Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.OAccess.H

Started by MReed98643 , May 05 2012 11:34 PM

  • Please log in to reply
14 replies to this topic

#1 MReed98643

MReed98643

    Member

  • Members
  • PipPip
  • 38 posts
  • Gender:Male

Posted 05 May 2012 - 11:34 PM

Hi -- I made the mistake of clicking a link in a music forum and got a strange popup. I immediately updated and ran MalwareBytes, which found trojan and rootkit activity -- 5 items. Removed them and rescanned, which came up clean, but I'm getting redirected on the web, sometimes successfully, sometimes just a page with a command. I see you've helped people with a couple of the things my log is showing: Rootkit.OAccess.H and Trojan.Agent.LTGen. I'm hoping you can help me too. Thanks for any possible assistance!!

Edited by Budapest, 06 May 2012 - 03:20 AM.
Moved from XP ~Budapest

 

  • BC Ads
  • BleepingComputer.com

#2 MReed98643

MReed98643

    Member

  • Members
  • PipPip
  • 38 posts
  • Gender:Male

Posted 06 May 2012 - 12:02 AM

Sorry, forgot to give the following: Microsoft Windows XP Professional, Version 2002, Service Pack 3. Browser is Windows Internet Explorer Version 8.0.6001.18702.

#3 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 06 May 2012 - 08:39 AM

Run malwarebytes in normal mode until you get a clean log and post the log here

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#4 MReed98643

MReed98643

    Member

  • Members
  • PipPip
  • 38 posts
  • Gender:Male

Posted 07 May 2012 - 12:28 PM

Okay, I followed all steps. So far, it's looking like things are much improved. Here are my logs:


MalwareBytes log after cleanup:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.06.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Martin Reed :: D4Q9WCK1 [administrator]

5/6/2012 6:22:21 PM
mbam-log-2012-05-06 (18-22-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 265655
Time elapsed: 15 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



TDSSKiller log:

