Inactive [A] Think I got malware off my system but safe mode doesn't work

Status
Not open for further replies.

jbmorgan

Posts: 81   +0
I have a strange situation. Earlier today I went to a bad Web site and got hit with the "System Cleaner" malware, which tried to convince me that the U.S. government had seized my computer and that I had to pay $200 to get it back. I tried to restart my system (a 3.5-year-old eee PC) in safe mode, but every time I did I would get an error message telling me that Windows couldn't be started. I finally just rebooted normally and managed to fight my way into Malwarebytes and run a scan. It found three malicious objects and removed them. After that, when I restarted my system, everything seemed to be fine. I even rescanned my system, both with Malwarebytes and my virus protection, and they found nothing. But just out of curiosity, I tried restarting my system in safe mode again to see what would happen, and sure enough, I got the same error message. But everything is fine when I boot normally. Is this some remnant of the infection? Or is it possible that I have some deeper issue with my computer - I probably haven't started it in safe mode for nearly a year?
 
Hello again, Broni,

Yes, same one, although the external drive that I was talking about in that thread has been toast for a while...this is just my computer itself that is affected.
 
You've been here before so you should know the drill.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
John B. Morgan IV :: ATHENA [administrator]

10/6/2012 9:58:29 PM
mbam-log-2012-10-06 (21-58-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237695
Time elapsed: 30 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Broni, I ran GMER, but after it ran for several hours, my system crashed and I got a blue alert screen. When I restarted, my IDE controllers had been thrown into PIO mode, and I had to uninstall the drivers to get them back into DMA (which did work, fortunately). I'm not certain what to do next but I really don't want to have that happen again.
 
Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by John B. Morgan IV at 1:01:27 on 2012-10-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.798 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.integraltradition.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: {8C5AD199-66D9-4CEA-849D-A72C81DA26F3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
mRun: [<NO NAME>]
mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\johnb~1.mor\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\john b. morgan iv\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\register.lnk - c:\program files\azurebay\azurebay screen saver\Register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wpchan~1.lnk - c:\program files\azurebay\azurebay screen saver\WPChanger.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849575053
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263849552381
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\john b. morgan iv\application data\mozilla\firefox\profiles\wlrr7xnj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.arktos.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----

.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 193552]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-10-15 136192]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\hp\hp laserjet m1210 mfp series\ReceiveFaxUtility.exe [2010-5-11 247352]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-2-17 99896]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-12-31 9216]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-1-31 72832]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 80000]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-1-31 102784]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [2012-2-17 13824]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2012-1-31 85632]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2012-1-31 51456]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2012-1-31 26496]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-5-17 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-10 114144]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2012-2-17 17408]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-4-30 18432]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vodafone_zte_cdc_acm;Vodafone Vodafone ZTE CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_zte_cdc_acm.sys [2011-5-20 67968]
S3 vodafone_zte_cdc_ecm;vodafone_zte_cdc_ecm;c:\windows\system32\drivers\vodafone_zte_cdc_ecm.sys [2011-5-20 32768]
S3 vodafone_zte_cpo;Vodafone Vodafone ZTE Install;c:\windows\system32\drivers\vodafone_zte_cpo.sys [2011-5-20 9984]
S3 vodafone_zte_ecm_enum;Vodafone Vodafone ZTE DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_zte_ecm_enum.sys [2011-5-20 47488]
S3 vodafone_zte_ecm_enum_filter;vodafone_zte_ecm_enum_filter;c:\windows\system32\drivers\vodafone_zte_ecm_enum_filter.sys [2011-5-20 47488]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2011-5-16 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-5-16 105856]
.
=============== Created Last 30 ================
.
2012-10-07 16:31:51 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61b64a43-453c-4ca5-9342-fefa6d72e183}\mpengine.dll
2012-10-07 07:10:52 6980552 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-05 18:46:47 -------- d-----w- c:\program files\common files\xing shared
2012-10-05 18:45:08 129176 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-10-04 17:42:24 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-10-04 17:42:24 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-09-21 00:16:02 -------- d-----w- c:\documents and settings\john b. morgan iv\local settings\application data\TNT2
2012-09-16 14:05:35 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
.
==================== Find3M ====================
.
2012-10-05 18:44:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-10-05 18:44:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-24 06:52:19 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 06:52:17 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-05-23 14:37:19 52355 ----a-w- c:\program files\common files\OnlineFilesManager.dll
2010-04-23 15:27:35 190464 ----a-w- c:\program files\common files\OnlineFilesManager.dll.old
.
============= FINISH: 1:03:42.07 ===============
 
Here it is:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/2/2010 1:37:34 PM
System Uptime: 10/7/2012 3:41:12 PM (10 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1000H
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 80 GiB total, 9.668 GiB free.
D: is FIXED (NTFS) - 61 GiB total, 23.131 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 7.72 GiB free.
G: is FIXED (NTFS) - 932 GiB total, 284.159 GiB free.
I: is FIXED (FAT32) - 233 GiB total, 8.192 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_83241043&REV_B0\4&23C6FC68&0&00E1
Manufacturer: Atheros
Name: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_83241043&REV_B0\4&23C6FC68&0&00E1
Service: L1e
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5007EG Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&37028E5F&0&00E3
Manufacturer: Atheros
Name: Atheros AR5007EG Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&37028E5F&0&00E3
Service: AR5211
.
Class GUID:
Description:
Device ID: ROOT\MS_PSCHEDMP\0003
Manufacturer:
Name:
PNP Device ID: ROOT\MS_PSCHEDMP\0003
Service:
.
Class GUID:
Description:
Device ID: ROOT\MS_PSCHEDMP\0004
Manufacturer:
Name:
PNP Device ID: ROOT\MS_PSCHEDMP\0004
Service:
.
==== System Restore Points ===================
.
RP606: 7/11/2012 5:17:49 PM - Software Distribution Service 3.0
RP607: 7/13/2012 3:43:53 PM - System Checkpoint
RP608: 7/13/2012 5:19:00 PM - Software Distribution Service 3.0
RP609: 7/15/2012 10:45:03 AM - Software Distribution Service 3.0
RP610: 7/16/2012 3:41:01 PM - Software Distribution Service 3.0
RP611: 7/17/2012 4:42:45 PM - System Checkpoint
RP612: 7/17/2012 4:46:32 PM - Software Distribution Service 3.0
RP613: 7/18/2012 4:46:27 PM - Software Distribution Service 3.0
RP614: 7/19/2012 5:14:56 PM - Software Distribution Service 3.0
RP615: 7/20/2012 6:07:01 PM - Software Distribution Service 3.0
RP616: 7/21/2012 7:27:04 PM - Software Distribution Service 3.0
RP617: 7/22/2012 11:41:27 PM - Software Distribution Service 3.0
RP618: 7/24/2012 10:12:38 AM - Software Distribution Service 3.0
RP619: 7/26/2012 5:21:19 PM - Software Distribution Service 3.0
RP620: 7/27/2012 5:31:34 PM - Software Distribution Service 3.0
RP621: 7/28/2012 6:09:15 PM - Software Distribution Service 3.0
RP622: 7/29/2012 9:29:45 PM - System Checkpoint
RP623: 7/31/2012 1:26:16 PM - System Checkpoint
RP624: 8/1/2012 2:43:32 PM - System Checkpoint
RP625: 8/1/2012 4:01:17 PM - Software Distribution Service 3.0
RP626: 8/2/2012 8:35:47 PM - System Checkpoint
RP627: 8/3/2012 3:37:32 PM - Software Distribution Service 3.0
RP628: 8/5/2012 7:20:04 PM - Software Distribution Service 3.0
RP629: 8/6/2012 5:27:01 PM - Software Distribution Service 3.0
RP630: 8/7/2012 5:27:26 PM - Software Distribution Service 3.0
RP631: 8/8/2012 5:45:32 PM - Software Distribution Service 3.0
RP632: 8/9/2012 6:32:22 PM - System Checkpoint
RP633: 8/9/2012 11:45:05 PM - Software Distribution Service 3.0
RP634: 8/10/2012 5:34:04 PM - Software Distribution Service 3.0
RP635: 8/12/2012 12:09:13 AM - Software Distribution Service 3.0
RP636: 8/13/2012 4:24:13 PM - Software Distribution Service 3.0
RP637: 8/14/2012 5:25:47 PM - Software Distribution Service 3.0
RP638: 8/15/2012 5:31:22 PM - Software Distribution Service 3.0
RP639: 8/16/2012 2:01:29 AM - Software Distribution Service 3.0
RP640: 8/16/2012 5:01:45 PM - Software Distribution Service 3.0
RP641: 8/17/2012 4:58:14 PM - Software Distribution Service 3.0
RP642: 8/18/2012 11:19:45 PM - Software Distribution Service 3.0
RP643: 8/19/2012 5:00:52 PM - Software Distribution Service 3.0
RP644: 8/20/2012 4:59:02 PM - Software Distribution Service 3.0
RP645: 8/21/2012 7:15:29 PM - Software Distribution Service 3.0
RP646: 8/22/2012 7:50:03 PM - Software Distribution Service 3.0
RP647: 8/24/2012 2:57:42 AM - Software Distribution Service 3.0
RP648: 8/27/2012 2:43:31 AM - Software Distribution Service 3.0
RP649: 8/27/2012 7:46:29 PM - Software Distribution Service 3.0
RP650: 8/29/2012 2:16:52 AM - Software Distribution Service 3.0
RP651: 8/30/2012 2:51:47 AM - Software Distribution Service 3.0
RP652: 8/31/2012 2:21:33 PM - Software Distribution Service 3.0
RP653: 9/1/2012 3:48:24 PM - System Checkpoint
RP654: 9/1/2012 8:44:14 PM - Software Distribution Service 3.0
RP655: 9/2/2012 10:28:49 PM - System Checkpoint
RP656: 9/3/2012 2:01:34 AM - Software Distribution Service 3.0
RP657: 9/3/2012 4:44:51 PM - Software Distribution Service 3.0
RP658: 9/4/2012 7:37:44 PM - Software Distribution Service 3.0
RP659: 9/5/2012 4:51:00 PM - Software Distribution Service 3.0
RP660: 9/6/2012 10:35:55 PM - Software Distribution Service 3.0
RP661: 9/7/2012 4:53:01 PM - Software Distribution Service 3.0
RP662: 9/8/2012 5:18:37 PM - Software Distribution Service 3.0
RP663: 9/9/2012 6:23:11 PM - Software Distribution Service 3.0
RP664: 9/10/2012 6:47:32 PM - Software Distribution Service 3.0
RP665: 9/11/2012 4:48:01 PM - Software Distribution Service 3.0
RP666: 9/12/2012 4:49:36 PM - Software Distribution Service 3.0
RP667: 9/13/2012 10:54:05 AM - Software Distribution Service 3.0
RP668: 9/13/2012 6:14:07 PM - Software Distribution Service 3.0
RP669: 9/14/2012 4:56:41 PM - Software Distribution Service 3.0
RP670: 9/15/2012 7:46:18 PM - Software Distribution Service 3.0
RP671: 9/16/2012 7:55:34 PM - System Checkpoint
RP672: 9/17/2012 9:43:43 AM - Software Distribution Service 3.0
RP673: 9/18/2012 10:41:04 AM - Software Distribution Service 3.0
RP674: 9/19/2012 11:16:29 PM - Software Distribution Service 3.0
RP675: 9/20/2012 11:45:00 PM - System Checkpoint
RP676: 9/21/2012 11:11:02 AM - Software Distribution Service 3.0
RP677: 9/22/2012 12:13:17 PM - System Checkpoint
RP678: 9/22/2012 7:58:52 PM - Software Distribution Service 3.0
RP679: 9/23/2012 2:00:31 AM - Software Distribution Service 3.0
RP680: 9/24/2012 12:32:31 PM - Software Distribution Service 3.0
RP681: 9/25/2012 3:20:45 AM - Software Distribution Service 3.0
RP682: 9/26/2012 9:51:49 AM - Software Distribution Service 3.0
RP683: 9/27/2012 10:39:55 AM - Software Distribution Service 3.0
RP684: 9/27/2012 10:56:24 AM - Software Distribution Service 3.0
RP685: 9/28/2012 3:04:45 AM - Software Distribution Service 3.0
RP686: 9/29/2012 12:04:52 PM - Software Distribution Service 3.0
RP687: 9/30/2012 3:27:25 AM - Software Distribution Service 3.0
RP688: 10/1/2012 2:54:38 AM - Software Distribution Service 3.0
RP689: 10/2/2012 11:29:28 AM - Software Distribution Service 3.0
RP690: 10/3/2012 12:20:44 PM - Software Distribution Service 3.0
RP691: 10/4/2012 3:15:23 PM - System Checkpoint
RP692: 10/4/2012 7:21:56 PM - Software Distribution Service 3.0
RP693: 10/5/2012 3:05:40 AM - Software Distribution Service 3.0
RP694: 10/6/2012 3:43:11 AM - Software Distribution Service 3.0
RP695: 10/7/2012 12:31:39 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
µTorrent
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe InDesign CS5
Adobe Media Player
Adobe Photoshop 7.0
Adobe Reader X (10.1.4)
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUSUpdate for Eee PC
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AzureBay Screen Saver
Azurewave Wireless LAN
Bonjour
Canon MP140 series
Canon PowerShot A40 WIA Driver
Compatibility Pack for the 2007 Office system
ContentSAFER for Wizmax
DJ_SF_05_D2600_Software_Min
Dropbox
EasyBits GO
Eee Instant Key
Eee Storage 1.1.15.197
ESET Online Scanner v3
ETDWare PS/2-x86 7.0.3.8 WHQL
foobar2000 v1.1.4
Google Books Uploader (Java Edition)
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet D2600 Printer Driver 14.0 Rel. 5
HP LaserJet Professional M1130-M1210 MFP Series
HP LaserJet Professional M1210 MFP Series Fax Installer
HP LaserJet Professional M1210 MFP Series Toolbox
HP LaserJet Toolbox
hppLaserJetService
hppM1130M1210SeriesLaserJetService
hppusgM1130M1210Series
HPSSupply
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java(TM) 6 Update 26
Kernel for Outlook Evaluation ver 7.05.01
Key Folder
Kindle PC Converter
Malwarebytes Anti-Malware version 1.65.0.1400
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
PDF Settings CS5
Performance Solution Brincome.
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Safari
Scan To
Seagate Manager Installer
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype web features
Skype™ 5.10
Stellar Phoenix Windows Data Recovery
Super Hybrid Engine
The Rosetta Stone
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.0.0
Vodafone Mobile Broadband Lite
WebFldrs XP
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinUAE 2.3.3
WinZip 16.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
10/7/2012 4:05:34 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the HPM1210RcvFaxSrvc service.
10/7/2012 3:11:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
10/7/2012 3:11:30 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/7/2012 3:11:30 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
10/7/2012 12:40:03 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
10/7/2012 12:39:01 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/6/2012 8:44:27 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

