Browser Hijacked, Keeps coming Back

My browser was been hijacked by... something a few days ago and I came here hoping you could help. I've run quite a few antiviruses and anti-spyware programs but none of them seem to find anything. Hopefully you can help because i'm out of ideas!!

Anywho, I'm running a WIndows XP machine. All web pages I pull up are garbled.. seem to have some other text written over my search results. There's no re-directing, just all the web pages seem to be missing proper formatting, some text and images.

I attached my GMER, DDS and Hijack This results.

ComboFix seems to get rid of it for a bit after I run it and restart the computer but the hijack always comes back shortly afterwards.

Thank you so much for any help with this!!

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464924 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

• If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
• A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
  
  • Please do this even if you have previously posted logs for us.
  • If you were unable to produce the logs originally please try once more.
  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
  • If you are unsure about any of these characteristics just post what you can and we will guide you.
• Please tell us if you have your original Windows CD/DVD available.
• Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • DDS.com
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

thanks, I'm running a new GMER scan tonight. I'll have both logs uploaded in the morning

thanks, I'm running a new GMER scan tonight. I'll have both logs uploaded in the morning

Don't worry about the GMer scan go ahead and run the two new programs I asked for


gringo

Sorry just saw your reply gringo, I'll follow your instructions instead

Results of screen317's Security Check version 0.99.45
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java™ 6 Update 3
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.2.54 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