19:44:29.0125 0412 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
19:44:29.0609 0412 ============================================================
19:44:29.0609 0412 Current date / time: 2012/05/06 19:44:29.0609
19:44:29.0609 0412 SystemInfo:
19:44:29.0609 0412
19:44:29.0609 0412 OS Version: 5.1.2600 ServicePack: 3.0
19:44:29.0609 0412 Product type: Workstation
19:44:29.0609 0412 ComputerName: D4Q9WCK1
19:44:29.0609 0412 UserName: Martin Reed
19:44:29.0609 0412 Windows directory: C:\WINDOWS
19:44:29.0609 0412 System windows directory: C:\WINDOWS
19:44:29.0609 0412 Processor architecture: Intel x86
19:44:29.0609 0412 Number of processors: 2
19:44:29.0609 0412 Page size: 0x1000
19:44:29.0609 0412 Boot type: Normal boot
19:44:29.0609 0412 ============================================================
19:44:29.0843 0412 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:44:29.0843 0412 Drive \Device\Harddisk1\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:44:29.0843 0412 ============================================================
19:44:29.0843 0412 \Device\Harddisk0\DR0:
19:44:29.0843 0412 MBR partitions:
19:44:29.0843 0412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x94EE790
19:44:29.0843 0412 \Device\Harddisk1\DR3:
19:44:29.0843 0412 MBR partitions:
19:44:29.0843 0412 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
19:44:29.0843 0412 ============================================================
19:44:29.0890 0412 C: <-> \Device\Harddisk0\DR0\Partition0
19:44:29.0937 0412 F: <-> \Device\Harddisk1\DR3\Partition0
19:44:29.0937 0412 ============================================================
19:44:29.0937 0412 Initialize success
19:44:29.0937 0412 ============================================================
19:44:57.0859 4048 ============================================================
19:44:57.0859 4048 Scan started
19:44:57.0859 4048 Mode: Manual; TDLFS;
19:44:57.0859 4048 ============================================================
19:44:58.0437 4048 Abiosdsk - ok
19:44:58.0468 4048 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:44:58.0468 4048 abp480n5 - ok
19:44:58.0500 4048 acfva (426b4845468b690cfeeb268488d3aa0b) C:\WINDOWS\system32\DRIVERS\ACFVA32.sys
19:44:58.0500 4048 acfva - ok
19:44:58.0531 4048 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:44:58.0531 4048 ACPI - ok
19:44:58.0531 4048 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:44:58.0531 4048 ACPIEC - ok
19:44:58.0578 4048 ADIHdAudAddService (d80d1d73d1dbf38d0afe692c8bdc939a) C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:44:58.0578 4048 ADIHdAudAddService - ok
19:44:58.0640 4048 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:44:58.0640 4048 AdobeFlashPlayerUpdateSvc - ok
19:44:58.0687 4048 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:44:58.0687 4048 adpu160m - ok
19:44:58.0718 4048 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:44:58.0718 4048 aec - ok
19:44:58.0781 4048 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:44:58.0781 4048 AFD - ok
19:44:58.0828 4048 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
19:44:58.0828 4048 AFS2K - ok
19:44:58.0843 4048 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:44:58.0843 4048 agp440 - ok
19:44:58.0843 4048 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:44:58.0843 4048 agpCPQ - ok
19:44:58.0843 4048 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:44:58.0843 4048 Aha154x - ok
19:44:58.0875 4048 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:44:58.0875 4048 aic78u2 - ok
19:44:58.0875 4048 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:44:58.0875 4048 aic78xx - ok
19:44:58.0890 4048 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:44:58.0890 4048 Alerter - ok
19:44:58.0921 4048 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:44:58.0921 4048 ALG - ok
19:44:58.0937 4048 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:44:58.0937 4048 AliIde - ok
19:44:58.0953 4048 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:44:58.0953 4048 alim1541 - ok
19:44:58.0953 4048 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:44:58.0953 4048 amdagp - ok
19:44:58.0968 4048 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:44:58.0968 4048 amsint - ok
19:44:58.0984 4048 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:44:58.0984 4048 AppMgmt - ok
19:44:59.0000 4048 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:44:59.0000 4048 asc - ok
19:44:59.0000 4048 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:44:59.0000 4048 asc3350p - ok
19:44:59.0000 4048 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:44:59.0000 4048 asc3550 - ok
19:44:59.0109 4048 ASFAgent (9ad6ef4d591211a93848103368125b41) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
19:44:59.0109 4048 ASFAgent - ok
19:44:59.0203 4048 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:44:59.0203 4048 aspnet_state - ok
19:44:59.0218 4048 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:44:59.0234 4048 AsyncMac - ok
19:44:59.0265 4048 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:44:59.0265 4048 atapi - ok
19:44:59.0265 4048 Atdisk - ok
19:44:59.0281 4048 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:44:59.0281 4048 Atmarpc - ok
19:44:59.0328 4048 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:44:59.0328 4048 AudioSrv - ok
19:44:59.0359 4048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:44:59.0359 4048 audstub - ok
19:44:59.0453 4048 awhost32 (967fc210a533a49993fd5ac147fa0f8f) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
19:44:59.0453 4048 awhost32 - ok
19:44:59.0468 4048 awlegacy (f7e75c620a04963c9a53c3b47da80405) C:\WINDOWS\System32\Drivers\awlegacy.sys
19:44:59.0468 4048 awlegacy - ok
19:44:59.0484 4048 AW_HOST (e3f3b6875d2ead9c03d04fe66dcd84c8) C:\WINDOWS\system32\drivers\aw_host5.sys
19:44:59.0484 4048 AW_HOST - ok
19:44:59.0484 4048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:44:59.0484 4048 Beep - ok
19:44:59.0546 4048 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:44:59.0546 4048 BITS - ok
19:44:59.0546 4048 Blfp - ok
19:44:59.0578 4048 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:44:59.0578 4048 Browser - ok
19:44:59.0609 4048 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:44:59.0609 4048 cbidf - ok
19:44:59.0609 4048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:44:59.0609 4048 cbidf2k - ok
19:44:59.0640 4048 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:44:59.0640 4048 cd20xrnt - ok
19:44:59.0671 4048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:44:59.0671 4048 Cdaudio - ok
19:44:59.0687 4048 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:44:59.0687 4048 Cdfs - ok
19:44:59.0703 4048 Cdr4_xp (7bb548f646500f735fa8320d29830d2a) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
19:44:59.0703 4048 Cdr4_xp - ok
19:44:59.0703 4048 Cdralw2k (5e839ae76fdb359f3d2c2ed6345f23a3) C:\WINDOWS\system32\drivers\Cdralw2k.sys
19:44:59.0703 4048 Cdralw2k - ok
19:44:59.0750 4048 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:44:59.0765 4048 Cdrom - ok
19:44:59.0781 4048 cdudf_xp (849e1e16288133f4aa412b2ff6813197) C:\WINDOWS\system32\drivers\cdudf_xp.sys
19:44:59.0781 4048 cdudf_xp - ok
19:44:59.0781 4048 Changer - ok
19:44:59.0812 4048 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:44:59.0812 4048 CiSvc - ok
19:44:59.0828 4048 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:44:59.0828 4048 ClipSrv - ok
19:44:59.0890 4048 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:59.0890 4048 clr_optimization_v2.0.50727_32 - ok
19:44:59.0953 4048 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:59.0953 4048 clr_optimization_v4.0.30319_32 - ok
19:44:59.0984 4048 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:44:59.0984 4048 CmdIde - ok
19:44:59.0984 4048 COMSysApp - ok
19:45:00.0000 4048 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:45:00.0000 4048 Cpqarray - ok
19:45:00.0031 4048 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:45:00.0031 4048 CryptSvc - ok
19:45:00.0062 4048 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
19:45:00.0062 4048 CVirtA - ok
19:45:00.0171 4048 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
19:45:00.0171 4048 CVPND - ok
19:45:00.0343 4048 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
19:45:00.0343 4048 CVPNDRVA - ok
19:45:00.0375 4048 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:45:00.0375 4048 dac2w2k - ok
19:45:00.0375 4048 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:45:00.0375 4048 dac960nt - ok
19:45:00.0421 4048 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:45:00.0421 4048 DcomLaunch - ok
19:45:00.0468 4048 dgcfltr (ff2cfb06e8019e5bed0497cd629a4bd5) C:\WINDOWS\system32\DRIVERS\ACFDCP32.sys
19:45:00.0468 4048 dgcfltr - ok
19:45:00.0515 4048 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:45:00.0515 4048 Dhcp - ok
19:45:00.0562 4048 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:45:00.0562 4048 Disk - ok
19:45:00.0625 4048 DM1Service (727b25be2277079c97f6f2e2f6d493f5) C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
19:45:00.0625 4048 DM1Service - ok
19:45:00.0625 4048 dmadmin - ok
19:45:00.0687 4048 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:45:00.0687 4048 dmboot - ok
19:45:00.0718 4048 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:45:00.0734 4048 dmio - ok
19:45:00.0734 4048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:45:00.0734 4048 dmload - ok
19:45:00.0734 4048 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:45:00.0734 4048 dmserver - ok
19:45:00.0781 4048 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:45:00.0781 4048 DMusic - ok
19:45:00.0796 4048 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
19:45:00.0796 4048 DNE - ok
19:45:00.0812 4048 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
19:45:00.0812 4048 Dnscache - ok
19:45:00.0843 4048 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:45:00.0843 4048 Dot3svc - ok
19:45:00.0859 4048 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:45:00.0859 4048 dpti2o - ok
19:45:00.0875 4048 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:45:00.0875 4048 drmkaud - ok
19:45:00.0890 4048 DVDVRRdr_xp (2f41947ed89a766e68766945b0b3343c) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
19:45:00.0890 4048 Suspicious file (Forged): C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys. Real md5: 2f41947ed89a766e68766945b0b3343c, Fake md5: b930b8d83996fadecc3b24f4f91207fe
19:45:00.0890 4048 DVDVRRdr_xp ( Virus.Win32.ZAccess.aml ) - infected
19:45:00.0890 4048 DVDVRRdr_xp - detected Virus.Win32.ZAccess.aml (0)
19:45:00.0906 4048 dvd_2K (a85194c160f9c4d0ad8a87321738304a) C:\WINDOWS\system32\drivers\dvd_2K.sys
19:45:00.0906 4048 dvd_2K - ok
19:45:00.0953 4048 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
19:45:00.0953 4048 e1kexpress - ok
19:45:00.0984 4048 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:45:00.0984 4048 EapHost - ok
19:45:01.0062 4048 EPSONStatusAgent2 (5e87692939a8bd69312bc15160b426aa) C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
19:45:01.0062 4048 EPSONStatusAgent2 - ok
19:45:01.0062 4048 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:45:01.0062 4048 ERSvc - ok
19:45:01.0109 4048 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:45:01.0109 4048 Eventlog - ok
19:45:01.0156 4048 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:45:01.0156 4048 EventSystem - ok
19:45:01.0187 4048 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:45:01.0187 4048 Fastfat - ok
19:45:01.0234 4048 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:45:01.0234 4048 FastUserSwitchingCompatibility - ok
19:45:01.0281 4048 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
19:45:01.0281 4048 Fax - ok
19:45:01.0296 4048 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:45:01.0296 4048 Fdc - ok
19:45:01.0296 4048 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:45:01.0312 4048 Fips - ok
19:45:01.0375 4048 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:45:01.0375 4048 FLEXnet Licensing Service - ok
19:45:01.0421 4048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:45:01.0421 4048 Flpydisk - ok
19:45:01.0437 4048 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:45:01.0437 4048 FltMgr - ok
19:45:01.0546 4048 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:45:01.0546 4048 FontCache3.0.0.0 - ok
19:45:01.0562 4048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:45:01.0562 4048 Fs_Rec - ok
19:45:01.0609 4048 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:45:01.0609 4048 Ftdisk - ok
19:45:01.0625 4048 Gernuwa (ba294768509fa03fcfe766962dee3cad) C:\WINDOWS\system32\drivers\Gernuwa.sys
19:45:01.0625 4048 Gernuwa - ok
19:45:01.0640 4048 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:45:01.0640 4048 Gpc - ok
19:45:01.0687 4048 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:45:01.0687 4048 gupdate - ok
19:45:01.0687 4048 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:45:01.0687 4048 gupdatem - ok
19:45:01.0703 4048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:45:01.0703 4048 HDAudBus - ok
19:45:01.0750 4048 HECI (3067edd0dd77825ac783424ec09ef29f) C:\WINDOWS\system32\DRIVERS\HECI.sys
19:45:01.0750 4048 HECI - ok
19:45:01.0828 4048 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:45:01.0828 4048 helpsvc - ok
19:45:01.0875 4048 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
19:45:01.0875 4048 HidServ - ok
19:45:01.0890 4048 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:45:01.0890 4048 hidusb - ok
19:45:01.0921 4048 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:45:01.0921 4048 hkmsvc - ok
19:45:02.0000 4048 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
19:45:02.0000 4048 HP Port Resolver - ok
19:45:02.0000 4048 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
19:45:02.0000 4048 HP Status Server - ok
19:45:02.0015 4048 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:45:02.0015 4048 hpn - ok
19:45:02.0046 4048 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:45:02.0046 4048 HPZid412 - ok
19:45:02.0062 4048 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:45:02.0062 4048 HPZipr12 - ok
19:45:02.0093 4048 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:45:02.0093 4048 HPZius12 - ok
19:45:02.0125 4048 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:45:02.0125 4048 HSFHWBS2 - ok
19:45:02.0171 4048 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:45:02.0171 4048 HSF_DPV - ok
19:45:02.0234 4048 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
19:45:02.0234 4048 HTTP - ok
19:45:02.0265 4048 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:45:02.0265 4048 HTTPFilter - ok
19:45:02.0265 4048 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:45:02.0265 4048 i2omgmt - ok
19:45:02.0296 4048 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:45:02.0296 4048 i2omp - ok
19:45:02.0593 4048 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:45:02.0625 4048 ialm - ok
19:45:02.0781 4048 iaStor (6c44fa574a17b31e12ddbbe973171728) C:\WINDOWS\system32\drivers\iaStor.sys
19:45:02.0781 4048 iaStor - ok
19:45:02.0921 4048 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:45:02.0937 4048 idsvc - ok
19:45:02.0968 4048 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:45:02.0968 4048 Imapi - ok
19:45:03.0000 4048 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:45:03.0000 4048 ImapiService - ok
19:45:03.0046 4048 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:45:03.0046 4048 ini910u - ok
19:45:03.0046 4048 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:45:03.0046 4048 IntelIde - ok
19:45:03.0078 4048 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:45:03.0078 4048 intelppm - ok
19:45:03.0156 4048 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
19:45:03.0156 4048 IntuitUpdateService - ok
19:45:03.0171 4048 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:45:03.0171 4048 IntuitUpdateServiceV4 - ok
19:45:03.0203 4048 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:45:03.0203 4048 Ip6Fw - ok
19:45:03.0203 4048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:45:03.0203 4048 IpFilterDriver - ok
19:45:03.0203 4048 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:45:03.0203 4048 IpInIp - ok
19:45:03.0234 4048 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:45:03.0234 4048 IpNat - ok
19:45:03.0250 4048 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:45:03.0250 4048 IPSec - ok
19:45:03.0250 4048 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:45:03.0250 4048 IRENUM - ok
19:45:03.0296 4048 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:45:03.0296 4048 isapnp - ok
19:45:03.0359 4048 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
19:45:03.0359 4048 JavaQuickStarterService - ok
19:45:03.0406 4048 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:45:03.0406 4048 Kbdclass - ok
19:45:03.0421 4048 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:45:03.0421 4048 kbdhid - ok
19:45:03.0468 4048 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:45:03.0468 4048 kmixer - ok
19:45:03.0500 4048 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
19:45:03.0500 4048 KSecDD - ok
19:45:03.0531 4048 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
19:45:03.0531 4048 LanmanServer - ok
19:45:03.0578 4048 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
19:45:03.0578 4048 lanmanworkstation - ok
19:45:03.0578 4048 lbrtfdc - ok
19:45:03.0625 4048 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:45:03.0625 4048 LmHosts - ok
19:45:03.0656 4048 LMS (ee18710cf1b67a42158299ca15b2a1cd) C:\Program Files\Intel\AMT\LMS.exe
19:45:03.0671 4048 LMS - ok
19:45:03.0687 4048 mdmxsdk (1968508adb20192a03a30c25f16db506) C:\WINDOWS\system32\DRIVERS\ACFSDK32.sys
19:45:03.0687 4048 mdmxsdk - ok
19:45:03.0718 4048 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:45:03.0718 4048 Messenger - ok
19:45:03.0750 4048 mmc_2K (c032e945b949921f4e85d9c255dd99a7) C:\WINDOWS\system32\drivers\mmc_2K.sys
19:45:03.0750 4048 mmc_2K - ok
19:45:03.0781 4048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:45:03.0781 4048 mnmdd - ok
19:45:03.0828 4048 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:45:03.0828 4048 mnmsrvc - ok
19:45:03.0843 4048 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:45:03.0843 4048 Modem - ok
19:45:03.0890 4048 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:45:03.0890 4048 MODEMCSA - ok
19:45:03.0890 4048 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:45:03.0890 4048 Mouclass - ok
19:45:03.0906 4048 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:45:03.0906 4048 mouhid - ok
19:45:03.0921 4048 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:45:03.0921 4048 MountMgr - ok
19:45:03.0953 4048 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:45:03.0953 4048 mraid35x - ok
19:45:03.0953 4048 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:45:03.0953 4048 MRxDAV - ok
19:45:04.0015 4048 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:45:04.0015 4048 MRxSmb - ok
19:45:04.0062 4048 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:45:04.0062 4048 MSDTC - ok
19:45:04.0062 4048 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:45:04.0062 4048 Msfs - ok
19:45:04.0062 4048 MSIServer - ok
19:45:04.0093 4048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:45:04.0093 4048 MSKSSRV - ok
19:45:04.0093 4048 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:45:04.0093 4048 MSPCLOCK - ok
19:45:04.0109 4048 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:45:04.0109 4048 MSPQM - ok
19:45:04.0140 4048 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:45:04.0140 4048 mssmbios - ok
19:45:04.0234 4048 MSSQL$SQLEXPRESS - ok
19:45:04.0265 4048 MSSQLServerADHelper (cee7ad0cab3cca38e8f8de011302c947) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:45:04.0265 4048 MSSQLServerADHelper - ok
19:45:04.0312 4048 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:45:04.0312 4048 Mup - ok
19:45:04.0343 4048 NAL (03ca886ba148b6b9996be1368ddc3fc0) C:\WINDOWS\system32\Drivers\iqvw32.sys
19:45:04.0343 4048 NAL - ok
19:45:04.0390 4048 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:45:04.0390 4048 napagent - ok
19:45:04.0421 4048 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:45:04.0421 4048 NDIS - ok
19:45:04.0421 4048 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:45:04.0421 4048 NdisTapi - ok
19:45:04.0437 4048 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:45:04.0437 4048 Ndisuio - ok
19:45:04.0453 4048 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:45:04.0453 4048 NdisWan - ok
19:45:04.0468 4048 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:45:04.0468 4048 NDProxy - ok
19:45:04.0468 4048 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:45:04.0468 4048 NetBIOS - ok
19:45:04.0484 4048 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:45:04.0484 4048 NetBT - ok
19:45:04.0515 4048 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:45:04.0515 4048 NetDDE - ok
19:45:04.0515 4048 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:45:04.0515 4048 NetDDEdsdm - ok
19:45:04.0546 4048 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:45:04.0546 4048 Netlogon - ok
19:45:04.0562 4048 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:45:04.0562 4048 Netman - ok
19:45:04.0734 4048 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:45:04.0734 4048 NetTcpPortSharing - ok
19:45:04.0859 4048 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
19:45:04.0859 4048 Nla - ok
19:45:04.0906 4048 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:45:04.0906 4048 Npfs - ok
19:45:04.0984 4048 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:45:04.0984 4048 Ntfs - ok
19:45:04.0984 4048 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:45:04.0984 4048 NtLmSsp - ok
19:45:05.0046 4048 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:45:05.0046 4048 NtmsSvc - ok
19:45:05.0062 4048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:45:05.0062 4048 Null - ok
19:45:05.0078 4048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:45:05.0078 4048 NwlnkFlt - ok
19:45:05.0093 4048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:45:05.0093 4048 NwlnkFwd - ok
19:45:05.0203 4048 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:45:05.0203 4048 odserv - ok
19:45:05.0265 4048 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:45:05.0265 4048 ose - ok
19:45:05.0296 4048 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:45:05.0296 4048 Parport - ok
19:45:05.0312 4048 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:45:05.0312 4048 PartMgr - ok
19:45:05.0328 4048 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:45:05.0328 4048 ParVdm - ok
19:45:05.0343 4048 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:45:05.0343 4048 PCI - ok
19:45:05.0343 4048 PCIDump - ok
19:45:05.0343 4048 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:45:05.0343 4048 PCIIde - ok
19:45:05.0359 4048 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:45:05.0359 4048 Pcmcia - ok
19:45:05.0359 4048 PDCOMP - ok
19:45:05.0359 4048 PDFRAME - ok
19:45:05.0359 4048 PDRELI - ok
19:45:05.0375 4048 PDRFRAME - ok
19:45:05.0375 4048 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:45:05.0390 4048 perc2 - ok
19:45:05.0390 4048 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:45:05.0390 4048 perc2hib - ok
19:45:05.0421 4048 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:45:05.0421 4048 PlugPlay - ok
19:45:05.0468 4048 Pml Driver HPZ12 (a38b3ce68e7f126190cde4aa3fdf050f) C:\WINDOWS\system32\HPZipm12.exe
19:45:05.0468 4048 Pml Driver HPZ12 - ok
19:45:05.0515 4048 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:45:05.0515 4048 PolicyAgent - ok
19:45:05.0515 4048 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:45:05.0515 4048 PptpMiniport - ok
19:45:05.0515 4048 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:45:05.0515 4048 ProtectedStorage - ok
19:45:05.0531 4048 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:45:05.0531 4048 PSched - ok
19:45:05.0531 4048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:45:05.0531 4048 Ptilink - ok
19:45:05.0562 4048 pwd_2k (1729bcde0e2fdd3f2eb8474e6e83913a) C:\WINDOWS\system32\drivers\pwd_2k.sys
19:45:05.0562 4048 pwd_2k - ok
19:45:05.0578 4048 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:45:05.0593 4048 ql1080 - ok
19:45:05.0593 4048 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:45:05.0593 4048 Ql10wnt - ok
19:45:05.0593 4048 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:45:05.0593 4048 ql12160 - ok
19:45:05.0593 4048 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:45:05.0593 4048 ql1240 - ok
19:45:05.0609 4048 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:45:05.0609 4048 ql1280 - ok
19:45:05.0640 4048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:45:05.0640 4048 RasAcd - ok
19:45:05.0671 4048 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:45:05.0671 4048 RasAuto - ok
19:45:05.0671 4048 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:45:05.0671 4048 Rasl2tp - ok
19:45:05.0687 4048 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:45:05.0687 4048 RasMan - ok
19:45:05.0718 4048 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:45:05.0718 4048 RasPppoe - ok
19:45:05.0718 4048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:45:05.0718 4048 Raspti - ok
19:45:05.0734 4048 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:45:05.0734 4048 Rdbss - ok
19:45:05.0734 4048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:45:05.0734 4048 RDPCDD - ok
19:45:05.0750 4048 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:45:05.0750 4048 rdpdr - ok
19:45:05.0781 4048 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:45:05.0796 4048 RDPWD - ok
19:45:05.0812 4048 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:45:05.0828 4048 RDSessMgr - ok
19:45:05.0843 4048 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:45:05.0843 4048 redbook - ok
19:45:05.0875 4048 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:45:05.0875 4048 RemoteAccess - ok
19:45:05.0906 4048 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:45:05.0921 4048 RemoteRegistry - ok
19:45:05.0953 4048 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:45:05.0953 4048 RpcLocator - ok
19:45:06.0000 4048 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:45:06.0015 4048 RpcSs - ok
19:45:06.0015 4048 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:45:06.0015 4048 RSVP - ok
19:45:06.0062 4048 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:45:06.0062 4048 SamSs - ok
19:45:06.0078 4048 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:45:06.0078 4048 SCardSvr - ok
19:45:06.0109 4048 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:45:06.0109 4048 Schedule - ok
19:45:06.0250 4048 SeaPort (58dc20eb15f071804c56fccc796417a2) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:45:06.0250 4048 SeaPort - ok
19:45:06.0296 4048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:45:06.0296 4048 Secdrv - ok
19:45:06.0312 4048 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:45:06.0312 4048 seclogon - ok
19:45:06.0328 4048 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:45:06.0328 4048 SENS - ok
19:45:06.0328 4048 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:45:06.0328 4048 Serenum - ok
19:45:06.0343 4048 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:45:06.0343 4048 Serial - ok
19:45:06.0390 4048 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
19:45:06.0390 4048 SFAUDIO - ok
19:45:06.0406 4048 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:45:06.0406 4048 Sfloppy - ok
19:45:06.0453 4048 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:45:06.0453 4048 SharedAccess - ok
19:45:06.0468 4048 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:45:06.0468 4048 ShellHWDetection - ok
19:45:06.0468 4048 Simbad - ok
19:45:06.0484 4048 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:45:06.0484 4048 sisagp - ok
19:45:06.0531 4048 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:45:06.0531 4048 Sparrow - ok
19:45:06.0546 4048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:45:06.0546 4048 splitter - ok
19:45:06.0593 4048 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
19:45:06.0609 4048 Spooler - ok
19:45:06.0718 4048 SQLBrowser (ee94f1f9defa7653a2e4e4f247aae3cd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:45:06.0718 4048 SQLBrowser - ok
19:45:06.0750 4048 SQLWriter (81f40d39ec048e3e9dfd07e4e97a799e) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:45:06.0750 4048 SQLWriter - ok
19:45:06.0781 4048 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:45:06.0781 4048 sr - ok
19:45:06.0812 4048 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:45:06.0812 4048 srservice - ok
19:45:06.0875 4048 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
19:45:06.0875 4048 Srv - ok
19:45:06.0890 4048 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:45:06.0890 4048 SSDPSRV - ok
19:45:06.0953 4048 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:45:06.0953 4048 stisvc - ok
19:45:07.0000 4048 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:45:07.0000 4048 swenum - ok
19:45:07.0046 4048 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:45:07.0046 4048 swmidi - ok
19:45:07.0046 4048 SwPrv - ok
19:45:07.0062 4048 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:45:07.0062 4048 symc810 - ok
19:45:07.0078 4048 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:45:07.0078 4048 symc8xx - ok
19:45:07.0140 4048 SymEvent (afdcf8008d0ffe23f42071c1540f35e7) C:\Program Files\Symantec\SYMEVENT.SYS
19:45:07.0156 4048 SymEvent - ok
19:45:07.0156 4048 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:45:07.0156 4048 sym_hi - ok
19:45:07.0156 4048 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:45:07.0156 4048 sym_u3 - ok
19:45:07.0187 4048 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:45:07.0187 4048 sysaudio - ok
19:45:07.0218 4048 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:45:07.0218 4048 SysmonLog - ok
19:45:07.0296 4048 TabletService (49989f23ad639e155fa6269fe8ac5bf4) C:\WINDOWS\system32\Tablet.exe
19:45:07.0312 4048 TabletService - ok
19:45:07.0359 4048 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:45:07.0375 4048 TapiSrv - ok
19:45:07.0421 4048 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:45:07.0421 4048 Tcpip - ok
19:45:07.0453 4048 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:45:07.0453 4048 TDPIPE - ok
19:45:07.0453 4048 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:45:07.0453 4048 TDTCP - ok
19:45:07.0484 4048 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:45:07.0484 4048 TermDD - ok
19:45:07.0500 4048 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:45:07.0500 4048 TermService - ok
19:45:07.0546 4048 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
19:45:07.0546 4048 Themes - ok
19:45:07.0593 4048 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:45:07.0593 4048 TlntSvr - ok
19:45:07.0593 4048 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:45:07.0593 4048 TosIde - ok
19:45:07.0609 4048 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:45:07.0625 4048 TrkWks - ok
19:45:07.0656 4048 UDFReadr (14826dbde814e4c4ebd2a0e826596f54) C:\WINDOWS\system32\drivers\UDFReadr.sys
19:45:07.0656 4048 UDFReadr - ok
19:45:07.0656 4048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:45:07.0656 4048 Udfs - ok
19:45:07.0671 4048 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:45:07.0671 4048 ultra - ok
19:45:07.0843 4048 UNS (24ef4a75726c803738ffa90bfc626dd0) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
19:45:07.0843 4048 UNS - ok
19:45:08.0000 4048 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:45:08.0000 4048 Update - ok
19:45:08.0046 4048 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:45:08.0046 4048 upnphost - ok
19:45:08.0062 4048 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:45:08.0062 4048 UPS - ok
19:45:08.0093 4048 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:45:08.0093 4048 usbaudio - ok
19:45:08.0093 4048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:45:08.0093 4048 usbccgp - ok
19:45:08.0125 4048 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:45:08.0125 4048 usbehci - ok
19:45:08.0234 4048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:45:08.0234 4048 usbhub - ok
19:45:08.0281 4048 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:45:08.0281 4048 usbprint - ok
19:45:08.0312 4048 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:45:08.0312 4048 usbscan - ok
19:45:08.0328 4048 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
19:45:08.0328 4048 usbser - ok
19:45:08.0359 4048 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:45:08.0359 4048 USBSTOR - ok
19:45:08.0390 4048 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:45:08.0390 4048 usbuhci - ok
19:45:08.0562 4048 VfDrv32 (065f8f4a5535167d65a29c082526c307) C:\Program Files\Venta\VentaFax & Voice 6\vfdrv32.exe
19:45:08.0562 4048 VfDrv32 - ok
19:45:08.0609 4048 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:45:08.0609 4048 VgaSave - ok
19:45:08.0640 4048 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:45:08.0640 4048 viaagp - ok
19:45:08.0656 4048 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:45:08.0656 4048 ViaIde - ok
19:45:08.0687 4048 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:45:08.0687 4048 VolSnap - ok
19:45:08.0718 4048 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:45:08.0734 4048 VSS - ok
19:45:08.0765 4048 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:45:08.0765 4048 w32time - ok
19:45:08.0796 4048 wacommousefilter (b60851f31710383150be5bab0eefc38e) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
19:45:08.0796 4048 wacommousefilter - ok
19:45:08.0796 4048 wacomvhid (6ebc7fc5a8bbe660ba44157533fe9c7c) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
19:45:08.0796 4048 wacomvhid - ok
19:45:08.0812 4048 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:45:08.0812 4048 Wanarp - ok
19:45:08.0812 4048 WDICA - ok
19:45:08.0859 4048 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:45:08.0859 4048 wdmaud - ok
19:45:08.0859 4048 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:45:08.0859 4048 WebClient - ok
19:45:08.0906 4048 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:45:08.0906 4048 winachsf - ok
19:45:09.0000 4048 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:45:09.0015 4048 winmgmt - ok
19:45:09.0265 4048 WinSSHD (05ff7a4df843b52de3c7d96233012f11) C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
19:45:09.0281 4048 WinSSHD - ok
19:45:09.0375 4048 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
19:45:09.0375 4048 WmdmPmSN - ok
19:45:09.0421 4048 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:45:09.0437 4048 Wmi - ok
19:45:09.0453 4048 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:45:09.0453 4048 WmiAcpi - ok
19:45:09.0484 4048 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:45:09.0484 4048 WmiApSrv - ok
19:45:09.0687 4048 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:45:09.0687 4048 WPFFontCache_v0400 - ok
19:45:09.0687 4048 WSearch - ok
19:45:09.0734 4048 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:45:09.0734 4048 wuauserv - ok
19:45:09.0765 4048 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:45:09.0765 4048 WZCSVC - ok
19:45:09.0796 4048 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:45:09.0796 4048 xmlprov - ok
19:45:09.0796 4048 ZTEusbser6k - ok
19:45:09.0828 4048 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:45:09.0953 4048 \Device\Harddisk0\DR0 - ok
19:45:09.0953 4048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
19:45:10.0078 4048 \Device\Harddisk1\DR3 - ok
19:45:10.0078 4048 Boot (0x1200) (10be0feee2ba965b511a3f635af4a55b) \Device\Harddisk0\DR0\Partition0
19:45:10.0078 4048 \Device\Harddisk0\DR0\Partition0 - ok
19:45:10.0078 4048 Boot (0x1200) (523dc443af072f2398a1a5551d792e82) \Device\Harddisk1\DR3\Partition0
19:45:10.0078 4048 \Device\Harddisk1\DR3\Partition0 - ok
19:45:10.0078 4048 ============================================================
19:45:10.0078 4048 Scan finished
19:45:10.0078 4048 ============================================================
19:45:10.0078 1172 Detected object count: 1
19:45:10.0078 1172 Actual detected object count: 1
19:45:41.0187 1172 C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys - copied to quarantine
19:45:41.0187 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\@ - copied to quarantine
19:45:41.0187 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\cfg.ini - copied to quarantine
19:45:41.0203 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\Desktop.ini - copied to quarantine
19:45:41.0218 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\L\rohepcid - copied to quarantine
19:45:41.0218 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\oemid - copied to quarantine
19:45:41.0234 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\00000001.@ - copied to quarantine
19:45:41.0281 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\00000002.@ - copied to quarantine
19:45:41.0296 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\00000004.@ - copied to quarantine
19:45:41.0312 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\80000000.@ - copied to quarantine
19:45:41.0312 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\80000004.@ - copied to quarantine
19:45:41.0343 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\80000032.@ - copied to quarantine
19:45:41.0343 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\version - copied to quarantine
19:45:41.0468 1172 Backup copy not found, trying to cure infected file..
19:45:41.0468 1172 Cure success, using it..
19:45:41.0484 1172 C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys - will be cured on reboot
19:45:42.0390 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\@ - will be deleted on reboot
19:45:42.0390 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\cfg.ini - will be deleted on reboot
19:45:42.0406 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\Desktop.ini - will be deleted on reboot
19:45:42.0406 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\oemid - will be deleted on reboot
19:45:42.0406 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\00000001.@ - will be deleted on reboot
19:45:42.0406 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\00000002.@ - will be deleted on reboot
19:45:42.0406 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\00000004.@ - will be deleted on reboot
19:45:42.0406 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\80000000.@ - will be deleted on reboot
19:45:42.0406 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\80000004.@ - will be deleted on reboot
19:45:42.0406 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\U\80000032.@ - will be deleted on reboot
19:45:42.0406 1172 C:\WINDOWS\$NtUninstallKB16959$\2303839086\version - will be deleted on reboot
19:45:42.0406 1172 C:\WINDOWS\$NtUninstallKB16959$\549359082 - will be deleted on reboot
19:45:42.0421 1172 DVDVRRdr_xp ( Virus.Win32.ZAccess.aml ) - User select action: Cure
19:45:52.0015 3928 Deinitialize success


GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-07 07:08:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST380815 rev.4.AD
Running: u70tcne4.exe; Driver: C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\kwlyapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

? 66386014.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00BD9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00CB4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00DCE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00DCDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00DCDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00DCDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00DCDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00DCE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1948] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00DCDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00BD9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00CADBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 00CADD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00CB4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C11CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00DCE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00DCDF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00DCDFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00DCDE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00DCDE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00DCE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00DCDEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00CB488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3776] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2444] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00F52BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2444] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [00F52CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[2444] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [00F52CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [003E18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat 93FEED20
Device \FileSystem\Fastfat \Fat 94006631

---- Files - GMER 1.0.15 ----

File C:\Accuscript\Prior Years\2008\1\C#0000.0220866.123250.wpd 12122 bytes
File C:\Accuscript\Prior Years\2008\1\C#0001.0208020.124088.wpd 7602 bytes
File C:\Accuscript\Prior Years\2008\1\C#0002.0260301.123255.wpd 11964 bytes
File C:\Accuscript\Prior Years\2008\1\C#0003.0207618.123482.wpd 12050 bytes
File C:\Accuscript\Prior Years\2008\1\C#0004.0202588.123718.wpd 14186 bytes
File C:\Accuscript\Prior Years\2008\1\C#0005.0200795.124366.wpd 8350 bytes
File C:\Accuscript\Prior Years\2008\1\C#0006.0201471.123724.wpd 12738 bytes
File C:\Accuscript\Prior Years\2008\1\C#0007.0260120.123722.wpd 13587 bytes
File C:\Accuscript\Prior Years\2008\1\C#0008.0202550.123760.wpd 16560 bytes
File C:\Accuscript\Prior Years\2008\1\C#0009.0210982.123725.wpd 13648 bytes
File C:\Accuscript\Prior Years\2008\1\C#0010.0210781.123261.wpd 10148 bytes
File C:\Accuscript\Prior Years\2008\1\C#0011.0207356.124031.wpd 13387 bytes
File C:\Accuscript\Prior Years\2008\1\C#0012.0259803.122443.wpd 12993 bytes
File C:\Accuscript\Prior Years\2008\1\C#0013.0221907.122718.wpd 13404 bytes
File C:\Accuscript\Prior Years\2008\1\C#0014.0260140.123130.wpd 13579 bytes
File C:\Accuscript\Prior Years\2008\1\C#0015.0260100.123479.wpd 13035 bytes
File C:\Accuscript\Prior Years\2008\1\C#0016.0202473.123728.wpd 12747 bytes
File C:\Accuscript\Prior Years\2008\1\C#0017.0202550.122708.wpd 13272 bytes
File C:\Accuscript\Prior Years\2008\1\C#0018.0207111.122712.wpd 13001 bytes
File C:\Accuscript\Prior Years\2008\1\C#0019.0044404.123120.wpd 13613 bytes
File C:\Accuscript\Prior Years\2008\1\C#0020.0260023.123125.wpd 13144 bytes
File C:\Accuscript\Prior Years\2008\1\C#0021.0200763.123939.wpd 7209 bytes
File C:\Accuscript\Prior Years\2008\1\C#0022.0209148.123931.wpd 8752 bytes
File C:\Accuscript\Prior Years\2008\1\C#0023.0207566.124239.wpd 8112 bytes
File C:\Accuscript\Prior Years\2008\1\C#0025.0208706.124717D.wpd 9443 bytes
File C:\Accuscript\Prior Years\2008\1\C#0026.0243049.123943.wpd 7931 bytes
File C:\Accuscript\Prior Years\2008\1\C#0027.0207645.124043.wpd 7545 bytes
File C:\Accuscript\Prior Years\2008\1\C#0028.0098143.123942.wpd 7333 bytes
File C:\Accuscript\Prior Years\2008\1\C#0029.0202224.123936.wpd 8261 bytes
File C:\Accuscript\Prior Years\2008\1\C#0030.0209415.123961.wpd 8810 bytes
File C:\Accuscript\Prior Years\2008\1\C#0030A.0208364.123961.wpd 8637 bytes
File C:\Accuscript\Prior Years\2008\1\C#0031.0200913.123962.wpd 7783 bytes
File C:\Accuscript\Prior Years\2008\1\C#0032.0202581.124096.wpd 8517 bytes
File C:\Accuscript\Prior Years\2008\1\C#0033.0082428.123937.wpd 8388 bytes
File C:\Accuscript\Prior Years\2008\1\C#0034.0209061.123938.wpd 7615 bytes
File C:\Accuscript\Prior Years\2008\1\C#0035.0011647.123940.wpd 8362 bytes
File C:\Accuscript\Prior Years\2008\1\C#0036.0213101.123944.wpd 7552 bytes
File C:\Accuscript\Prior Years\2008\1\C#0037.0210080.123952.wpd 8361 bytes
File C:\Accuscript\Prior Years\2008\1\C#0038.0202600.123954.wpd 0 bytes
File C:\Accuscript\Prior Years\2008\1\C#0039.0257237.123955.wpd 0 bytes
File C:\Accuscript\Prior Years\2008\1\C#0016%.0202473.123728.wpd 12926 bytes
File C:\Accuscript\Prior Years\2008\1\C#0024.0045366.123932.wpd 7953 bytes
File C:\Accuscript\Prior Years\2008\1\C#0040.0260106.123983.wpd 17676 bytes
File C:\Accuscript\Prior Years\2008\1\C#0041.0260015.123979.wpd 17265 bytes
File C:\Accuscript\Prior Years\2008\1\C#0042.0209491.123981.wpd 17285 bytes
File C:\Accuscript\Prior Years\2008\1\C#0043.0207222.123976A.wpd 8732 bytes
File C:\Accuscript\Prior Years\2008\1\C#0044.0202550.123760A.wpd 9268 bytes
File C:\Accuscript\Prior Years\2008\1\C#0045.0259284.122474A.wpd 9279 bytes
File C:\Accuscript\Prior Years\2008\1\C#0046.0260095.121559A.wpd 8794 bytes
File C:\Accuscript\Prior Years\2008\1\C#0047.0214117.123758A.wpd 8836 bytes
File C:\Accuscript\Prior Years\2008\1\C#0048.0223529.123525A.wpd 9583 bytes
File C:\Accuscript\Prior Years\2008\1\C#0049.0260142.124398A.wpd 8865 bytes
File C:\Accuscript\Prior Years\2008\1\C#0050.0259803.122485A.wpd 9406 bytes
File C:\Accuscript\Prior Years\2008\1\C#0051.0259958.121494A.wpd 8812 bytes
File C:\Accuscript\Prior Years\2008\1\C#0053.0207002.123750.wpd 16786 bytes
File C:\Accuscript\Prior Years\2008\1\C#0054.0241766.123980.wpd 16951 bytes
File C:\Accuscript\Prior Years\2008\1\C#0055.0232168.123763.wpd 16818 bytes
File C:\Accuscript\Prior Years\2008\1\C#0056.0202639.123752.wpd 16941 bytes
File C:\Accuscript\Prior Years\2008\1\C#0057.0259838.123751.wpd 16929 bytes
File C:\Accuscript\Prior Years\2008\1\C#0058.0210265.123898.wpd 6948 bytes
File C:\Accuscript\Prior Years\2008\1\C#0059.0207296.123965.wpd 6960 bytes
File C:\Accuscript\Prior Years\2008\1\C#0060.0210323.123968.wpd 8512 bytes
File C:\Accuscript\Prior Years\2008\1\C#0061.0208920.123726.wpd 13349 bytes
File C:\Accuscript\Prior Years\2008\1\C#0062.0260339.123729.wpd 13353 bytes
File C:\Accuscript\Prior Years\2008\1\C#0063.0218549.123899.wpd 9391 bytes
File C:\Accuscript\Prior Years\2008\1\C#0064.0255918.123900.wpd 7709 bytes
File C:\Accuscript\Prior Years\2008\1\C#0065.0208825.123970.wpd 6997 bytes
File C:\Accuscript\Prior Years\2008\1\C#0066.0210828.123969.wpd 7994 bytes
File C:\Accuscript\Prior Years\2008\1\C#0067.0210575.124074.wpd 7694 bytes
File C:\Accuscript\Prior Years\2008\1\C#0068.0240567.123971.wpd 8319 bytes
File C:\Accuscript\Prior Years\2008\1\C#0069.0260317.123972.wpd 7885 bytes
File C:\Accuscript\Prior Years\2008\1\C#0070.0210588.123967.wpd 7119 bytes
File C:\Accuscript\Prior Years\2008\1\C#0071.0210532.123966.wpd 7855 bytes
File C:\Accuscript\Prior Years\2008\1\C#0072.0209210.123977.wpd 17477 bytes
File C:\Accuscript\Prior Years\2008\1\C#0073.0260267.123730.wpd 13233 bytes
File C:\Accuscript\Prior Years\2008\1\C#0074.0212255.124576.wpd 6789 bytes
File C:\Accuscript\Prior Years\2008\1\C#0075.0240920.123891.wpd 7694 bytes
File C:\Accuscript\Prior Years\2008\1\C#0076.0227426.123992.wpd 6757 bytes
File C:\Accuscript\Prior Years\2008\1\C#0077.0260298.123888.wpd 8777 bytes
File C:\Accuscript\Prior Years\2008\1\C#0078.0233515.123902.wpd 8924 bytes
File C:\Accuscript\Prior Years\2008\1\C#0079.0259955.123889.wpd 9029 bytes
File C:\Accuscript\Prior Years\2008\1\C#0080.0259655.123995.wpd 8987 bytes
File C:\Accuscript\Prior Years\2008\1\C#0081.0209680.123903.wpd 8605 bytes
File C:\Accuscript\Prior Years\2008\1\C#0082.0208210.123994.wpd 7093 bytes
File C:\Accuscript\Prior Years\2008\1\C#0083.0258201.123892.wpd 7061 bytes
File C:\Accuscript\Prior Years\2008\1\C#0084.0207742.124065.wpd 6425 bytes
File C:\Accuscript\Prior Years\2008\1\C#0085.0215760.123893.wpd 7291 bytes
File C:\Accuscript\Prior Years\2008\1\C#0086.0209018.123907.wpd 7684 bytes
File C:\Accuscript\Prior Years\2008\1\C#0087.0201759.123996.wpd 8359 bytes
File C:\Accuscript\Prior Years\2008\1\C#0088.0210819.123997.wpd 6858 bytes
File C:\Accuscript\Prior Years\2008\1\C#0089.0258113.123985.wpd 17172 bytes
File C:\Accuscript\Prior Years\2008\1\C#0090.0207074.123984.wpd 17263 bytes
File C:\Accuscript\Prior Years\2008\1\C#0091.0208428.124369.wpd 7422 bytes
File C:\Accuscript\Prior Years\2008\1\C#0092.0259357.123906.wpd 7854 bytes
File C:\Accuscript\Prior Years\2008\1\C#0093.0258453.124000.wpd 7552 bytes
File C:\Accuscript\Prior Years\2008\1\C#0094.0201380.124023.wpd 6602 bytes
File C:\Accuscript\Prior Years\2008\1\C#0095.0208411.124001.wpd 6858 bytes
File C:\Accuscript\Prior Years\2008\1\C#0096.0259188.123897.wpd 7452 bytes
File C:\Accuscript\Prior Years\2008\1\C#0097.0207788.123896.wpd 6824 bytes
File C:\Accuscript\Prior Years\2008\1\C#0098.0245291.123895.wpd 9860 bytes
File C:\Accuscript\Prior Years\2008\1\C#0099.0208706.123894.wpd 8351 bytes
File C:\Accuscript\Prior Years\2008\1\C#0100.0260246.122716.wpd 10409 bytes
File C:\Accuscript\Prior Years\2008\1\C#0101.0260226.122717.wpd 9962 bytes
File C:\Accuscript\Prior Years\2008\1\C#0102.0256561.124238.wpd 7883 bytes
File C:\Accuscript\Prior Years\2008\1\C#0103.0259803.124217.wpd 7598 bytes
File C:\Accuscript\Prior Years\2008\1\C#0104.0201840.124216.wpd 8086 bytes
File C:\Accuscript\Prior Years\2008\1\C#0105.0200615.124570.wpd 7302 bytes
File C:\Accuscript\Prior Years\2008\1\C#0106.0209067.124220.wpd 7659 bytes
File C:\Accuscript\Prior Years\2008\1\C#0107.0259991.124219.wpd 8159 bytes
File C:\Accuscript\Prior Years\2008\1\C#0108.0260064.124214.wpd 9028 bytes
File C:\Accuscript\Prior Years\2008\1\C#0109.0202367.124221.wpd 7126 bytes
File C:\Accuscript\Prior Years\2008\1\C#0110.0200869.124250.wpd 11640 bytes
File C:\Accuscript\Prior Years\2008\1\C#0111.0105221.124251.wpd 12361 bytes
File C:\Accuscript\Prior Years\2008\1\C#0112.0257972.124256.wpd 8776 bytes
File C:\Accuscript\Prior Years\2008\1\C#0113.0259958.124252.wpd 9565 bytes
File C:\Accuscript\Prior Years\2008\1\C#0114.0200743.124253.wpd 11675 bytes
File C:\Accuscript\Prior Years\2008\1\C#0115.0258313.124349.wpd 11574 bytes
File C:\Accuscript\Prior Years\2008\1\C#0116.0202638.124388.wpd 17275 bytes
File C:\Accuscript\Prior Years\2008\1\C#0117.0208503.124315.wpd 17399 bytes
File C:\Accuscript\Prior Years\2008\1\C#0118.0202591.124314.wpd 17553 bytes
File C:\Accuscript\Prior Years\2008\1\C#0119.0223748.124225.wpd 8791 bytes
File C:\Accuscript\Prior Years\2008\1\C#0120.0254089.124413.wpd 7898 bytes
File C:\Accuscript\Prior Years\2008\1\C#0121.0202586.124223.wpd 8233 bytes
File C:\Accuscript\Prior Years\2008\1\C#0122.0222263.124222.wpd 7815 bytes
File C:\Accuscript\Prior Years\2008\1\C#0123.0260410.124555.wpd 16655 bytes
File C:\Accuscript\Prior Years\2008\1\C#0124.0202528.124240.wpd 7642 bytes
File C:\Accuscript\Prior Years\2008\1\C#0125.0216823.123753A.wpd 8753 bytes
File C:\Accuscript\Prior Years\2008\1\C#0126.0238216.124226.wpd 6534 bytes
File C:\Accuscript\Prior Years\2008\1\C#0127.0258113.123985A.wpd 8804 bytes
File C:\Accuscript\Prior Years\2008\1\C#0128.0260330.123978A.wpd 8717 bytes
File C:\Accuscript\Prior Years\2008\1\C#0129.0257527.124227.wpd 7276 bytes
File C:\Accuscript\Prior Years\2008\1\C#0130.0207163.121499A.wpd 10297 bytes
File C:\Accuscript\Prior Years\2008\1\C#0131.0260049.121501A.wpd 8706 bytes
File C:\Accuscript\Prior Years\2008\1\C#0132.0231727.124229.wpd 7861 bytes
File C:\Accuscript\Prior Years\2008\1\C#0133.0209168.124577.wpd 8360 bytes
File C:\Accuscript\Prior Years\2008\1\C#0134.0208563.121491A.wpd 8839 bytes
File C:\Accuscript\Prior Years\2008\1\C#0135.0214958.124228.wpd 7205 bytes
File C:\Accuscript\Prior Years\2008\1\C#0136.0259715.121496A.wpd 8665 bytes
File C:\Accuscript\Prior Years\2008\1\C#0137.0251739.121552A.wpd 8776 bytes
File C:\Accuscript\Prior Years\2008\1\C#0138.0244875.121493A.wpd 8723 bytes
File C:\Accuscript\Prior Years\2008\1\C#0139.0210451.121495A.wpd 8760 bytes
File C:\Accuscript\Prior Years\2008\1\C#0140.0201966.121500A.wpd 8906 bytes
File C:\Accuscript\Prior Years\2008\1\C#0141.0259957.124230.wpd 7341 bytes
File C:\Accuscript\Prior Years\2008\1\C#0142.0208391.124231.wpd 7935 bytes
File C:\Accuscript\Prior Years\2008\1\C#0143.0232168.122212A.wpd 9179 bytes
File C:\Accuscript\Prior Years\2008\1\C#0144.0232841.124233.wpd 7096 bytes
File C:\Accuscript\Prior Years\2008\1\C#0145.0259773.122479A.wpd 8773 bytes
File C:\Accuscript\Prior Years\2008\1\C#0146.0230450.122481A.wpd 9111 bytes
File C:\Accuscript\Prior Years\2008\1\C#0147.0222953.122480A.wpd 8713 bytes
File C:\Accuscript\Prior Years\2008\1\C#0148.0259965.122482A.wpd 8774 bytes
File C:\Accuscript\Prior Years\2008\1\C#0149.0115784.122476A.wpd 9318 bytes
File C:\Accuscript\Prior Years\2008\1\C#0150.0260070.124237.wpd 8818 bytes
File C:\Accuscript\Prior Years\2008\1\C#0151.0217125.122483A.wpd 8785 bytes
File C:\Accuscript\Prior Years\2008\1\C#0152.0254637.122473A.wpd 9247 bytes
File C:\Accuscript\Prior Years\2008\1\C#0153.0225649.122478A.wpd 8754 bytes
File C:\Accuscript\Prior Years\2008\1\C#0154.0211183.122477A.wpd 8987 bytes
File C:\Accuscript\Prior Years\2008\1\C#0155.0237406.122472A.wpd 8680 bytes
File C:\Accuscript\Prior Years\2008\1\C#0156.0260215.122484A.wpd 8703 bytes
File C:\Accuscript\Prior Years\2008\1\C#0157.0244858.122210A.wpd 0 bytes
File C:\Accuscript\Prior Years\2008\1\C#0158.0207618.122776A.wpd 0 bytes
File C:\Accuscript\Prior Years\2008\1\C#0159.0251227.122780A.wpd 0 bytes