==============================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
TDSKiller log:

13:33:31.0046 0760 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:33:31.0375 0760 ============================================================
13:33:31.0375 0760 Current date / time: 2012/10/08 13:33:31.0375
13:33:31.0375 0760 SystemInfo:
13:33:31.0375 0760
13:33:31.0375 0760 OS Version: 5.1.2600 ServicePack: 3.0
13:33:31.0375 0760 Product type: Workstation
13:33:31.0375 0760 ComputerName: ATHENA
13:33:31.0375 0760 UserName: John B. Morgan IV
13:33:31.0375 0760 Windows directory: C:\WINDOWS
13:33:31.0375 0760 System windows directory: C:\WINDOWS
13:33:31.0375 0760 Processor architecture: Intel x86
13:33:31.0375 0760 Number of processors: 2
13:33:31.0375 0760 Page size: 0x1000
13:33:31.0375 0760 Boot type: Normal boot
13:33:31.0375 0760 ============================================================
13:33:35.0781 0760 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:33:41.0281 0760 Drive \Device\Harddisk1\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:33:41.0281 0760 Drive \Device\Harddisk1\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:33:43.0421 0760 Drive \Device\Harddisk2\DR11 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:33:43.0437 0760 ============================================================
13:33:43.0437 0760 \Device\Harddisk0\DR0:
13:33:43.0468 0760 MBR partitions:
13:33:43.0468 0760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9FFAC0B
13:33:43.0468 0760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9FFAC4A, BlocksNum 0x7A65CF5
13:33:44.0312 0760 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11A6097E, BlocksNum 0xFA477E
13:33:44.0312 0760 \Device\Harddisk1\DR5:
13:33:44.0312 0760 MBR partitions:
13:33:44.0312 0760 \Device\Harddisk1\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0
13:33:44.0312 0760 \Device\Harddisk1\DR5:
13:33:44.0312 0760 MBR partitions:
13:33:44.0312 0760 \Device\Harddisk1\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0
13:33:44.0312 0760 \Device\Harddisk2\DR11:
13:33:44.0312 0760 MBR partitions:
13:33:44.0312 0760 \Device\Harddisk2\DR11\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
13:33:44.0312 0760 ============================================================
13:33:44.0843 0760 C: <-> \Device\Harddisk0\DR0\Partition1
13:33:44.0906 0760 D: <-> \Device\Harddisk0\DR0\Partition2
13:33:44.0984 0760 E: <-> \Device\Harddisk0\DR0\Partition3
13:33:45.0062 0760 G: <-> \Device\Harddisk1\DR5\Partition1
13:33:45.0062 0760 I: <-> \Device\Harddisk2\DR11\Partition1
13:33:45.0062 0760 ============================================================
13:33:45.0062 0760 Initialize success
13:33:45.0062 0760 ============================================================
13:34:28.0593 8036 ============================================================
13:34:28.0593 8036 Scan started
13:34:28.0593 8036 Mode: Manual;
13:34:28.0593 8036 ============================================================
13:34:30.0281 8036 ================ Scan system memory ========================
13:34:30.0281 8036 System memory - ok
13:34:30.0281 8036 ================ Scan services =============================
13:34:30.0421 8036 Abiosdsk - ok
13:34:30.0453 8036 abp480n5 - ok
13:34:30.0531 8036 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:34:30.0531 8036 ACPI - ok
13:34:30.0593 8036 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:34:30.0593 8036 ACPIEC - ok
13:34:30.0609 8036 adfs - ok
13:34:30.0640 8036 adpu160m - ok
13:34:30.0671 8036 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:34:30.0687 8036 aec - ok
13:34:30.0750 8036 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:34:30.0750 8036 AFD - ok
13:34:30.0781 8036 Aha154x - ok
13:34:30.0796 8036 aic78u2 - ok
13:34:30.0828 8036 aic78xx - ok
13:34:30.0875 8036 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:34:30.0906 8036 Alerter - ok
13:34:30.0953 8036 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:34:30.0953 8036 ALG - ok
13:34:30.0968 8036 AliIde - ok
13:34:31.0000 8036 amsint - ok
13:34:31.0140 8036 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:34:31.0140 8036 Apple Mobile Device - ok
13:34:31.0156 8036 AppMgmt - ok
13:34:31.0250 8036 [ 6D5F95602B8D0D994D31A864872B38EF ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
13:34:31.0296 8036 AR5211 - ok
13:34:31.0312 8036 asc - ok
13:34:31.0328 8036 asc3350p - ok
13:34:31.0359 8036 asc3550 - ok
13:34:31.0500 8036 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:34:31.0531 8036 aspnet_state - ok
13:34:31.0578 8036 [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
13:34:31.0578 8036 AsusACPI - ok
13:34:31.0625 8036 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:34:31.0625 8036 AsyncMac - ok
13:34:31.0656 8036 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:34:31.0656 8036 atapi - ok
13:34:31.0687 8036 Atdisk - ok
13:34:31.0718 8036 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:34:31.0734 8036 Atmarpc - ok
13:34:31.0781 8036 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:34:31.0796 8036 AudioSrv - ok
13:34:31.0828 8036 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:34:31.0828 8036 audstub - ok
13:34:31.0890 8036 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:34:31.0890 8036 Beep - ok
13:34:31.0953 8036 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:34:32.0015 8036 BITS - ok
13:34:32.0109 8036 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:34:32.0125 8036 Bonjour Service - ok
13:34:32.0171 8036 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:34:32.0171 8036 Browser - ok
13:34:32.0187 8036 catchme - ok
13:34:32.0234 8036 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:34:32.0250 8036 cbidf2k - ok
13:34:32.0281 8036 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:34:32.0281 8036 CCDECODE - ok
13:34:32.0312 8036 cd20xrnt - ok
13:34:32.0359 8036 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:34:32.0375 8036 Cdaudio - ok
13:34:32.0421 8036 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:34:32.0421 8036 Cdfs - ok
13:34:32.0453 8036 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:34:32.0453 8036 Cdrom - ok
13:34:32.0484 8036 [ 2A5815CA6FFF24B688C01F828B96819C ] Changer C:\WINDOWS\system32\drivers\Changer.sys
13:34:32.0484 8036 Changer - ok
13:34:32.0546 8036 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:34:32.0546 8036 CiSvc - ok
13:34:32.0593 8036 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:34:32.0609 8036 ClipSrv - ok
13:34:32.0671 8036 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:34:32.0765 8036 clr_optimization_v2.0.50727_32 - ok
13:34:32.0812 8036 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:34:32.0812 8036 CmBatt - ok
13:34:32.0828 8036 CmdIde - ok
13:34:32.0859 8036 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:34:32.0859 8036 Compbatt - ok
13:34:32.0890 8036 COMSysApp - ok
13:34:32.0937 8036 Cpqarray - ok
13:34:32.0953 8036 Crypkey License - ok
13:34:33.0000 8036 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:34:33.0000 8036 CryptSvc - ok
13:34:33.0031 8036 dac2w2k - ok
13:34:33.0046 8036 dac960nt - ok
13:34:33.0093 8036 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:34:33.0109 8036 DcomLaunch - ok
13:34:33.0156 8036 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:34:33.0234 8036 Dhcp - ok
13:34:33.0265 8036 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:34:33.0265 8036 Disk - ok
13:34:33.0281 8036 dmadmin - ok
13:34:33.0359 8036 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:34:33.0437 8036 dmboot - ok
13:34:33.0468 8036 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:34:33.0484 8036 dmio - ok
13:34:33.0515 8036 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:34:33.0515 8036 dmload - ok
13:34:33.0578 8036 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:34:33.0578 8036 dmserver - ok
13:34:33.0640 8036 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:34:33.0656 8036 DMusic - ok
13:34:33.0781 8036 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:34:33.0781 8036 Dnscache - ok
13:34:33.0828 8036 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:34:33.0843 8036 Dot3svc - ok
13:34:33.0875 8036 dpti2o - ok
13:34:33.0906 8036 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:34:33.0906 8036 drmkaud - ok
13:34:33.0937 8036 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:34:33.0953 8036 EapHost - ok
13:34:34.0015 8036 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:34:34.0015 8036 ERSvc - ok
13:34:34.0062 8036 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:34:34.0062 8036 Eventlog - ok
13:34:34.0125 8036 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:34:34.0125 8036 EventSystem - ok
13:34:34.0203 8036 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
13:34:34.0218 8036 ew_hwusbdev - ok
13:34:34.0250 8036 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:34:34.0250 8036 Fastfat - ok
13:34:34.0281 8036 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:34:34.0296 8036 FastUserSwitchingCompatibility - ok
13:34:34.0328 8036 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:34:34.0328 8036 Fdc - ok
13:34:34.0375 8036 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:34:34.0375 8036 Fips - ok
13:34:34.0406 8036 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:34:34.0421 8036 Flpydisk - ok
13:34:34.0515 8036 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:34:34.0515 8036 FltMgr - ok
13:34:34.0640 8036 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:34:34.0640 8036 FontCache3.0.0.0 - ok
13:34:34.0796 8036 [ 81B4A2C6C9BD17FFB6031A0A61C09764 ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
13:34:34.0796 8036 FreeAgentGoNext Service - ok
13:34:34.0859 8036 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:34:34.0859 8036 Fs_Rec - ok
13:34:34.0921 8036 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:34:34.0921 8036 Ftdisk - ok
13:34:34.0968 8036 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:34:34.0968 8036 GEARAspiWDM - ok
13:34:35.0015 8036 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:34:35.0062 8036 Gpc - ok
13:34:35.0125 8036 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:34:35.0140 8036 gupdate - ok
13:34:35.0171 8036 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:34:35.0171 8036 gupdatem - ok
13:34:35.0234 8036 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:34:35.0250 8036 HDAudBus - ok
13:34:35.0343 8036 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:34:35.0343 8036 helpsvc - ok
13:34:35.0390 8036 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:34:35.0390 8036 HidServ - ok
13:34:35.0437 8036 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:34:35.0437 8036 HidUsb - ok
13:34:35.0484 8036 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:34:35.0484 8036 hkmsvc - ok
13:34:35.0593 8036 [ F90DD89E8A482AC976DD4E1029802E49 ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
13:34:35.0718 8036 HP LaserJet Service - ok
13:34:35.0765 8036 [ 7330493E27AF4DC73DE0F3293E8B5514 ] HP1210FAX C:\WINDOWS\system32\Drivers\HPM1210FAX.sys
13:34:35.0781 8036 HP1210FAX - ok
13:34:35.0843 8036 [ 1451AB76D18AF31D9BE3176FC90F58D1 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
13:34:35.0859 8036 HPM1210RcvFaxSrvc - ok
13:34:35.0875 8036 hpn - ok
13:34:35.0937 8036 [ 68C0BCE605769DA12996F653AF4CC1F5 ] HPSIService C:\WINDOWS\system32\HPSIsvc.exe
13:34:35.0937 8036 HPSIService - ok
13:34:36.0000 8036 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:34:36.0109 8036 HPZid412 - ok
13:34:36.0171 8036 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:34:36.0250 8036 HPZipr12 - ok
13:34:36.0312 8036 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:34:36.0359 8036 HPZius12 - ok
13:34:36.0406 8036 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:34:36.0406 8036 HTTP - ok
13:34:36.0453 8036 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:34:36.0468 8036 HTTPFilter - ok
13:34:36.0546 8036 [ 6723835670A746EB97CB932F61151169 ] huawei_cdcacm C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
13:34:36.0546 8036 huawei_cdcacm - ok
13:34:36.0562 8036 [ 132AF7D47704801F7AF5BAFCC623825C ] huawei_cdcecm C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys
13:34:36.0562 8036 huawei_cdcecm - ok
13:34:36.0609 8036 [ 2F23ABA465B24A57E8664A124A53CC15 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
13:34:36.0625 8036 huawei_enumerator - ok
13:34:36.0656 8036 [ 50A16E0F4586338F1114A54C906463B5 ] huawei_ext_ctrl C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys
13:34:36.0656 8036 huawei_ext_ctrl - ok
13:34:36.0718 8036 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
13:34:36.0718 8036 i2omgmt - ok
13:34:36.0734 8036 i2omp - ok
13:34:36.0765 8036 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:34:36.0765 8036 i8042prt - ok
13:34:36.0984 8036 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:34:37.0140 8036 ialm - ok
13:34:37.0281 8036 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:34:37.0312 8036 idsvc - ok
13:34:37.0359 8036 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:34:37.0359 8036 Imapi - ok
13:34:37.0406 8036 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:34:37.0406 8036 ImapiService - ok
13:34:37.0453 8036 ini910u - ok
13:34:37.0625 8036 [ C73A4A48FBB3D00C7DBC6FE4F5E3675F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:34:37.0765 8036 IntcAzAudAddService - ok
13:34:37.0781 8036 IntelIde - ok
13:34:37.0843 8036 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:34:37.0843 8036 intelppm - ok
13:34:37.0875 8036 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:34:37.0875 8036 Ip6Fw - ok
13:34:37.0890 8036 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:34:37.0906 8036 IpFilterDriver - ok
13:34:37.0921 8036 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:34:37.0921 8036 IpInIp - ok
13:34:37.0953 8036 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:34:37.0968 8036 IpNat - ok
13:34:38.0046 8036 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:34:38.0078 8036 iPod Service - ok
13:34:38.0125 8036 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:34:38.0140 8036 IPSec - ok
13:34:38.0171 8036 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:34:38.0171 8036 IRENUM - ok
