Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Google Redirect / Pop-ups

Started by sirhc1210 , Jan 09 2013 08:39 AM

Please log in to reply

9 replies to this topic

#1 sirhc1210

Member

Members
33 posts

Posted 09 January 2013 - 08:39 AM

Hey Everyone,

To start off the new year I decided to switch from using my IE brower to Firefox. While browsing with Firefox I got a screen about downloading an addon for pop-up removal. Thinking it was similar to the other google yahoo etc addons I had downloaded about 5 minutes prior, I accepted. Before I knew it I had some fake virus scan program saying i have 7,000+ viruses and have to pay to get them removed. And even more pop-ups. Google and google search functions have been disabled and I get redirected to different sites.

I ran Malwarebytes and it didn't find anything. I downloaded Avast and it found and removed the fake virus scan however now I get frequent messages that Avast blocked a website "http:/anothersheetagain.com/x" and several others. However avast doesn't provide any solutions for preventing my computer from randomly trying to access these sites. Google no longer opens - it just tries to load and nothing happens. However other websites do function. Avast automatically downloaded google chrome and now even clicking IE or firefox brings up a chrome browser.

Does anyone have any advice for removing this? Please let me know if you need any other information or logs. Any help would be greatly appreciated. Thanks in advance.

Chris

BC Ads
BleepingComputer.com

#2 narenxp

Forum Addict

BC Advisor
16,366 posts

Gender:Male
Location:India

Posted 09 January 2013 - 09:43 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 sirhc1210

Member

Members
33 posts

Posted 10 January 2013 - 06:47 PM

Hi, Thanks for the quick response.

I ran TDSS as requested and it produced two logs:

Log 1:
17:37:39.0421 2980 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:37:39.0843 2980 ============================================================
17:37:39.0843 2980 Current date / time: 2013/01/10 17:37:39.0843
17:37:39.0843 2980 SystemInfo:
17:37:39.0843 2980
17:37:39.0843 2980 OS Version: 5.1.2600 ServicePack: 3.0
17:37:39.0843 2980 Product type: Workstation
17:37:39.0843 2980 ComputerName: TRANSFORMER
17:37:39.0843 2980 UserName: Chris Pizarro
17:37:39.0843 2980 Windows directory: C:\WINDOWS
17:37:39.0843 2980 System windows directory: C:\WINDOWS
17:37:39.0843 2980 Processor architecture: Intel x86
17:37:39.0843 2980 Number of processors: 2
17:37:39.0843 2980 Page size: 0x1000
17:37:39.0843 2980 Boot type: Normal boot
17:37:39.0843 2980 ============================================================
17:37:40.0234 2980 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:37:40.0234 2980 ============================================================
17:37:40.0234 2980 \Device\Harddisk0\DR0:
17:37:40.0234 2980 MBR partitions:
17:37:40.0234 2980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
17:37:40.0234 2980 ============================================================
17:37:40.0250 2980 C: <-> \Device\Harddisk0\DR0\Partition1
17:37:40.0250 2980 ============================================================
17:37:40.0250 2980 Initialize success
17:37:40.0250 2980 ============================================================
17:38:00.0437 3484 ============================================================
17:38:00.0437 3484 Scan started
17:38:00.0437 3484 Mode: Manual; TDLFS;
17:38:00.0437 3484 ============================================================
17:38:00.0656 3484 ================ Scan system memory ========================
17:38:00.0656 3484 System memory - ok
17:38:00.0656 3484 ================ Scan services =============================
17:38:00.0781 3484 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
17:38:00.0781 3484 6to4 - ok
17:38:00.0843 3484 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
17:38:00.0843 3484 Aavmker4 - ok
17:38:00.0859 3484 Abiosdsk - ok
17:38:00.0859 3484 abp480n5 - ok
17:38:00.0906 3484 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:38:00.0906 3484 ACPI - ok
17:38:00.0937 3484 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:38:00.0953 3484 ACPIEC - ok
17:38:00.0968 3484 [ 233235123F3D73228EC3D2BBA0E7143D ] ACS C:\WINDOWS\system32\acs.exe
17:38:00.0968 3484 ACS - ok
17:38:00.0984 3484 adpu160m - ok
17:38:01.0000 3484 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:38:01.0000 3484 aec - ok
17:38:01.0046 3484 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:38:01.0046 3484 AegisP - ok
17:38:01.0093 3484 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:38:01.0109 3484 AFD - ok
17:38:01.0109 3484 Aha154x - ok
17:38:01.0109 3484 aic78u2 - ok
17:38:01.0125 3484 aic78xx - ok
17:38:01.0265 3484 [ FCB505A7FA9DD4B8B98064792FD038A4 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:38:01.0390 3484 ALCXWDM - ok
17:38:01.0406 3484 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:38:01.0421 3484 Alerter - ok
17:38:01.0437 3484 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:38:01.0453 3484 ALG - ok
17:38:01.0453 3484 AliIde - ok
17:38:01.0453 3484 amsint - ok
17:38:01.0562 3484 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:38:01.0562 3484 Apple Mobile Device - ok
17:38:01.0562 3484 AppMgmt - ok
17:38:01.0625 3484 [ F6F31F142A2FF302B8D1ECDA9FE14A6B ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
17:38:01.0625 3484 AR5211 - ok
17:38:01.0640 3484 asc - ok
17:38:01.0640 3484 asc3350p - ok
17:38:01.0640 3484 asc3550 - ok
17:38:01.0718 3484 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:38:01.0718 3484 aspnet_state - ok
17:38:01.0750 3484 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:38:01.0765 3484 aswFsBlk - ok
17:38:01.0796 3484 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
17:38:01.0796 3484 aswMon2 - ok
17:38:01.0843 3484 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
17:38:01.0843 3484 AswRdr - ok
17:38:01.0875 3484 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:38:01.0906 3484 aswSnx - ok
17:38:01.0937 3484 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:38:01.0953 3484 aswSP - ok
17:38:01.0984 3484 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:38:01.0984 3484 aswTdi - ok
17:38:02.0015 3484 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:38:02.0015 3484 AsyncMac - ok
17:38:02.0046 3484 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:38:02.0046 3484 atapi - ok
17:38:02.0046 3484 Atdisk - ok
17:38:02.0078 3484 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:38:02.0078 3484 Atmarpc - ok
17:38:02.0109 3484 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:38:02.0109 3484 AudioSrv - ok
17:38:02.0140 3484 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:38:02.0140 3484 audstub - ok
17:38:02.0218 3484 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:38:02.0218 3484 avast! Antivirus - ok
17:38:02.0250 3484 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:38:02.0250 3484 Beep - ok
17:38:02.0328 3484 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:38:02.0359 3484 Bonjour Service - ok
17:38:02.0390 3484 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
17:38:02.0390 3484 Browser - ok
17:38:02.0437 3484 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:38:02.0437 3484 cbidf2k - ok
17:38:02.0437 3484 cd20xrnt - ok
17:38:02.0468 3484 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:38:02.0468 3484 Cdaudio - ok
17:38:02.0484 3484 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:38:02.0484 3484 Cdfs - ok
17:38:02.0500 3484 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:38:02.0500 3484 Cdrom - ok
17:38:02.0515 3484 Changer - ok
17:38:02.0546 3484 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
17:38:02.0546 3484 cisvc - ok
17:38:02.0578 3484 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:38:02.0578 3484 ClipSrv - ok
17:38:02.0593 3484 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:38:02.0625 3484 clr_optimization_v2.0.50727_32 - ok
17:38:02.0640 3484 CmdIde - ok
17:38:02.0640 3484 COMSysApp - ok
17:38:02.0656 3484 Cpqarray - ok
17:38:02.0656 3484 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:38:02.0656 3484 CryptSvc - ok
17:38:02.0703 3484 [ E2B1AEDB62845581D848037F0A614EE6 ] ctlsb16 C:\WINDOWS\system32\drivers\ctlsb16.sys
17:38:02.0703 3484 ctlsb16 - ok
17:38:02.0703 3484 dac2w2k - ok
17:38:02.0718 3484 dac960nt - ok
17:38:02.0765 3484 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:38:02.0796 3484 DcomLaunch - ok
17:38:02.0843 3484 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:38:02.0843 3484 Dhcp - ok
17:38:02.0890 3484 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:38:02.0890 3484 Disk - ok
17:38:02.0890 3484 dmadmin - ok
17:38:02.0937 3484 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:38:02.0968 3484 dmboot - ok
17:38:03.0000 3484 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:38:03.0000 3484 dmio - ok
17:38:03.0031 3484 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:38:03.0031 3484 dmload - ok
17:38:03.0062 3484 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:38:03.0062 3484 dmserver - ok
17:38:03.0093 3484 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:38:03.0093 3484 DMusic - ok
17:38:03.0140 3484 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:38:03.0140 3484 Dnscache - ok
17:38:03.0171 3484 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:38:03.0171 3484 Dot3svc - ok
17:38:03.0171 3484 dpti2o - ok
17:38:03.0203 3484 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:38:03.0203 3484 drmkaud - ok
17:38:03.0234 3484 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:38:03.0234 3484 EapHost - ok
17:38:03.0265 3484 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:38:03.0265 3484 ERSvc - ok
17:38:03.0312 3484 esgiguard - ok
17:38:03.0343 3484 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:38:03.0343 3484 Eventlog - ok
17:38:03.0390 3484 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
17:38:03.0406 3484 EventSystem - ok
17:38:03.0437 3484 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:38:03.0437 3484 Fastfat - ok
17:38:03.0484 3484 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:38:03.0500 3484 FastUserSwitchingCompatibility - ok
17:38:03.0531 3484 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:38:03.0531 3484 Fdc - ok
17:38:03.0546 3484 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:38:03.0546 3484 Fips - ok
17:38:03.0562 3484 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:38:03.0562 3484 Flpydisk - ok
17:38:03.0593 3484 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:38:03.0593 3484 FltMgr - ok
17:38:03.0640 3484 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:38:03.0640 3484 FontCache3.0.0.0 - ok
17:38:03.0656 3484 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:38:03.0656 3484 Fs_Rec - ok
17:38:03.0656 3484 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:38:03.0656 3484 Ftdisk - ok
17:38:03.0703 3484 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:38:03.0703 3484 GEARAspiWDM - ok
17:38:03.0734 3484 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:38:03.0734 3484 Gpc - ok
17:38:03.0781 3484 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:38:03.0781 3484 gupdate - ok
17:38:03.0796 3484 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:38:03.0796 3484 gupdatem - ok
17:38:03.0812 3484 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:38:03.0812 3484 helpsvc - ok
17:38:03.0828 3484 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:38:03.0828 3484 HidServ - ok
17:38:03.0859 3484 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:38:03.0859 3484 hidusb - ok
17:38:03.0890 3484 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:38:03.0890 3484 hkmsvc - ok
17:38:03.0906 3484 hpn - ok
17:38:03.0906 3484 hpt3xx - ok
17:38:03.0937 3484 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:38:03.0968 3484 HTTP - ok
17:38:04.0000 3484 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:38:04.0031 3484 HTTPFilter - ok
