dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
3816
share rss forum feed

kkempker7

join:2007-03-18
Holts Summit, MO

1 edit

[RESOLVED]Infected with something, can't get on the internet

Working on the same machine that I worked on earlier this year, some symptoms, not able to get online. I've ran just about everything I know, winsock fix and reset the tcp/ip, rKill. I had to reformat last time, thinking I'm going to have to do it again. I did have MSE installed, when I got it back, the service was not running and was unable to get the service started, couldn't uninstall it through add/remove programs. Had to remove it via .bat from MS site. Now I can't even install it again, says it's looking for for some file. Since I am unable to get online, I was unable to do the online scans. Below are the log files.

kkempker7

join:2007-03-18
Holts Summit, MO

Re: Infected with something, can't get on the internet

First Malwarebytes log

Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Brian :: HOME [administrator]

6/2/2012 1:39:47 PM
mbam-log-2012-06-02 (13-39-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228335
Time elapsed: 14 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\5qUninstall Zwinky.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

(end)

kkempker7

join:2007-03-18
Holts Summit, MO
reply to kkempker7
Second Malwarebytes Log

Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.28.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Brian :: HOME [administrator]

6/2/2012 6:10:02 PM
mbam-log-2012-06-02 (18-10-02).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 298566
Time elapsed: 31 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 20
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP93\A0012282.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018468.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018467.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018469.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018474.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018475.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018476.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018477.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018481.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018485.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018489.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018490.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018493.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018496.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018497.exe (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018499.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018501.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP125\A0018512.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP127\A0018539.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{0DC0EEF5-A99A-447A-8594-BC1D60249EBA}\RP127\A0018538.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

kkempker7

join:2007-03-18
Holts Summit, MO
reply to kkempker7
OTL logfile created on: 6/2/2012 7:42:07 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\PC Security
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 655.42 Mb Available Physical Memory | 64.14% Memory free
2.40 Gb Paging File | 2.14 Gb Available in Paging File | 89.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 192.24 Gb Free Space | 83.67% Space Free | Partition Type: NTFS
Drive J: | 1.87 Gb Total Space | 1.44 Gb Free Space | 77.15% Space Free | Partition Type: FAT

Computer Name: HOME | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/01/03 08:10:44 | 001,494,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/05/26 18:21:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\PC Security\OTL.exe
PRC - [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011/05/26 18:21:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\PC Security\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (Zwinky_5qService)
SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/07 18:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\5qffxtbr@Zwinky_5q.com: C:\Program Files\Zwinky_5q\bar\1.bin

Hosts file not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [MSC] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/06 21:24:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/06/02 19:40:07 | 000,000,000 | ---D | C] -- C:\b8394a2882d574699c
[2012/06/02 19:40:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/02 19:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/06/02 19:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/02 19:23:11 | 000,000,000 | ---D | C] -- C:\6d7eafbce8c2c236b0de0ee19bdb
[2012/06/02 19:23:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brian\Start Menu\Programs\Administrative Tools
[2012/06/02 19:23:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/06/02 19:10:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/02 15:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/06/02 14:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\PCHealth
[2012/06/02 14:42:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brian\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/02 14:34:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/02 14:34:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brian\My Documents\My Videos
[2012/06/02 14:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\Temp
[2012/06/02 14:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Local Settings\Application Data\Adobe
[2012/06/02 13:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian\Application Data\Malwarebytes
[2012/06/02 13:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/02 13:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/02 13:39:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/02 13:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/09 04:31:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/05/09 04:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/05/06 23:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/05/06 19:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/05/06 19:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/05/06 19:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/05/06 18:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F4D55EDB000025EF000022A1D151FC4E
[2012/05/06 07:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/06/02 19:41:09 | 000,002,039 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/02 19:40:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/02 19:40:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3FAD947B-4DB5-46A7-94AE-767185F3CA61}.job
[2012/06/02 19:37:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/02 19:37:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/02 19:35:10 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1214440339-1417001333-1003UA.job
[2012/06/02 19:32:20 | 000,002,500 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\New Text Document (2).bat
[2012/06/02 18:37:11 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/02 18:37:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1214440339-1417001333-1004UA.job
[2012/06/02 15:58:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/06/02 15:35:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1214440339-1417001333-1003Core.job
[2012/06/02 14:42:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/02 14:39:18 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Brian\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/02 14:14:57 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\Brian\Desktop\Shortcut to PC Security.lnk
[2012/06/01 02:37:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1214440339-1417001333-1004Core.job
[2012/05/27 07:00:42 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2012/05/27 02:27:21 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/25 21:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/23 15:12:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/08 17:28:06 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/05/06 19:55:28 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/06/02 19:32:42 | 000,002,500 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\New Text Document (2).bat
[2012/06/02 15:58:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/06/02 14:14:57 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\Brian\Desktop\Shortcut to PC Security.lnk
[2012/06/02 13:39:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/09 04:01:35 | 000,174,000 | ---- | C] () -- C:\Program Files\5qres.dll
[2012/05/06 19:55:28 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/05/06 18:58:11 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/30 16:16:24 | 000,151,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/14 19:51:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 20:58:05 | 000,050,200 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/11 14:12:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/07 19:20:20 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/02/07 19:19:17 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/02/07 18:50:41 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012/02/06 22:31:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/06 21:26:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/06 21:22:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/06 15:16:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/06 15:15:40 | 000,243,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/13 18:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/13 18:00:00 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/13 18:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/13 18:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/13 18:00:00 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/13 18:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/13 18:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/13 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/13 18:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 18:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/13 18:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pdiddcci.dll
[2005/04/14 22:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/14 22:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2012/06/02 19:40:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/08 19:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4D55EDB000025EF000022A1D151FC4E
[2012/06/02 19:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/06 07:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/02/07 08:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012/02/06 22:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/21 21:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian\Application Data\.minecraft
[2012/05/27 07:00:42 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2012/06/02 19:40:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3FAD947B-4DB5-46A7-94AE-767185F3CA61}.job