---- EOF - GMER 1.0.15 ----


aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-07 07:40:28
-----------------------------
07:40:28.515 OS Version: Windows 5.1.2600 Service Pack 3
07:40:28.515 Number of processors: 2 586 0x170A
07:40:28.515 ComputerName: D4Q9WCK1 UserName:
07:40:29.187 Initialize success
07:43:29.687 AVAST engine defs: 12050700
07:44:06.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:44:06.515 Disk 0 Vendor: ST380815 4.AD Size: 76293MB BusType: 3
07:44:06.531 Disk 0 MBR read successfully
07:44:06.531 Disk 0 MBR scan
07:44:06.562 Disk 0 Windows VISTA default MBR code
07:44:06.562 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
07:44:06.578 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76252 MB offset 81920
07:44:06.578 Disk 0 scanning sectors +156247952
07:44:06.671 Disk 0 scanning C:\WINDOWS\system32\drivers
07:44:13.296 Service scanning
07:44:30.468 Modules scanning
07:44:34.828 Disk 0 trace - called modules:
07:44:34.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
07:44:34.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae714d8]
07:44:34.859 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8ae46028]
07:44:35.828 AVAST engine scan C:\WINDOWS
07:44:40.265 AVAST engine scan C:\WINDOWS\system32
07:46:41.953 AVAST engine scan C:\WINDOWS\system32\drivers
07:46:52.062 AVAST engine scan C:\Documents and Settings\Martin Reed
07:52:13.812 File: C:\Documents and Settings\Martin Reed\Local Settings\Temp\~!#2FD1.tmp **INFECTED** Win32:Krap-AIG [Trj]
08:05:03.421 AVAST engine scan C:\Documents and Settings\All Users
08:07:47.750 Scan finished successfully
08:18:42.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Martin Reed\Desktop\MBR.dat"
08:18:42.406 The log file has been saved successfully to "C:\Documents and Settings\Martin Reed\Desktop\aswMBR.txt"


Thanks!

#5 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 07 May 2012 - 12:38 PM

Restart the PC and run TDSSkiller once again and post the new log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#6 MReed98643

MReed98643

    Member

  • Members
  • PipPip
  • 38 posts
  • Gender:Male

Posted 07 May 2012 - 04:45 PM

Okay, here are the latest logs:


TDSSKiller log:

13:25:15.0812 2792 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:25:16.0281 2792 ============================================================
13:25:16.0281 2792 Current date / time: 2012/05/07 13:25:16.0281
13:25:16.0281 2792 SystemInfo:
13:25:16.0281 2792
13:25:16.0281 2792 OS Version: 5.1.2600 ServicePack: 3.0
13:25:16.0281 2792 Product type: Workstation
13:25:16.0281 2792 ComputerName: D4Q9WCK1
13:25:16.0281 2792 UserName: Martin Reed
13:25:16.0281 2792 Windows directory: C:\WINDOWS
13:25:16.0281 2792 System windows directory: C:\WINDOWS
13:25:16.0281 2792 Processor architecture: Intel x86
13:25:16.0281 2792 Number of processors: 2
13:25:16.0281 2792 Page size: 0x1000
13:25:16.0281 2792 Boot type: Normal boot
13:25:16.0281 2792 ============================================================
13:25:16.0609 2792 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:25:16.0625 2792 ============================================================
13:25:16.0625 2792 \Device\Harddisk0\DR0:
13:25:16.0640 2792 MBR partitions:
13:25:16.0640 2792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x94EE790
13:25:16.0640 2792 ============================================================
13:25:16.0953 2792 C: <-> \Device\Harddisk0\DR0\Partition0
13:25:16.0953 2792 ============================================================
13:25:16.0953 2792 Initialize success
13:25:16.0953 2792 ============================================================
13:25:29.0515 0868 ============================================================
13:25:29.0515 0868 Scan started
13:25:29.0515 0868 Mode: Manual; TDLFS;
13:25:29.0515 0868 ============================================================
13:25:30.0000 0868 Abiosdsk - ok
13:25:30.0015 0868 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:25:30.0015 0868 abp480n5 - ok
13:25:30.0046 0868 acfva (426b4845468b690cfeeb268488d3aa0b) C:\WINDOWS\system32\DRIVERS\ACFVA32.sys
13:25:30.0046 0868 acfva - ok
13:25:30.0062 0868 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:25:30.0078 0868 ACPI - ok
13:25:30.0078 0868 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:25:30.0078 0868 ACPIEC - ok
13:25:30.0140 0868 ADIHdAudAddService (d80d1d73d1dbf38d0afe692c8bdc939a) C:\WINDOWS\system32\drivers\ADIHdAud.sys
13:25:30.0140 0868 ADIHdAudAddService - ok
13:25:30.0203 0868 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:25:30.0218 0868 AdobeFlashPlayerUpdateSvc - ok
13:25:30.0250 0868 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:25:30.0250 0868 adpu160m - ok
13:25:30.0296 0868 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:25:30.0296 0868 aec - ok
13:25:30.0343 0868 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
13:25:30.0359 0868 AFD - ok
13:25:30.0406 0868 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
13:25:30.0406 0868 AFS2K - ok
13:25:30.0406 0868 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:25:30.0406 0868 agp440 - ok
13:25:30.0421 0868 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:25:30.0421 0868 agpCPQ - ok
13:25:30.0437 0868 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:25:30.0437 0868 Aha154x - ok
13:25:30.0453 0868 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:25:30.0453 0868 aic78u2 - ok
13:25:30.0453 0868 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:25:30.0453 0868 aic78xx - ok
13:25:30.0484 0868 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:25:30.0484 0868 Alerter - ok
13:25:30.0500 0868 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:25:30.0500 0868 ALG - ok
13:25:30.0531 0868 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:25:30.0531 0868 AliIde - ok
13:25:30.0531 0868 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:25:30.0531 0868 alim1541 - ok
13:25:30.0531 0868 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:25:30.0531 0868 amdagp - ok
13:25:30.0546 0868 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:25:30.0546 0868 amsint - ok
13:25:30.0578 0868 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:25:30.0578 0868 AppMgmt - ok
13:25:30.0593 0868 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:25:30.0593 0868 asc - ok
13:25:30.0593 0868 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:25:30.0593 0868 asc3350p - ok
13:25:30.0593 0868 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:25:30.0593 0868 asc3550 - ok
13:25:30.0718 0868 ASFAgent (9ad6ef4d591211a93848103368125b41) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
13:25:30.0718 0868 ASFAgent - ok
13:25:30.0812 0868 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:25:30.0875 0868 aspnet_state - ok
13:25:30.0890 0868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:25:30.0890 0868 AsyncMac - ok
13:25:30.0921 0868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:25:30.0921 0868 atapi - ok
13:25:30.0921 0868 Atdisk - ok
13:25:30.0953 0868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:25:30.0953 0868 Atmarpc - ok
13:25:30.0984 0868 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:25:30.0984 0868 AudioSrv - ok
13:25:31.0031 0868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:25:31.0031 0868 audstub - ok
13:25:31.0125 0868 awhost32 (967fc210a533a49993fd5ac147fa0f8f) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
13:25:31.0125 0868 awhost32 - ok
13:25:31.0140 0868 awlegacy (f7e75c620a04963c9a53c3b47da80405) C:\WINDOWS\System32\Drivers\awlegacy.sys
13:25:31.0140 0868 awlegacy - ok
13:25:31.0140 0868 AW_HOST (e3f3b6875d2ead9c03d04fe66dcd84c8) C:\WINDOWS\system32\drivers\aw_host5.sys
13:25:31.0156 0868 AW_HOST - ok
13:25:31.0156 0868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:25:31.0156 0868 Beep - ok
13:25:31.0203 0868 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:25:31.0281 0868 BITS - ok
13:25:31.0281 0868 Blfp - ok
13:25:31.0312 0868 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:25:31.0312 0868 Browser - ok
13:25:31.0328 0868 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:25:31.0328 0868 cbidf - ok
13:25:31.0343 0868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:25:31.0343 0868 cbidf2k - ok
13:25:31.0343 0868 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:25:31.0359 0868 cd20xrnt - ok
13:25:31.0375 0868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:25:31.0375 0868 Cdaudio - ok
13:25:31.0390 0868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:25:31.0390 0868 Cdfs - ok
13:25:31.0406 0868 Cdr4_xp (7bb548f646500f735fa8320d29830d2a) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
13:25:31.0421 0868 Cdr4_xp - ok
13:25:31.0421 0868 Cdralw2k (5e839ae76fdb359f3d2c2ed6345f23a3) C:\WINDOWS\system32\drivers\Cdralw2k.sys
13:25:31.0421 0868 Cdralw2k - ok
13:25:31.0468 0868 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:25:31.0468 0868 Cdrom - ok
13:25:31.0484 0868 cdudf_xp (849e1e16288133f4aa412b2ff6813197) C:\WINDOWS\system32\drivers\cdudf_xp.sys
13:25:31.0500 0868 cdudf_xp - ok
13:25:31.0500 0868 Changer - ok
13:25:31.0546 0868 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:25:31.0546 0868 CiSvc - ok
13:25:31.0546 0868 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:25:31.0562 0868 ClipSrv - ok
13:25:31.0625 0868 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:25:31.0796 0868 clr_optimization_v2.0.50727_32 - ok
13:25:31.0859 0868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:25:31.0875 0868 clr_optimization_v4.0.30319_32 - ok
13:25:31.0890 0868 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:25:31.0890 0868 CmdIde - ok
13:25:31.0890 0868 COMSysApp - ok
13:25:31.0906 0868 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:25:31.0906 0868 Cpqarray - ok
13:25:31.0937 0868 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:25:31.0937 0868 CryptSvc - ok
13:25:31.0953 0868 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
13:25:31.0953 0868 CVirtA - ok
13:25:32.0078 0868 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
13:25:32.0140 0868 CVPND - ok
13:25:32.0296 0868 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
13:25:32.0296 0868 CVPNDRVA - ok
13:25:32.0343 0868 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:25:32.0359 0868 dac2w2k - ok
13:25:32.0359 0868 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:25:32.0359 0868 dac960nt - ok
13:25:32.0406 0868 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:25:32.0421 0868 DcomLaunch - ok
13:25:32.0453 0868 dgcfltr (ff2cfb06e8019e5bed0497cd629a4bd5) C:\WINDOWS\system32\DRIVERS\ACFDCP32.sys
13:25:32.0468 0868 dgcfltr - ok
13:25:32.0500 0868 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:25:32.0500 0868 Dhcp - ok
13:25:32.0640 0868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:25:32.0640 0868 Disk - ok
13:25:32.0718 0868 DM1Service (727b25be2277079c97f6f2e2f6d493f5) C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
13:25:32.0718 0868 DM1Service - ok
13:25:32.0718 0868 dmadmin - ok
13:25:32.0781 0868 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:25:32.0796 0868 dmboot - ok
13:25:32.0828 0868 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:25:32.0843 0868 dmio - ok
13:25:32.0843 0868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:25:32.0843 0868 dmload - ok
13:25:32.0859 0868 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:25:32.0859 0868 dmserver - ok
13:25:32.0890 0868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:25:32.0890 0868 DMusic - ok
13:25:32.0921 0868 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
13:25:32.0921 0868 DNE - ok
13:25:32.0937 0868 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
13:25:32.0937 0868 Dnscache - ok
13:25:32.0968 0868 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:25:32.0984 0868 Dot3svc - ok
13:25:33.0000 0868 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:25:33.0000 0868 dpti2o - ok
13:25:33.0031 0868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:25:33.0031 0868 drmkaud - ok
13:25:33.0046 0868 DVDVRRdr_xp (b930b8d83996fadecc3b24f4f91207fe) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
13:25:33.0046 0868 DVDVRRdr_xp - ok
13:25:33.0062 0868 dvd_2K (a85194c160f9c4d0ad8a87321738304a) C:\WINDOWS\system32\drivers\dvd_2K.sys
13:25:33.0062 0868 dvd_2K - ok
13:25:33.0109 0868 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
13:25:33.0109 0868 e1kexpress - ok
13:25:33.0140 0868 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:25:33.0140 0868 EapHost - ok
13:25:33.0203 0868 EPSONStatusAgent2 (5e87692939a8bd69312bc15160b426aa) C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
13:25:33.0218 0868 EPSONStatusAgent2 - ok
13:25:33.0218 0868 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:25:33.0218 0868 ERSvc - ok
13:25:33.0265 0868 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:25:33.0265 0868 Eventlog - ok
13:25:33.0312 0868 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:25:33.0328 0868 EventSystem - ok
13:25:33.0375 0868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:25:33.0390 0868 Fastfat - ok
13:25:33.0437 0868 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
13:25:33.0437 0868 FastUserSwitchingCompatibility - ok
13:25:33.0500 0868 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
13:25:33.0500 0868 Fax - ok
13:25:33.0515 0868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:25:33.0515 0868 Fdc - ok
13:25:33.0531 0868 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:25:33.0531 0868 Fips - ok
13:25:33.0609 0868 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:25:33.0625 0868 FLEXnet Licensing Service - ok
13:25:33.0656 0868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:25:33.0656 0868 Flpydisk - ok
13:25:33.0671 0868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:25:33.0671 0868 FltMgr - ok
13:25:33.0781 0868 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:25:33.0781 0868 FontCache3.0.0.0 - ok
13:25:33.0781 0868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:25:33.0781 0868 Fs_Rec - ok
13:25:33.0828 0868 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:25:33.0828 0868 Ftdisk - ok
13:25:33.0859 0868 Gernuwa (ba294768509fa03fcfe766962dee3cad) C:\WINDOWS\system32\drivers\Gernuwa.sys
13:25:33.0859 0868 Gernuwa - ok
13:25:33.0875 0868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:25:33.0875 0868 Gpc - ok
13:25:33.0921 0868 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:25:33.0921 0868 gupdate - ok
13:25:33.0921 0868 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:25:33.0921 0868 gupdatem - ok
13:25:33.0937 0868 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:25:33.0937 0868 HDAudBus - ok
13:25:33.0984 0868 HECI (3067edd0dd77825ac783424ec09ef29f) C:\WINDOWS\system32\DRIVERS\HECI.sys
13:25:33.0984 0868 HECI - ok
13:25:34.0062 0868 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:25:34.0062 0868 helpsvc - ok
13:25:34.0109 0868 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:25:34.0109 0868 HidServ - ok
13:25:34.0125 0868 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:25:34.0125 0868 hidusb - ok
13:25:34.0203 0868 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:25:34.0203 0868 hkmsvc - ok
13:25:34.0265 0868 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
13:25:34.0265 0868 HP Port Resolver - ok
13:25:34.0281 0868 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
13:25:34.0281 0868 HP Status Server - ok
13:25:34.0296 0868 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:25:34.0296 0868 hpn - ok
13:25:34.0328 0868 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:25:34.0328 0868 HPZid412 - ok
13:25:34.0343 0868 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:25:34.0343 0868 HPZipr12 - ok
13:25:34.0359 0868 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:25:34.0359 0868 HPZius12 - ok
13:25:34.0406 0868 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:25:34.0406 0868 HSFHWBS2 - ok
13:25:34.0453 0868 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
13:25:34.0500 0868 HSF_DPV - ok
13:25:34.0531 0868 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
13:25:34.0546 0868 HTTP - ok
13:25:34.0578 0868 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:25:34.0578 0868 HTTPFilter - ok
13:25:34.0593 0868 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:25:34.0593 0868 i2omgmt - ok
13:25:34.0609 0868 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:25:34.0609 0868 i2omp - ok
13:25:34.0937 0868 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:25:35.0078 0868 ialm - ok
13:25:35.0250 0868 iaStor (6c44fa574a17b31e12ddbbe973171728) C:\WINDOWS\system32\drivers\iaStor.sys
13:25:35.0250 0868 iaStor - ok
13:25:35.0406 0868 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:25:35.0437 0868 idsvc - ok
13:25:35.0484 0868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:25:35.0484 0868 Imapi - ok
13:25:35.0531 0868 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:25:35.0531 0868 ImapiService - ok
13:25:35.0562 0868 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:25:35.0578 0868 ini910u - ok
13:25:35.0578 0868 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:25:35.0578 0868 IntelIde - ok
13:25:35.0609 0868 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:25:35.0609 0868 intelppm - ok
13:25:35.0671 0868 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
13:25:35.0671 0868 IntuitUpdateService - ok
13:25:35.0718 0868 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:25:35.0718 0868 IntuitUpdateServiceV4 - ok
13:25:35.0734 0868 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:25:35.0734 0868 Ip6Fw - ok
13:25:35.0750 0868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:25:35.0750 0868 IpFilterDriver - ok
13:25:35.0750 0868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:25:35.0750 0868 IpInIp - ok
13:25:35.0781 0868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:25:35.0781 0868 IpNat - ok
13:25:35.0796 0868 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:25:35.0796 0868 IPSec - ok
13:25:35.0796 0868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:25:35.0796 0868 IRENUM - ok
13:25:35.0843 0868 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:25:35.0843 0868 isapnp - ok
13:25:35.0921 0868 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
13:25:35.0921 0868 JavaQuickStarterService - ok
13:25:35.0968 0868 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:25:35.0968 0868 Kbdclass - ok
13:25:35.0984 0868 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:25:35.0984 0868 kbdhid - ok
13:25:36.0046 0868 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:25:36.0062 0868 kmixer - ok
13:25:36.0109 0868 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
13:25:36.0109 0868 KSecDD - ok
13:25:36.0140 0868 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
13:25:36.0156 0868 LanmanServer - ok
13:25:36.0203 0868 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
13:25:36.0203 0868 lanmanworkstation - ok
13:25:36.0218 0868 lbrtfdc - ok
13:25:36.0250 0868 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:25:36.0250 0868 LmHosts - ok
13:25:36.0312 0868 LMS (ee18710cf1b67a42158299ca15b2a1cd) C:\Program Files\Intel\AMT\LMS.exe
13:25:36.0312 0868 LMS - ok
13:25:36.0343 0868 mdmxsdk (1968508adb20192a03a30c25f16db506) C:\WINDOWS\system32\DRIVERS\ACFSDK32.sys
13:25:36.0343 0868 mdmxsdk - ok
13:25:36.0359 0868 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:25:36.0359 0868 Messenger - ok
13:25:36.0406 0868 mmc_2K (c032e945b949921f4e85d9c255dd99a7) C:\WINDOWS\system32\drivers\mmc_2K.sys
13:25:36.0406 0868 mmc_2K - ok
13:25:36.0437 0868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:25:36.0437 0868 mnmdd - ok
13:25:36.0453 0868 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:25:36.0453 0868 mnmsrvc - ok
13:25:36.0484 0868 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:25:36.0484 0868 Modem - ok
13:25:36.0531 0868 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:25:36.0531 0868 MODEMCSA - ok
13:25:36.0531 0868 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:25:36.0531 0868 Mouclass - ok
13:25:36.0546 0868 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:25:36.0546 0868 mouhid - ok
13:25:36.0562 0868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:25:36.0562 0868 MountMgr - ok
13:25:36.0593 0868 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:25:36.0593 0868 mraid35x - ok
13:25:36.0609 0868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:25:36.0609 0868 MRxDAV - ok
13:25:36.0656 0868 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:25:36.0671 0868 MRxSmb - ok
13:25:36.0718 0868 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:25:36.0718 0868 MSDTC - ok
13:25:36.0718 0868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:25:36.0718 0868 Msfs - ok
13:25:36.0718 0868 MSIServer - ok
13:25:36.0765 0868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:25:36.0765 0868 MSKSSRV - ok
13:25:36.0765 0868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:25:36.0765 0868 MSPCLOCK - ok
13:25:36.0765 0868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:25:36.0765 0868 MSPQM - ok
13:25:36.0796 0868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:25:36.0796 0868 mssmbios - ok
13:25:36.0890 0868 MSSQL$SQLEXPRESS - ok
13:25:36.0921 0868 MSSQLServerADHelper (cee7ad0cab3cca38e8f8de011302c947) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:25:36.0921 0868 MSSQLServerADHelper - ok
13:25:36.0968 0868 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:25:36.0968 0868 Mup - ok
13:25:37.0000 0868 NAL (03ca886ba148b6b9996be1368ddc3fc0) C:\WINDOWS\system32\Drivers\iqvw32.sys
13:25:37.0000 0868 NAL - ok
13:25:37.0046 0868 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:25:37.0046 0868 napagent - ok
13:25:37.0093 0868 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:25:37.0093 0868 NDIS - ok
13:25:37.0109 0868 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:25:37.0109 0868 NdisTapi - ok
13:25:37.0109 0868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:25:37.0109 0868 Ndisuio - ok
13:25:37.0125 0868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:25:37.0140 0868 NdisWan - ok
13:25:37.0140 0868 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
13:25:37.0140 0868 NDProxy - ok
13:25:37.0156 0868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:25:37.0156 0868 NetBIOS - ok
13:25:37.0171 0868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:25:37.0171 0868 NetBT - ok
13:25:37.0203 0868 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:25:37.0218 0868 NetDDE - ok
13:25:37.0218 0868 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:25:37.0218 0868 NetDDEdsdm - ok
13:25:37.0250 0868 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:25:37.0250 0868 Netlogon - ok
13:25:37.0265 0868 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:25:37.0281 0868 Netman - ok
13:25:37.0453 0868 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:25:37.0453 0868 NetTcpPortSharing - ok
13:25:37.0484 0868 Nla (b4138e99236f0f57d4cf49bae98a0746) C:\WINDOWS\System32\mswsock.dll
13:25:37.0484 0868 Nla - ok
13:25:37.0531 0868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:25:37.0531 0868 Npfs - ok
13:25:37.0609 0868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:25:37.0625 0868 Ntfs - ok
13:25:37.0625 0868 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:25:37.0625 0868 NtLmSsp - ok
13:25:37.0687 0868 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:25:37.0703 0868 NtmsSvc - ok
13:25:37.0718 0868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:25:37.0718 0868 Null - ok
13:25:37.0734 0868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:25:37.0750 0868 NwlnkFlt - ok
13:25:37.0750 0868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:25:37.0750 0868 NwlnkFwd - ok
13:25:37.0859 0868 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:25:37.0875 0868 odserv - ok
13:25:37.0937 0868 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:25:37.0953 0868 ose - ok
13:25:37.0984 0868 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:25:37.0984 0868 Parport - ok
13:25:38.0000 0868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:25:38.0000 0868 PartMgr - ok
13:25:38.0031 0868 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:25:38.0031 0868 ParVdm - ok
13:25:38.0031 0868 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:25:38.0031 0868 PCI - ok
13:25:38.0046 0868 PCIDump - ok
13:25:38.0046 0868 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:25:38.0046 0868 PCIIde - ok
13:25:38.0046 0868 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:25:38.0046 0868 Pcmcia - ok
13:25:38.0046 0868 PDCOMP - ok
13:25:38.0062 0868 PDFRAME - ok
13:25:38.0062 0868 PDRELI - ok
13:25:38.0062 0868 PDRFRAME - ok
13:25:38.0078 0868 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:25:38.0078 0868 perc2 - ok
13:25:38.0093 0868 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:25:38.0093 0868 perc2hib - ok
13:25:38.0125 0868 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:25:38.0125 0868 PlugPlay - ok
13:25:38.0171 0868 Pml Driver HPZ12 (a38b3ce68e7f126190cde4aa3fdf050f) C:\WINDOWS\system32\HPZipm12.exe
13:25:38.0171 0868 Pml Driver HPZ12 - ok
13:25:38.0203 0868 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:25:38.0218 0868 PolicyAgent - ok
13:25:38.0218 0868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:25:38.0218 0868 PptpMiniport - ok
13:25:38.0218 0868 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:25:38.0218 0868 ProtectedStorage - ok
13:25:38.0234 0868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:25:38.0234 0868 PSched - ok
13:25:38.0234 0868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:25:38.0234 0868 Ptilink - ok
13:25:38.0250 0868 pwd_2k (1729bcde0e2fdd3f2eb8474e6e83913a) C:\WINDOWS\system32\drivers\pwd_2k.sys
13:25:38.0250 0868 pwd_2k - ok
13:25:38.0281 0868 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:25:38.0281 0868 ql1080 - ok
13:25:38.0281 0868 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:25:38.0281 0868 Ql10wnt - ok
13:25:38.0281 0868 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:25:38.0281 0868 ql12160 - ok
13:25:38.0296 0868 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:25:38.0296 0868 ql1240 - ok
13:25:38.0312 0868 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:25:38.0328 0868 ql1280 - ok
13:25:38.0343 0868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:25:38.0343 0868 RasAcd - ok
13:25:38.0375 0868 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:25:38.0375 0868 RasAuto - ok
13:25:38.0390 0868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:25:38.0390 0868 Rasl2tp - ok
13:25:38.0390 0868 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:25:38.0406 0868 RasMan - ok
13:25:38.0437 0868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:25:38.0437 0868 RasPppoe - ok
13:25:38.0437 0868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:25:38.0437 0868 Raspti - ok
13:25:38.0484 0868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:25:38.0500 0868 Rdbss - ok
13:25:38.0515 0868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:25:38.0515 0868 RDPCDD - ok
13:25:38.0531 0868 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:25:38.0546 0868 rdpdr - ok
13:25:38.0578 0868 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:25:38.0578 0868 RDPWD - ok
13:25:38.0625 0868 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:25:38.0625 0868 RDSessMgr - ok
13:25:38.0640 0868 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:25:38.0656 0868 redbook - ok
13:25:38.0687 0868 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:25:38.0687 0868 RemoteAccess - ok
13:25:38.0703 0868 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:25:38.0703 0868 RemoteRegistry - ok
13:25:38.0750 0868 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:25:38.0750 0868 RpcLocator - ok
13:25:38.0796 0868 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:25:38.0796 0868 RpcSs - ok
13:25:38.0796 0868 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:25:38.0812 0868 RSVP - ok
13:25:38.0812 0868 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:25:38.0812 0868 SamSs - ok
13:25:38.0828 0868 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:25:38.0843 0868 SCardSvr - ok
13:25:38.0859 0868 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:25:38.0875 0868 Schedule - ok
13:25:39.0171 0868 SeaPort (58dc20eb15f071804c56fccc796417a2) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:25:39.0187 0868 SeaPort - ok
13:25:39.0218 0868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:25:39.0218 0868 Secdrv - ok
13:25:39.0234 0868 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:25:39.0234 0868 seclogon - ok
13:25:39.0250 0868 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:25:39.0250 0868 SENS - ok
13:25:39.0265 0868 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:25:39.0265 0868 Serenum - ok
13:25:39.0265 0868 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:25:39.0265 0868 Serial - ok
13:25:39.0312 0868 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
13:25:39.0312 0868 SFAUDIO - ok
13:25:39.0328 0868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:25:39.0328 0868 Sfloppy - ok
13:25:39.0375 0868 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:25:39.0390 0868 SharedAccess - ok
13:25:39.0406 0868 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
13:25:39.0406 0868 ShellHWDetection - ok
13:25:39.0421 0868 Simbad - ok
13:25:39.0437 0868 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:25:39.0437 0868 sisagp - ok
13:25:39.0453 0868 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:25:39.0453 0868 Sparrow - ok
13:25:39.0484 0868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:25:39.0484 0868 splitter - ok
13:25:39.0531 0868 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
13:25:39.0531 0868 Spooler - ok
13:25:39.0656 0868 SQLBrowser (ee94f1f9defa7653a2e4e4f247aae3cd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:25:39.0671 0868 SQLBrowser - ok
13:25:39.0703 0868 SQLWriter (81f40d39ec048e3e9dfd07e4e97a799e) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:25:39.0703 0868 SQLWriter - ok
13:25:39.0750 0868 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:25:39.0750 0868 sr - ok
13:25:39.0796 0868 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:25:39.0812 0868 srservice - ok
13:25:39.0859 0868 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
13:25:39.0859 0868 Srv - ok
13:25:39.0890 0868 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:25:39.0890 0868 SSDPSRV - ok
13:25:39.0921 0868 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:25:39.0937 0868 stisvc - ok
13:25:39.0984 0868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:25:39.0984 0868 swenum - ok
13:25:40.0015 0868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:25:40.0015 0868 swmidi - ok
13:25:40.0015 0868 SwPrv - ok
13:25:40.0046 0868 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:25:40.0046 0868 symc810 - ok
13:25:40.0046 0868 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:25:40.0046 0868 symc8xx - ok
13:25:40.0109 0868 SymEvent (afdcf8008d0ffe23f42071c1540f35e7) C:\Program Files\Symantec\SYMEVENT.SYS
13:25:40.0109 0868 SymEvent - ok
13:25:40.0125 0868 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:25:40.0125 0868 sym_hi - ok
13:25:40.0125 0868 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:25:40.0125 0868 sym_u3 - ok
13:25:40.0140 0868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:25:40.0140 0868 sysaudio - ok
13:25:40.0187 0868 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:25:40.0187 0868 SysmonLog - ok
13:25:40.0265 0868 TabletService (49989f23ad639e155fa6269fe8ac5bf4) C:\WINDOWS\system32\Tablet.exe
13:25:40.0281 0868 TabletService - ok
13:25:40.0359 0868 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:25:40.0375 0868 TapiSrv - ok
13:25:40.0437 0868 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:25:40.0453 0868 Tcpip - ok
13:25:40.0468 0868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:25:40.0468 0868 TDPIPE - ok
13:25:40.0484 0868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:25:40.0484 0868 TDTCP - ok
13:25:40.0500 0868 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:25:40.0500 0868 TermDD - ok
13:25:40.0531 0868 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:25:40.0546 0868 TermService - ok
13:25:40.0562 0868 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
13:25:40.0562 0868 Themes - ok
13:25:40.0593 0868 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:25:40.0593 0868 TlntSvr - ok
13:25:40.0609 0868 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:25:40.0609 0868 TosIde - ok
13:25:40.0625 0868 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:25:40.0625 0868 TrkWks - ok
13:25:40.0671 0868 UDFReadr (14826dbde814e4c4ebd2a0e826596f54) C:\WINDOWS\system32\drivers\UDFReadr.sys
13:25:40.0671 0868 UDFReadr - ok
13:25:40.0687 0868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:25:40.0687 0868 Udfs - ok
13:25:40.0718 0868 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:25:40.0718 0868 ultra - ok
13:25:40.0875 0868 UNS (24ef4a75726c803738ffa90bfc626dd0) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
13:25:40.0937 0868 UNS - ok
13:25:41.0109 0868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:25:41.0125 0868 Update - ok
13:25:41.0156 0868 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:25:41.0171 0868 upnphost - ok
13:25:41.0187 0868 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:25:41.0187 0868 UPS - ok
13:25:41.0218 0868 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:25:41.0218 0868 usbaudio - ok
13:25:41.0218 0868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:25:41.0234 0868 usbccgp - ok
13:25:41.0250 0868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:25:41.0250 0868 usbehci - ok
13:25:41.0296 0868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:25:41.0296 0868 usbhub - ok
13:25:41.0343 0868 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:25:41.0343 0868 usbprint - ok
13:25:41.0375 0868 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:25:41.0375 0868 usbscan - ok
13:25:41.0390 0868 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
13:25:41.0390 0868 usbser - ok
13:25:41.0421 0868 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:25:41.0421 0868 USBSTOR - ok
13:25:41.0453 0868 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:25:41.0453 0868 usbuhci - ok
13:25:41.0625 0868 VfDrv32 (065f8f4a5535167d65a29c082526c307) C:\Program Files\Venta\VentaFax & Voice 6\vfdrv32.exe
13:25:41.0687 0868 VfDrv32 - ok
13:25:41.0718 0868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:25:41.0734 0868 VgaSave - ok
13:25:41.0750 0868 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:25:41.0750 0868 viaagp - ok
13:25:41.0750 0868 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:25:41.0750 0868 ViaIde - ok
13:25:41.0781 0868 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:25:41.0781 0868 VolSnap - ok
13:25:41.0828 0868 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:25:41.0828 0868 VSS - ok
13:25:41.0859 0868 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:25:41.0875 0868 w32time - ok
13:25:41.0890 0868 wacommousefilter (b60851f31710383150be5bab0eefc38e) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
13:25:41.0890 0868 wacommousefilter - ok
13:25:41.0906 0868 wacomvhid (6ebc7fc5a8bbe660ba44157533fe9c7c) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
13:25:41.0906 0868 wacomvhid - ok
13:25:41.0921 0868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:25:41.0921 0868 Wanarp - ok
13:25:41.0921 0868 WDICA - ok
13:25:41.0968 0868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:25:41.0968 0868 wdmaud - ok
13:25:41.0984 0868 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:25:41.0984 0868 WebClient - ok
13:25:42.0015 0868 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:25:42.0046 0868 winachsf - ok
13:25:42.0125 0868 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:25:42.0140 0868 winmgmt - ok
13:25:42.0375 0868 WinSSHD (05ff7a4df843b52de3c7d96233012f11) C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
13:25:42.0484 0868 WinSSHD - ok
13:25:42.0640 0868 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
13:25:42.0640 0868 WmdmPmSN - ok
13:25:42.0687 0868 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:25:42.0718 0868 Wmi - ok
13:25:42.0781 0868 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:25:42.0781 0868 WmiAcpi - ok
13:25:42.0890 0868 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:25:42.0890 0868 WmiApSrv - ok
13:25:43.0093 0868 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:25:43.0140 0868 WPFFontCache_v0400 - ok
13:25:43.0156 0868 WSearch - ok
13:25:43.0187 0868 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:25:43.0203 0868 wuauserv - ok
13:25:43.0250 0868 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:25:43.0265 0868 WZCSVC - ok
13:25:43.0296 0868 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:25:43.0296 0868 xmlprov - ok
13:25:43.0296 0868 ZTEusbser6k - ok
13:25:43.0328 0868 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
13:25:43.0453 0868 \Device\Harddisk0\DR0 - ok
13:25:43.0453 0868 Boot (0x1200) (10be0feee2ba965b511a3f635af4a55b) \Device\Harddisk0\DR0\Partition0
13:25:43.0453 0868 \Device\Harddisk0\DR0\Partition0 - ok
13:25:43.0453 0868 ============================================================
13:25:43.0453 0868 Scan finished
13:25:43.0453 0868 ============================================================
13:25:43.0453 1276 Detected object count: 0
13:25:43.0453 1276 Actual detected object count: 0
13:26:10.0671 3952 Deinitialize success