23:50:36.0640 1672 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
23:50:36.0968 1672 ============================================================
23:50:36.0968 1672 Current date / time: 2012/08/17 23:50:36.0968
23:50:36.0968 1672 SystemInfo:
23:50:36.0968 1672
23:50:36.0968 1672 OS Version: 5.1.2600 ServicePack: 3.0
23:50:36.0968 1672 Product type: Workstation
23:50:36.0968 1672 ComputerName: MAIN
23:50:36.0968 1672 UserName: Billy Joe Bob
23:50:36.0968 1672 Windows directory: C:\WINDOWS
23:50:36.0968 1672 System windows directory: C:\WINDOWS
23:50:36.0968 1672 Processor architecture: Intel x86
23:50:36.0968 1672 Number of processors: 2
23:50:36.0968 1672 Page size: 0x1000
23:50:36.0968 1672 Boot type: Safe boot with network
23:50:36.0968 1672 ============================================================
23:50:38.0343 1672 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
23:50:38.0343 1672 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
23:50:38.0375 1672 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
23:50:38.0375 1672 ============================================================
23:50:38.0375 1672 \Device\Harddisk0\DR0:
23:50:38.0375 1672 MBR partitions:
23:50:38.0375 1672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4191
23:50:38.0375 1672 \Device\Harddisk1\DR1:
23:50:38.0375 1672 MBR partitions:
23:50:38.0375 1672 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
23:50:38.0375 1672 \Device\Harddisk2\DR2:
23:50:38.0375 1672 MBR partitions:
23:50:38.0375 1672 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A385421
23:50:38.0375 1672 ============================================================
23:50:38.0421 1672 C: <-> \Device\Harddisk1\DR1\Partition1
23:50:42.0546 1672 E: <-> \Device\Harddisk2\DR2\Partition1
23:50:42.0562 1672 F: <-> \Device\Harddisk0\DR0\Partition1
23:50:42.0562 1672 ============================================================
23:50:42.0562 1672 Initialize success
23:50:42.0562 1672 ============================================================
23:50:45.0937 1952 ============================================================
23:50:45.0937 1952 Scan started
23:50:45.0937 1952 Mode: Manual;
23:50:45.0937 1952 ============================================================
23:50:49.0234 1952 ================ Scan services =============================
23:50:49.0265 1952 !SASCORE - ok
23:50:49.0500 1952 Abiosdsk - ok
23:50:49.0500 1952 abp480n5 - ok
23:50:49.0578 1952 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:50:49.0593 1952 ACPI - ok
23:50:50.0000 1952 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:50:50.0000 1952 ACPIEC - ok
23:50:50.0484 1952 [ 6d7f09cd92a9fef3a8efce66231fdd79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
23:50:50.0500 1952 adfs - ok
23:50:51.0093 1952 [ 57a3b9a69f14414ace12afd6ba701773 ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
23:50:51.0125 1952 Adobe Version Cue CS4 - ok
23:50:51.0203 1952 [ 0d4c486a24a711a45fd83acdf4d18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:50:51.0234 1952 AdobeFlashPlayerUpdateSvc - ok
23:50:51.0234 1952 adpu160m - ok
23:50:51.0265 1952 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:50:51.0281 1952 aec - ok
23:50:51.0343 1952 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:50:51.0343 1952 AFD - ok
23:50:51.0343 1952 Aha154x - ok
23:50:51.0359 1952 aic78u2 - ok
23:50:51.0375 1952 aic78xx - ok
23:50:51.0671 1952 [ 35045a23957a71ba649740741e69408c ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23:50:51.0906 1952 ALCXWDM - ok
23:50:51.0953 1952 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:50:51.0968 1952 Alerter - ok
23:50:52.0015 1952 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
23:50:52.0015 1952 ALG - ok
23:50:52.0015 1952 AliIde - ok
23:50:52.0046 1952 [ efbb0956baed786e137351b5ca272aef ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:50:52.0062 1952 AmdK8 - ok
23:50:52.0062 1952 amsint - ok
23:50:52.0125 1952 [ 1961cb10bb48eb4d97e37db6373e9e63 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23:50:52.0140 1952 Apple Mobile Device - ok
23:50:52.0203 1952 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:50:52.0218 1952 AppMgmt - ok
23:50:52.0265 1952 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:50:52.0281 1952 Arp1394 - ok
23:50:52.0281 1952 asc - ok
23:50:52.0296 1952 asc3350p - ok
23:50:52.0312 1952 asc3550 - ok
23:50:52.0406 1952 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:50:52.0453 1952 aspnet_state - ok
23:50:52.0484 1952 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:50:52.0484 1952 AsyncMac - ok
23:50:52.0515 1952 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:50:52.0515 1952 atapi - ok
23:50:52.0515 1952 Atdisk - ok
23:50:52.0546 1952 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:50:52.0562 1952 Atmarpc - ok
23:50:52.0593 1952 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:50:52.0593 1952 AudioSrv - ok
23:50:52.0640 1952 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:50:52.0640 1952 audstub - ok
23:50:52.0671 1952 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:50:52.0671 1952 Beep - ok
23:50:52.0750 1952 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
23:50:52.0984 1952 BITS - ok
23:50:53.0078 1952 [ 5ff9a3f3476d726ae62da82d5da94c36 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
23:50:53.0078 1952 BlueletAudio - ok
23:50:53.0140 1952 [ bd91afc523fd59f881e1763c38fb772f ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
23:50:53.0140 1952 BlueletSCOAudio - ok
23:50:53.0203 1952 [ 2072720f0848312c40e01c2aec8ed439 ] BlueSoleil Hid Service C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
23:50:53.0218 1952 BlueSoleil Hid Service - ok
23:50:53.0250 1952 [ cfd4c3352e29a8b729536648466e8df5 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:50:53.0281 1952 Bonjour Service - ok
23:50:53.0312 1952 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser C:\WINDOWS\System32\browser.dll
23:50:53.0328 1952 Browser - ok
23:50:53.0343 1952 [ c5cce2b26f73f8cf7f3c82159e79aa08 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
23:50:53.0343 1952 BT - ok
23:50:53.0375 1952 [ fb2abc6d08d9f8d5ed8e02cbd18b39bb ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
23:50:53.0375 1952 Btcsrusb - ok
23:50:53.0390 1952 [ b279426e3c0c344893ed78a613a73bde ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
23:50:53.0406 1952 BthEnum - ok
23:50:53.0421 1952 [ ce643d0918123d76a5caab008fca9663 ] BTHidEnum C:\WINDOWS\system32\Drivers\vbtenum.sys
23:50:53.0421 1952 BTHidEnum - ok
23:50:53.0437 1952 [ dfca4fe4c8aec786b4d0f432eb730f48 ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
23:50:53.0437 1952 BTHidMgr - ok
23:50:53.0453 1952 [ fca6f069597b62d42495191ace3fc6c1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
23:50:53.0468 1952 BTHMODEM - ok
23:50:53.0500 1952 [ 80602b8746d3738f5886ce3d67ef06b6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
23:50:53.0515 1952 BthPan - ok
23:50:53.0578 1952 [ 662bfd909447dd9cc15b1a1c366583b4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
23:50:53.0609 1952 BTHPORT - ok
23:50:53.0640 1952 [ f4c43c66471b87996d95db7a3a664a37 ] BthServ C:\WINDOWS\System32\bthserv.dll
23:50:53.0656 1952 BthServ - ok
23:50:53.0671 1952 [ 61364cd71ef63b0f038b7e9df00f1efa ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
23:50:53.0671 1952 BTHUSB - ok
23:50:53.0765 1952 catchme - ok
23:50:53.0796 1952 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:50:53.0796 1952 cbidf2k - ok
23:50:53.0828 1952 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:50:53.0828 1952 CCDECODE - ok
23:50:53.0843 1952 cd20xrnt - ok
23:50:53.0859 1952 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:50:53.0875 1952 Cdaudio - ok
23:50:53.0906 1952 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:50:53.0906 1952 Cdfs - ok
23:50:53.0968 1952 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:50:53.0968 1952 Cdrom - ok
23:50:54.0000 1952 [ 84853b3fd012251690570e9e7e43343f ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
23:50:54.0000 1952 cercsr6 - ok
23:50:54.0015 1952 Changer - ok
23:50:54.0046 1952 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:50:54.0046 1952 CiSvc - ok
23:50:54.0062 1952 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:50:54.0062 1952 ClipSrv - ok
23:50:54.0109 1952 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:50:54.0140 1952 clr_optimization_v2.0.50727_32 - ok
23:50:54.0437 1952 [ 907324001ae25ac5959c91eaa34cabae ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
23:50:54.0640 1952 cmdAgent - ok
23:50:54.0765 1952 [ bee235831f8e3f0baaca18b39d285cf5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
23:50:54.0812 1952 cmdGuard - ok
23:50:54.0828 1952 [ de548946f36cab62fec2e6aa0149a619 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
23:50:54.0828 1952 cmdHlp - ok
23:50:54.0843 1952 CmdIde - ok
23:50:54.0859 1952 COMSysApp - ok
23:50:54.0875 1952 Cpqarray - ok
23:50:54.0906 1952 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:50:54.0906 1952 CryptSvc - ok
23:50:54.0921 1952 dac2w2k - ok
23:50:54.0921 1952 dac960nt - ok
23:50:55.0015 1952 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:50:55.0062 1952 DcomLaunch - ok
23:50:55.0093 1952 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:50:55.0125 1952 Dhcp - ok
23:50:55.0546 1952 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:50:55.0546 1952 Disk - ok
23:50:55.0937 1952 dmadmin - ok
23:51:01.0500 1952 [ e8bd266c43cd750cad9a0f503523ff48 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:51:06.0031 1952 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmboot.sys. Real md5: e8bd266c43cd750cad9a0f503523ff48, Fake md5: d992fe1274bde0f84ad826acae022a41
23:51:06.0046 1952 dmboot ( ForgedFile.Multi.Generic ) - warning
23:51:06.0046 1952 dmboot - detected ForgedFile.Multi.Generic (1)
23:51:06.0109 1952 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:51:06.0109 1952 dmio - ok
23:51:06.0156 1952 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:51:06.0156 1952 dmload - ok
23:51:06.0203 1952 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:51:06.0203 1952 dmserver - ok
23:51:06.0218 1952 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:51:06.0218 1952 DMusic - ok
23:51:06.0281 1952 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:51:06.0281 1952 Dnscache - ok
23:51:06.0359 1952 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:51:06.0375 1952 Dot3svc - ok
23:51:06.0468 1952 [ 3e4b043f8bc6be1d4820cc6c9c500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
23:51:06.0500 1952 dot4 - ok
23:51:06.0546 1952 [ 77ce63a8a34ae23d9fe4c7896d1debe7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
23:51:06.0562 1952 Dot4Print - ok
23:51:06.0578 1952 [ bd05306428da63369692477ddc0f6f5f ] Dot4Scan C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
23:51:06.0578 1952 Dot4Scan - ok
23:51:06.0593 1952 [ 6ec3af6bb5b30e488a0c559921f012e1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
23:51:06.0593 1952 dot4usb - ok
23:51:06.0609 1952 dpti2o - ok
23:51:06.0656 1952 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:51:06.0656 1952 drmkaud - ok
23:51:07.0140 1952 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:51:07.0140 1952 EapHost - ok
23:51:07.0171 1952 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:51:07.0187 1952 ERSvc - ok
23:51:07.0218 1952 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
23:51:07.0234 1952 Eventlog - ok
23:51:07.0296 1952 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
23:51:07.0328 1952 EventSystem - ok
23:51:07.0343 1952 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:51:07.0343 1952 Fastfat - ok
23:51:07.0390 1952 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:51:07.0406 1952 FastUserSwitchingCompatibility - ok
23:51:07.0437 1952 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
23:51:07.0437 1952 Fdc - ok
23:51:07.0484 1952 [ 20fe03294ac1429ae88a64c2f754b0d4 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
23:51:07.0484 1952 FilterService - ok
23:51:07.0531 1952 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:51:07.0531 1952 Fips - ok
23:51:07.0640 1952 [ 1f63900e2eb00101b9aca2b7a870704e ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:51:07.0718 1952 FLEXnet Licensing Service - ok
23:51:07.0734 1952 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:51:07.0734 1952 Flpydisk - ok
23:51:07.0796 1952 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:51:07.0796 1952 FltMgr - ok
23:51:07.0875 1952 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:51:07.0875 1952 FontCache3.0.0.0 - ok
23:51:07.0890 1952 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:51:07.0890 1952 Fs_Rec - ok
23:51:07.0937 1952 [ b283f1bc1ff852bd232449a4b3e3ce63 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
23:51:07.0937 1952 FTDIBUS - ok
23:51:07.0968 1952 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:51:07.0968 1952 Ftdisk - ok
23:51:08.0000 1952 [ 678a73f56ddf84a08c31123c386e9967 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
23:51:08.0000 1952 FTSER2K - ok
23:51:08.0046 1952 [ 065639773d8b03f33577f6cdaea21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:51:08.0046 1952 gameenum - ok
23:51:08.0078 1952 [ 5dc17164f66380cbfefd895c18467773 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
23:51:08.0078 1952 GEARAspiWDM - ok
23:51:08.0093 1952 gel90xne - ok
23:51:08.0156 1952 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:51:08.0156 1952 Gpc - ok
23:51:08.0203 1952 [ 833051c6c6c42117191935f734cfbd97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
23:51:08.0203 1952 hamachi - ok
23:51:08.0406 1952 [ f31d7f8a7699575dbb3b3a3ab4aa6216 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