13:34:38.0203 8036 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:34:38.0203 8036 isapnp - ok
13:34:38.0265 8036 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
13:34:38.0265 8036 IviRegMgr - ok
13:34:38.0312 8036 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:34:38.0312 8036 Kbdclass - ok
13:34:38.0328 8036 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:34:38.0343 8036 kbdhid - ok
13:34:38.0359 8036 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:34:38.0359 8036 kmixer - ok
13:34:38.0406 8036 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:34:38.0406 8036 KSecDD - ok
13:34:38.0437 8036 [ 6E775ADE642556C6D43450D16D763FC2 ] Ktp C:\WINDOWS\system32\DRIVERS\ETD.sys
13:34:38.0437 8036 Ktp - ok
13:34:38.0484 8036 [ 303627228DD739D98289679901A38C8F ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
13:34:38.0484 8036 L1e - ok
13:34:38.0531 8036 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:34:38.0531 8036 LanmanServer - ok
13:34:38.0578 8036 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:34:38.0593 8036 lanmanworkstation - ok
13:34:38.0609 8036 [ 406598827A1B5F77954DE11DDE115CED ] lbrtfdc C:\WINDOWS\system32\drivers\lbrtfdc.sys
13:34:38.0609 8036 lbrtfdc - ok
13:34:38.0671 8036 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:34:38.0750 8036 LmHosts - ok
13:34:38.0796 8036 [ 8D9C68FA8B7FBE0E225BDE0BBCD8CE9B ] massfilter C:\WINDOWS\system32\DRIVERS\massfilter.sys
13:34:38.0812 8036 massfilter - ok
13:34:38.0843 8036 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:34:38.0843 8036 Messenger - ok
13:34:38.0968 8036 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:34:38.0968 8036 Microsoft Office Groove Audit Service - ok
13:34:39.0015 8036 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:34:39.0015 8036 mnmdd - ok
13:34:39.0062 8036 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:34:39.0062 8036 mnmsrvc - ok
13:34:39.0109 8036 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:34:39.0125 8036 Modem - ok
13:34:39.0156 8036 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:34:39.0171 8036 Mouclass - ok
13:34:39.0218 8036 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:34:39.0234 8036 mouhid - ok
13:34:39.0265 8036 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:34:39.0265 8036 MountMgr - ok
13:34:39.0312 8036 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:34:39.0328 8036 MozillaMaintenance - ok
13:34:39.0375 8036 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:34:39.0375 8036 MpFilter - ok
13:34:39.0578 8036 [ A69630D039C38018689190234F866D77 ] MpKsl93b71f2b C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E34E295A-CD7C-4159-BAB0-E1AB6793CEE7}\MpKsl93b71f2b.sys
13:34:39.0578 8036 MpKsl93b71f2b - ok
13:34:39.0593 8036 mraid35x - ok
13:34:39.0625 8036 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:34:39.0640 8036 MRxDAV - ok
13:34:39.0703 8036 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:34:39.0703 8036 MRxSmb - ok
13:34:39.0750 8036 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:34:39.0765 8036 MSDTC - ok
13:34:39.0796 8036 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:34:39.0796 8036 Msfs - ok
13:34:39.0812 8036 MSIServer - ok
13:34:39.0843 8036 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:34:39.0843 8036 MSKSSRV - ok
13:34:39.0906 8036 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:34:39.0906 8036 MsMpSvc - ok
13:34:39.0921 8036 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:34:39.0937 8036 MSPCLOCK - ok
13:34:39.0953 8036 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:34:39.0953 8036 MSPQM - ok
13:34:39.0984 8036 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:34:39.0984 8036 mssmbios - ok
13:34:40.0015 8036 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:34:40.0031 8036 MSTEE - ok
13:34:40.0078 8036 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:34:40.0078 8036 Mup - ok
13:34:40.0125 8036 [ DA52265242677E1C03B2560A03172612 ] mvusbews C:\WINDOWS\system32\Drivers\mvusbews.sys
13:34:40.0125 8036 mvusbews - ok
13:34:40.0156 8036 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:34:40.0171 8036 NABTSFEC - ok
13:34:40.0250 8036 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:34:40.0281 8036 napagent - ok
13:34:40.0328 8036 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:34:40.0343 8036 NDIS - ok
13:34:40.0359 8036 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:34:40.0375 8036 NdisIP - ok
13:34:40.0406 8036 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:34:40.0406 8036 NdisTapi - ok
13:34:40.0437 8036 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:34:40.0437 8036 Ndisuio - ok
13:34:40.0468 8036 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:34:40.0468 8036 NdisWan - ok
13:34:40.0500 8036 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:34:40.0500 8036 NDProxy - ok
13:34:40.0562 8036 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
13:34:40.0656 8036 Net Driver HPZ12 - ok
13:34:40.0687 8036 [ 7AFD0E39AB15CB355487B7CC19F4E2C5 ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
13:34:40.0734 8036 Netaapl - ok
13:34:40.0781 8036 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:34:40.0781 8036 NetBIOS - ok
13:34:40.0796 8036 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:34:40.0812 8036 NetBT - ok
13:34:40.0859 8036 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:34:40.0875 8036 NetDDE - ok
13:34:40.0875 8036 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:34:40.0890 8036 NetDDEdsdm - ok
13:34:40.0937 8036 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:34:40.0937 8036 Netlogon - ok
13:34:41.0000 8036 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:34:41.0000 8036 Netman - ok
13:34:41.0046 8036 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:34:41.0046 8036 NetTcpPortSharing - ok
13:34:41.0093 8036 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
13:34:41.0093 8036 NetworkX - ok
13:34:41.0125 8036 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:34:41.0140 8036 Nla - ok
13:34:41.0171 8036 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:34:41.0171 8036 Npfs - ok
13:34:41.0265 8036 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:34:41.0375 8036 Ntfs - ok
13:34:41.0406 8036 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:34:41.0421 8036 NtLmSsp - ok
13:34:41.0484 8036 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:34:41.0562 8036 NtmsSvc - ok
13:34:41.0609 8036 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:34:41.0609 8036 Null - ok
13:34:41.0656 8036 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:34:41.0671 8036 NwlnkFlt - ok
13:34:41.0687 8036 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:34:41.0703 8036 NwlnkFwd - ok
13:34:41.0828 8036 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:34:41.0843 8036 odserv - ok
13:34:41.0890 8036 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:34:41.0906 8036 ose - ok
13:34:41.0953 8036 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:34:41.0953 8036 Parport - ok
13:34:41.0984 8036 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:34:41.0984 8036 PartMgr - ok
13:34:42.0031 8036 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:34:42.0031 8036 ParVdm - ok
13:34:42.0046 8036 PCASp50 - ok
13:34:42.0093 8036 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:34:42.0109 8036 PCI - ok
13:34:42.0125 8036 PCIDump - ok
13:34:42.0187 8036 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:34:42.0187 8036 PCIIde - ok
13:34:42.0234 8036 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:34:42.0250 8036 Pcmcia - ok
13:34:42.0265 8036 PDCOMP - ok
13:34:42.0296 8036 PDFRAME - ok
13:34:42.0312 8036 PDRELI - ok
13:34:42.0328 8036 PDRFRAME - ok
13:34:42.0359 8036 perc2 - ok
13:34:42.0375 8036 perc2hib - ok
13:34:42.0468 8036 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:34:42.0468 8036 PlugPlay - ok
13:34:42.0515 8036 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
13:34:42.0640 8036 Pml Driver HPZ12 - ok
13:34:42.0671 8036 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:34:42.0671 8036 PolicyAgent - ok
13:34:42.0734 8036 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:34:42.0734 8036 PptpMiniport - ok
13:34:42.0765 8036 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:34:42.0765 8036 ProtectedStorage - ok
13:34:42.0781 8036 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:34:42.0796 8036 PSched - ok
13:34:42.0843 8036 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:34:42.0843 8036 Ptilink - ok
13:34:42.0859 8036 ql1080 - ok
13:34:42.0890 8036 Ql10wnt - ok
13:34:42.0921 8036 ql12160 - ok
13:34:42.0937 8036 ql1240 - ok
13:34:42.0953 8036 ql1280 - ok
13:34:43.0000 8036 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:34:43.0000 8036 RasAcd - ok
13:34:43.0046 8036 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:34:43.0062 8036 RasAuto - ok
13:34:43.0093 8036 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:34:43.0109 8036 Rasl2tp - ok
13:34:43.0171 8036 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:34:43.0203 8036 RasMan - ok
13:34:43.0218 8036 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:34:43.0218 8036 RasPppoe - ok
13:34:43.0250 8036 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:34:43.0250 8036 Raspti - ok
13:34:43.0296 8036 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:34:43.0312 8036 Rdbss - ok
13:34:43.0328 8036 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:34:43.0343 8036 RDPCDD - ok
13:34:43.0406 8036 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:34:43.0421 8036 RDPWD - ok
13:34:43.0468 8036 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:34:43.0468 8036 RDSessMgr - ok
13:34:43.0531 8036 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:34:43.0546 8036 redbook - ok
13:34:43.0625 8036 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:34:43.0640 8036 RemoteAccess - ok
13:34:43.0687 8036 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:34:43.0796 8036 RpcLocator - ok
13:34:43.0828 8036 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:34:43.0843 8036 RpcSs - ok
13:34:43.0906 8036 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:34:43.0906 8036 RSVP - ok
13:34:43.0937 8036 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:34:43.0937 8036 SamSs - ok
13:34:43.0984 8036 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:34:43.0984 8036 SCardSvr - ok
13:34:44.0046 8036 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:34:44.0046 8036 Schedule - ok
13:34:44.0109 8036 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:34:44.0125 8036 Secdrv - ok
13:34:44.0140 8036 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:34:44.0156 8036 seclogon - ok
13:34:44.0171 8036 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:34:44.0187 8036 SENS - ok
13:34:44.0250 8036 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
13:34:44.0265 8036 Serial - ok
13:34:44.0328 8036 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:34:44.0343 8036 Sfloppy - ok
13:34:44.0437 8036 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:34:44.0453 8036 SharedAccess - ok
13:34:44.0484 8036 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:34:44.0500 8036 ShellHWDetection - ok
13:34:44.0515 8036 Simbad - ok
13:34:44.0671 8036 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:34:44.0687 8036 SkypeUpdate - ok
13:34:44.0734 8036 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:34:44.0734 8036 SLIP - ok
13:34:44.0750 8036 Sparrow - ok
13:34:44.0781 8036 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:34:44.0796 8036 splitter - ok
13:34:44.0843 8036 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:34:44.0843 8036 Spooler - ok
13:34:44.0906 8036 [ EF4E4E1775DB542C767DD0C7B46DB926 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
13:34:47.0484 8036 sptd - ok
13:34:47.0750 8036 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:34:47.0750 8036 sr - ok
13:34:47.0812 8036 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:34:47.0812 8036 srservice - ok
13:34:47.0859 8036 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:34:47.0875 8036 Srv - ok
13:34:47.0937 8036 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:34:47.0937 8036 SSDPSRV - ok
13:34:48.0000 8036 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:34:48.0015 8036 stisvc - ok
13:34:48.0046 8036 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:34:48.0062 8036 streamip - ok
13:34:48.0062 8036 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:34:48.0062 8036 swenum - ok
13:34:48.0203 8036 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:34:48.0531 8036 SwitchBoard - ok
13:34:48.0578 8036 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:34:48.0593 8036 swmidi - ok
13:34:48.0593 8036 SwPrv - ok
13:34:48.0625 8036 symc810 - ok
13:34:48.0656 8036 symc8xx - ok
13:34:48.0671 8036 sym_hi - ok
13:34:48.0687 8036 sym_u3 - ok
13:34:48.0750 8036 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:34:48.0750 8036 sysaudio - ok
13:34:48.0812 8036 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:34:48.0828 8036 SysmonLog - ok
13:34:48.0875 8036 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:34:48.0890 8036 TapiSrv - ok
13:34:48.0937 8036 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:34:48.0953 8036 Tcpip - ok
13:34:48.0984 8036 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:34:48.0984 8036 TDPIPE - ok
13:34:49.0000 8036 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:34:49.0015 8036 TDTCP - ok
13:34:49.0031 8036 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:34:49.0046 8036 TermDD - ok
13:34:49.0093 8036 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:34:49.0109 8036 TermService - ok
13:34:49.0140 8036 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:34:49.0140 8036 Themes - ok
13:34:49.0156 8036 TosIde - ok
13:34:49.0218 8036 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:34:49.0234 8036 TrkWks - ok
13:34:49.0281 8036 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:34:49.0296 8036 Udfs - ok
13:34:49.0312 8036 ultra - ok
13:34:49.0390 8036 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
13:34:49.0390 8036 UMWdf - ok
13:34:49.0468 8036 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:34:49.0484 8036 Update - ok
13:34:49.0531 8036 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:34:49.0546 8036 upnphost - ok
13:34:49.0562 8036 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:34:49.0578 8036 UPS - ok
13:34:49.0609 8036 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:34:49.0703 8036 USBAAPL - ok
13:34:49.0734 8036 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
13:34:49.0859 8036 usbaudio - ok
13:34:49.0890 8036 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:34:49.0906 8036 usbccgp - ok
13:34:49.0953 8036 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:34:49.0953 8036 usbehci - ok
13:34:49.0984 8036 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:34:49.0984 8036 usbhub - ok
13:34:50.0015 8036 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:34:50.0015 8036 usbprint - ok
13:34:50.0046 8036 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:34:50.0046 8036 usbscan - ok
13:34:50.0078 8036 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:34:50.0078 8036 usbstor - ok
13:34:50.0109 8036 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:34:50.0109 8036 usbuhci - ok
13:34:50.0171 8036 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
13:34:50.0218 8036 usbvideo - ok
13:34:50.0250 8036 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:34:50.0250 8036 VgaSave - ok
13:34:50.0265 8036 ViaIde - ok
13:34:50.0390 8036 [ 7E4769483D416AA04B916AAB7EF0DBAF ] VmbService C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
13:34:50.0421 8036 VmbService - ok
13:34:50.0484 8036 [ 381BA57C1EE2AB1BAFCB4A6035CC305F ] vodafone_K3805-z_dc_enum C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
13:34:50.0484 8036 vodafone_K3805-z_dc_enum - ok
13:34:50.0531 8036 [ 3AD0D0044A4F2AD80F368BB9293FFEE5 ] vodafone_zte_cdc_acm C:\WINDOWS\system32\DRIVERS\vodafone_zte_cdc_acm.sys
13:34:50.0546 8036 vodafone_zte_cdc_acm - ok
13:34:50.0609 8036 [ A9E5CA3B571820EDD23683E14C7E6913 ] vodafone_zte_cdc_ecm C:\WINDOWS\system32\DRIVERS\vodafone_zte_cdc_ecm.sys
13:34:50.0609 8036 vodafone_zte_cdc_ecm - ok
13:34:50.0656 8036 [ ECE758F4838DF809E116CFD401D503A4 ] vodafone_zte_cpo C:\WINDOWS\system32\DRIVERS\vodafone_zte_cpo.sys
13:34:50.0656 8036 vodafone_zte_cpo - ok
13:34:50.0703 8036 [ 565B78A7CA79B32369B9E734C653DE36 ] vodafone_zte_ecm_enum C:\WINDOWS\system32\DRIVERS\vodafone_zte_ecm_enum.sys
13:34:50.0703 8036 vodafone_zte_ecm_enum - ok
13:34:50.0750 8036 [ 565B78A7CA79B32369B9E734C653DE36 ] vodafone_zte_ecm_enum_filter C:\WINDOWS\system32\DRIVERS\vodafone_zte_ecm_enum_filter.sys
13:34:50.0750 8036 vodafone_zte_ecm_enum_filter - ok
13:34:50.0812 8036 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:34:50.0812 8036 VolSnap - ok
13:34:50.0875 8036 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:34:50.0875 8036 VSS - ok
13:34:50.0937 8036 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:34:50.0953 8036 W32Time - ok
13:34:50.0984 8036 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:34:51.0000 8036 Wanarp - ok
13:34:51.0125 8036 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
13:34:51.0203 8036 Wdf01000 - ok
13:34:51.0234 8036 WDICA - ok
13:34:51.0265 8036 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:34:51.0281 8036 wdmaud - ok
13:34:51.0343 8036 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:34:51.0359 8036 WebClient - ok
13:34:51.0453 8036 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:34:51.0453 8036 winmgmt - ok
13:34:51.0531 8036 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
13:34:51.0531 8036 WmdmPmSN - ok
13:34:51.0578 8036 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:34:51.0578 8036 WmiApSrv - ok
13:34:51.0609 8036 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
13:34:51.0609 8036 WpdUsb - ok
13:34:51.0671 8036 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:34:51.0671 8036 wscsvc - ok
13:34:51.0750 8036 [ 8FEDE6CF2EB103EF1274CE2C9D8EE0E7 ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
13:34:51.0765 8036 WSIMD - ok
13:34:51.0781 8036 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:34:51.0796 8036 WSTCODEC - ok
13:34:51.0812 8036 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:34:51.0812 8036 wuauserv - ok
13:34:51.0875 8036 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:34:51.0890 8036 WZCSVC - ok
13:34:51.0984 8036 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:34:52.0000 8036 xmlprov - ok
13:34:52.0031 8036 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
13:34:52.0046 8036 ZTEusbmdm6k - ok
13:34:52.0078 8036 [ 7DF32DC0267C91BACF7E2B4E38AC5DF1 ] ZTEusbnet C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
13:34:52.0078 8036 ZTEusbnet - ok
13:34:52.0109 8036 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
13:34:52.0109 8036 ZTEusbnmea - ok
13:34:52.0156 8036 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
13:34:52.0218 8036 ZTEusbser6k - ok
13:34:52.0234 8036 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbvoice C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
13:34:52.0250 8036 ZTEusbvoice - ok
13:34:52.0296 8036 ================ Scan global ===============================
13:34:52.0343 8036 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:34:52.0406 8036 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:34:52.0421 8036 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:34:52.0453 8036 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:34:52.0468 8036 [Global] - ok
13:34:52.0468 8036 ================ Scan MBR ==================================
13:34:52.0484 8036 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:34:52.0796 8036 \Device\Harddisk0\DR0 - ok
13:34:53.0218 8036 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR5
13:34:53.0234 8036 \Device\Harddisk1\DR5 - ok
13:34:53.0250 8036 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR5
13:34:53.0265 8036 \Device\Harddisk1\DR5 - ok
13:34:53.0281 8036 [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk2\DR11
13:34:53.0281 8036 \Device\Harddisk2\DR11 - ok
13:34:53.0281 8036 ================ Scan VBR ==================================
13:34:53.0296 8036 [ E25159A6F1FD34497AC1785A1F890CE1 ] \Device\Harddisk0\DR0\Partition1
13:34:53.0296 8036 \Device\Harddisk0\DR0\Partition1 - ok
13:34:53.0328 8036 [ 2261731DD88BA5A627D706FA0C7BC8E7 ] \Device\Harddisk0\DR0\Partition2
13:34:53.0328 8036 \Device\Harddisk0\DR0\Partition2 - ok
13:34:53.0375 8036 [ 8E643EF3DEB1E56187CC0752752C4CE2 ] \Device\Harddisk0\DR0\Partition3
13:34:53.0390 8036 \Device\Harddisk0\DR0\Partition3 - ok
13:34:53.0390 8036 [ FE228EC3A5ABABE9316B1FAFC521E116 ] \Device\Harddisk1\DR5\Partition1
13:34:53.0406 8036 \Device\Harddisk1\DR5\Partition1 - ok
13:34:53.0406 8036 [ FE228EC3A5ABABE9316B1FAFC521E116 ] \Device\Harddisk1\DR5\Partition1
13:34:53.0421 8036 \Device\Harddisk1\DR5\Partition1 - ok
13:34:53.0421 8036 [ 7E648A180A8D56423726EBD6499A1B13 ] \Device\Harddisk2\DR11\Partition1
13:34:53.0421 8036 \Device\Harddisk2\DR11\Partition1 - ok
13:34:53.0437 8036 ============================================================
13:34:53.0437 8036 Scan finished
13:34:53.0437 8036 ============================================================
13:34:53.0453 8040 Detected object count: 0
13:34:53.0453 8040 Actual detected object count: 0
 
RK report (the first time I ran it, it crashed; this is from the second time I ran it):

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : John B. Morgan IV [Admin rights]
Mode : Remove -- Date : 10/09/2012 13:44:32

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[Services][LOCK] HKLM\[...]\ControlSet002\Services\{4CF69781-2339-42F6-899A-AF3DF7C8BB96} -> DELETED
[Services][LOCK] HKLM\[...]\ControlSet003\Services\{4CF69781-2339-42F6-899A-AF3DF7C8BB96} -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\WINDOWS\AzureBay.scr) -> REPLACED (C:\WINDOWS\system32\logon.scr)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160310AS +++++
--- User ---
[MBR] e2e5f1ff2d09be4f5c1f67a3601196dc
[BSP] 5aee5d06d15c200c786e502a22e151e0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 81909 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167750730 | Size: 62667 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 296094015 | Size: 8008 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Toshiba External USB HDD USB Device +++++
--- User ---
[MBR] 6881e43272de766a2605346fc52b870b
[BSP] bff7d1eaa7d3dc286f4bb426c0eec153 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
 
This is from the first time I ran RK:

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : John B. Morgan IV [Admin rights]
Mode : Scan -- Date : 10/09/2012 13:37:38

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] agent.exe -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\WINDOWS\AzureBay.scr) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160310AS +++++
--- User ---
[MBR] e2e5f1ff2d09be4f5c1f67a3601196dc
[BSP] 5aee5d06d15c200c786e502a22e151e0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 81909 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167750730 | Size: 62667 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 296094015 | Size: 8008 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Toshiba External USB HDD USB Device +++++
--- User ---
[MBR] 6881e43272de766a2605346fc52b870b
[BSP] bff7d1eaa7d3dc286f4bb426c0eec153 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
A second report from the first time I ran RK:

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : John B. Morgan IV [Admin rights]
Mode : Scan -- Date : 10/09/2012 13:41:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[Services][LOCK] HKLM\[...]\ControlSet002\Services\{4CF69781-2339-42F6-899A-AF3DF7C8BB96} ({4CF69781-2339-42F6-899A-AF3DF7C8BB96}.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet003\Services\{4CF69781-2339-42F6-899A-AF3DF7C8BB96} ({4CF69781-2339-42F6-899A-AF3DF7C8BB96}.sys) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\WINDOWS\AzureBay.scr) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9160310AS +++++
--- User ---
[MBR] e2e5f1ff2d09be4f5c1f67a3601196dc
[BSP] 5aee5d06d15c200c786e502a22e151e0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 81909 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167750730 | Size: 62667 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 296094015 | Size: 8008 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Toshiba External USB HDD USB Device +++++
--- User ---
[MBR] 6881e43272de766a2605346fc52b870b
[BSP] bff7d1eaa7d3dc286f4bb426c0eec153 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.
Back