ESET log:

C:\Documents and Settings\Martin Reed\Desktop\Downloads\hp xw6000 downloads\VIA V RAID\cnet2_via_raid_v530c_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Martin Reed\Local Settings\Temp\~!#2FD1.tmp Win32/Wapprox.B trojan cleaned by deleting - quarantined
C:\Documents and Settings\Martin Reed\Local Settings\Temp\ICReinstall\cnet2_via_raid_v530c_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\Common Files\WM\WMTVOutSmooth.exe Win32/Wapprox.B trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.05.2012_19.44.29\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.05.2012_19.44.29\rtkt0000\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.05.2012_19.44.29\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.05.2012_19.44.29\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined


MiniToolBox log:

C:\Documents and Settings\Martin Reed\Desktop\Downloads\hp xw6000 downloads\VIA V RAID\cnet2_via_raid_v530c_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Martin Reed\Local Settings\Temp\~!#2FD1.tmp Win32/Wapprox.B trojan cleaned by deleting - quarantined
C:\Documents and Settings\Martin Reed\Local Settings\Temp\ICReinstall\cnet2_via_raid_v530c_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\Common Files\WM\WMTVOutSmooth.exe Win32/Wapprox.B trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.05.2012_19.44.29\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.05.2012_19.44.29\rtkt0000\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.05.2012_19.44.29\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.05.2012_19.44.29\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined


So far no more redirects on surfing around the web. Looking good!

#7 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 07 May 2012 - 08:06 PM

Still need mini toolbox log :thumbup2:

#8 MReed98643

MReed98643

    Member

  • Members
  • PipPip
  • 38 posts
  • Gender:Male

Posted 07 May 2012 - 08:40 PM

Oops, sorry about that. Here it is:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Martin Reed (administrator) on 07-05-2012 at 14:34:02
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 2 (Disconnected)
Intel® 82567LM-3 Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : D4Q9WCK1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : wp.comcast.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : wp.comcast.net

Description . . . . . . . . . . . : Intel® 82567LM-3 Gigabit Network Connection

Physical Address. . . . . . . . . : 00-23-AE-A0-5C-90

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.1.10.10

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.1.10.1

DHCP Server . . . . . . . . . . . : 10.1.10.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Monday, May 07, 2012 1:23:52 PM

Lease Expires . . . . . . . . . . : Monday, May 14, 2012 1:23:52 PM

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.224.78, 74.125.224.69, 74.125.224.73, 74.125.224.66
74.125.224.67, 74.125.224.64, 74.125.224.71, 74.125.224.68, 74.125.224.72
74.125.224.65, 74.125.224.70



Pinging google.com [74.125.224.135] with 32 bytes of data:



Reply from 74.125.224.135: bytes=32 time=25ms TTL=53

Reply from 74.125.224.135: bytes=32 time=23ms TTL=53



Ping statistics for 74.125.224.135:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 23ms, Maximum = 25ms, Average = 24ms

DNS request timed out.
timeout was 2 seconds.
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=56ms TTL=51

Reply from 209.191.122.70: bytes=32 time=58ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 58ms, Average = 57ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 23 ae a0 5c 90 ...... Intel® 82567LM-3 Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.10 20
10.1.10.0 255.255.255.0 10.1.10.10 10.1.10.10 20
10.1.10.10 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.1.10.10 10.1.10.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.1.10.10 10.1.10.10 20
255.255.255.255 255.255.255.255 10.1.10.10 10.1.10.10 1
Default Gateway: 10.1.10.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/07/2012 01:24:06 PM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service evaluation period has expired.