23:51:08.0562 1952 Hamachi2Svc - ok
23:51:08.0593 1952 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:51:08.0593 1952 HDAudBus - ok
23:51:08.0687 1952 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:51:08.0687 1952 helpsvc - ok
23:51:08.0734 1952 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll
23:51:08.0734 1952 HidServ - ok
23:51:08.0734 1952 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:51:08.0750 1952 hidusb - ok
23:51:08.0812 1952 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:51:08.0812 1952 hkmsvc - ok
23:51:08.0828 1952 hpn - ok
23:51:08.0906 1952 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:51:08.0921 1952 HTTP - ok
23:51:08.0968 1952 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:51:09.0000 1952 HTTPFilter - ok
23:51:09.0046 1952 [ a8631a5c888203d9ebef43a474d7613f ] HWiNFO32 C:\Program Files\HWiNFO32\HWiNFO32.SYS
23:51:09.0046 1952 HWiNFO32 - ok
23:51:09.0062 1952 i2omgmt - ok
23:51:09.0062 1952 i2omp - ok
23:51:09.0093 1952 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:51:09.0093 1952 i8042prt - ok
23:51:09.0281 1952 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:51:09.0375 1952 idsvc - ok
23:51:09.0406 1952 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:51:09.0406 1952 Imapi - ok
23:51:09.0468 1952 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
23:51:09.0484 1952 ImapiService - ok
23:51:09.0484 1952 InCDFs - ok
23:51:09.0500 1952 InCDPass - ok
23:51:09.0515 1952 InCDRm - ok
23:51:09.0531 1952 ini910u - ok
23:51:09.0593 1952 [ f89849cf13805ef49da64a8a63193af7 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
23:51:09.0593 1952 Inspect - ok
23:51:09.0593 1952 IntelIde - ok
23:51:09.0640 1952 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:51:09.0640 1952 Ip6Fw - ok
23:51:09.0671 1952 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:51:09.0687 1952 IpFilterDriver - ok
23:51:09.0703 1952 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:51:09.0703 1952 IpInIp - ok
23:51:09.0734 1952 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:51:09.0734 1952 IpNat - ok
23:51:09.0828 1952 [ 1cb96e83fd76eb5580451cef29e24303 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:51:09.0875 1952 iPod Service - ok
23:51:09.0906 1952 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:51:09.0906 1952 IPSec - ok
23:51:09.0921 1952 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:51:09.0921 1952 IRENUM - ok
23:51:09.0953 1952 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:51:09.0953 1952 isapnp - ok
23:51:10.0109 1952 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:51:10.0125 1952 JavaQuickStarterService - ok
23:51:10.0171 1952 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:51:10.0171 1952 Kbdclass - ok
23:51:10.0250 1952 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:51:10.0250 1952 kbdhid - ok
23:51:10.0296 1952 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:51:10.0328 1952 kmixer - ok
23:51:10.0359 1952 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:51:10.0359 1952 KSecDD - ok
23:51:10.0390 1952 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:51:10.0406 1952 lanmanserver - ok
23:51:10.0453 1952 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:51:10.0468 1952 lanmanworkstation - ok
23:51:10.0484 1952 lbrtfdc - ok
23:51:10.0546 1952 [ e2f1dcf4a68cc6cf694fbfba1842f4cd ] libusb0 C:\WINDOWS\system32\drivers\libusb0.sys
23:51:10.0546 1952 libusb0 - ok
23:51:10.0562 1952 [ 8b4b572753419fe601220526205f9455 ] libusbd C:\WINDOWS\system32\libusbd-nt.exe
23:51:10.0562 1952 libusbd - ok
23:51:10.0640 1952 [ dfeff67508d3a9aeb1a85d7b0f513b24 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:51:10.0656 1952 LightScribeService - ok
23:51:10.0687 1952 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:51:10.0687 1952 LmHosts - ok
23:51:10.0703 1952 LMIInfo - ok
23:51:10.0718 1952 [ 4477689e2d8ae6b78ba34c9af4cc1ed1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
23:51:10.0734 1952 lmimirr - ok
23:51:10.0734 1952 LMIRfsClientNP - ok
23:51:10.0750 1952 [ 622704763da924c1565344e8c7d6ca4d ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
23:51:10.0750 1952 LMIRfsDriver - ok
23:51:10.0781 1952 [ 8be71d7edb8c7494913722059f760dd0 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
23:51:10.0796 1952 LVPr2Mon - ok
23:51:10.0859 1952 [ e52f5a2cadcf08d07f559962f807a0a2 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
23:51:10.0890 1952 LVRS - ok
23:51:11.0703 1952 [ c3d02260beb2b48dea1efdfca91e4b69 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
23:51:12.0437 1952 LVUVC - ok
23:51:12.0546 1952 [ 11f714f85530a2bd134074dc30e99fca ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:51:12.0578 1952 MDM - ok
23:51:12.0609 1952 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:51:12.0625 1952 Messenger - ok
23:51:12.0640 1952 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:51:12.0640 1952 mnmdd - ok
23:51:12.0671 1952 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:51:12.0671 1952 mnmsrvc - ok
23:51:12.0718 1952 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:51:12.0734 1952 Modem - ok
23:51:12.0765 1952 [ fe80c18ba448ddd76b7bead9eb203d37 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
23:51:12.0765 1952 motmodem - ok
23:51:12.0781 1952 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:51:12.0796 1952 Mouclass - ok
23:51:12.0812 1952 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:51:12.0812 1952 mouhid - ok
23:51:12.0859 1952 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:51:12.0859 1952 MountMgr - ok
23:51:12.0906 1952 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:51:12.0906 1952 MozillaMaintenance - ok
23:51:12.0921 1952 mraid35x - ok
23:51:12.0984 1952 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:51:13.0000 1952 MRxDAV - ok
23:51:13.0140 1952 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:51:13.0140 1952 MRxSmb - ok
23:51:13.0156 1952 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:51:13.0156 1952 MSDTC - ok
23:51:13.0187 1952 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:51:13.0187 1952 Msfs - ok
23:51:13.0218 1952 [ 082a950191dde602bbea8ef4e5900251 ] msgame C:\WINDOWS\system32\DRIVERS\msgame.sys
23:51:13.0234 1952 msgame - ok
23:51:13.0234 1952 MSIServer - ok
23:51:13.0250 1952 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:51:13.0250 1952 MSKSSRV - ok
23:51:13.0265 1952 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:51:13.0265 1952 MSPCLOCK - ok
23:51:13.0281 1952 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:51:13.0281 1952 MSPQM - ok
23:51:13.0312 1952 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:51:13.0312 1952 mssmbios - ok
23:51:13.0390 1952 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:51:13.0390 1952 MSTEE - ok
23:51:13.0406 1952 [ ca3e22598f411199adc2dfee76cd0ae0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