17:38:04.0031 3484 i2omgmt - ok
17:38:04.0046 3484 i2omp - ok
17:38:04.0046 3484 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
17:38:04.0046 3484 i8042prt - ok
17:38:04.0078 3484 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:38:04.0093 3484 IDriverT - ok
17:38:04.0171 3484 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:38:04.0187 3484 idsvc - ok
17:38:04.0203 3484 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:38:04.0218 3484 Imapi - ok
17:38:04.0218 3484 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
17:38:04.0218 3484 ImapiService - ok
17:38:04.0234 3484 ini910u - ok
17:38:04.0234 3484 IntelIde - ok
17:38:04.0281 3484 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:38:04.0281 3484 ip6fw - ok
17:38:04.0312 3484 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:38:04.0312 3484 IpFilterDriver - ok
17:38:04.0328 3484 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:38:04.0328 3484 IpInIp - ok
17:38:04.0359 3484 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:38:04.0359 3484 IpNat - ok
17:38:04.0437 3484 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:38:04.0468 3484 iPod Service - ok
17:38:04.0500 3484 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:38:04.0500 3484 IPSec - ok
17:38:04.0531 3484 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:38:04.0531 3484 IRENUM - ok
17:38:04.0562 3484 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:38:04.0562 3484 isapnp - ok
17:38:04.0703 3484 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:38:04.0703 3484 JavaQuickStarterService - ok
17:38:04.0718 3484 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:38:04.0718 3484 Kbdclass - ok
17:38:04.0734 3484 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:38:04.0734 3484 kbdhid - ok
17:38:04.0781 3484 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:38:04.0781 3484 kmixer - ok
17:38:04.0796 3484 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:38:04.0812 3484 KSecDD - ok
17:38:04.0843 3484 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:38:04.0859 3484 lanmanserver - ok
17:38:04.0906 3484 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:38:04.0921 3484 lanmanworkstation - ok
17:38:04.0921 3484 lbrtfdc - ok
17:38:04.0968 3484 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:38:04.0968 3484 LmHosts - ok
17:38:04.0984 3484 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:38:05.0000 3484 Messenger - ok
17:38:05.0000 3484 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:38:05.0015 3484 mnmdd - ok
17:38:05.0031 3484 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:38:05.0031 3484 mnmsrvc - ok
17:38:05.0046 3484 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:38:05.0046 3484 Modem - ok
17:38:05.0062 3484 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:38:05.0062 3484 Mouclass - ok
17:38:05.0093 3484 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:38:05.0093 3484 mouhid - ok
17:38:05.0093 3484 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:38:05.0093 3484 MountMgr - ok
17:38:05.0140 3484 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:38:05.0140 3484 MozillaMaintenance - ok
17:38:05.0140 3484 mraid35x - ok
17:38:05.0171 3484 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:38:05.0171 3484 MRxDAV - ok
17:38:05.0234 3484 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:38:05.0250 3484 MRxSmb - ok
17:38:05.0265 3484 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:38:05.0265 3484 MSDTC - ok
17:38:05.0281 3484 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:38:05.0281 3484 Msfs - ok
17:38:05.0281 3484 MSIServer - ok
17:38:05.0296 3484 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:38:05.0296 3484 MSKSSRV - ok
17:38:05.0312 3484 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:38:05.0312 3484 MSPCLOCK - ok
17:38:05.0328 3484 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:38:05.0328 3484 MSPQM - ok
17:38:05.0359 3484 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:38:05.0359 3484 mssmbios - ok
17:38:05.0406 3484 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
17:38:05.0406 3484 ms_mpu401 - ok
17:38:05.0437 3484 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:38:05.0437 3484 MTsensor - ok
17:38:05.0468 3484 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:38:05.0468 3484 Mup - ok
17:38:05.0515 3484 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:38:05.0531 3484 napagent - ok
17:38:05.0546 3484 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:38:05.0562 3484 NDIS - ok
17:38:05.0578 3484 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:38:05.0593 3484 NdisTapi - ok
17:38:05.0625 3484 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:38:05.0625 3484 Ndisuio - ok
17:38:05.0625 3484 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:38:05.0640 3484 NdisWan - ok
17:38:05.0656 3484 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:38:05.0656 3484 NDProxy - ok
17:38:05.0671 3484 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:38:05.0671 3484 NetBIOS - ok
17:38:05.0718 3484 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:38:05.0718 3484 NetBT - ok
17:38:05.0750 3484 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:38:05.0750 3484 NetDDE - ok
17:38:05.0750 3484 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:38:05.0765 3484 NetDDEdsdm - ok
17:38:05.0796 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
17:38:05.0796 3484 Netlogon - ok
17:38:05.0843 3484 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:38:05.0859 3484 Netman - ok
17:38:05.0906 3484 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:38:05.0906 3484 NetTcpPortSharing - ok
17:38:05.0953 3484 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:38:05.0984 3484 Nla - ok
17:38:06.0000 3484 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
17:38:06.0000 3484 nm - ok
17:38:06.0015 3484 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:38:06.0015 3484 Npfs - ok
17:38:06.0046 3484 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:38:06.0062 3484 Ntfs - ok
17:38:06.0062 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:38:06.0062 3484 NtLmSsp - ok
17:38:06.0109 3484 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:38:06.0125 3484 NtmsSvc - ok
17:38:06.0171 3484 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
17:38:06.0171 3484 NuidFltr - ok
17:38:06.0187 3484 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:38:06.0187 3484 Null - ok
17:38:06.0500 3484 [ 30913CBF518396912E54C2C9F1DD0F09 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:38:06.0765 3484 nv - ok
17:38:06.0781 3484 [ 0344AA9113DC16EEC379F4652020849D ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
17:38:06.0781 3484 nvata - ok
17:38:06.0812 3484 [ A545DF28F75BCB109A3AADBB07552B12 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:38:06.0828 3484 NVENETFD - ok
17:38:06.0828 3484 [ EA41F641420F3D8271804D287C1EF461 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:38:06.0828 3484 nvnetbus - ok
17:38:06.0875 3484 [ C0204C1A7A2D2433D48F49E4ECC09AB6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
17:38:06.0890 3484 nvsvc - ok
17:38:06.0921 3484 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:38:06.0921 3484 NwlnkFlt - ok
17:38:06.0921 3484 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:38:06.0937 3484 NwlnkFwd - ok
17:38:06.0968 3484 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
17:38:06.0968 3484 NwlnkIpx - ok
17:38:06.0968 3484 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
17:38:06.0968 3484 NwlnkNb - ok
17:38:07.0000 3484 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
17:38:07.0000 3484 NwlnkSpx - ok
17:38:07.0046 3484 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
17:38:07.0046 3484 NwSapAgent - ok
17:38:07.0078 3484 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:07.0093 3484 ose - ok
17:38:07.0109 3484 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:38:07.0109 3484 Parport - ok
17:38:07.0109 3484 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:38:07.0125 3484 PartMgr - ok
17:38:07.0140 3484 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:38:07.0140 3484 ParVdm - ok
17:38:07.0156 3484 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:38:07.0156 3484 PCI - ok
17:38:07.0156 3484 PCIDump - ok
17:38:07.0171 3484 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:38:07.0171 3484 PCIIde - ok
17:38:07.0203 3484 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:38:07.0203 3484 Pcmcia - ok
17:38:07.0203 3484 PDCOMP - ok
17:38:07.0218 3484 PDFRAME - ok
17:38:07.0218 3484 PDRELI - ok
17:38:07.0234 3484 PDRFRAME - ok
17:38:07.0234 3484 perc2 - ok
17:38:07.0234 3484 perc2hib - ok
17:38:07.0281 3484 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:38:07.0281 3484 PlugPlay - ok
17:38:07.0296 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
17:38:07.0296 3484 PolicyAgent - ok
17:38:07.0343 3484 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:38:07.0343 3484 PptpMiniport - ok
17:38:07.0343 3484 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:38:07.0343 3484 Processor - ok
17:38:07.0359 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:38:07.0359 3484 ProtectedStorage - ok
17:38:07.0359 3484 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:38:07.0359 3484 PSched - ok
17:38:07.0390 3484 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:38:07.0390 3484 Ptilink - ok
17:38:07.0406 3484 ql1080 - ok
17:38:07.0406 3484 Ql10wnt - ok
17:38:07.0406 3484 ql12160 - ok
17:38:07.0421 3484 ql1240 - ok
17:38:07.0421 3484 ql1280 - ok
17:38:07.0437 3484 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:38:07.0437 3484 RasAcd - ok
17:38:07.0453 3484 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:38:07.0453 3484 RasAuto - ok
17:38:07.0468 3484 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:38:07.0468 3484 Rasl2tp - ok
17:38:07.0500 3484 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:38:07.0515 3484 RasMan - ok
17:38:07.0531 3484 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:38:07.0531 3484 RasPppoe - ok
17:38:07.0546 3484 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:38:07.0546 3484 Raspti - ok