[color=#E56717]========== Purity Check ==========[/color]

kkempker7

join:2007-03-18
Holts Summit, MO
reply to kkempker7
There was no Extras file

kkempker7

join:2007-03-18
Holts Summit, MO
reply to kkempker7
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]

Antivirus up to date!
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]

CCleaner
Java(TM) 6 Update 30
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]

``````````End of Log````````````

kkempker7

join:2007-03-18
Holts Summit, MO
reply to kkempker7
Also, when I do ipconfig /all I get:
Windows IP Configuration, an internal error occured: The request is not supported Contact Microsoft Product Support, Additional information: Unable to query host name


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to kkempker7
Sound like you have a broken NIC. You might try installing a new one.

THere are a few items in the log that need attention, but we are also back at missing OS files.

Formatting would be your best option but it appears there are hardware issues involved as well. If this is an older computer, you may want to consider replacing it.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

kkempker7

join:2007-03-18
Holts Summit, MO
I did get it online, the Ipsec.sys was missing. Eset scan didn't find anything. What missing OS files are there?


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to kkempker7
The OTL log showed HidServ was missing. That may be a false statement.

I would like to see the Extras log. It is only produced on the first run of OTL. Log you posted was the second run.

To force the Extra on, start OTL, and select 'Use Safelist' in the Extra Registry setting. All other settings are as defaulted. Then run the scan. There is no need to post the main OTL log, just the Extras.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

kkempker7

join:2007-03-18
Holts Summit, MO
Click for full size
OTL Extras logfile created on: 6/3/2012 4:47:25 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\PC Security
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 539.84 Mb Available Physical Memory | 52.83% Memory free
2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 191.78 Gb Free Space | 83.47% Space Free | Partition Type: NTFS
Drive J: | 1.87 Gb Total Space | 1.44 Gb Free Space | 77.13% Space Free | Partition Type: FAT

Computer Name: HOME | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}" = ATI Catalyst Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel(R) PRO Network Connections Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 6/2/2012 8:39:24 PM | Computer Name = HOME | Source = JavaQuickStarterService | ID = 1
Description =

Error - 6/2/2012 8:41:08 PM | Computer Name = HOME | Source = Microsoft Security Client | ID = 5000
Description =

Error - 6/2/2012 8:41:09 PM | Computer Name = HOME | Source = Microsoft Security Client | ID = 5000
Description =

Error - 6/2/2012 8:41:09 PM | Computer Name = HOME | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8007064C Description:. 0x8007064C. The installation source
for this product is not available. Verify that the source exists and that you
can access it.

Error - 6/3/2012 9:39:24 AM | Computer Name = HOME | Source = JavaQuickStarterService | ID = 1
Description =

Error - 6/3/2012 10:07:40 AM | Computer Name = HOME | Source = Microsoft Security Client | ID = 5000
Description =

Error - 6/3/2012 10:07:43 AM | Computer Name = HOME | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8007064C Description:. 0x8007064C. The installation source
for this product is not available. Verify that the source exists and that you
can access it.

Error - 6/3/2012 10:07:43 AM | Computer Name = HOME | Source = Microsoft Security Client | ID = 5000
Description =

Error - 6/3/2012 10:08:39 AM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/3/2012 10:08:39 AM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 6/2/2012 8:37:28 PM | Computer Name = HOME | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 6/2/2012 9:17:57 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The IPSEC driver service failed to start due to the following error:
%%2

Error - 6/2/2012 9:17:57 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7001
Description = The TCP/IP Protocol Driver service depends on the IPSEC driver service
which failed to start because of the following error: %%2

Error - 6/2/2012 9:28:16 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The IPSEC driver service failed to start due to the following error:
%%2

Error - 6/3/2012 9:37:22 AM | Computer Name = HOME | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 6/3/2012 9:37:22 AM | Computer Name = HOME | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 6/3/2012 9:39:27 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 6/3/2012 9:39:27 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 6/3/2012 9:39:27 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 6/3/2012 9:39:27 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

kkempker7

join:2007-03-18
Holts Summit, MO
I'm having problems getting MSE reinstalled. I took a screenshot of the message I'm getting. The default location it's looking for doesn't even exist. When I browse to the location of the file it's asking for (the installer extracted files to this location), that is when I get the message about being not an invalid installation package.


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to kkempker7
Try downloading the MSE installation package again. Put it on the Desktop and try to install from there.

Thanks for the OTL Extras log. The logs themselves are clean.

