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    16:34:34.0812 5528 WmiApSrv - ok
    16:34:34.0875 5528 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    16:34:35.0078 5528 WMPNetworkSvc - ok
    16:34:35.0156 5528 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    16:34:35.0156 5528 WPFFontCache_v0400 - ok
    16:34:35.0203 5528 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    16:34:35.0203 5528 wscsvc - ok
    16:34:35.0203 5528 WSearch - ok
    16:34:35.0250 5528 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    16:34:35.0250 5528 WSTCODEC - ok
    16:34:35.0265 5528 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    16:34:35.0265 5528 wuauserv - ok
    16:34:35.0296 5528 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    16:34:35.0296 5528 WudfPf - ok
    16:34:35.0312 5528 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    16:34:35.0312 5528 WudfRd - ok
    16:34:35.0312 5528 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    16:34:35.0328 5528 WudfSvc - ok
    16:34:35.0359 5528 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    16:34:35.0375 5528 WZCSVC - ok
    16:34:35.0421 5528 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    16:34:35.0421 5528 x10nets - ok
    16:34:35.0437 5528 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    16:34:35.0453 5528 xmlprov - ok
    16:34:35.0515 5528 [ 65DF135CBD6B061309D95B570B27FD10 ] XobniService C:\Program Files\Xobni\XobniService.exe
    16:34:35.0531 5528 XobniService - ok
    16:34:35.0531 5528 ================ Scan global ===============================
    16:34:35.0578 5528 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    16:34:35.0625 5528 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    16:34:35.0640 5528 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    16:34:35.0656 5528 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    16:34:35.0656 5528 [Global] - ok
    16:34:35.0656 5528 ================ Scan MBR ==================================
    16:34:35.0671 5528 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    16:34:35.0843 5528 \Device\Harddisk0\DR0 - ok
    16:34:35.0843 5528 ================ Scan VBR ==================================
    16:34:35.0843 5528 [ 5B7CC66F48B49C97E9E48DCD09BF2C93 ] \Device\Harddisk0\DR0\Partition1
    16:34:35.0843 5528 \Device\Harddisk0\DR0\Partition1 - ok
    16:34:35.0843 5528 ============================================================
    16:34:35.0843 5528 Scan finished
    16:34:35.0843 5528 ============================================================
    16:34:35.0859 5536 Detected object count: 0
    16:34:35.0859 5536 Actual detected object count: 0
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    Please download aswMBR.exe and save it to your desktop.

    Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

    Click Scan.

    Upon completion of the scan, click Save log then save it to your desktop and post that log in your next reply for review.
    Note - do NOT attempt any Fix yet.
     
  14. bsacco

    bsacco Thread Starter

    Joined:
    Jun 11, 2003
    Messages:
    854
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-02-08 18:32:08
    -----------------------------
    18:32:08.765 OS Version: Windows 5.1.2600 Service Pack 3
    18:32:08.765 Number of processors: 2 586 0x1706
    18:32:08.765 ComputerName: BS-TOWER UserName: bsacco
    18:32:09.937 Initialize success
    18:34:32.796 AVAST engine defs: 13020801
    18:35:03.734 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
    18:36:23.562 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\Downloads\aswMBR.txt"
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,270
    That's not a full log. It doesn't look like the tool ran properly. Can you try again please?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088615

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice