TechSpot

[A] Think I got malware off my system but safe mode doesn't work

Inactive
By jbmorgan
Oct 6, 2012
  1. I have a strange situation. Earlier today I went to a bad Web site and got hit with the "System Cleaner" malware, which tried to convince me that the U.S. government had seized my computer and that I had to pay $200 to get it back. I tried to restart my system (a 3.5-year-old eee PC) in safe mode, but every time I did I would get an error message telling me that Windows couldn't be started. I finally just rebooted normally and managed to fight my way into Malwarebytes and run a scan. It found three malicious objects and removed them. After that, when I restarted my system, everything seemed to be fine. I even rescanned my system, both with Malwarebytes and my virus protection, and they found nothing. But just out of curiosity, I tried restarting my system in safe mode again to see what would happen, and sure enough, I got the same error message. But everything is fine when I boot normally. Is this some remnant of the infection? Or is it possible that I have some deeper issue with my computer - I probably haven't started it in safe mode for nearly a year?
     
  2. Broni

    Broni Malware Annihilator Posts: 47,020   +255

  3. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    Hello again, Broni,

    Yes, same one, although the external drive that I was talking about in that thread has been toast for a while...this is just my computer itself that is affected.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    You've been here before so you should know the drill.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  5. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    Malwarebytes log:

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.06.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    John B. Morgan IV :: ATHENA [administrator]

    10/6/2012 9:58:29 PM
    mbam-log-2012-10-06 (21-58-29).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 237695
    Time elapsed: 30 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  6. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    Broni, I ran GMER, but after it ran for several hours, my system crashed and I got a blue alert screen. When I restarted, my IDE controllers had been thrown into PIO mode, and I had to uninstall the drivers to get them back into DMA (which did work, fortunately). I'm not certain what to do next but I really don't want to have that happen again.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    Skip GMER and proceed with DDS.
     
  8. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    Here is the DDS log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
    Run by John B. Morgan IV at 1:01:27 on 2012-10-08
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.798 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
    C:\WINDOWS\system32\HPSIsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Elantech\ETDDect.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\Program Files\WinZip\WZQKPICK32.EXE
    C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\John B. Morgan IV\Application Data\Dropbox\bin\Dropbox.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.integraltradition.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    EB: {8C5AD199-66D9-4CEA-849D-A72C81DA26F3} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
    mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
    mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
    mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
    mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
    mRun: [<NO NAME>]
    mRun: [HPUsageTrackingLEDM] "c:\program files\hp\hp ut ledm\bin\hppusg.exe" "c:\program files\hp\hp ut ledm\"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\johnb~1.mor\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\john b. morgan iv\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\register.lnk - c:\program files\azurebay\azurebay screen saver\Register.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wpchan~1.lnk - c:\program files\azurebay\azurebay screen saver\WPChanger.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849575053
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263849552381
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\john b. morgan iv\application data\mozilla\firefox\profiles\wlrr7xnj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.arktos.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
    .
    ---- FIREFOX POLICIES ----

    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 193552]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
    R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-10-15 136192]
    R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\hp\hp laserjet m1210 mfp series\ReceiveFaxUtility.exe [2010-5-11 247352]
    R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-2-17 99896]
    R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-12-31 9216]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-1-31 72832]
    R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 80000]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-1-31 102784]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176]
    S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [2012-2-17 13824]
    S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2012-1-31 85632]
    S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2012-1-31 51456]
    S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2012-1-31 26496]
    S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-5-17 9216]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-10 114144]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2012-2-17 17408]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-4-30 18432]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 vodafone_zte_cdc_acm;Vodafone Vodafone ZTE CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_zte_cdc_acm.sys [2011-5-20 67968]
    S3 vodafone_zte_cdc_ecm;vodafone_zte_cdc_ecm;c:\windows\system32\drivers\vodafone_zte_cdc_ecm.sys [2011-5-20 32768]
    S3 vodafone_zte_cpo;Vodafone Vodafone ZTE Install;c:\windows\system32\drivers\vodafone_zte_cpo.sys [2011-5-20 9984]
    S3 vodafone_zte_ecm_enum;Vodafone Vodafone ZTE DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_zte_ecm_enum.sys [2011-5-20 47488]
    S3 vodafone_zte_ecm_enum_filter;vodafone_zte_ecm_enum_filter;c:\windows\system32\drivers\vodafone_zte_ecm_enum_filter.sys [2011-5-20 47488]
    S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2011-5-16 114688]
    S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-5-16 105856]
    .
    =============== Created Last 30 ================
    .
    2012-10-07 16:31:51 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61b64a43-453c-4ca5-9342-fefa6d72e183}\mpengine.dll
    2012-10-07 07:10:52 6980552 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-10-05 18:46:47 -------- d-----w- c:\program files\common files\xing shared
    2012-10-05 18:45:08 129176 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
    2012-10-04 17:42:24 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2012-10-04 17:42:24 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2012-09-21 00:16:02 -------- d-----w- c:\documents and settings\john b. morgan iv\local settings\application data\TNT2
    2012-09-16 14:05:35 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
    .
    ==================== Find3M ====================
    .
    2012-10-05 18:44:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-10-05 18:44:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
    2012-08-27 19:12:36 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
    2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
    2012-08-24 06:52:19 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-24 06:52:17 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2010-05-23 14:37:19 52355 ----a-w- c:\program files\common files\OnlineFilesManager.dll
    2010-04-23 15:27:35 190464 ----a-w- c:\program files\common files\OnlineFilesManager.dll.old
    .
    ============= FINISH: 1:03:42.07 ===============
     
  9. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    I still need Attach.txt part of DDS.
     
  10. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    Here it is:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/2/2010 1:37:34 PM
    System Uptime: 10/7/2012 3:41:12 PM (10 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | 1000H
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 80 GiB total, 9.668 GiB free.
    D: is FIXED (NTFS) - 61 GiB total, 23.131 GiB free.
    E: is FIXED (NTFS) - 8 GiB total, 7.72 GiB free.
    G: is FIXED (NTFS) - 932 GiB total, 284.159 GiB free.
    I: is FIXED (FAT32) - 233 GiB total, 8.192 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
    Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_83241043&REV_B0\4&23C6FC68&0&00E1
    Manufacturer: Atheros
    Name: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
    PNP Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_83241043&REV_B0\4&23C6FC68&0&00E1
    Service: L1e
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Atheros AR5007EG Wireless Network Adapter
    Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&37028E5F&0&00E3
    Manufacturer: Atheros
    Name: Atheros AR5007EG Wireless Network Adapter
    PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&37028E5F&0&00E3
    Service: AR5211
    .
    Class GUID:
    Description:
    Device ID: ROOT\MS_PSCHEDMP\0003
    Manufacturer:
    Name:
    PNP Device ID: ROOT\MS_PSCHEDMP\0003
    Service:
    .
    Class GUID:
    Description:
    Device ID: ROOT\MS_PSCHEDMP\0004
    Manufacturer:
    Name:
    PNP Device ID: ROOT\MS_PSCHEDMP\0004
    Service:
    .
    ==== System Restore Points ===================
    .
    RP606: 7/11/2012 5:17:49 PM - Software Distribution Service 3.0
    RP607: 7/13/2012 3:43:53 PM - System Checkpoint
    RP608: 7/13/2012 5:19:00 PM - Software Distribution Service 3.0
    RP609: 7/15/2012 10:45:03 AM - Software Distribution Service 3.0
    RP610: 7/16/2012 3:41:01 PM - Software Distribution Service 3.0
    RP611: 7/17/2012 4:42:45 PM - System Checkpoint
    RP612: 7/17/2012 4:46:32 PM - Software Distribution Service 3.0
    RP613: 7/18/2012 4:46:27 PM - Software Distribution Service 3.0
    RP614: 7/19/2012 5:14:56 PM - Software Distribution Service 3.0
    RP615: 7/20/2012 6:07:01 PM - Software Distribution Service 3.0
    RP616: 7/21/2012 7:27:04 PM - Software Distribution Service 3.0
    RP617: 7/22/2012 11:41:27 PM - Software Distribution Service 3.0
    RP618: 7/24/2012 10:12:38 AM - Software Distribution Service 3.0
    RP619: 7/26/2012 5:21:19 PM - Software Distribution Service 3.0
    RP620: 7/27/2012 5:31:34 PM - Software Distribution Service 3.0
    RP621: 7/28/2012 6:09:15 PM - Software Distribution Service 3.0
    RP622: 7/29/2012 9:29:45 PM - System Checkpoint
    RP623: 7/31/2012 1:26:16 PM - System Checkpoint
    RP624: 8/1/2012 2:43:32 PM - System Checkpoint
    RP625: 8/1/2012 4:01:17 PM - Software Distribution Service 3.0
    RP626: 8/2/2012 8:35:47 PM - System Checkpoint
    RP627: 8/3/2012 3:37:32 PM - Software Distribution Service 3.0
    RP628: 8/5/2012 7:20:04 PM - Software Distribution Service 3.0
    RP629: 8/6/2012 5:27:01 PM - Software Distribution Service 3.0
    RP630: 8/7/2012 5:27:26 PM - Software Distribution Service 3.0
    RP631: 8/8/2012 5:45:32 PM - Software Distribution Service 3.0
    RP632: 8/9/2012 6:32:22 PM - System Checkpoint
    RP633: 8/9/2012 11:45:05 PM - Software Distribution Service 3.0
    RP634: 8/10/2012 5:34:04 PM - Software Distribution Service 3.0
    RP635: 8/12/2012 12:09:13 AM - Software Distribution Service 3.0
    RP636: 8/13/2012 4:24:13 PM - Software Distribution Service 3.0
    RP637: 8/14/2012 5:25:47 PM - Software Distribution Service 3.0
    RP638: 8/15/2012 5:31:22 PM - Software Distribution Service 3.0
    RP639: 8/16/2012 2:01:29 AM - Software Distribution Service 3.0
    RP640: 8/16/2012 5:01:45 PM - Software Distribution Service 3.0
    RP641: 8/17/2012 4:58:14 PM - Software Distribution Service 3.0
    RP642: 8/18/2012 11:19:45 PM - Software Distribution Service 3.0
    RP643: 8/19/2012 5:00:52 PM - Software Distribution Service 3.0
    RP644: 8/20/2012 4:59:02 PM - Software Distribution Service 3.0
    RP645: 8/21/2012 7:15:29 PM - Software Distribution Service 3.0
    RP646: 8/22/2012 7:50:03 PM - Software Distribution Service 3.0
    RP647: 8/24/2012 2:57:42 AM - Software Distribution Service 3.0
    RP648: 8/27/2012 2:43:31 AM - Software Distribution Service 3.0
    RP649: 8/27/2012 7:46:29 PM - Software Distribution Service 3.0
    RP650: 8/29/2012 2:16:52 AM - Software Distribution Service 3.0
    RP651: 8/30/2012 2:51:47 AM - Software Distribution Service 3.0
    RP652: 8/31/2012 2:21:33 PM - Software Distribution Service 3.0
    RP653: 9/1/2012 3:48:24 PM - System Checkpoint
    RP654: 9/1/2012 8:44:14 PM - Software Distribution Service 3.0
    RP655: 9/2/2012 10:28:49 PM - System Checkpoint
    RP656: 9/3/2012 2:01:34 AM - Software Distribution Service 3.0
    RP657: 9/3/2012 4:44:51 PM - Software Distribution Service 3.0
    RP658: 9/4/2012 7:37:44 PM - Software Distribution Service 3.0
    RP659: 9/5/2012 4:51:00 PM - Software Distribution Service 3.0
    RP660: 9/6/2012 10:35:55 PM - Software Distribution Service 3.0
    RP661: 9/7/2012 4:53:01 PM - Software Distribution Service 3.0
    RP662: 9/8/2012 5:18:37 PM - Software Distribution Service 3.0
    RP663: 9/9/2012 6:23:11 PM - Software Distribution Service 3.0
    RP664: 9/10/2012 6:47:32 PM - Software Distribution Service 3.0
    RP665: 9/11/2012 4:48:01 PM - Software Distribution Service 3.0
    RP666: 9/12/2012 4:49:36 PM - Software Distribution Service 3.0
    RP667: 9/13/2012 10:54:05 AM - Software Distribution Service 3.0
    RP668: 9/13/2012 6:14:07 PM - Software Distribution Service 3.0
    RP669: 9/14/2012 4:56:41 PM - Software Distribution Service 3.0
    RP670: 9/15/2012 7:46:18 PM - Software Distribution Service 3.0
    RP671: 9/16/2012 7:55:34 PM - System Checkpoint
    RP672: 9/17/2012 9:43:43 AM - Software Distribution Service 3.0
    RP673: 9/18/2012 10:41:04 AM - Software Distribution Service 3.0
    RP674: 9/19/2012 11:16:29 PM - Software Distribution Service 3.0
    RP675: 9/20/2012 11:45:00 PM - System Checkpoint
    RP676: 9/21/2012 11:11:02 AM - Software Distribution Service 3.0
    RP677: 9/22/2012 12:13:17 PM - System Checkpoint
    RP678: 9/22/2012 7:58:52 PM - Software Distribution Service 3.0
    RP679: 9/23/2012 2:00:31 AM - Software Distribution Service 3.0
    RP680: 9/24/2012 12:32:31 PM - Software Distribution Service 3.0
    RP681: 9/25/2012 3:20:45 AM - Software Distribution Service 3.0
    RP682: 9/26/2012 9:51:49 AM - Software Distribution Service 3.0
    RP683: 9/27/2012 10:39:55 AM - Software Distribution Service 3.0
    RP684: 9/27/2012 10:56:24 AM - Software Distribution Service 3.0
    RP685: 9/28/2012 3:04:45 AM - Software Distribution Service 3.0
    RP686: 9/29/2012 12:04:52 PM - Software Distribution Service 3.0
    RP687: 9/30/2012 3:27:25 AM - Software Distribution Service 3.0
    RP688: 10/1/2012 2:54:38 AM - Software Distribution Service 3.0
    RP689: 10/2/2012 11:29:28 AM - Software Distribution Service 3.0
    RP690: 10/3/2012 12:20:44 PM - Software Distribution Service 3.0
    RP691: 10/4/2012 3:15:23 PM - System Checkpoint
    RP692: 10/4/2012 7:21:56 PM - Software Distribution Service 3.0
    RP693: 10/5/2012 3:05:40 AM - Software Distribution Service 3.0
    RP694: 10/6/2012 3:43:11 AM - Software Distribution Service 3.0
    RP695: 10/7/2012 12:31:39 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe InDesign CS5
    Adobe Media Player
    Adobe Photoshop 7.0
    Adobe Reader X (10.1.4)
    Amazon Kindle
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Asus ACPI Driver
    ASUSUpdate for Eee PC
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    AzureBay Screen Saver
    Azurewave Wireless LAN
    Bonjour
    Canon MP140 series
    Canon PowerShot A40 WIA Driver
    Compatibility Pack for the 2007 Office system
    ContentSAFER for Wizmax
    DJ_SF_05_D2600_Software_Min
    Dropbox
    EasyBits GO
    Eee Instant Key
    Eee Storage 1.1.15.197
    ESET Online Scanner v3
    ETDWare PS/2-x86 7.0.3.8 WHQL
    foobar2000 v1.1.4
    Google Books Uploader (Java Edition)
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Deskjet D2600 Printer Driver 14.0 Rel. 5
    HP LaserJet Professional M1130-M1210 MFP Series
    HP LaserJet Professional M1210 MFP Series Fax Installer
    HP LaserJet Professional M1210 MFP Series Toolbox
    HP LaserJet Toolbox
    hppLaserJetService
    hppM1130M1210SeriesLaserJetService
    hppusgM1130M1210Series
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    InterVideo Register Manager
    InterVideo WinDVD
    iTunes
    Java(TM) 6 Update 26
    Kernel for Outlook Evaluation ver 7.05.01
    Key Folder
    Kindle PC Converter
    Malwarebytes Anti-Malware version 1.65.0.1400
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MobileMe Control Panel
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    PDF Settings CS5
    Performance Solution Brincome.
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Safari
    Scan To
    Seagate Manager Installer
    SeaTools for Windows
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB2618444)
    Security Update for Windows Internet Explorer 7 (KB2647516)
    Security Update for Windows Internet Explorer 7 (KB2675157)
    Security Update for Windows Internet Explorer 7 (KB2699988)
    Security Update for Windows Internet Explorer 7 (KB2722913)
    Security Update for Windows Internet Explorer 7 (KB2744842)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2559049)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2586448)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Skype web features
    Skype™ 5.10
    Stellar Phoenix Windows Data Recovery
    Super Hybrid Engine
    The Rosetta Stone
    Toolbox
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VLC media player 2.0.0
    Vodafone Mobile Broadband Lite
    WebFldrs XP
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows Presentation Foundation
    Windows XP Service Pack 3
    WinRAR archiver
    WinUAE 2.3.3
    WinZip 16.0
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/7/2012 4:05:34 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the HPM1210RcvFaxSrvc service.
    10/7/2012 3:11:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
    10/7/2012 3:11:30 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/7/2012 3:11:30 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    10/7/2012 12:40:03 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    10/7/2012 12:39:01 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    10/6/2012 8:44:27 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================
     
  11. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
     
  12. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    TDSKiller log:

    13:33:31.0046 0760 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    13:33:31.0375 0760 ============================================================
    13:33:31.0375 0760 Current date / time: 2012/10/08 13:33:31.0375
    13:33:31.0375 0760 SystemInfo:
    13:33:31.0375 0760
    13:33:31.0375 0760 OS Version: 5.1.2600 ServicePack: 3.0
    13:33:31.0375 0760 Product type: Workstation
    13:33:31.0375 0760 ComputerName: ATHENA
    13:33:31.0375 0760 UserName: John B. Morgan IV
    13:33:31.0375 0760 Windows directory: C:\WINDOWS
    13:33:31.0375 0760 System windows directory: C:\WINDOWS
    13:33:31.0375 0760 Processor architecture: Intel x86
    13:33:31.0375 0760 Number of processors: 2
    13:33:31.0375 0760 Page size: 0x1000
    13:33:31.0375 0760 Boot type: Normal boot
    13:33:31.0375 0760 ============================================================
    13:33:35.0781 0760 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    13:33:41.0281 0760 Drive \Device\Harddisk1\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    13:33:41.0281 0760 Drive \Device\Harddisk1\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    13:33:43.0421 0760 Drive \Device\Harddisk2\DR11 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    13:33:43.0437 0760 ============================================================
    13:33:43.0437 0760 \Device\Harddisk0\DR0:
    13:33:43.0468 0760 MBR partitions:
    13:33:43.0468 0760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9FFAC0B
    13:33:43.0468 0760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9FFAC4A, BlocksNum 0x7A65CF5
    13:33:44.0312 0760 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11A6097E, BlocksNum 0xFA477E
    13:33:44.0312 0760 \Device\Harddisk1\DR5:
    13:33:44.0312 0760 MBR partitions:
    13:33:44.0312 0760 \Device\Harddisk1\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0
    13:33:44.0312 0760 \Device\Harddisk1\DR5:
    13:33:44.0312 0760 MBR partitions:
    13:33:44.0312 0760 \Device\Harddisk1\DR5\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0
    13:33:44.0312 0760 \Device\Harddisk2\DR11:
    13:33:44.0312 0760 MBR partitions:
    13:33:44.0312 0760 \Device\Harddisk2\DR11\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
    13:33:44.0312 0760 ============================================================
    13:33:44.0843 0760 C: <-> \Device\Harddisk0\DR0\Partition1
    13:33:44.0906 0760 D: <-> \Device\Harddisk0\DR0\Partition2
    13:33:44.0984 0760 E: <-> \Device\Harddisk0\DR0\Partition3
    13:33:45.0062 0760 G: <-> \Device\Harddisk1\DR5\Partition1
    13:33:45.0062 0760 I: <-> \Device\Harddisk2\DR11\Partition1
    13:33:45.0062 0760 ============================================================
    13:33:45.0062 0760 Initialize success
    13:33:45.0062 0760 ============================================================
    13:34:28.0593 8036 ============================================================
    13:34:28.0593 8036 Scan started
    13:34:28.0593 8036 Mode: Manual;
    13:34:28.0593 8036 ============================================================
    13:34:30.0281 8036 ================ Scan system memory ========================
    13:34:30.0281 8036 System memory - ok
    13:34:30.0281 8036 ================ Scan services =============================
    13:34:30.0421 8036 Abiosdsk - ok
    13:34:30.0453 8036 abp480n5 - ok
    13:34:30.0531 8036 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    13:34:30.0531 8036 ACPI - ok
    13:34:30.0593 8036 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    13:34:30.0593 8036 ACPIEC - ok
    13:34:30.0609 8036 adfs - ok
    13:34:30.0640 8036 adpu160m - ok
    13:34:30.0671 8036 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    13:34:30.0687 8036 aec - ok
    13:34:30.0750 8036 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    13:34:30.0750 8036 AFD - ok
    13:34:30.0781 8036 Aha154x - ok
    13:34:30.0796 8036 aic78u2 - ok
    13:34:30.0828 8036 aic78xx - ok
    13:34:30.0875 8036 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    13:34:30.0906 8036 Alerter - ok
    13:34:30.0953 8036 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    13:34:30.0953 8036 ALG - ok
    13:34:30.0968 8036 AliIde - ok
    13:34:31.0000 8036 amsint - ok
    13:34:31.0140 8036 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    13:34:31.0140 8036 Apple Mobile Device - ok
    13:34:31.0156 8036 AppMgmt - ok
    13:34:31.0250 8036 [ 6D5F95602B8D0D994D31A864872B38EF ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
    13:34:31.0296 8036 AR5211 - ok
    13:34:31.0312 8036 asc - ok
    13:34:31.0328 8036 asc3350p - ok
    13:34:31.0359 8036 asc3550 - ok
    13:34:31.0500 8036 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    13:34:31.0531 8036 aspnet_state - ok
    13:34:31.0578 8036 [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
    13:34:31.0578 8036 AsusACPI - ok
    13:34:31.0625 8036 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    13:34:31.0625 8036 AsyncMac - ok
    13:34:31.0656 8036 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    13:34:31.0656 8036 atapi - ok
    13:34:31.0687 8036 Atdisk - ok
    13:34:31.0718 8036 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    13:34:31.0734 8036 Atmarpc - ok
    13:34:31.0781 8036 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    13:34:31.0796 8036 AudioSrv - ok
    13:34:31.0828 8036 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    13:34:31.0828 8036 audstub - ok
    13:34:31.0890 8036 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    13:34:31.0890 8036 Beep - ok
    13:34:31.0953 8036 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    13:34:32.0015 8036 BITS - ok
    13:34:32.0109 8036 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    13:34:32.0125 8036 Bonjour Service - ok
    13:34:32.0171 8036 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    13:34:32.0171 8036 Browser - ok
    13:34:32.0187 8036 catchme - ok
    13:34:32.0234 8036 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    13:34:32.0250 8036 cbidf2k - ok
    13:34:32.0281 8036 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    13:34:32.0281 8036 CCDECODE - ok
    13:34:32.0312 8036 cd20xrnt - ok
    13:34:32.0359 8036 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    13:34:32.0375 8036 Cdaudio - ok
    13:34:32.0421 8036 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    13:34:32.0421 8036 Cdfs - ok
    13:34:32.0453 8036 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    13:34:32.0453 8036 Cdrom - ok
    13:34:32.0484 8036 [ 2A5815CA6FFF24B688C01F828B96819C ] Changer C:\WINDOWS\system32\drivers\Changer.sys
    13:34:32.0484 8036 Changer - ok
    13:34:32.0546 8036 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    13:34:32.0546 8036 CiSvc - ok
    13:34:32.0593 8036 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    13:34:32.0609 8036 ClipSrv - ok
    13:34:32.0671 8036 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:34:32.0765 8036 clr_optimization_v2.0.50727_32 - ok
    13:34:32.0812 8036 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    13:34:32.0812 8036 CmBatt - ok
    13:34:32.0828 8036 CmdIde - ok
    13:34:32.0859 8036 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    13:34:32.0859 8036 Compbatt - ok
    13:34:32.0890 8036 COMSysApp - ok
    13:34:32.0937 8036 Cpqarray - ok
    13:34:32.0953 8036 Crypkey License - ok
    13:34:33.0000 8036 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    13:34:33.0000 8036 CryptSvc - ok
    13:34:33.0031 8036 dac2w2k - ok
    13:34:33.0046 8036 dac960nt - ok