23:51:13.0406 1952 ms_mpu401 - ok
23:51:13.0421 1952 [ d48659bb24c48345d926ecb45c1ebdf5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23:51:13.0421 1952 MTsensor - ok
23:51:13.0453 1952 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:51:13.0468 1952 Mup - ok
23:51:13.0500 1952 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:51:13.0515 1952 NABTSFEC - ok
23:51:13.0609 1952 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
23:51:13.0656 1952 napagent - ok
23:51:13.0718 1952 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:51:13.0718 1952 NDIS - ok
23:51:13.0750 1952 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:51:13.0750 1952 NdisIP - ok
23:51:13.0796 1952 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:51:13.0796 1952 NdisTapi - ok
23:51:13.0812 1952 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:51:13.0812 1952 Ndisuio - ok
23:51:13.0843 1952 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:51:13.0843 1952 NdisWan - ok
23:51:13.0890 1952 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:51:13.0890 1952 NDProxy - ok
23:51:13.0906 1952 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:51:13.0906 1952 NetBIOS - ok
23:51:13.0937 1952 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:51:13.0937 1952 NetBT - ok
23:51:14.0015 1952 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
23:51:14.0031 1952 NetDDE - ok
23:51:14.0046 1952 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:51:14.0046 1952 NetDDEdsdm - ok
23:51:14.0093 1952 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:51:14.0093 1952 Netlogon - ok
23:51:14.0140 1952 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
23:51:14.0171 1952 Netman - ok
23:51:14.0203 1952 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:51:14.0218 1952 NetTcpPortSharing - ok
23:51:14.0250 1952 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:51:14.0265 1952 NIC1394 - ok
23:51:14.0312 1952 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
23:51:14.0328 1952 Nla - ok
23:51:14.0343 1952 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:51:14.0343 1952 Npfs - ok
23:51:14.0437 1952 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:51:14.0437 1952 Ntfs - ok
23:51:14.0453 1952 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:51:14.0453 1952 NtLmSsp - ok
23:51:17.0515 1952 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:51:17.0578 1952 NtmsSvc - ok
23:51:17.0656 1952 nTuneService - ok
23:51:17.0671 1952 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
23:51:17.0671 1952 Null - ok
23:51:19.0187 1952 [ 0dc79b60cedc3a8854c27b3c6e4b3414 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:51:20.0718 1952 nv - ok
23:51:20.0781 1952 [ f3d3015e52f2732042197d4edcaac2cb ] nvax C:\WINDOWS\system32\drivers\nvax.sys
23:51:20.0796 1952 nvax - ok
23:51:20.0843 1952 [ 7d275ecda4628318912f6c945d5cf963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:51:20.0843 1952 NVENETFD - ok
23:51:20.0890 1952 [ 8eb410a64c86d51007687ee00bc2f912 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
23:51:20.0906 1952 NVHDA - ok
23:51:20.0953 1952 [ b64aacefad2be5bff5353fe681253c67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:51:20.0953 1952 nvnetbus - ok
23:51:21.0015 1952 [ 6d6fd2b7035d415621acaf1e555c8b90 ] nvnforce C:\WINDOWS\system32\drivers\nvapu.sys
23:51:21.0062 1952 nvnforce - ok
23:51:21.0093 1952 [ 61d6b1c71ad94f8485e966bebc36d092 ] NVR0Dev C:\WINDOWS\nvoclock.sys
23:51:22.0734 1952 NVR0Dev - ok
23:51:22.0781 1952 [ 971b4344aba9b79ed0e9d0bb2a5283c1 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
23:51:22.0796 1952 NVSvc - ok
23:51:23.0140 1952 [ 4cde6d8e0a07dce9e568f58a5dc8086c ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:51:23.0390 1952 nvUpdatusService - ok
23:51:23.0437 1952 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:51:23.0437 1952 NwlnkFlt - ok
23:51:23.0437 1952 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:51:23.0453 1952 NwlnkFwd - ok
23:51:23.0500 1952 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:51:23.0500 1952 ohci1394 - ok
23:51:23.0562 1952 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:51:23.0578 1952 ose - ok
23:51:23.0625 1952 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:51:23.0625 1952 Parport - ok
23:51:23.0671 1952 [ 6ddcf3f801ec15fe698f6a215cf30a1f ] Partizan C:\WINDOWS\system32\drivers\Partizan.sys
23:51:23.0671 1952 Partizan - ok
23:51:23.0718 1952 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:51:23.0718 1952 PartMgr - ok
23:51:23.0765 1952 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:51:23.0765 1952 ParVdm - ok
23:51:23.0812 1952 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:51:23.0812 1952 PCI - ok
23:51:23.0828 1952 PCIDump - ok
23:51:23.0875 1952 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:51:23.0875 1952 PCIIde - ok
23:51:23.0906 1952 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:51:23.0921 1952 Pcmcia - ok
23:51:23.0921 1952 PDCOMP - ok
23:51:23.0937 1952 PDFRAME - ok
23:51:23.0953 1952 PDRELI - ok
23:51:23.0953 1952 PDRFRAME - ok
23:51:23.0968 1952 perc2 - ok
23:51:23.0984 1952 perc2hib - ok
23:51:24.0046 1952 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
23:51:24.0062 1952 PlugPlay - ok
23:51:24.0078 1952 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:51:24.0078 1952 PolicyAgent - ok
23:51:24.0093 1952 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:51:24.0093 1952 PptpMiniport - ok
23:51:24.0109 1952 [ a32bebaf723557681bfc6bd93e98bd26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:51:24.0109 1952 Processor - ok
23:51:24.0125 1952 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:51:24.0125 1952 ProtectedStorage - ok
23:51:24.0140 1952 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:51:24.0140 1952 PSched - ok
23:51:24.0203 1952 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:51:24.0203 1952 Ptilink - ok
23:51:24.0250 1952 [ 153d02480a0a2f45785522e814c634b6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:51:24.0250 1952 PxHelp20 - ok
23:51:24.0250 1952 ql1080 - ok
23:51:24.0265 1952 Ql10wnt - ok
23:51:24.0281 1952 ql12160 - ok
23:51:24.0296 1952 ql1240 - ok
23:51:24.0312 1952 ql1280 - ok
23:51:24.0328 1952 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:51:24.0328 1952 RasAcd - ok
23:51:24.0359 1952 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:51:24.0375 1952 RasAuto - ok
23:51:24.0406 1952 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:51:24.0406 1952 Rasl2tp - ok
23:51:24.0468 1952 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:51:24.0484 1952 RasMan - ok
23:51:24.0500 1952 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:51:24.0500 1952 RasPppoe - ok
23:51:24.0515 1952 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:51:24.0515 1952 Raspti - ok
23:51:24.0546 1952 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:51:24.0546 1952 Rdbss - ok