kkempker7

join:2007-03-18
Holts Summit, MO
I've tried downloading several times, doesn't work. I did get AVG installed, might try to installed AVAST instead.

Thanks.


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to kkempker7
ok, as long as you have an AV installed. You might want to do a full scan with it and see what it shows.

kkempker7

join:2007-03-18
Holts Summit, MO
Shows nothing. Lately I've not really cared for AVG, I'd rather use Avast or MSE.


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to kkempker7
Let check for rootkits to be safe,

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

kkempker7

join:2007-03-18
Holts Summit, MO
Here are 3 of the logs. I'll post the Sophos log tonight. It locked up overnight running and had to start it back up. The first scan with Sophos did find 2 threats, I believe it was one of the fake AV worms. I removed them, then scanned a second time, that is when it locked up.

kkempker7

join:2007-03-18
Holts Summit, MO
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-04 21:27:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST325082 rev.3.AD
Running: gmer.exe; Driver: C:\DOCUME~1\Brian\LOCALS~1\Temp\pxtdipow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA16F5004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA16F50D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA16F4D76]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA7407640]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA16F4EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA16F4F56]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3740] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[252] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB17418$\2121815625 0 bytes
File C:\WINDOWS\$NtUninstallKB17418$\3309797709 0 bytes
File C:\WINDOWS\$NtUninstallKB17418$\3309797709\L 0 bytes
File C:\WINDOWS\$NtUninstallKB17418$\3309797709\U 0 bytes

---- EOF - GMER 1.0.15 ----

kkempker7

join:2007-03-18
Holts Summit, MO
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2012/06/04 21:31
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xA36FC000 Size: 888832 File Visible: No Signed: -
Status: -

Name: pxtdipow.sys
Image Path: C:\DOCUME~1\Brian\LOCALS~1\Temp\pxtdipow.sys
Address: 0x9F62C000 Size: 100864 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA0D8C000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\$NtUninstallKB17418$
Status: Locked to the Windows API!

Path: C:\WINDOWS\$NtUninstallKB2079403$:SummaryInformation
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\AVG2012\Chjw\e8705d39705d1024.dat:c473a837-b9c9-4728-ab5a-a10a8ab5cd3f
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys" at address 0xa16f5004

#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys" at address 0xa16f50d4

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys" at address 0xa16f4d76

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xa7407640

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys" at address 0xa16f4eba

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys" at address 0xa16f4f56

Shadow SSDT
-------------------
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys" at address 0xa16f559e

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys" at address 0xa16f550a

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys" at address 0xa16f554a

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys" at address 0xa16f549c

==EOF==

kkempker7

join:2007-03-18
Holts Summit, MO
07:02:20.0171 0220 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
07:02:20.0671 0220 ============================================================
07:02:20.0671 0220 Current date / time: 2012/06/05 07:02:20.0671
07:02:20.0671 0220 SystemInfo:
07:02:20.0671 0220
07:02:20.0671 0220 OS Version: 5.1.2600 ServicePack: 3.0
07:02:20.0671 0220 Product type: Workstation
07:02:20.0671 0220 ComputerName: HOME
07:02:20.0671 0220 UserName: Brian
07:02:20.0671 0220 Windows directory: C:\WINDOWS
07:02:20.0671 0220 System windows directory: C:\WINDOWS
07:02:20.0671 0220 Processor architecture: Intel x86
07:02:20.0671 0220 Number of processors: 2
07:02:20.0671 0220 Page size: 0x1000
07:02:20.0671 0220 Boot type: Normal boot
07:02:20.0671 0220 ============================================================
07:02:21.0437 0220 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:02:21.0453 0220 Drive \Device\Harddisk1\DR2 - Size: 0x776F8000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:02:21.0515 0220 ============================================================
07:02:21.0515 0220 \Device\Harddisk0\DR0:
07:02:21.0515 0220 MBR partitions:
07:02:21.0515 0220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1CB880AA
07:02:21.0515 0220 \Device\Harddisk1\DR2:
07:02:21.0515 0220 MBR partitions:
07:02:21.0515 0220 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3BB521
07:02:21.0515 0220 ============================================================
07:02:21.0625 0220 C: \Device\Harddisk0\DR0\Partition0
07:02:21.0625 0220 ============================================================
07:02:21.0625 0220 Initialize success
07:02:21.0640 0220 ============================================================
07:04:37.0031 3936 ============================================================
07:04:37.0031 3936 Scan started
07:04:37.0031 3936 Mode: Manual;
07:04:37.0031 3936 ============================================================
07:04:37.0328 3936 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
07:04:37.0343 3936 !SASCORE - ok
07:04:37.0468 3936 Abiosdsk - ok
07:04:37.0484 3936 abp480n5 - ok
07:04:37.0531 3936 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:04:37.0546 3936 ACPI - ok
07:04:37.0578 3936 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:04:37.0593 3936 ACPIEC - ok
07:04:37.0593 3936 adpu160m - ok
07:04:37.0656 3936 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:04:37.0656 3936 aec - ok
07:04:37.0703 3936 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:04:37.0718 3936 AFD - ok
07:04:37.0718 3936 Aha154x - ok
07:04:37.0734 3936 aic78u2 - ok
07:04:37.0734 3936 aic78xx - ok
07:04:37.0781 3936 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
07:04:37.0781 3936 Alerter - ok
07:04:37.0812 3936 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
07:04:37.0812 3936 ALG - ok
07:04:37.0812 3936 AliIde - ok
07:04:37.0812 3936 amsint - ok
07:04:37.0921 3936 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:04:37.0921 3936 Apple Mobile Device - ok
07:04:37.0953 3936 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
07:04:37.0968 3936 AppMgmt - ok
07:04:37.0968 3936 asc - ok
07:04:37.0968 3936 asc3350p - ok
07:04:37.0984 3936 asc3550 - ok
07:04:38.0093 3936 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:04:38.0093 3936 aspnet_state - ok
07:04:38.0109 3936 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:04:38.0109 3936 AsyncMac - ok
07:04:38.0125 3936 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
07:04:38.0125 3936 atapi - ok
07:04:38.0140 3936 Atdisk - ok
07:04:38.0218 3936 Ati HotKey Poller (c23082b890f21267037ca6111c385ff3) C:\WINDOWS\system32\Ati2evxx.exe
07:04:38.0234 3936 Ati HotKey Poller - ok
07:04:38.0296 3936 ATI Smart (0d582dc5e3f74cea1bf56ba2a925d0f2) C:\WINDOWS\system32\ati2sgag.exe
07:04:38.0312 3936 ATI Smart - ok
07:04:38.0437 3936 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
07:04:38.0484 3936 ati2mtag - ok
07:04:38.0609 3936 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:04:38.0609 3936 Atmarpc - ok
07:04:38.0640 3936 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
07:04:38.0640 3936 AudioSrv - ok
07:04:38.0687 3936 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:04:38.0703 3936 audstub - ok
07:04:40.0234 3936 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
07:04:40.0562 3936 AVGIDSAgent - ok
07:04:40.0734 3936 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
07:04:40.0734 3936 AVGIDSDriver - ok
07:04:40.0750 3936 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
07:04:40.0765 3936 AVGIDSFilter - ok
07:04:40.0781 3936 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
07:04:40.0781 3936 AVGIDSHX - ok
07:04:40.0796 3936 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
07:04:40.0796 3936 AVGIDSShim - ok
07:04:40.0828 3936 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
07:04:40.0828 3936 Avgldx86 - ok
07:04:40.0859 3936 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
07:04:40.0859 3936 Avgmfx86 - ok
07:04:40.0890 3936 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
07:04:40.0890 3936 Avgrkx86 - ok
07:04:40.0921 3936 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
07:04:40.0937 3936 Avgtdix - ok
07:04:41.0109 3936 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
07:04:41.0109 3936 avgwd - ok
07:04:41.0156 3936 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:04:41.0156 3936 Beep - ok
07:04:41.0218 3936 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
07:04:41.0265 3936 BITS - ok
07:04:41.0359 3936 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
07:04:41.0375 3936 Bonjour Service - ok
07:04:41.0421 3936 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
07:04:41.0421 3936 Browser - ok
07:04:41.0453 3936 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:04:41.0453 3936 cbidf2k - ok
07:04:41.0453 3936 cd20xrnt - ok
07:04:41.0500 3936 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:04:41.0500 3936 Cdaudio - ok
07:04:41.0531 3936 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:04:41.0531 3936 Cdfs - ok
07:04:41.0578 3936 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:04:41.0578 3936 Cdrom - ok
07:04:41.0578 3936 cerc6 - ok
07:04:41.0578 3936 Changer - ok
07:04:41.0609 3936 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
07:04:41.0609 3936 CiSvc - ok
07:04:41.0609 3936 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
07:04:41.0609 3936 ClipSrv - ok
07:04:41.0687 3936 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:04:41.0703 3936 clr_optimization_v2.0.50727_32 - ok
07:04:41.0703 3936 CmdIde - ok
07:04:41.0703 3936 COMSysApp - ok
07:04:41.0718 3936 Cpqarray - ok
07:04:41.0765 3936 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
07:04:41.0765 3936 CryptSvc - ok
07:04:41.0765 3936 dac2w2k - ok
07:04:41.0781 3936 dac960nt - ok
07:04:41.0843 3936 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:04:41.0859 3936 DcomLaunch - ok
07:04:41.0875 3936 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
07:04:41.0875 3936 Dhcp - ok
07:04:41.0890 3936 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:04:41.0890 3936 Disk - ok
07:04:41.0890 3936 dmadmin - ok
07:04:41.0953 3936 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:04:41.0984 3936 dmboot - ok
07:04:42.0000 3936 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:04:42.0000 3936 dmio - ok
07:04:42.0015 3936 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:04:42.0015 3936 dmload - ok
07:04:42.0046 3936 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
07:04:42.0046 3936 dmserver - ok
07:04:42.0078 3936 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:04:42.0093 3936 DMusic - ok
07:04:42.0125 3936 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
07:04:42.0125 3936 Dnscache - ok