    13:34:33.0093 8036 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    13:34:33.0109 8036 DcomLaunch - ok
    13:34:33.0156 8036 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    13:34:33.0234 8036 Dhcp - ok
    13:34:33.0265 8036 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    13:34:33.0265 8036 Disk - ok
    13:34:33.0281 8036 dmadmin - ok
    13:34:33.0359 8036 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    13:34:33.0437 8036 dmboot - ok
    13:34:33.0468 8036 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    13:34:33.0484 8036 dmio - ok
    13:34:33.0515 8036 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    13:34:33.0515 8036 dmload - ok
    13:34:33.0578 8036 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    13:34:33.0578 8036 dmserver - ok
    13:34:33.0640 8036 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    13:34:33.0656 8036 DMusic - ok
    13:34:33.0781 8036 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    13:34:33.0781 8036 Dnscache - ok
    13:34:33.0828 8036 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    13:34:33.0843 8036 Dot3svc - ok
    13:34:33.0875 8036 dpti2o - ok
    13:34:33.0906 8036 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    13:34:33.0906 8036 drmkaud - ok
    13:34:33.0937 8036 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    13:34:33.0953 8036 EapHost - ok
    13:34:34.0015 8036 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    13:34:34.0015 8036 ERSvc - ok
    13:34:34.0062 8036 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    13:34:34.0062 8036 Eventlog - ok
    13:34:34.0125 8036 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    13:34:34.0125 8036 EventSystem - ok
    13:34:34.0203 8036 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
    13:34:34.0218 8036 ew_hwusbdev - ok
    13:34:34.0250 8036 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    13:34:34.0250 8036 Fastfat - ok
    13:34:34.0281 8036 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    13:34:34.0296 8036 FastUserSwitchingCompatibility - ok
    13:34:34.0328 8036 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    13:34:34.0328 8036 Fdc - ok
    13:34:34.0375 8036 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    13:34:34.0375 8036 Fips - ok
    13:34:34.0406 8036 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    13:34:34.0421 8036 Flpydisk - ok
    13:34:34.0515 8036 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    13:34:34.0515 8036 FltMgr - ok
    13:34:34.0640 8036 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    13:34:34.0640 8036 FontCache3.0.0.0 - ok
    13:34:34.0796 8036 [ 81B4A2C6C9BD17FFB6031A0A61C09764 ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    13:34:34.0796 8036 FreeAgentGoNext Service - ok
    13:34:34.0859 8036 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    13:34:34.0859 8036 Fs_Rec - ok
    13:34:34.0921 8036 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    13:34:34.0921 8036 Ftdisk - ok
    13:34:34.0968 8036 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    13:34:34.0968 8036 GEARAspiWDM - ok
    13:34:35.0015 8036 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    13:34:35.0062 8036 Gpc - ok
    13:34:35.0125 8036 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    13:34:35.0140 8036 gupdate - ok
    13:34:35.0171 8036 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    13:34:35.0171 8036 gupdatem - ok
    13:34:35.0234 8036 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    13:34:35.0250 8036 HDAudBus - ok
    13:34:35.0343 8036 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    13:34:35.0343 8036 helpsvc - ok
    13:34:35.0390 8036 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    13:34:35.0390 8036 HidServ - ok
    13:34:35.0437 8036 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    13:34:35.0437 8036 HidUsb - ok
    13:34:35.0484 8036 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    13:34:35.0484 8036 hkmsvc - ok
    13:34:35.0593 8036 [ F90DD89E8A482AC976DD4E1029802E49 ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    13:34:35.0718 8036 HP LaserJet Service - ok
    13:34:35.0765 8036 [ 7330493E27AF4DC73DE0F3293E8B5514 ] HP1210FAX C:\WINDOWS\system32\Drivers\HPM1210FAX.sys
    13:34:35.0781 8036 HP1210FAX - ok
    13:34:35.0843 8036 [ 1451AB76D18AF31D9BE3176FC90F58D1 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
    13:34:35.0859 8036 HPM1210RcvFaxSrvc - ok
    13:34:35.0875 8036 hpn - ok
    13:34:35.0937 8036 [ 68C0BCE605769DA12996F653AF4CC1F5 ] HPSIService C:\WINDOWS\system32\HPSIsvc.exe
    13:34:35.0937 8036 HPSIService - ok
    13:34:36.0000 8036 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    13:34:36.0109 8036 HPZid412 - ok
    13:34:36.0171 8036 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    13:34:36.0250 8036 HPZipr12 - ok
    13:34:36.0312 8036 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    13:34:36.0359 8036 HPZius12 - ok
    13:34:36.0406 8036 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    13:34:36.0406 8036 HTTP - ok
    13:34:36.0453 8036 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    13:34:36.0468 8036 HTTPFilter - ok
    13:34:36.0546 8036 [ 6723835670A746EB97CB932F61151169 ] huawei_cdcacm C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
    13:34:36.0546 8036 huawei_cdcacm - ok
    13:34:36.0562 8036 [ 132AF7D47704801F7AF5BAFCC623825C ] huawei_cdcecm C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys
    13:34:36.0562 8036 huawei_cdcecm - ok
    13:34:36.0609 8036 [ 2F23ABA465B24A57E8664A124A53CC15 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
    13:34:36.0625 8036 huawei_enumerator - ok
    13:34:36.0656 8036 [ 50A16E0F4586338F1114A54C906463B5 ] huawei_ext_ctrl C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys
    13:34:36.0656 8036 huawei_ext_ctrl - ok
    13:34:36.0718 8036 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    13:34:36.0718 8036 i2omgmt - ok
    13:34:36.0734 8036 i2omp - ok
    13:34:36.0765 8036 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    13:34:36.0765 8036 i8042prt - ok
    13:34:36.0984 8036 [ 0F68E2EC713F132FFB19E45415B09679 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    13:34:37.0140 8036 ialm - ok
    13:34:37.0281 8036 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:34:37.0312 8036 idsvc - ok
    13:34:37.0359 8036 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    13:34:37.0359 8036 Imapi - ok
    13:34:37.0406 8036 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    13:34:37.0406 8036 ImapiService - ok
    13:34:37.0453 8036 ini910u - ok
    13:34:37.0625 8036 [ C73A4A48FBB3D00C7DBC6FE4F5E3675F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    13:34:37.0765 8036 IntcAzAudAddService - ok
    13:34:37.0781 8036 IntelIde - ok
    13:34:37.0843 8036 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    13:34:37.0843 8036 intelppm - ok
    13:34:37.0875 8036 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    13:34:37.0875 8036 Ip6Fw - ok
    13:34:37.0890 8036 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    13:34:37.0906 8036 IpFilterDriver - ok
    13:34:37.0921 8036 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    13:34:37.0921 8036 IpInIp - ok
    13:34:37.0953 8036 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    13:34:37.0968 8036 IpNat - ok
    13:34:38.0046 8036 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    13:34:38.0078 8036 iPod Service - ok
    13:34:38.0125 8036 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    13:34:38.0140 8036 IPSec - ok
    13:34:38.0171 8036 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    13:34:38.0171 8036 IRENUM - ok
    13:34:38.0203 8036 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    13:34:38.0203 8036 isapnp - ok
    13:34:38.0265 8036 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    13:34:38.0265 8036 IviRegMgr - ok
    13:34:38.0312 8036 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    13:34:38.0312 8036 Kbdclass - ok
    13:34:38.0328 8036 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    13:34:38.0343 8036 kbdhid - ok
    13:34:38.0359 8036 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    13:34:38.0359 8036 kmixer - ok
    13:34:38.0406 8036 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    13:34:38.0406 8036 KSecDD - ok
    13:34:38.0437 8036 [ 6E775ADE642556C6D43450D16D763FC2 ] Ktp C:\WINDOWS\system32\DRIVERS\ETD.sys
    13:34:38.0437 8036 Ktp - ok
    13:34:38.0484 8036 [ 303627228DD739D98289679901A38C8F ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
    13:34:38.0484 8036 L1e - ok
    13:34:38.0531 8036 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    13:34:38.0531 8036 LanmanServer - ok
    13:34:38.0578 8036 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    13:34:38.0593 8036 lanmanworkstation - ok
    13:34:38.0609 8036 [ 406598827A1B5F77954DE11DDE115CED ] lbrtfdc C:\WINDOWS\system32\drivers\lbrtfdc.sys
    13:34:38.0609 8036 lbrtfdc - ok
    13:34:38.0671 8036 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    13:34:38.0750 8036 LmHosts - ok
    13:34:38.0796 8036 [ 8D9C68FA8B7FBE0E225BDE0BBCD8CE9B ] massfilter C:\WINDOWS\system32\DRIVERS\massfilter.sys
    13:34:38.0812 8036 massfilter - ok
    13:34:38.0843 8036 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    13:34:38.0843 8036 Messenger - ok
    13:34:38.0968 8036 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    13:34:38.0968 8036 Microsoft Office Groove Audit Service - ok
    13:34:39.0015 8036 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    13:34:39.0015 8036 mnmdd - ok
    13:34:39.0062 8036 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    13:34:39.0062 8036 mnmsrvc - ok
    13:34:39.0109 8036 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    13:34:39.0125 8036 Modem - ok
    13:34:39.0156 8036 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    13:34:39.0171 8036 Mouclass - ok
    13:34:39.0218 8036 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    13:34:39.0234 8036 mouhid - ok
    13:34:39.0265 8036 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    13:34:39.0265 8036 MountMgr - ok
    13:34:39.0312 8036 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    13:34:39.0328 8036 MozillaMaintenance - ok
    13:34:39.0375 8036 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    13:34:39.0375 8036 MpFilter - ok
    13:34:39.0578 8036 [ A69630D039C38018689190234F866D77 ] MpKsl93b71f2b C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E34E295A-CD7C-4159-BAB0-E1AB6793CEE7}\MpKsl93b71f2b.sys
    13:34:39.0578 8036 MpKsl93b71f2b - ok
    13:34:39.0593 8036 mraid35x - ok
    13:34:39.0625 8036 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    13:34:39.0640 8036 MRxDAV - ok
    13:34:39.0703 8036 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    13:34:39.0703 8036 MRxSmb - ok
    13:34:39.0750 8036 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    13:34:39.0765 8036 MSDTC - ok
    13:34:39.0796 8036 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    13:34:39.0796 8036 Msfs - ok
    13:34:39.0812 8036 MSIServer - ok
    13:34:39.0843 8036 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    13:34:39.0843 8036 MSKSSRV - ok
    13:34:39.0906 8036 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    13:34:39.0906 8036 MsMpSvc - ok
    13:34:39.0921 8036 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    13:34:39.0937 8036 MSPCLOCK - ok
    13:34:39.0953 8036 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    13:34:39.0953 8036 MSPQM - ok
    13:34:39.0984 8036 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    13:34:39.0984 8036 mssmbios - ok
    13:34:40.0015 8036 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    13:34:40.0031 8036 MSTEE - ok
    13:34:40.0078 8036 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    13:34:40.0078 8036 Mup - ok
    13:34:40.0125 8036 [ DA52265242677E1C03B2560A03172612 ] mvusbews C:\WINDOWS\system32\Drivers\mvusbews.sys
    13:34:40.0125 8036 mvusbews - ok
    13:34:40.0156 8036 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    13:34:40.0171 8036 NABTSFEC - ok
    13:34:40.0250 8036 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    13:34:40.0281 8036 napagent - ok
    13:34:40.0328 8036 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    13:34:40.0343 8036 NDIS - ok
    13:34:40.0359 8036 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    13:34:40.0375 8036 NdisIP - ok
    13:34:40.0406 8036 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    13:34:40.0406 8036 NdisTapi - ok
    13:34:40.0437 8036 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    13:34:40.0437 8036 Ndisuio - ok
    13:34:40.0468 8036 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    13:34:40.0468 8036 NdisWan - ok
    13:34:40.0500 8036 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    13:34:40.0500 8036 NDProxy - ok
    13:34:40.0562 8036 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    13:34:40.0656 8036 Net Driver HPZ12 - ok
    13:34:40.0687 8036 [ 7AFD0E39AB15CB355487B7CC19F4E2C5 ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
    13:34:40.0734 8036 Netaapl - ok
    13:34:40.0781 8036 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    13:34:40.0781 8036 NetBIOS - ok
    13:34:40.0796 8036 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    13:34:40.0812 8036 NetBT - ok
    13:34:40.0859 8036 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    13:34:40.0875 8036 NetDDE - ok
    13:34:40.0875 8036 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    13:34:40.0890 8036 NetDDEdsdm - ok
    13:34:40.0937 8036 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    13:34:40.0937 8036 Netlogon - ok
    13:34:41.0000 8036 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    13:34:41.0000 8036 Netman - ok
    13:34:41.0046 8036 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    13:34:41.0046 8036 NetTcpPortSharing - ok
    13:34:41.0093 8036 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
    13:34:41.0093 8036 NetworkX - ok
    13:34:41.0125 8036 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    13:34:41.0140 8036 Nla - ok
    13:34:41.0171 8036 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    13:34:41.0171 8036 Npfs - ok
    13:34:41.0265 8036 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    13:34:41.0375 8036 Ntfs - ok
    13:34:41.0406 8036 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    13:34:41.0421 8036 NtLmSsp - ok
    13:34:41.0484 8036 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    13:34:41.0562 8036 NtmsSvc - ok
    13:34:41.0609 8036 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    13:34:41.0609 8036 Null - ok
    13:34:41.0656 8036 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    13:34:41.0671 8036 NwlnkFlt - ok
    13:34:41.0687 8036 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    13:34:41.0703 8036 NwlnkFwd - ok
    13:34:41.0828 8036 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    13:34:41.0843 8036 odserv - ok
    13:34:41.0890 8036 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    13:34:41.0906 8036 ose - ok
    13:34:41.0953 8036 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    13:34:41.0953 8036 Parport - ok
    13:34:41.0984 8036 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    13:34:41.0984 8036 PartMgr - ok
    13:34:42.0031 8036 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    13:34:42.0031 8036 ParVdm - ok
    13:34:42.0046 8036 PCASp50 - ok
    13:34:42.0093 8036 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    13:34:42.0109 8036 PCI - ok
    13:34:42.0125 8036 PCIDump - ok
    13:34:42.0187 8036 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    13:34:42.0187 8036 PCIIde - ok
    13:34:42.0234 8036 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    13:34:42.0250 8036 Pcmcia - ok
    13:34:42.0265 8036 PDCOMP - ok
    13:34:42.0296 8036 PDFRAME - ok
    13:34:42.0312 8036 PDRELI - ok
    13:34:42.0328 8036 PDRFRAME - ok
    13:34:42.0359 8036 perc2 - ok
    13:34:42.0375 8036 perc2hib - ok
    13:34:42.0468 8036 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    13:34:42.0468 8036 PlugPlay - ok
    13:34:42.0515 8036 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    13:34:42.0640 8036 Pml Driver HPZ12 - ok
    13:34:42.0671 8036 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    13:34:42.0671 8036 PolicyAgent - ok
    13:34:42.0734 8036 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    13:34:42.0734 8036 PptpMiniport - ok
    13:34:42.0765 8036 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    13:34:42.0765 8036 ProtectedStorage - ok
    13:34:42.0781 8036 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    13:34:42.0796 8036 PSched - ok
    13:34:42.0843 8036 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    13:34:42.0843 8036 Ptilink - ok
    13:34:42.0859 8036 ql1080 - ok
    13:34:42.0890 8036 Ql10wnt - ok
    13:34:42.0921 8036 ql12160 - ok
    13:34:42.0937 8036 ql1240 - ok
    13:34:42.0953 8036 ql1280 - ok
    13:34:43.0000 8036 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    13:34:43.0000 8036 RasAcd - ok
    13:34:43.0046 8036 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    13:34:43.0062 8036 RasAuto - ok
    13:34:43.0093 8036 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    13:34:43.0109 8036 Rasl2tp - ok
    13:34:43.0171 8036 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    13:34:43.0203 8036 RasMan - ok
    13:34:43.0218 8036 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    13:34:43.0218 8036 RasPppoe - ok
    13:34:43.0250 8036 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    13:34:43.0250 8036 Raspti - ok
    13:34:43.0296 8036 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    13:34:43.0312 8036 Rdbss - ok
    13:34:43.0328 8036 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    13:34:43.0343 8036 RDPCDD - ok
    13:34:43.0406 8036 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    13:34:43.0421 8036 RDPWD - ok
    13:34:43.0468 8036 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    13:34:43.0468 8036 RDSessMgr - ok
    13:34:43.0531 8036 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    13:34:43.0546 8036 redbook - ok
    13:34:43.0625 8036 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    13:34:43.0640 8036 RemoteAccess - ok
    13:34:43.0687 8036 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    13:34:43.0796 8036 RpcLocator - ok
    13:34:43.0828 8036 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    13:34:43.0843 8036 RpcSs - ok
    13:34:43.0906 8036 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    13:34:43.0906 8036 RSVP - ok
    13:34:43.0937 8036 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    13:34:43.0937 8036 SamSs - ok
    13:34:43.0984 8036 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    13:34:43.0984 8036 SCardSvr - ok
    13:34:44.0046 8036 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    13:34:44.0046 8036 Schedule - ok
    13:34:44.0109 8036 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    13:34:44.0125 8036 Secdrv - ok
    13:34:44.0140 8036 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    13:34:44.0156 8036 seclogon - ok
    13:34:44.0171 8036 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    13:34:44.0187 8036 SENS - ok
    13:34:44.0250 8036 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    13:34:44.0265 8036 Serial - ok
    13:34:44.0328 8036 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    13:34:44.0343 8036 Sfloppy - ok
    13:34:44.0437 8036 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    13:34:44.0453 8036 SharedAccess - ok
    13:34:44.0484 8036 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    13:34:44.0500 8036 ShellHWDetection - ok
    13:34:44.0515 8036 Simbad - ok
    13:34:44.0671 8036 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    13:34:44.0687 8036 SkypeUpdate - ok
    13:34:44.0734 8036 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    13:34:44.0734 8036 SLIP - ok
    13:34:44.0750 8036 Sparrow - ok
    13:34:44.0781 8036 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    13:34:44.0796 8036 splitter - ok
    13:34:44.0843 8036 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    13:34:44.0843 8036 Spooler - ok
    13:34:44.0906 8036 [ EF4E4E1775DB542C767DD0C7B46DB926 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
    13:34:47.0484 8036 sptd - ok
    13:34:47.0750 8036 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    13:34:47.0750 8036 sr - ok
    13:34:47.0812 8036 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    13:34:47.0812 8036 srservice - ok
    13:34:47.0859 8036 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    13:34:47.0875 8036 Srv - ok
    13:34:47.0937 8036 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    13:34:47.0937 8036 SSDPSRV - ok
    13:34:48.0000 8036 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    13:34:48.0015 8036 stisvc - ok
    13:34:48.0046 8036 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    13:34:48.0062 8036 streamip - ok
    13:34:48.0062 8036 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    13:34:48.0062 8036 swenum - ok
    13:34:48.0203 8036 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    13:34:48.0531 8036 SwitchBoard - ok
    13:34:48.0578 8036 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    13:34:48.0593 8036 swmidi - ok
    13:34:48.0593 8036 SwPrv - ok
    13:34:48.0625 8036 symc810 - ok
    13:34:48.0656 8036 symc8xx - ok
    13:34:48.0671 8036 sym_hi - ok
    13:34:48.0687 8036 sym_u3 - ok
    13:34:48.0750 8036 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    13:34:48.0750 8036 sysaudio - ok
    13:34:48.0812 8036 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    13:34:48.0828 8036 SysmonLog - ok
    13:34:48.0875 8036 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    13:34:48.0890 8036 TapiSrv - ok
    13:34:48.0937 8036 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    13:34:48.0953 8036 Tcpip - ok
    13:34:48.0984 8036 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    13:34:48.0984 8036 TDPIPE - ok
    13:34:49.0000 8036 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    13:34:49.0015 8036 TDTCP - ok
    13:34:49.0031 8036 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    13:34:49.0046 8036 TermDD - ok
    13:34:49.0093 8036 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    13:34:49.0109 8036 TermService - ok
    13:34:49.0140 8036 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    13:34:49.0140 8036 Themes - ok
    13:34:49.0156 8036 TosIde - ok
    13:34:49.0218 8036 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    13:34:49.0234 8036 TrkWks - ok
    13:34:49.0281 8036 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    13:34:49.0296 8036 Udfs - ok
    13:34:49.0312 8036 ultra - ok
    13:34:49.0390 8036 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
    13:34:49.0390 8036 UMWdf - ok
    13:34:49.0468 8036 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    13:34:49.0484 8036 Update - ok
    13:34:49.0531 8036 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    13:34:49.0546 8036 upnphost - ok
    13:34:49.0562 8036 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    13:34:49.0578 8036 UPS - ok
    13:34:49.0609 8036 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    13:34:49.0703 8036 USBAAPL - ok
    13:34:49.0734 8036 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    13:34:49.0859 8036 usbaudio - ok
    13:34:49.0890 8036 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    13:34:49.0906 8036 usbccgp - ok
    13:34:49.0953 8036 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    13:34:49.0953 8036 usbehci - ok
    13:34:49.0984 8036 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    13:34:49.0984 8036 usbhub - ok
    13:34:50.0015 8036 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    13:34:50.0015 8036 usbprint - ok
    13:34:50.0046 8036 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    13:34:50.0046 8036 usbscan - ok
    13:34:50.0078 8036 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    13:34:50.0078 8036 usbstor - ok
    13:34:50.0109 8036 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    13:34:50.0109 8036 usbuhci - ok
    13:34:50.0171 8036 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    13:34:50.0218 8036 usbvideo - ok
    13:34:50.0250 8036 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    13:34:50.0250 8036 VgaSave - ok
    13:34:50.0265 8036 ViaIde - ok
    13:34:50.0390 8036 [ 7E4769483D416AA04B916AAB7EF0DBAF ] VmbService C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    13:34:50.0421 8036 VmbService - ok
    13:34:50.0484 8036 [ 381BA57C1EE2AB1BAFCB4A6035CC305F ] vodafone_K3805-z_dc_enum C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
    13:34:50.0484 8036 vodafone_K3805-z_dc_enum - ok
    13:34:50.0531 8036 [ 3AD0D0044A4F2AD80F368BB9293FFEE5 ] vodafone_zte_cdc_acm C:\WINDOWS\system32\DRIVERS\vodafone_zte_cdc_acm.sys
    13:34:50.0546 8036 vodafone_zte_cdc_acm - ok
    13:34:50.0609 8036 [ A9E5CA3B571820EDD23683E14C7E6913 ] vodafone_zte_cdc_ecm C:\WINDOWS\system32\DRIVERS\vodafone_zte_cdc_ecm.sys
    13:34:50.0609 8036 vodafone_zte_cdc_ecm - ok
    13:34:50.0656 8036 [ ECE758F4838DF809E116CFD401D503A4 ] vodafone_zte_cpo C:\WINDOWS\system32\DRIVERS\vodafone_zte_cpo.sys
    13:34:50.0656 8036 vodafone_zte_cpo - ok
    13:34:50.0703 8036 [ 565B78A7CA79B32369B9E734C653DE36 ] vodafone_zte_ecm_enum C:\WINDOWS\system32\DRIVERS\vodafone_zte_ecm_enum.sys
    13:34:50.0703 8036 vodafone_zte_ecm_enum - ok
    13:34:50.0750 8036 [ 565B78A7CA79B32369B9E734C653DE36 ] vodafone_zte_ecm_enum_filter C:\WINDOWS\system32\DRIVERS\vodafone_zte_ecm_enum_filter.sys
    13:34:50.0750 8036 vodafone_zte_ecm_enum_filter - ok
    13:34:50.0812 8036 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    13:34:50.0812 8036 VolSnap - ok
    13:34:50.0875 8036 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    13:34:50.0875 8036 VSS - ok
    13:34:50.0937 8036 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    13:34:50.0953 8036 W32Time - ok
    13:34:50.0984 8036 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    13:34:51.0000 8036 Wanarp - ok
    13:34:51.0125 8036 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    13:34:51.0203 8036 Wdf01000 - ok
    13:34:51.0234 8036 WDICA - ok
    13:34:51.0265 8036 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    13:34:51.0281 8036 wdmaud - ok
    13:34:51.0343 8036 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    13:34:51.0359 8036 WebClient - ok
    13:34:51.0453 8036 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    13:34:51.0453 8036 winmgmt - ok
    13:34:51.0531 8036 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
    13:34:51.0531 8036 WmdmPmSN - ok
    13:34:51.0578 8036 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    13:34:51.0578 8036 WmiApSrv - ok
    13:34:51.0609 8036 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
    13:34:51.0609 8036 WpdUsb - ok
    13:34:51.0671 8036 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    13:34:51.0671 8036 wscsvc - ok
    13:34:51.0750 8036 [ 8FEDE6CF2EB103EF1274CE2C9D8EE0E7 ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
    13:34:51.0765 8036 WSIMD - ok
    13:34:51.0781 8036 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    13:34:51.0796 8036 WSTCODEC - ok
    13:34:51.0812 8036 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    13:34:51.0812 8036 wuauserv - ok
    13:34:51.0875 8036 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    13:34:51.0890 8036 WZCSVC - ok
    13:34:51.0984 8036 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    13:34:52.0000 8036 xmlprov - ok
    13:34:52.0031 8036 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
    13:34:52.0046 8036 ZTEusbmdm6k - ok
    13:34:52.0078 8036 [ 7DF32DC0267C91BACF7E2B4E38AC5DF1 ] ZTEusbnet C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
    13:34:52.0078 8036 ZTEusbnet - ok
    13:34:52.0109 8036 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
    13:34:52.0109 8036 ZTEusbnmea - ok
    13:34:52.0156 8036 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
    13:34:52.0218 8036 ZTEusbser6k - ok
    13:34:52.0234 8036 [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbvoice C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
    13:34:52.0250 8036 ZTEusbvoice - ok
    13:34:52.0296 8036 ================ Scan global ===============================
    13:34:52.0343 8036 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    13:34:52.0406 8036 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    13:34:52.0421 8036 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    13:34:52.0453 8036 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    13:34:52.0468 8036 [Global] - ok
    13:34:52.0468 8036 ================ Scan MBR ==================================
    13:34:52.0484 8036 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    13:34:52.0796 8036 \Device\Harddisk0\DR0 - ok
    13:34:53.0218 8036 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR5
    13:34:53.0234 8036 \Device\Harddisk1\DR5 - ok
    13:34:53.0250 8036 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR5
    13:34:53.0265 8036 \Device\Harddisk1\DR5 - ok
    13:34:53.0281 8036 [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk2\DR11
    13:34:53.0281 8036 \Device\Harddisk2\DR11 - ok
    13:34:53.0281 8036 ================ Scan VBR ==================================
    13:34:53.0296 8036 [ E25159A6F1FD34497AC1785A1F890CE1 ] \Device\Harddisk0\DR0\Partition1
    13:34:53.0296 8036 \Device\Harddisk0\DR0\Partition1 - ok
    13:34:53.0328 8036 [ 2261731DD88BA5A627D706FA0C7BC8E7 ] \Device\Harddisk0\DR0\Partition2
    13:34:53.0328 8036 \Device\Harddisk0\DR0\Partition2 - ok
    13:34:53.0375 8036 [ 8E643EF3DEB1E56187CC0752752C4CE2 ] \Device\Harddisk0\DR0\Partition3
    13:34:53.0390 8036 \Device\Harddisk0\DR0\Partition3 - ok
    13:34:53.0390 8036 [ FE228EC3A5ABABE9316B1FAFC521E116 ] \Device\Harddisk1\DR5\Partition1
    13:34:53.0406 8036 \Device\Harddisk1\DR5\Partition1 - ok
    13:34:53.0406 8036 [ FE228EC3A5ABABE9316B1FAFC521E116 ] \Device\Harddisk1\DR5\Partition1
    13:34:53.0421 8036 \Device\Harddisk1\DR5\Partition1 - ok
    13:34:53.0421 8036 [ 7E648A180A8D56423726EBD6499A1B13 ] \Device\Harddisk2\DR11\Partition1
    13:34:53.0421 8036 \Device\Harddisk2\DR11\Partition1 - ok
    13:34:53.0437 8036 ============================================================
    13:34:53.0437 8036 Scan finished
    13:34:53.0437 8036 ============================================================
    13:34:53.0453 8040 Detected object count: 0
    13:34:53.0453 8040 Actual detected object count: 0
     
  13. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    RK report (the first time I ran it, it crashed; this is from the second time I ran it):

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : John B. Morgan IV [Admin rights]
    Mode : Remove -- Date : 10/09/2012 13:44:32

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [Services][LOCK] HKLM\[...]\ControlSet002\Services\{4CF69781-2339-42F6-899A-AF3DF7C8BB96} -> DELETED
    [Services][LOCK] HKLM\[...]\ControlSet003\Services\{4CF69781-2339-42F6-899A-AF3DF7C8BB96} -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\WINDOWS\AzureBay.scr) -> REPLACED (C:\WINDOWS\system32\logon.scr)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9160310AS +++++
    --- User ---
    [MBR] e2e5f1ff2d09be4f5c1f67a3601196dc
    [BSP] 5aee5d06d15c200c786e502a22e151e0 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 81909 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167750730 | Size: 62667 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 296094015 | Size: 8008 Mo
    3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Toshiba External USB HDD USB Device +++++
    --- User ---
    [MBR] 6881e43272de766a2605346fc52b870b
    [BSP] bff7d1eaa7d3dc286f4bb426c0eec153 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
     
  14. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    This is from the first time I ran RK:

    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : John B. Morgan IV [Admin rights]
    Mode : Scan -- Date : 10/09/2012 13:37:38

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] agent.exe -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\WINDOWS\AzureBay.scr) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9160310AS +++++
    --- User ---
    [MBR] e2e5f1ff2d09be4f5c1f67a3601196dc
    [BSP] 5aee5d06d15c200c786e502a22e151e0 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 81909 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167750730 | Size: 62667 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 296094015 | Size: 8008 Mo
    3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Toshiba External USB HDD USB Device +++++
    --- User ---
    [MBR] 6881e43272de766a2605346fc52b870b
    [BSP] bff7d1eaa7d3dc286f4bb426c0eec153 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  15. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    A second report from the first time I ran RK:

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : John B. Morgan IV [Admin rights]
    Mode : Scan -- Date : 10/09/2012 13:41:03

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [Services][LOCK] HKLM\[...]\ControlSet002\Services\{4CF69781-2339-42F6-899A-AF3DF7C8BB96} ({4CF69781-2339-42F6-899A-AF3DF7C8BB96}.sys) -> FOUND
    [Services][LOCK] HKLM\[...]\ControlSet003\Services\{4CF69781-2339-42F6-899A-AF3DF7C8BB96} ({4CF69781-2339-42F6-899A-AF3DF7C8BB96}.sys) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\WINDOWS\AzureBay.scr) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9160310AS +++++
    --- User ---
    [MBR] e2e5f1ff2d09be4f5c1f67a3601196dc
    [BSP] 5aee5d06d15c200c786e502a22e151e0 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 81909 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167750730 | Size: 62667 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 296094015 | Size: 8008 Mo
    3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Toshiba External USB HDD USB Device +++++
    --- User ---
    [MBR] 6881e43272de766a2605346fc52b870b
    [BSP] bff7d1eaa7d3dc286f4bb426c0eec153 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  16. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    Broni, when I ran aswMBR, it ran for a while but then my computer froze. It doesn't seem to have saved a log.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    Try safe mode.
     
  18. jbmorgan

    jbmorgan TS Rookie Topic Starter Posts: 81

    I did when I rebooted. It still won't start in safe mode.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  20. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.