23:51:24.0562 1952 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:51:24.0562 1952 RDPCDD - ok
23:51:24.0609 1952 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:51:24.0609 1952 rdpdr - ok
23:51:24.0671 1952 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:51:24.0687 1952 RDPWD - ok
23:51:24.0734 1952 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:51:24.0750 1952 RDSessMgr - ok
23:51:24.0765 1952 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:51:24.0765 1952 redbook - ok
23:51:24.0812 1952 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:51:24.0812 1952 RemoteAccess - ok
23:51:24.0859 1952 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:51:24.0875 1952 RemoteRegistry - ok
23:51:24.0890 1952 [ 851c30df2807fcfa21e4c681a7d6440e ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
23:51:24.0906 1952 RFCOMM - ok
23:51:24.0953 1952 [ 2c4fb2e9f039287767c384e46ee91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
23:51:24.0953 1952 RimVSerPort - ok
23:51:25.0000 1952 [ d8b0b4ade32574b2d9c5cc34dc0dbbe7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
23:51:25.0000 1952 ROOTMODEM - ok
23:51:25.0187 1952 [ 146ae73403f2e3a923c055e163c69213 ] RoxLiveShare10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
23:51:25.0234 1952 RoxLiveShare10 - ok
23:51:25.0375 1952 [ 2dcc8b71718978613647fa9523bf485c ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
23:51:25.0500 1952 RoxMediaDB10 - ok
23:51:25.0515 1952 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
23:51:25.0515 1952 RpcLocator - ok
23:51:25.0578 1952 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:51:25.0593 1952 RpcSs - ok
23:51:25.0609 1952 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:51:25.0625 1952 RSVP - ok
23:51:25.0687 1952 [ 7436bfd3a542cf6ff55097200031b293 ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
23:51:25.0718 1952 RT73 - ok
23:51:25.0812 1952 [ 7fd98e91896cad23169a84874f145250 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
23:51:25.0890 1952 RTL8192su - ok
23:51:25.0937 1952 [ c3f676bfb12292ffbc5b5fe4c8daf2d4 ] RxFilter C:\WINDOWS\system32\DRIVERS\RxFilter.sys
23:51:25.0937 1952 RxFilter - ok
23:51:25.0968 1952 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
23:51:25.0968 1952 SamSs - ok
23:51:26.0078 1952 [ 39763504067962108505bff25f024345 ] SASDIFSV C:\Program Files\New Folder\SASDIFSV.SYS
23:51:26.0078 1952 SASDIFSV - ok
23:51:26.0140 1952 [ 77b9fc20084b48408ad3e87570eb4a85 ] SASKUTIL C:\Program Files\New Folder\SASKUTIL.SYS
23:51:26.0156 1952 SASKUTIL - ok
23:51:26.0171 1952 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:51:26.0187 1952 SCardSvr - ok
23:51:26.0234 1952 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:51:26.0265 1952 Schedule - ok
23:51:26.0312 1952 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:51:26.0312 1952 Secdrv - ok
23:51:26.0343 1952 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
23:51:26.0343 1952 seclogon - ok
23:51:26.0359 1952 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
23:51:26.0375 1952 SENS - ok
23:51:26.0406 1952 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:51:26.0406 1952 serenum - ok
23:51:26.0421 1952 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:51:26.0437 1952 Serial - ok
23:51:26.0468 1952 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:51:26.0468 1952 Sfloppy - ok
23:51:26.0546 1952 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:51:26.0578 1952 SharedAccess - ok
23:51:26.0609 1952 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:51:26.0609 1952 ShellHWDetection - ok
23:51:26.0625 1952 Simbad - ok
23:51:26.0671 1952 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:51:26.0671 1952 SLIP - ok
23:51:26.0687 1952 Sparrow - ok
23:51:26.0750 1952 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:51:26.0750 1952 splitter - ok
23:51:26.0796 1952 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:51:26.0796 1952 Spooler - ok
23:51:26.0828 1952 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:51:26.0828 1952 sr - ok
23:51:26.0859 1952 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
23:51:26.0890 1952 srservice - ok
23:51:26.0953 1952 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:51:26.0953 1952 Srv - ok
23:51:27.0000 1952 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:51:27.0015 1952 SSDPSRV - ok
23:51:27.0031 1952 [ 329ebfce6ba46c29ea1b8624e7823cad ] Start BT in service C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
23:51:27.0046 1952 Start BT in service - ok
23:51:27.0125 1952 [ b1691af4a072cb674d600db16dd7308e ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
23:51:27.0156 1952 StarWindServiceAE - ok
23:51:27.0187 1952 Steam Client Service - ok
23:51:27.0250 1952 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:51:27.0296 1952 stisvc - ok
23:51:27.0328 1952 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:51:27.0328 1952 streamip - ok
23:51:27.0390 1952 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:51:27.0390 1952 swenum - ok
23:51:27.0437 1952 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:51:27.0437 1952 swmidi - ok
23:51:27.0453 1952 SwPrv - ok
23:51:27.0468 1952 symc810 - ok
23:51:27.0468 1952 symc8xx - ok
23:51:27.0484 1952 sym_hi - ok
23:51:27.0500 1952 sym_u3 - ok
23:51:27.0546 1952 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:51:27.0562 1952 sysaudio - ok
23:51:27.0609 1952 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:51:27.0609 1952 SysmonLog - ok
23:51:27.0671 1952 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:51:27.0703 1952 TapiSrv - ok
23:51:27.0796 1952 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:51:27.0796 1952 Tcpip - ok
23:51:27.0843 1952 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:51:27.0843 1952 TDPIPE - ok
23:51:27.0859 1952 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:51:27.0859 1952 TDTCP - ok
23:51:27.0890 1952 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:51:27.0890 1952 TermDD - ok
23:51:27.0937 1952 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
23:51:27.0968 1952 TermService - ok
23:51:28.0000 1952 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
23:51:28.0000 1952 Themes - ok
23:51:28.0031 1952 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:51:28.0031 1952 TlntSvr - ok
23:51:28.0046 1952 TMPassthruMP - ok
23:51:28.0062 1952 TosIde - ok
23:51:28.0093 1952 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:51:28.0109 1952 TrkWks - ok
23:51:28.0156 1952 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:51:28.0171 1952 Udfs - ok
23:51:28.0171 1952 ultra - ok
23:51:28.0281 1952 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:51:28.0281 1952 Update - ok
23:51:28.0312 1952 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:51:28.0343 1952 upnphost - ok