07:04:42.0171 3936 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
07:04:42.0171 3936 Dot3svc - ok
07:04:42.0187 3936 dpti2o - ok
07:04:42.0187 3936 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:04:42.0187 3936 drmkaud - ok
07:04:42.0250 3936 e1express (17aaca24903e6d5faece3c35de01d3dd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
07:04:42.0265 3936 e1express - ok
07:04:42.0296 3936 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
07:04:42.0296 3936 EapHost - ok
07:04:42.0296 3936 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
07:04:42.0296 3936 ERSvc - ok
07:04:42.0328 3936 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:04:42.0375 3936 Eventlog - ok
07:04:42.0421 3936 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
07:04:42.0421 3936 EventSystem - ok
07:04:42.0500 3936 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:04:42.0500 3936 Fastfat - ok
07:04:42.0546 3936 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:04:42.0562 3936 FastUserSwitchingCompatibility - ok
07:04:42.0578 3936 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:04:42.0578 3936 Fdc - ok
07:04:42.0593 3936 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:04:42.0593 3936 Fips - ok
07:04:42.0593 3936 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:04:42.0593 3936 Flpydisk - ok
07:04:42.0625 3936 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:04:42.0656 3936 FltMgr - ok
07:04:42.0765 3936 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:04:42.0765 3936 FontCache3.0.0.0 - ok
07:04:42.0781 3936 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:04:42.0781 3936 Fs_Rec - ok
07:04:42.0796 3936 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:04:42.0812 3936 Ftdisk - ok
07:04:42.0843 3936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:04:42.0843 3936 GEARAspiWDM - ok
07:04:42.0890 3936 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:04:42.0890 3936 Gpc - ok
07:04:43.0015 3936 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
07:04:43.0031 3936 gupdate - ok
07:04:43.0031 3936 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
07:04:43.0031 3936 gupdatem - ok
07:04:43.0078 3936 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:04:43.0093 3936 gusvc - ok
07:04:43.0125 3936 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:04:43.0140 3936 HDAudBus - ok
07:04:43.0187 3936 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:04:43.0187 3936 helpsvc - ok
07:04:43.0187 3936 HidServ - ok
07:04:43.0234 3936 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:04:43.0234 3936 hidusb - ok
07:04:43.0265 3936 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
07:04:43.0265 3936 hkmsvc - ok
07:04:43.0265 3936 hpn - ok
07:04:43.0312 3936 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
07:04:43.0328 3936 HSFHWBS2 - ok
07:04:43.0390 3936 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
07:04:43.0453 3936 HSF_DP - ok
07:04:43.0515 3936 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:04:43.0515 3936 HTTP - ok
07:04:43.0546 3936 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
07:04:43.0546 3936 HTTPFilter - ok
07:04:43.0546 3936 i2omgmt - ok
07:04:43.0562 3936 i2omp - ok
07:04:43.0593 3936 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
07:04:43.0593 3936 i8042prt - ok
07:04:43.0656 3936 iastor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iastor.sys
07:04:43.0656 3936 iastor - ok
07:04:43.0828 3936 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:04:43.0859 3936 idsvc - ok
07:04:43.0890 3936 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:04:43.0890 3936 Imapi - ok
07:04:43.0937 3936 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
07:04:43.0953 3936 ImapiService - ok
07:04:43.0953 3936 ini910u - ok
07:04:43.0968 3936 IntelIde - ok
07:04:44.0000 3936 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:04:44.0000 3936 intelppm - ok
07:04:44.0031 3936 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:04:44.0031 3936 Ip6Fw - ok
07:04:44.0046 3936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:04:44.0046 3936 IpFilterDriver - ok
07:04:44.0062 3936 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:04:44.0062 3936 IpInIp - ok
07:04:44.0093 3936 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:04:44.0093 3936 IpNat - ok
07:04:44.0218 3936 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
07:04:44.0250 3936 iPod Service - ok
07:04:44.0281 3936 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:04:44.0281 3936 IPSec - ok
07:04:44.0296 3936 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:04:44.0296 3936 IRENUM - ok
07:04:44.0328 3936 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:04:44.0328 3936 isapnp - ok
07:04:44.0437 3936 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
07:04:44.0453 3936 JavaQuickStarterService - ok
07:04:44.0468 3936 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:04:44.0468 3936 Kbdclass - ok
07:04:44.0484 3936 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:04:44.0484 3936 kbdhid - ok
07:04:44.0531 3936 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:04:44.0546 3936 kmixer - ok
07:04:44.0593 3936 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:04:44.0593 3936 KSecDD - ok
07:04:44.0640 3936 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
07:04:44.0656 3936 LanmanServer - ok
07:04:44.0671 3936 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
07:04:44.0687 3936 lanmanworkstation - ok
07:04:44.0687 3936 lbrtfdc - ok
07:04:44.0734 3936 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
07:04:44.0734 3936 LmHosts - ok