Error: (05/07/2012 01:24:04 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: SQL Server evaluation period has expired.

Error: (05/07/2012 07:14:29 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service evaluation period has expired.

Error: (05/07/2012 07:14:28 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: SQL Server evaluation period has expired.

Error: (05/07/2012 03:10:10 AM) (Source: WinSSHD) (User: )
Description: [000] WinSSHD 4.28: The following exception occured while attempting to write a log entry: Writing to log file failed: Windows error 1450: Insufficient system resources exist to complete the requested service. - WinSSHD cannot continue, shutting down.

Error: (05/07/2012 03:10:10 AM) (Source: WinSSHD) (User: )
Description: [014] WinSSHD 4.28: Error accepting connection: Socket: accept operation failed with error 10055

Error: (05/06/2012 07:48:00 PM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service evaluation period has expired.

Error: (05/06/2012 07:47:57 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: SQL Server evaluation period has expired.

Error: (05/06/2012 00:30:52 AM) (Source: SQLBrowser) (User: )
Description: The SQLBrowser service evaluation period has expired.

Error: (05/06/2012 00:30:50 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: SQL Server evaluation period has expired.


System errors:
=============
Error: (05/07/2012 01:25:28 PM) (Source: Service Control Manager) (User: )
Description: The Pcx1unic service terminated with the following error:
%%126

Error: (05/07/2012 01:25:28 PM) (Source: Service Control Manager) (User: )
Description: The KMW_SYS service terminated with the following error:
%%2

Error: (05/07/2012 01:25:28 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error 17051 (0x429B).

Error: (05/07/2012 01:25:28 PM) (Source: Service Control Manager) (User: )
Description: The Ixiaendpoint service terminated with the following error:
%%126

Error: (05/07/2012 07:15:51 AM) (Source: Service Control Manager) (User: )
Description: The Pcx1unic service terminated with the following error:
%%126

Error: (05/07/2012 07:15:51 AM) (Source: Service Control Manager) (User: )
Description: The KMW_SYS service terminated with the following error:
%%2

Error: (05/07/2012 07:15:51 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error 17051 (0x429B).

Error: (05/07/2012 07:15:51 AM) (Source: Service Control Manager) (User: )
Description: The Ixiaendpoint service terminated with the following error:
%%126

Error: (05/07/2012 07:06:04 AM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (05/07/2012 06:54:04 AM) (Source: 0) (User: )
Description: \Device\LanmanServer


Microsoft Office Sessions:
=========================
Error: (05/03/2012 10:02:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 82481 seconds with 60 seconds of active time. This session ended with a crash.

Error: (03/14/2012 08:39:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9157 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/12/2012 09:22:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11398 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/23/2012 09:56:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8596 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/17/2012 09:54:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9643 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/16/2012 10:21:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11068 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/13/2012 09:56:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10051 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/08/2012 09:34:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6811 seconds with 180 seconds of active time. This session ended with a crash.

Error: (02/03/2012 11:18:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7097 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/03/2012 09:17:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 81254 seconds with 180 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.2.0)
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe SVG Viewer (Version: 1.0)
Bank2QIF (Version: 1.0.1.0)
Bitvise WinSSHD 4.28 (remove only)
BufferChm (Version: 60.0.155.000)
Career Step Foot Pedal Software (remove only)
Choice Guard (Version: 1.2.87.0)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.6)
Conexant D850 PCI V.92 Modem (Version: 7.74.00)
Cypress USB Mass Storage Driver Installation
DAO 3.5
Dell Backup and Recovery Manager (Version: 1.0.0)
Destinations (Version: 60.0.155.000)
DeviceManagementQFolder (Version: 1.00.0000)
DigiCel FlipBook 6.7
Digital Line Detect (Version: 1.21)
dj_taplugin (Version: 60.0.196.000)
dj6980 (Version: 60.0.196.000)
DPM Download/Configuration (Version: 2.01.0180)
EditScript MT (Version: 8.0.702)
EditScript MT (Version: 9.20.0.24)
EPSON PhotoQuicker3.0
EPSON Printer Software
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
EX Editor (Version: 80.1.2)
EX Editor Site: idc1 (Version: 80.1.2)
EX Editor Site: idc2 (Version: 80.1.2)
EX Editor Site: idc3 (Version: 80.1.2)
EX Editor Site: idc4 (Version: 80.1.2)
Film Factory
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
HexEdit (Version: 3.5.0)
HP Deskjet 6900 series (Version: 6.0)
HP Imaging Device Functions 6.0 (Version: 6.0)
HP Memories Disc (Version: 1.0.4.805)
HP Photo and Imaging 2.2 - Scanjet 8200 Series (Version: 2.2.0000)
HP Photosmart Essential (Version: 1.8.0.26)
HP Software Update (Version: 3.0.6.003)
HP Solution Center and Imaging Support Tools 6.0 (Version: 6.0)
HP USB Disk Storage Format Tool
hpf_ProductContext (Version: 60.0.196.000)
HPProductAssistant (Version: 60.0.155.000)
Imaging for Windows® 2.8
Ink Monitor
Intel® Graphics Media Accelerator Driver
Intel® Network Connections 13.1.34.2 (Version: 13.1.34.2)
Intel® PRO Alerting Agent (Version: 12.0.3)
Intel® Active Management Technology
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 14.0.8050.1202)
LiveReg (Symantec Corporation) (Version: 2.0.6.1314)
LiveUpdate 1.6 (Symantec Corporation)
LP6980_Help (Version: 60.0.196.000)
LP6980Trb (Version: 60.0.196.000)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MFCLOC (Version: 1.00.0000)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Basic 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 1.2.121.0)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014)
Microsoft SQL Server 2005 CTP
Microsoft SQL Server 2005 Express Edition CTP (SQLEXPRESS) (Version: 9.00.1314.06)
Microsoft SQL Server 2005 Tools Express Edition CTP (Version: 9.00.1314.06)
Microsoft SQL Server Management Studio Express CTP (Version: 9.00.1399.06)
Microsoft SQL Server Native Client (Version: 9.00.1314.06)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.1314.06)
Microsoft SQL Server VSS Writer (Version: 9.00.1314.06)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Web Publishing Wizard 1.53
Migo Digital Rescue 4 Premium (Version: 4)
Modem Diagnostics Tool (Version: 1.0.23.0)
Moneydance 2010
MSVCRT (Version: 14.0.1468.721)
MSXML 6.0 Parser (Version: 6.00.3880.0)
MT Monitor (Version: 1.7.425)
Napster (Version: 2.0.7.2)
NetUtils (Version: 4.21)
NetWaiting (Version: 2.5.54)
Olympus DSS Player 2002
Olympus DSS Player Pro
Ontrack Data Recovery Verifile Data Reports (Version: 2.2.2.0)
PaperPort 8.0 (Version: 1.0.0.0000)
PowerDVD DX (Version: 8.2.5024)
Quicken Home & Business 99
QuickTime
Readiris Pro 8
Readme (Version: 60.0.196.000)
Roxio Burn Engine (Version: 1.2.0000)
Roxio Easy Media Creator 7 (Version: 7.0.353.0)
Segoe UI (Version: 14.0.4327.805)
Sendkeys Replacement Demo
ShareIns (Version: 1.00.0000)
Shorthand 10.00
SolutionCenter (Version: 60.0.155.000)
Status (Version: 60.0.155.000)
Symantec pcAnywhere (Version: 10.5)
Tablet
Tax Forms Helper 2011 10.0
TFP for 2010 (Version: Tax Year 2010)
TinyTERM (Version: 4.21)
TrayApp (Version: 60.0.155.000)
TurboTax 2010
TurboTax 2010 wcaiper (Version: 010.000.1291)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4012)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0457)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0213)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 wcaiper (Version: 011.000.1595)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wrapper (Version: 011.000.0121)
Unload (Version: 6.0.0)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update Manager (Version: 4.60)
USB Modem (Version: 2.0.15.50)
USB Storage Adapter FX (SM1)
Venta Fax & Voice 6.5 (Business version) (remove/restore) (Version: 6.5)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 60.0.155.000)
WeOnlyDo! Ftp DELUXE
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.817.1)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Toolbar (Version: 14.0.8052.1208)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
WordPerfect Office X3 (Version: 13.1)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 3291.54 MB
Available physical RAM: 2483.51 MB
Total Pagefile: 5175.16 MB
Available Pagefile: 4438.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.93 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:74.47 GB) (Free:31.23 GB) NTFS
3 Drive e: (11-10_BKP) (CDROM) (Total:0.56 GB) (Free:0.47 GB) CDUDFRW

========================= Users: ========================================

User accounts for \\D4Q9WCK1

Administrator CSH Guest
HelpAssistant Martin Reed MEB
MFB SKF StanCardiology
SUPPORT_388945a0 ZYK


**** End of log ****

#9 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 07 May 2012 - 11:16 PM

Download

winsock fixit

Run the fixit,restart the PC

Download

http://download.bleepingcomputer.com/misc/host-files/windows-xp/hosts

Copy it to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Launch mini toolbox and check mark

List content of Hosts
List Winsock Entries

click GO and post the log

good luck

Edited by narenxp, 07 May 2012 - 11:17 PM.

#10 MReed98643

MReed98643

    Member

  • Members
  • PipPip
  • 38 posts
  • Gender:Male

Posted 08 May 2012 - 02:12 AM

Did those steps -- here's the log:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Martin Reed (administrator) on 08-05-2012 at 00:08:48
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
Hosts file not detected in the default directory
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

**** End of log ****

#11 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 08 May 2012 - 02:20 AM

Press Windows+R key and type

cmd and click ok and run this command

netsh winsock reset

Restart the PC

Hosts file not detected in the default directory

Did you copy the hosts file to

C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder?

Download

system look

Copy this script on search box

:filefind
*hosts*

Click on LOOK ,post the generated log

good luck

#12 MReed98643

MReed98643

    Member

  • Members
  • PipPip
  • 38 posts
  • Gender:Male

Posted 08 May 2012 - 09:45 AM

Yes, I saved "hosts" to that folder, but I had just saved the .mhtml file. Before doing SystemLook just now, I copied "hosts" to a text file with no extension. Here's the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 07:35 on 08/05/2012 by Martin Reed
Administrator - Elevation successful

========== filefind ==========

Searching for "*hosts*"
C:\Documents and Settings\Martin Reed\Local Settings\Temporary Internet Files\Content.IE5\8L0CYFAV\hosts[1] --a---- 734 bytes [06:38 08/05/2012] [06:38 08/05/2012] DE1CBFE6C3086010AF115A1F00909B01
C:\Documents and Settings\Martin Reed\Recent\hosts.mht.lnk --a---- 789 bytes [07:07 08/05/2012] [14:33 08/05/2012] E3265BC41AD1E0551875F3C906808339
C:\Documents and Settings\Martin Reed\Recent\hosts.txt.lnk --a---- 789 bytes [14:33 08/05/2012] [14:33 08/05/2012] 0FDF8BD0E51BED4425A8A159A2D61FC5
C:\I386\HOSTS --a---- 734 bytes [16:11 25/04/2008] [12:00 14/04/2008] DE1CBFE6C3086010AF115A1F00909B01
C:\I386\LMHOSTS.SA_ --a---- 1754 bytes [16:11 25/04/2008] [12:00 14/04/2008] 77848AA60BEA0C8A8E5E35A6A0786F86
C:\Program Files\Dell\DBRM\osmedia\I386\HOSTS --a---- 734 bytes [19:21 31/07/2009] [06:00 14/04/2008] DE1CBFE6C3086010AF115A1F00909B01
C:\Program Files\Dell\DBRM\osmedia\I386\LMHOSTS.SA_ --a---- 1754 bytes [19:21 31/07/2009] [06:00 14/04/2008] 77848AA60BEA0C8A8E5E35A6A0786F86
C:\WINDOWS\system32\drivers\etc\hosts --a---- 736 bytes [14:33 08/05/2012] [14:33 08/05/2012] D8AB726765AA0C5E14B0888228EBEFFC
C:\WINDOWS\system32\drivers\etc\hosts.mht --a---- 1329 bytes [07:07 08/05/2012] [07:07 08/05/2012] 825771252F07A54CE43D1D3FD048A1A8
C:\WINDOWS\system32\drivers\etc\lmhosts.sam --a---- 3683 bytes [16:16 25/04/2008] [12:00 14/04/2008] 18413B90E1B291EC3E777A845C37CFEE

-= EOF =-

#13 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 08 May 2012 - 11:55 AM

Yes, I saved "hosts" to that folder, but I had just saved the .mhtml file. Before doing SystemLook just now, I copied "hosts" to a text file with no extension.

grt

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 MReed98643

MReed98643

    Member

  • Members
  • PipPip
  • 38 posts
  • Gender:Male

Posted 08 May 2012 - 03:08 PM

Thanks so much for your help, NarenXP! I'm en route to the tip jar.

#15 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 08 May 2012 - 09:21 PM

You're most welcome :thumbsup:
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·