23:51:28.0343 1952 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
23:51:28.0359 1952 UPS - ok
23:51:28.0406 1952 [ f340199e8cb097e1acd58a967c665919 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:51:28.0406 1952 USBAAPL - ok
23:51:28.0453 1952 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
23:51:28.0453 1952 usbaudio - ok
23:51:28.0500 1952 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:51:28.0500 1952 usbccgp - ok
23:51:28.0515 1952 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:51:28.0515 1952 usbehci - ok
23:51:28.0562 1952 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:51:28.0562 1952 usbhub - ok
23:51:28.0609 1952 [ 0daecce65366ea32b162f85f07c6753b ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:51:28.0609 1952 usbohci - ok
23:51:28.0640 1952 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:51:28.0640 1952 usbscan - ok
23:51:28.0687 1952 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:51:28.0687 1952 USBSTOR - ok
23:51:28.0734 1952 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
23:51:28.0750 1952 usbvideo - ok
23:51:28.0765 1952 [ b6cc50279d6cd28e090a5d33244adc9a ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:51:28.0765 1952 usb_rndisx - ok
23:51:28.0828 1952 [ 51750b0539986186c6931fc40d171521 ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
23:51:28.0828 1952 VComm - ok
23:51:28.0890 1952 [ 6d9c891c0a761afed1f3609c2e56f2b9 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
23:51:28.0890 1952 VcommMgr - ok
23:51:28.0968 1952 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:51:28.0968 1952 VgaSave - ok
23:51:28.0984 1952 ViaIde - ok
23:51:29.0046 1952 [ 5f974fde801c73952770736becde11e7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
23:51:29.0046 1952 Viewpoint Manager Service - ok
23:51:29.0093 1952 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:51:29.0093 1952 VolSnap - ok
23:51:29.0250 1952 [ 193d323a88f442334d652ac5c1f56414 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
23:51:29.0312 1952 vpnagent - ok
23:51:29.0359 1952 [ fc94804932cfc35f01b3ae510e3b4d5c ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
23:51:29.0359 1952 vpnva - ok
23:51:29.0406 1952 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
23:51:29.0437 1952 VSS - ok
23:51:29.0468 1952 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
23:51:29.0500 1952 W32Time - ok
23:51:29.0515 1952 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:51:29.0515 1952 Wanarp - ok
23:51:29.0546 1952 [ d6efaf429fd30c5df613d220e344cce7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
23:51:29.0562 1952 WDC_SAM - ok
23:51:29.0640 1952 [ bbcfeab7e871cddac2d397ee7fa91fdc ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:51:29.0703 1952 Wdf01000 - ok
23:51:29.0703 1952 WDICA - ok
23:51:29.0734 1952 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:51:29.0750 1952 wdmaud - ok
23:51:29.0765 1952 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:51:29.0781 1952 WebClient - ok
23:51:29.0859 1952 [ 451f905bc7bff9e1cff2e7ae76196b2c ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
23:51:29.0875 1952 WinDriver6 - ok
23:51:30.0000 1952 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:51:30.0000 1952 winmgmt - ok
23:51:30.0078 1952 [ fd600b032e741eb6aab509fc630f7c42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
23:51:30.0078 1952 WinUSB - ok
23:51:30.0093 1952 WLNdis50 - ok
23:51:30.0140 1952 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:51:30.0156 1952 WmdmPmSN - ok
23:51:30.0250 1952 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:51:30.0312 1952 Wmi - ok
23:51:30.0343 1952 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:51:30.0359 1952 WmiApSrv - ok
23:51:30.0515 1952 [ f74e3d9a7fa9556c3bbb14d4e5e63d3b ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:51:30.0609 1952 WMPNetworkSvc - ok
23:51:30.0640 1952 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:51:30.0640 1952 WS2IFSL - ok
23:51:30.0671 1952 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:51:30.0687 1952 wscsvc - ok
23:51:30.0734 1952 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:51:30.0734 1952 WSTCODEC - ok
23:51:30.0765 1952 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:51:30.0781 1952 wuauserv - ok
23:51:30.0828 1952 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:51:30.0828 1952 WudfPf - ok
23:51:30.0859 1952 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:51:30.0859 1952 WudfRd - ok
23:51:30.0890 1952 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:51:30.0953 1952 WudfSvc - ok
23:51:30.0968 1952 WUSB54GCSVC - ok
23:51:31.0062 1952 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:51:31.0109 1952 WZCSVC - ok
23:51:31.0156 1952 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:51:31.0203 1952 xmlprov - ok
23:51:31.0250 1952 [ a640c90b007762939507c28a021be3b3 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
23:51:31.0250 1952 xusb21 - ok
23:51:31.0328 1952 [ 4322c32ced8c4772e039616dcbf01d3f ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
23:51:31.0343 1952 yukonwxp - ok
23:51:31.0421 1952 ================ Scan global ===============================
23:51:31.0484 1952 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
23:51:31.0546 1952 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
23:51:31.0609 1952 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
23:51:31.0640 1952 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:51:31.0640 1952 [Global] - ok
23:51:31.0640 1952 ================ Scan MBR ==================================
23:51:31.0640 1952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:51:31.0656 1952 \Device\Harddisk0\DR0 - ok
23:51:31.0671 1952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:51:31.0875 1952 \Device\Harddisk1\DR1 - ok
23:51:31.0921 1952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
23:51:31.0921 1952 \Device\Harddisk2\DR2 - ok
23:51:31.0921 1952 ================ Scan VBR ==================================
23:51:31.0937 1952 Boot (0x1200) (ed04884d183390f22ee9709241922306) \Device\Harddisk0\DR0\Partition1
23:51:31.0937 1952 \Device\Harddisk0\DR0\Partition1 - ok
23:51:31.0937 1952 Boot (0x1200) (c263ebdfd7fe21cdabee63533312453b) \Device\Harddisk1\DR1\Partition1
23:51:31.0937 1952 \Device\Harddisk1\DR1\Partition1 - ok
23:51:31.0953 1952 Boot (0x1200) (40e3fba40318b6d84e5f3237756a416e) \Device\Harddisk2\DR2\Partition1
23:51:31.0953 1952 \Device\Harddisk2\DR2\Partition1 - ok
23:51:31.0953 1952 ============================================================
23:51:31.0953 1952 Scan finished
23:51:31.0953 1952 ============================================================
23:51:31.0984 1700 Detected object count: 1
23:51:31.0984 1700 Actual detected object count: 1
23:52:12.0265 1700 dmboot ( ForgedFile.Multi.Generic ) - skipped by user
23:52:12.0265 1700 dmboot ( ForgedFile.Multi.Generic ) - User select action: Skip