07:04:44.0843 3936 MDM (2c85dbcff4bd7ea1d19a00ad71662817) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
07:04:44.0843 3936 MDM - ok
07:04:44.0906 3936 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:04:44.0906 3936 mdmxsdk - ok
07:04:44.0921 3936 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
07:04:44.0921 3936 Messenger - ok
07:04:44.0953 3936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:04:44.0953 3936 mnmdd - ok
07:04:44.0984 3936 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
07:04:45.0000 3936 mnmsrvc - ok
07:04:45.0015 3936 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:04:45.0015 3936 Modem - ok
07:04:45.0046 3936 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
07:04:45.0046 3936 MODEMCSA - ok
07:04:45.0062 3936 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:04:45.0062 3936 Mouclass - ok
07:04:45.0078 3936 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:04:45.0078 3936 mouhid - ok
07:04:45.0078 3936 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:04:45.0078 3936 MountMgr - ok
07:04:45.0109 3936 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:04:45.0140 3936 MpFilter - ok
07:04:45.0140 3936 mraid35x - ok
07:04:45.0156 3936 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:04:45.0156 3936 MRxDAV - ok
07:04:45.0187 3936 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:04:45.0203 3936 MRxSmb - ok
07:04:45.0234 3936 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
07:04:45.0250 3936 MSDTC - ok
07:04:45.0250 3936 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:04:45.0250 3936 Msfs - ok
07:04:45.0250 3936 MSIServer - ok
07:04:45.0296 3936 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:04:45.0296 3936 MSKSSRV - ok
07:04:45.0328 3936 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:04:45.0328 3936 MSPCLOCK - ok
07:04:45.0328 3936 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:04:45.0328 3936 MSPQM - ok
07:04:45.0359 3936 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:04:45.0359 3936 mssmbios - ok
07:04:45.0406 3936 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:04:45.0406 3936 Mup - ok
07:04:45.0546 3936 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
07:04:45.0562 3936 napagent - ok
07:04:45.0593 3936 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:04:45.0609 3936 NDIS - ok
07:04:45.0609 3936 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:04:45.0609 3936 NdisTapi - ok
07:04:45.0656 3936 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:04:45.0656 3936 Ndisuio - ok
07:04:45.0734 3936 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:04:45.0734 3936 NdisWan - ok
07:04:45.0765 3936 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:04:45.0765 3936 NDProxy - ok
07:04:45.0781 3936 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:04:45.0781 3936 NetBIOS - ok
07:04:45.0796 3936 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:04:45.0812 3936 NetBT - ok
07:04:45.0843 3936 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:04:45.0843 3936 NetDDE - ok
07:04:45.0859 3936 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
07:04:45.0859 3936 NetDDEdsdm - ok
07:04:45.0890 3936 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:04:45.0890 3936 Netlogon - ok
07:04:45.0906 3936 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
07:04:45.0921 3936 Netman - ok
07:04:46.0046 3936 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:04:46.0046 3936 NetTcpPortSharing - ok
07:04:46.0093 3936 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
07:04:46.0093 3936 Nla - ok
07:04:46.0109 3936 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:04:46.0109 3936 Npfs - ok
07:04:46.0171 3936 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:04:46.0187 3936 Ntfs - ok
07:04:46.0187 3936 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:04:46.0187 3936 NtLmSsp - ok
07:04:46.0234 3936 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
07:04:46.0250 3936 NtmsSvc - ok
07:04:46.0296 3936 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:04:46.0296 3936 Null - ok
07:04:46.0328 3936 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:04:46.0328 3936 NwlnkFlt - ok
07:04:46.0328 3936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:04:46.0343 3936 NwlnkFwd - ok
07:04:46.0406 3936 ose (d0d68ed9f67910fb27388f4dff0d63c0) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:04:46.0453 3936 ose - ok
07:04:46.0890 3936 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
07:04:46.0921 3936 Parport - ok
07:04:47.0171 3936 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:04:47.0296 3936 PartMgr - ok
07:04:47.0625 3936 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:04:47.0625 3936 ParVdm - ok
07:04:48.0000 3936 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:04:48.0031 3936 PCI - ok
07:04:48.0031 3936 PCIDump - ok
07:04:48.0046 3936 PCIIde - ok
07:04:48.0578 3936 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:04:48.0656 3936 Pcmcia - ok
07:04:48.0656 3936 PDCOMP - ok
07:04:48.0656 3936 PDFRAME - ok
07:04:48.0656 3936 PDRELI - ok
07:04:48.0671 3936 PDRFRAME - ok
07:04:48.0671 3936 perc2 - ok
07:04:48.0671 3936 perc2hib - ok
07:04:48.0875 3936 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
07:04:48.0875 3936 PlugPlay - ok
07:04:48.0890 3936 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:04:48.0890 3936 PolicyAgent - ok
07:04:49.0046 3936 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:04:49.0078 3936 PptpMiniport - ok
07:04:49.0078 3936 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:04:49.0078 3936 ProtectedStorage - ok
07:04:49.0296 3936 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:04:49.0312 3936 PSched - ok