17:38:07.0562 3484 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:38:07.0562 3484 Rdbss - ok
17:38:07.0578 3484 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:38:07.0578 3484 RDPCDD - ok
17:38:07.0609 3484 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:38:07.0609 3484 RDPWD - ok
17:38:07.0640 3484 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:38:07.0656 3484 RDSessMgr - ok
17:38:07.0687 3484 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:38:07.0703 3484 RemoteAccess - ok
17:38:07.0718 3484 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
17:38:07.0718 3484 RpcLocator - ok
17:38:07.0750 3484 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:38:07.0765 3484 RpcSs - ok
17:38:07.0812 3484 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:38:07.0812 3484 RSVP - ok
17:38:07.0828 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:38:07.0828 3484 SamSs - ok
17:38:07.0843 3484 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:38:07.0859 3484 SCardSvr - ok
17:38:07.0890 3484 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:38:07.0906 3484 Schedule - ok
17:38:07.0937 3484 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:38:07.0937 3484 Secdrv - ok
17:38:07.0968 3484 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:38:07.0968 3484 seclogon - ok
17:38:08.0000 3484 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:38:08.0015 3484 SENS - ok
17:38:08.0046 3484 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:38:08.0046 3484 serenum - ok
17:38:08.0062 3484 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:38:08.0062 3484 Serial - ok
17:38:08.0078 3484 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:38:08.0078 3484 Sfloppy - ok
17:38:08.0093 3484 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:38:08.0109 3484 ShellHWDetection - ok
17:38:08.0109 3484 Simbad - ok
17:38:08.0109 3484 Sparrow - ok
17:38:08.0125 3484 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:38:08.0125 3484 splitter - ok
17:38:08.0125 3484 Spooler - ok
17:38:08.0140 3484 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:38:08.0140 3484 sr - ok
17:38:08.0171 3484 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
17:38:08.0187 3484 srservice - ok
17:38:08.0234 3484 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:38:08.0234 3484 Srv - ok
17:38:08.0281 3484 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
17:38:08.0281 3484 sscdbus - ok
17:38:08.0312 3484 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
17:38:08.0312 3484 sscdmdfl - ok
17:38:08.0328 3484 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
17:38:08.0328 3484 sscdmdm - ok
17:38:08.0359 3484 [ D04BD59F28C78E2E66632092CAFC0A2B ] sscdserd C:\WINDOWS\system32\DRIVERS\sscdserd.sys
17:38:08.0375 3484 sscdserd - ok
17:38:08.0406 3484 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:38:08.0406 3484 SSDPSRV - ok
17:38:08.0453 3484 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:38:08.0468 3484 stisvc - ok
17:38:08.0484 3484 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:38:08.0484 3484 swenum - ok
17:38:08.0500 3484 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:38:08.0500 3484 swmidi - ok
17:38:08.0515 3484 SwPrv - ok
17:38:08.0515 3484 symc810 - ok
17:38:08.0531 3484 symc8xx - ok
17:38:08.0531 3484 sym_hi - ok
17:38:08.0531 3484 sym_u3 - ok
17:38:08.0546 3484 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:38:08.0546 3484 sysaudio - ok
17:38:08.0578 3484 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:38:08.0578 3484 SysmonLog - ok
17:38:08.0609 3484 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:38:08.0625 3484 TapiSrv - ok
17:38:08.0687 3484 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:38:08.0734 3484 Tcpip - ok
17:38:08.0781 3484 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
17:38:08.0781 3484 Tcpip6 - ok
17:38:08.0812 3484 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:38:08.0828 3484 TDPIPE - ok
17:38:08.0843 3484 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:38:08.0859 3484 TDTCP - ok
17:38:08.0890 3484 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:38:08.0921 3484 TermDD - ok
17:38:08.0937 3484 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:38:08.0953 3484 TermService - ok
17:38:08.0984 3484 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:38:09.0000 3484 Themes - ok
17:38:09.0000 3484 TosIde - ok
17:38:09.0031 3484 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:38:09.0046 3484 TrkWks - ok
17:38:09.0078 3484 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
17:38:09.0093 3484 TrueSight - ok
17:38:09.0125 3484 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
17:38:09.0125 3484 tunmp - ok
17:38:09.0140 3484 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:38:09.0140 3484 Udfs - ok
17:38:09.0156 3484 ultra - ok
17:38:09.0187 3484 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:38:09.0203 3484 Update - ok
17:38:09.0250 3484 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:38:09.0265 3484 upnphost - ok
17:38:09.0296 3484 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:38:09.0296 3484 UPS - ok
17:38:09.0328 3484 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:38:09.0328 3484 usbccgp - ok
17:38:09.0343 3484 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:38:09.0343 3484 usbhub - ok
17:38:09.0343 3484 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:38:09.0343 3484 usbohci - ok
17:38:09.0375 3484 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:38:09.0390 3484 usbscan - ok
17:38:09.0406 3484 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:38:09.0406 3484 USBSTOR - ok
17:38:09.0453 3484 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:38:09.0453 3484 VgaSave - ok
17:38:09.0453 3484 ViaIde - ok
17:38:09.0468 3484 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:38:09.0468 3484 VolSnap - ok
17:38:09.0500 3484 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:38:09.0515 3484 VSS - ok
17:38:09.0515 3484 vzandnetdiag - ok
17:38:09.0515 3484 vzandnetdiag2 - ok
17:38:09.0531 3484 vzandnetmodem - ok
17:38:09.0531 3484 vzandnetndis - ok
17:38:09.0562 3484 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
17:38:09.0578 3484 W32Time - ok
17:38:09.0593 3484 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:38:09.0593 3484 Wanarp - ok
17:38:09.0640 3484 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:38:09.0656 3484 Wdf01000 - ok
17:38:09.0671 3484 WDICA - ok
17:38:09.0703 3484 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:38:09.0703 3484 wdmaud - ok
17:38:09.0750 3484 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:38:09.0750 3484 WebClient - ok
17:38:09.0859 3484 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:38:09.0890 3484 winmgmt - ok
17:38:09.0953 3484 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:38:09.0953 3484 WmdmPmSN - ok
17:38:09.0984 3484 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:38:10.0000 3484 WmiApSrv - ok
17:38:10.0046 3484 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:38:10.0062 3484 WZCSVC - ok
17:38:10.0109 3484 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:38:10.0109 3484 xmlprov - ok
17:38:10.0125 3484 ================ Scan global ===============================
17:38:10.0156 3484 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:38:10.0187 3484 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:38:10.0234 3484 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:38:10.0250 3484 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:38:10.0265 3484 [Global] - ok
17:38:10.0265 3484 ================ Scan MBR ==================================
17:38:10.0265 3484 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:38:10.0265 3484 Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:38:10.0281 3484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:38:10.0281 3484 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:38:10.0312 3484 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:38:10.0312 3484 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:38:10.0312 3484 ================ Scan VBR ==================================
17:38:10.0312 3484 [ 2E91C0EE12643EF9876FEFF30C95C332 ] \Device\Harddisk0\DR0\Partition1
17:38:10.0312 3484 \Device\Harddisk0\DR0\Partition1 - ok
17:38:10.0312 3484 ============================================================
17:38:10.0312 3484 Scan finished
17:38:10.0312 3484 ============================================================
17:38:10.0328 3476 Detected object count: 2
17:38:10.0328 3476 Actual detected object count: 2
17:38:44.0687 3476 \Device\Harddisk0\DR0\# - copied to quarantine
17:38:44.0687 3476 \Device\Harddisk0\DR0 - copied to quarantine
17:38:44.0703 3476 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:38:44.0734 3476 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:38:44.0765 3476 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:38:44.0781 3476 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:38:52.0281 3476 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:38:52.0343 3476 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:38:52.0390 3476 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:38:52.0437 3476 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:38:52.0437 3476 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:38:52.0437 3476 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:38:52.0453 3476 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:38:52.0484 3476 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:38:52.0531 3476 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:38:52.0531 3476 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:38:52.0546 3476 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:38:52.0593 3476 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:38:52.0593 3476 \Device\Harddisk0\DR0 - ok
17:38:58.0187 3476 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:38:58.0187 3476 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:38:58.0187 3476 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:39:21.0609 3884 Deinitialize success

Log 2:
17:43:35.0421 2764 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:43:36.0531 2764 ============================================================
17:43:36.0531 2764 Current date / time: 2013/01/10 17:43:36.0531
17:43:36.0531 2764 SystemInfo:
17:43:36.0531 2764
17:43:36.0531 2764 OS Version: 5.1.2600 ServicePack: 3.0
17:43:36.0531 2764 Product type: Workstation
17:43:37.0562 2764 ComputerName: TRANSFORMER
17:43:37.0578 2764 UserName: Chris Pizarro
17:43:37.0578 2764 Windows directory: C:\WINDOWS
17:43:37.0578 2764 System windows directory: C:\WINDOWS
17:43:37.0578 2764 Processor architecture: Intel x86
17:43:37.0578 2764 Number of processors: 2
17:43:37.0578 2764 Page size: 0x1000
17:43:37.0578 2764 Boot type: Normal boot
17:43:37.0578 2764 ============================================================
17:43:43.0812 2764 BG loaded
17:43:44.0109 2764 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:43:44.0171 2764 ============================================================
17:43:44.0171 2764 \Device\Harddisk0\DR0:
17:43:44.0234 2764 MBR partitions:
17:43:44.0234 2764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
17:43:44.0234 2764 ============================================================
17:43:44.0515 2764 C: <-> \Device\Harddisk0\DR0\Partition1
17:43:44.0515 2764 ============================================================
17:43:44.0515 2764 Initialize success
17:43:44.0515 2764 ============================================================
17:45:09.0953 2468 Deinitialize success