OK let me have the aswMBR report when complete



gringo

Sorry, I tried to run the aswMBR twice and both times it gave me a blue screen that said DRIVER_IRQL_NOT_LESS_OR_EQUAL

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click on Report and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User: Billy Joe Bob [Admin rights]
Mode: Scan -- Date: 08/18/2012 00:20:00

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{8F0826B8-6E99-4D18-B37E-A070F7611D4F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{B3BFD9C8-18EC-426D-B9BF-D693522A9D70} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{8F0826B8-6E99-4D18-B37E-A070F7611D4F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{B3BFD9C8-18EC-426D-B9BF-D693522A9D70} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500KS-00MJB0 +++++
--- User ---
[MBR] 26dce08510ef8a5aaeb0f4928813426b
[BSP] 0bd88a8efdf177c7d935e23b1162ee18 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AAKS-00YGA0 +++++
--- User ---
[MBR] 2dc8d6d42a6d2f88bf00a1045abeb8d5
[BSP] e24cb1d96bb0435339ae2e20363bf06b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD5000AAKS-00YGA0 +++++
--- User ---
[MBR] 836ce91ddda800e64b6a9282d70979fc
[BSP] 5ef50ba41432fd56ec300b0ce2b3ef3a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

just posting because I got an email that you replied but it hasn't popped up on the web yet. hoping to jiggle something loose.