07:04:49.0328 3936 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:04:49.0328 3936 Ptilink - ok
07:04:49.0359 3936 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:04:49.0359 3936 PxHelp20 - ok
07:04:49.0359 3936 ql1080 - ok
07:04:49.0375 3936 Ql10wnt - ok
07:04:49.0375 3936 ql12160 - ok
07:04:49.0375 3936 ql1240 - ok
07:04:49.0390 3936 ql1280 - ok
07:04:49.0437 3936 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:04:49.0437 3936 RasAcd - ok
07:04:49.0484 3936 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
07:04:49.0484 3936 RasAuto - ok
07:04:49.0515 3936 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:04:49.0515 3936 Rasl2tp - ok
07:04:49.0562 3936 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
07:04:49.0578 3936 RasMan - ok
07:04:49.0578 3936 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:04:49.0578 3936 RasPppoe - ok
07:04:49.0593 3936 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:04:49.0593 3936 Raspti - ok
07:04:49.0609 3936 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:04:49.0625 3936 Rdbss - ok
07:04:49.0625 3936 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:04:49.0625 3936 RDPCDD - ok
07:04:49.0687 3936 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:04:49.0703 3936 rdpdr - ok
07:04:49.0750 3936 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
07:04:49.0765 3936 RDPWD - ok
07:04:49.0812 3936 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
07:04:49.0828 3936 RDSessMgr - ok
07:04:49.0843 3936 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:04:49.0843 3936 redbook - ok
07:04:49.0875 3936 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
07:04:49.0875 3936 RemoteAccess - ok
07:04:49.0906 3936 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
07:04:49.0906 3936 RemoteRegistry - ok
07:04:49.0937 3936 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
07:04:49.0937 3936 RpcLocator - ok
07:04:50.0000 3936 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
07:04:50.0000 3936 RpcSs - ok
07:04:50.0062 3936 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
07:04:50.0078 3936 RSVP - ok
07:04:50.0093 3936 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
07:04:50.0109 3936 SamSs - ok
07:04:50.0234 3936 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:04:50.0234 3936 SASDIFSV - ok
07:04:50.0250 3936 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:04:50.0250 3936 SASKUTIL - ok
07:04:50.0281 3936 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
07:04:50.0281 3936 SCardSvr - ok
07:04:50.0328 3936 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
07:04:50.0343 3936 Schedule - ok
07:04:50.0359 3936 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:04:50.0359 3936 Secdrv - ok
07:04:50.0390 3936 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
07:04:50.0406 3936 seclogon - ok
07:04:50.0437 3936 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
07:04:50.0437 3936 SENS - ok
07:04:50.0437 3936 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:04:50.0437 3936 serenum - ok
07:04:50.0468 3936 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
07:04:50.0468 3936 Serial - ok
07:04:50.0500 3936 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:04:50.0500 3936 Sfloppy - ok
07:04:50.0562 3936 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
07:04:50.0562 3936 SharedAccess - ok
07:04:50.0609 3936 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:04:50.0625 3936 ShellHWDetection - ok
07:04:50.0625 3936 Simbad - ok
07:04:50.0625 3936 Sparrow - ok
07:04:50.0687 3936 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:04:50.0687 3936 splitter - ok
07:04:50.0718 3936 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
07:04:50.0718 3936 Spooler - ok
07:04:50.0765 3936 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:04:50.0765 3936 sr - ok
07:04:50.0781 3936 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
07:04:50.0796 3936 srservice - ok
07:04:50.0859 3936 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:04:50.0875 3936 Srv - ok
07:04:50.0921 3936 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
07:04:50.0921 3936 SSDPSRV - ok
07:04:51.0015 3936 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
07:04:51.0078 3936 STHDA - ok
07:04:51.0125 3936 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
07:04:51.0140 3936 stisvc - ok
07:04:51.0265 3936 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
07:04:51.0265 3936 stllssvr - ok
07:04:51.0328 3936 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:04:51.0328 3936 swenum - ok
07:04:51.0375 3936 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:04:51.0375 3936 swmidi - ok
07:04:51.0375 3936 SwPrv - ok
07:04:51.0375 3936 symc810 - ok
07:04:51.0390 3936 symc8xx - ok
07:04:51.0390 3936 sym_hi - ok
07:04:51.0390 3936 sym_u3 - ok
07:04:51.0421 3936 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:04:51.0421 3936 sysaudio - ok
07:04:51.0453 3936 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
07:04:51.0468 3936 SysmonLog - ok
07:04:51.0500 3936 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
07:04:51.0515 3936 TapiSrv - ok
07:04:51.0593 3936 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:04:51.0609 3936 Tcpip - ok
07:04:51.0640 3936 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:04:51.0640 3936 TDPIPE - ok
07:04:51.0656 3936 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:04:51.0656 3936 TDTCP - ok
07:04:51.0671 3936 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:04:51.0687 3936 TermDD - ok
07:04:51.0703 3936 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