Avast picked up TDSS and gave me a warning message. But other than that TDSS seemed to work. I do not receive any popups.

I ran aswMBR and saved the log which is below. Was I supposed to click the “fixMBR” or “Fix” option?

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-10 17:51:33
-----------------------------
17:51:33.906 OS Version: Windows 5.1.2600 Service Pack 3
17:51:33.906 Number of processors: 2 586 0x4B02
17:51:33.906 ComputerName: TRANSFORMER UserName:
17:51:34.421 Initialize success
17:51:35.437 AVAST engine defs: 13011000
17:51:49.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
17:51:49.515 Disk 0 Vendor: WDC_WD2000JS-22NCB1 10.02E02 Size: 190782MB BusType: 3
17:51:49.515 Disk 0 MBR read successfully
17:51:49.515 Disk 0 MBR scan
17:51:49.515 Disk 0 Windows XP default MBR code
17:51:49.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
17:51:49.531 Disk 0 scanning sectors +268414020
17:51:49.578 Disk 0 scanning C:\WINDOWS\system32\drivers
17:51:56.265 Service scanning
17:52:05.859 Modules scanning
17:52:10.531 Disk 0 trace - called modules:
17:52:10.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
17:52:10.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ceaab8]
17:52:10.546 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000070[0x86c8eac0]
17:52:10.546 5 ACPI.sys[f7330620] -> nt!IofCallDriver -> \Device\0000006f[0x86c8d030]
17:52:10.734 AVAST engine scan C:\WINDOWS
17:52:22.828 AVAST engine scan C:\WINDOWS\system32
17:53:54.328 AVAST engine scan C:\WINDOWS\system32\drivers
17:54:06.609 AVAST engine scan C:\Documents and Settings\Chris Pizarro
17:56:32.109 File: C:\Documents and Settings\Chris Pizarro\Local Settings\Temp\mbewrpih\mbewrpih.dll **INFECTED** Win32:BHO-AIY [Trj]
18:08:17.156 AVAST engine scan C:\Documents and Settings\All Users
18:09:16.421 Scan finished successfully
18:11:26.250 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
18:11:26.250 The log file has been saved successfully to "C:\aswMBR.txt"

I ran ESET. The “remove virus” box was checked as default and I did not change it. Below is the file:
C:\TDSSKiller_Quarantine\10.01.2013_17.37.39\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\10.01.2013_17.37.39\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\10.01.2013_17.37.39\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AYI trojan

So far so, so good! No pop-ups or redirects and google is functioning again!

Thank you do much for your help!

Regards,

Chris

#4 narenxp

Forum Addict

BC Advisor
16,366 posts

Gender:Male
Location:India

Posted 10 January 2013 - 06:52 PM

Please run TDSSkiller again and post the new log

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 sirhc1210

Member

Members
33 posts

Posted 11 January 2013 - 07:23 AM

Thanks again narenxp!

Below are the logs:

TDSSkiller

21:19:47.0601 3916 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:19:47.0945 3916 ============================================================
21:19:47.0945 3916 Current date / time: 2013/01/10 21:19:47.0945
21:19:47.0945 3916 SystemInfo:
21:19:47.0945 3916
21:19:47.0945 3916 OS Version: 5.1.2600 ServicePack: 3.0
21:19:47.0945 3916 Product type: Workstation
21:19:47.0945 3916 ComputerName: TRANSFORMER
21:19:47.0960 3916 UserName: Chris Pizarro
21:19:47.0960 3916 Windows directory: C:\WINDOWS
21:19:47.0960 3916 System windows directory: C:\WINDOWS
21:19:47.0960 3916 Processor architecture: Intel x86
21:19:47.0960 3916 Number of processors: 2
21:19:47.0960 3916 Page size: 0x1000
21:19:47.0960 3916 Boot type: Normal boot
21:19:47.0960 3916 ============================================================
21:19:48.0038 3916 BG loaded
21:19:48.0304 3916 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:19:48.0304 3916 ============================================================
21:19:48.0304 3916 \Device\Harddisk0\DR0:
21:19:48.0320 3916 MBR partitions:
21:19:48.0320 3916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
21:19:48.0320 3916 ============================================================
21:19:48.0335 3916 C: <-> \Device\Harddisk0\DR0\Partition1
21:19:48.0335 3916 ============================================================
21:19:48.0335 3916 Initialize success
21:19:48.0335 3916 ============================================================
21:20:04.0429 1860 ============================================================
21:20:04.0429 1860 Scan started
21:20:04.0429 1860 Mode: Manual; TDLFS;
21:20:04.0429 1860 ============================================================
21:20:04.0757 1860 ================ Scan system memory ========================
21:20:04.0757 1860 System memory - ok
21:20:04.0757 1860 ================ Scan services =============================
21:20:04.0851 1860 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
21:20:04.0851 1860 6to4 - ok
21:20:04.0913 1860 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
21:20:04.0913 1860 Aavmker4 - ok
21:20:04.0913 1860 Abiosdsk - ok
21:20:04.0929 1860 abp480n5 - ok
21:20:04.0976 1860 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:20:04.0976 1860 ACPI - ok
21:20:05.0007 1860 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:20:05.0007 1860 ACPIEC - ok
21:20:05.0038 1860 [ 233235123F3D73228EC3D2BBA0E7143D ] ACS C:\WINDOWS\system32\acs.exe
21:20:05.0038 1860 ACS - ok
21:20:05.0038 1860 adpu160m - ok
21:20:05.0070 1860 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:20:05.0070 1860 aec - ok
21:20:05.0117 1860 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:20:05.0117 1860 AegisP - ok
21:20:05.0148 1860 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:20:05.0163 1860 AFD - ok
21:20:05.0163 1860 Aha154x - ok
21:20:05.0163 1860 aic78u2 - ok
21:20:05.0179 1860 aic78xx - ok
21:20:05.0320 1860 [ FCB505A7FA9DD4B8B98064792FD038A4 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:20:05.0429 1860 ALCXWDM - ok
21:20:05.0492 1860 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:20:05.0492 1860 Alerter - ok
21:20:05.0507 1860 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:20:05.0507 1860 ALG - ok
21:20:05.0523 1860 AliIde - ok
21:20:05.0523 1860 amsint - ok
21:20:05.0632 1860 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:20:05.0632 1860 Apple Mobile Device - ok
21:20:05.0648 1860 AppMgmt - ok
21:20:05.0695 1860 [ F6F31F142A2FF302B8D1ECDA9FE14A6B ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
21:20:05.0695 1860 AR5211 - ok
21:20:05.0710 1860 asc - ok
21:20:05.0710 1860 asc3350p - ok
21:20:05.0726 1860 asc3550 - ok
21:20:05.0804 1860 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:20:05.0804 1860 aspnet_state - ok
21:20:05.0820 1860 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:20:05.0820 1860 aswFsBlk - ok
21:20:05.0835 1860 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
21:20:05.0835 1860 aswMon2 - ok
21:20:05.0851 1860 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
21:20:05.0851 1860 AswRdr - ok
21:20:05.0882 1860 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:20:05.0913 1860 aswSnx - ok
21:20:05.0945 1860 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:20:05.0945 1860 aswSP - ok
21:20:06.0007 1860 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:20:06.0007 1860 aswTdi - ok
21:20:06.0038 1860 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:20:06.0038 1860 AsyncMac - ok
21:20:06.0070 1860 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:20:06.0070 1860 atapi - ok
21:20:06.0070 1860 Atdisk - ok
21:20:06.0085 1860 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:20:06.0085 1860 Atmarpc - ok
21:20:06.0117 1860 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:20:06.0117 1860 AudioSrv - ok
21:20:06.0163 1860 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:20:06.0163 1860 audstub - ok
21:20:06.0210 1860 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:20:06.0210 1860 avast! Antivirus - ok
21:20:06.0242 1860 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:20:06.0242 1860 Beep - ok
21:20:06.0304 1860 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:20:06.0320 1860 Bonjour Service - ok
21:20:06.0335 1860 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
21:20:06.0335 1860 Browser - ok
21:20:06.0367 1860 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:20:06.0382 1860 cbidf2k - ok
21:20:06.0382 1860 cd20xrnt - ok
21:20:06.0413 1860 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:20:06.0413 1860 Cdaudio - ok
21:20:06.0460 1860 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:20:06.0460 1860 Cdfs - ok
21:20:06.0476 1860 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:20:06.0476 1860 Cdrom - ok
21:20:06.0476 1860 Changer - ok
21:20:06.0507 1860 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
21:20:06.0507 1860 cisvc - ok
21:20:06.0523 1860 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:20:06.0523 1860 ClipSrv - ok
21:20:06.0554 1860 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:20:06.0570 1860 clr_optimization_v2.0.50727_32 - ok
21:20:06.0570 1860 CmdIde - ok
21:20:06.0570 1860 COMSysApp - ok
21:20:06.0585 1860 Cpqarray - ok
21:20:06.0585 1860 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:20:06.0601 1860 CryptSvc - ok
21:20:06.0632 1860 [ E2B1AEDB62845581D848037F0A614EE6 ] ctlsb16 C:\WINDOWS\system32\drivers\ctlsb16.sys
21:20:06.0632 1860 ctlsb16 - ok
21:20:06.0632 1860 dac2w2k - ok
21:20:06.0648 1860 dac960nt - ok
21:20:06.0679 1860 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:20:06.0726 1860 DcomLaunch - ok
21:20:06.0757 1860 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:20:06.0773 1860 Dhcp - ok
21:20:06.0804 1860 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:20:06.0804 1860 Disk - ok
21:20:06.0804 1860 dmadmin - ok
21:20:06.0851 1860 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:20:06.0882 1860 dmboot - ok
21:20:06.0898 1860 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:20:06.0898 1860 dmio - ok
21:20:06.0913 1860 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:20:06.0929 1860 dmload - ok
21:20:06.0945 1860 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:20:06.0960 1860 dmserver - ok
21:20:06.0976 1860 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:20:06.0976 1860 DMusic - ok
21:20:06.0992 1860 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:20:07.0007 1860 Dnscache - ok
21:20:07.0038 1860 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:20:07.0038 1860 Dot3svc - ok
21:20:07.0038 1860 dpti2o - ok
21:20:07.0070 1860 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:20:07.0070 1860 drmkaud - ok
21:20:07.0085 1860 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:20:07.0085 1860 EapHost - ok
21:20:07.0117 1860 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:20:07.0117 1860 ERSvc - ok
21:20:07.0163 1860 esgiguard - ok
21:20:07.0195 1860 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:20:07.0195 1860 Eventlog - ok
21:20:07.0226 1860 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
21:20:07.0242 1860 EventSystem - ok
21:20:07.0273 1860 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:20:07.0288 1860 Fastfat - ok
21:20:07.0320 1860 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:20:07.0335 1860 FastUserSwitchingCompatibility - ok
21:20:07.0335 1860 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:20:07.0335 1860 Fdc - ok
21:20:07.0351 1860 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:20:07.0351 1860 Fips - ok
21:20:07.0367 1860 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:20:07.0367 1860 Flpydisk - ok
21:20:07.0398 1860 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:20:07.0398 1860 FltMgr - ok
21:20:07.0460 1860 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:20:07.0476 1860 FontCache3.0.0.0 - ok
21:20:07.0476 1860 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:20:07.0476 1860 Fs_Rec - ok
21:20:07.0492 1860 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:20:07.0507 1860 Ftdisk - ok
21:20:07.0538 1860 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:20:07.0538 1860 GEARAspiWDM - ok
21:20:07.0570 1860 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:20:07.0570 1860 Gpc - ok
21:20:07.0632 1860 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:20:07.0632 1860 gupdate - ok
21:20:07.0648 1860 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:20:07.0648 1860 gupdatem - ok
21:20:07.0726 1860 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:20:07.0726 1860 helpsvc - ok
21:20:07.0742 1860 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:20:07.0742 1860 HidServ - ok
21:20:07.0773 1860 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:20:07.0773 1860 hidusb - ok
21:20:07.0804 1860 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:20:07.0820 1860 hkmsvc - ok
21:20:07.0820 1860 hpn - ok
21:20:07.0820 1860 hpt3xx - ok
21:20:07.0867 1860 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:20:07.0882 1860 HTTP - ok