07:04:51.0718 3936 TermService - ok
07:04:51.0765 3936 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
07:04:51.0765 3936 Themes - ok
07:04:51.0812 3936 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
07:04:51.0812 3936 TlntSvr - ok
07:04:51.0812 3936 TosIde - ok
07:04:51.0843 3936 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
07:04:51.0859 3936 TrkWks - ok
07:04:51.0875 3936 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:04:51.0875 3936 Udfs - ok
07:04:51.0875 3936 ultra - ok
07:04:51.0937 3936 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:04:51.0953 3936 Update - ok
07:04:52.0015 3936 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
07:04:52.0031 3936 upnphost - ok
07:04:52.0046 3936 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
07:04:52.0046 3936 UPS - ok
07:04:52.0078 3936 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
07:04:52.0093 3936 USBAAPL - ok
07:04:52.0109 3936 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:04:52.0109 3936 usbccgp - ok
07:04:52.0171 3936 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:04:52.0171 3936 usbehci - ok
07:04:52.0187 3936 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:04:52.0203 3936 usbhub - ok
07:04:52.0203 3936 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:04:52.0203 3936 usbprint - ok
07:04:52.0250 3936 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:04:52.0250 3936 usbscan - ok
07:04:52.0265 3936 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:04:52.0265 3936 usbstor - ok
07:04:52.0265 3936 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:04:52.0265 3936 usbuhci - ok
07:04:52.0312 3936 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:04:52.0312 3936 VgaSave - ok
07:04:52.0312 3936 ViaIde - ok
07:04:52.0328 3936 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:04:52.0328 3936 VolSnap - ok
07:04:52.0375 3936 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
07:04:52.0375 3936 VSS - ok
07:04:52.0421 3936 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
07:04:52.0437 3936 W32Time - ok
07:04:52.0468 3936 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:04:52.0468 3936 Wanarp - ok
07:04:52.0468 3936 WDICA - ok
07:04:52.0531 3936 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:04:52.0531 3936 wdmaud - ok
07:04:52.0546 3936 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
07:04:52.0546 3936 WebClient - ok
07:04:52.0609 3936 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:04:52.0640 3936 winachsf - ok
07:04:52.0734 3936 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
07:04:52.0750 3936 winmgmt - ok
07:04:52.0796 3936 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
07:04:52.0796 3936 WmdmPmSN - ok
07:04:52.0875 3936 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
07:04:52.0906 3936 Wmi - ok
07:04:52.0953 3936 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:04:52.0968 3936 WmiApSrv - ok
07:04:53.0109 3936 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
07:04:53.0125 3936 WMPNetworkSvc - ok
07:04:53.0187 3936 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:04:53.0187 3936 WpdUsb - ok
07:04:53.0281 3936 WPFFontCache_v0400 - ok
07:04:53.0328 3936 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
07:04:53.0328 3936 wscsvc - ok
07:04:53.0375 3936 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
07:04:53.0375 3936 wuauserv - ok
07:04:53.0421 3936 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:04:53.0421 3936 WudfPf - ok
07:04:53.0421 3936 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:04:53.0437 3936 WudfRd - ok
07:04:53.0453 3936 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
07:04:53.0453 3936 WudfSvc - ok
07:04:53.0515 3936 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
07:04:53.0531 3936 WZCSVC - ok
07:04:53.0578 3936 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
07:04:53.0593 3936 xmlprov - ok
07:04:53.0625 3936 Zwinky_5qService - ok
07:04:53.0640 3936 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
07:04:54.0000 3936 \Device\Harddisk0\DR0 - ok
07:04:54.0015 3936 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
07:04:54.0015 3936 \Device\Harddisk1\DR2 - ok
07:04:54.0015 3936 Boot (0x1200) (da774fdce58420eaba0a2fb556fdfbec) \Device\Harddisk0\DR0\Partition0
07:04:54.0015 3936 \Device\Harddisk0\DR0\Partition0 - ok
07:04:54.0015 3936 Boot (0x1200) (f86a927eaa0a26c365550df97b5d64f8) \Device\Harddisk1\DR2\Partition0
07:04:54.0015 3936 \Device\Harddisk1\DR2\Partition0 - ok
07:04:54.0015 3936 ============================================================
07:04:54.0015 3936 Scan finished
07:04:54.0015 3936 ============================================================
07:04:54.0031 2904 Detected object count: 0
07:04:54.0031 2904 Actual detected object count: 0


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to kkempker7
Thanks, I'll be watching for the Sophos log. If it gives you any more trouble, just skip it, but let me know.

kkempker7

join:2007-03-18
Holts Summit, MO
nothing found, can't get a log to create.


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to kkempker7
No problem. Time to cleanup, then we can see what needs attention and go from there.

Cleaning Up:

Delete TFC:
  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

kkempker7

join:2007-03-18
Holts Summit, MO
Thanks for the help!


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to kkempker7
Are there any issues still outstanding????

kkempker7

join:2007-03-18
Holts Summit, MO
not that I can tell.


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

1 recommendation

reply to kkempker7
Great! Then we are indeed finished.