21:20:07.0913 1860 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:20:07.0929 1860 HTTPFilter - ok
21:20:07.0945 1860 i2omgmt - ok
21:20:07.0945 1860 i2omp - ok
21:20:07.0960 1860 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
21:20:07.0960 1860 i8042prt - ok
21:20:07.0992 1860 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:20:07.0992 1860 IDriverT - ok
21:20:08.0070 1860 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:20:08.0085 1860 idsvc - ok
21:20:08.0117 1860 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:20:08.0117 1860 Imapi - ok
21:20:08.0148 1860 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
21:20:08.0163 1860 ImapiService - ok
21:20:08.0163 1860 ini910u - ok
21:20:08.0179 1860 IntelIde - ok
21:20:08.0195 1860 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:20:08.0195 1860 ip6fw - ok
21:20:08.0226 1860 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:20:08.0242 1860 IpFilterDriver - ok
21:20:08.0257 1860 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:20:08.0257 1860 IpInIp - ok
21:20:08.0273 1860 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:20:08.0273 1860 IpNat - ok
21:20:08.0335 1860 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:20:08.0351 1860 iPod Service - ok
21:20:08.0382 1860 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:20:08.0382 1860 IPSec - ok
21:20:08.0413 1860 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:20:08.0413 1860 IRENUM - ok
21:20:08.0445 1860 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:20:08.0445 1860 isapnp - ok
21:20:08.0554 1860 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:20:08.0554 1860 JavaQuickStarterService - ok
21:20:08.0585 1860 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:20:08.0585 1860 Kbdclass - ok
21:20:08.0601 1860 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:20:08.0601 1860 kbdhid - ok
21:20:08.0648 1860 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:20:08.0648 1860 kmixer - ok
21:20:08.0663 1860 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:20:08.0679 1860 KSecDD - ok
21:20:08.0695 1860 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:20:08.0710 1860 lanmanserver - ok
21:20:08.0742 1860 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:20:08.0757 1860 lanmanworkstation - ok
21:20:08.0773 1860 lbrtfdc - ok
21:20:08.0804 1860 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:20:08.0804 1860 LmHosts - ok
21:20:08.0835 1860 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:20:08.0851 1860 Messenger - ok
21:20:08.0867 1860 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:20:08.0867 1860 mnmdd - ok
21:20:08.0882 1860 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
21:20:08.0882 1860 mnmsrvc - ok
21:20:08.0913 1860 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:20:08.0913 1860 Modem - ok
21:20:08.0929 1860 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:20:08.0929 1860 Mouclass - ok
21:20:08.0945 1860 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:20:08.0960 1860 mouhid - ok
21:20:08.0960 1860 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:20:08.0960 1860 MountMgr - ok
21:20:08.0992 1860 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:20:08.0992 1860 MozillaMaintenance - ok
21:20:09.0007 1860 mraid35x - ok
21:20:09.0023 1860 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:20:09.0038 1860 MRxDAV - ok
21:20:09.0085 1860 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:20:09.0101 1860 MRxSmb - ok
21:20:09.0132 1860 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:20:09.0132 1860 MSDTC - ok
21:20:09.0148 1860 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:20:09.0148 1860 Msfs - ok
21:20:09.0148 1860 MSIServer - ok
21:20:09.0163 1860 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:20:09.0163 1860 MSKSSRV - ok
21:20:09.0179 1860 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:20:09.0179 1860 MSPCLOCK - ok
21:20:09.0195 1860 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:20:09.0195 1860 MSPQM - ok
21:20:09.0210 1860 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:20:09.0226 1860 mssmbios - ok
21:20:09.0257 1860 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
21:20:09.0257 1860 ms_mpu401 - ok
21:20:09.0288 1860 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:20:09.0304 1860 MTsensor - ok
21:20:09.0320 1860 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:20:09.0320 1860 Mup - ok
21:20:09.0351 1860 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:20:09.0367 1860 napagent - ok
21:20:09.0398 1860 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:20:09.0398 1860 NDIS - ok
21:20:09.0413 1860 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:20:09.0413 1860 NdisTapi - ok
21:20:09.0445 1860 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:20:09.0460 1860 Ndisuio - ok
21:20:09.0460 1860 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:20:09.0460 1860 NdisWan - ok
21:20:09.0476 1860 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:20:09.0492 1860 NDProxy - ok
21:20:09.0492 1860 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:20:09.0492 1860 NetBIOS - ok
21:20:09.0523 1860 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:20:09.0538 1860 NetBT - ok
21:20:09.0570 1860 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:20:09.0585 1860 NetDDE - ok
21:20:09.0585 1860 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:20:09.0585 1860 NetDDEdsdm - ok
21:20:09.0617 1860 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
21:20:09.0617 1860 Netlogon - ok
21:20:09.0648 1860 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:20:09.0663 1860 Netman - ok
21:20:09.0695 1860 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:20:09.0710 1860 NetTcpPortSharing - ok
21:20:09.0742 1860 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:20:09.0757 1860 Nla - ok
21:20:09.0788 1860 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
21:20:09.0788 1860 nm - ok
21:20:09.0820 1860 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:20:09.0820 1860 Npfs - ok
21:20:09.0851 1860 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:20:09.0882 1860 Ntfs - ok
21:20:09.0882 1860 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
21:20:09.0898 1860 NtLmSsp - ok
21:20:09.0945 1860 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:20:09.0960 1860 NtmsSvc - ok
21:20:09.0992 1860 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
21:20:09.0992 1860 NuidFltr - ok
21:20:10.0007 1860 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:20:10.0007 1860 Null - ok
21:20:10.0304 1860 [ 30913CBF518396912E54C2C9F1DD0F09 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:20:10.0554 1860 nv - ok
21:20:10.0570 1860 [ 0344AA9113DC16EEC379F4652020849D ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
21:20:10.0570 1860 nvata - ok
21:20:10.0601 1860 [ A545DF28F75BCB109A3AADBB07552B12 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:20:10.0601 1860 NVENETFD - ok
21:20:10.0632 1860 [ EA41F641420F3D8271804D287C1EF461 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:20:10.0648 1860 nvnetbus - ok
21:20:10.0679 1860 [ C0204C1A7A2D2433D48F49E4ECC09AB6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
21:20:10.0695 1860 nvsvc - ok
21:20:10.0726 1860 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:20:10.0726 1860 NwlnkFlt - ok
21:20:10.0726 1860 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:20:10.0726 1860 NwlnkFwd - ok
21:20:10.0757 1860 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:20:10.0757 1860 NwlnkIpx - ok
21:20:10.0757 1860 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:20:10.0757 1860 NwlnkNb - ok
21:20:10.0773 1860 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:20:10.0788 1860 NwlnkSpx - ok
21:20:10.0820 1860 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
21:20:10.0820 1860 NwSapAgent - ok
21:20:10.0867 1860 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:20:10.0867 1860 ose - ok
21:20:10.0898 1860 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:20:10.0898 1860 Parport - ok
21:20:10.0898 1860 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:20:10.0913 1860 PartMgr - ok
21:20:10.0929 1860 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:20:10.0945 1860 ParVdm - ok
21:20:10.0945 1860 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:20:10.0945 1860 PCI - ok
21:20:10.0945 1860 PCIDump - ok
21:20:10.0960 1860 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:20:10.0960 1860 PCIIde - ok
21:20:10.0992 1860 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:20:10.0992 1860 Pcmcia - ok
21:20:10.0992 1860 PDCOMP - ok
21:20:10.0992 1860 PDFRAME - ok
21:20:11.0007 1860 PDRELI - ok
21:20:11.0007 1860 PDRFRAME - ok
21:20:11.0023 1860 perc2 - ok
21:20:11.0023 1860 perc2hib - ok
21:20:11.0054 1860 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:20:11.0070 1860 PlugPlay - ok
21:20:11.0070 1860 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
21:20:11.0070 1860 PolicyAgent - ok
21:20:11.0085 1860 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:20:11.0085 1860 PptpMiniport - ok
21:20:11.0101 1860 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:20:11.0101 1860 Processor - ok
21:20:11.0117 1860 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:20:11.0117 1860 ProtectedStorage - ok
21:20:11.0117 1860 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:20:11.0117 1860 PSched - ok
21:20:11.0148 1860 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:20:11.0148 1860 Ptilink - ok
21:20:11.0148 1860 ql1080 - ok
21:20:11.0148 1860 Ql10wnt - ok
21:20:11.0163 1860 ql12160 - ok
21:20:11.0163 1860 ql1240 - ok
21:20:11.0179 1860 ql1280 - ok
21:20:11.0179 1860 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:20:11.0179 1860 RasAcd - ok
21:20:11.0195 1860 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:20:11.0210 1860 RasAuto - ok
21:20:11.0226 1860 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:20:11.0226 1860 Rasl2tp - ok
21:20:11.0257 1860 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:20:11.0273 1860 RasMan - ok
21:20:11.0288 1860 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:20:11.0288 1860 RasPppoe - ok
21:20:11.0288 1860 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:20:11.0304 1860 Raspti - ok
21:20:11.0304 1860 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:20:11.0320 1860 Rdbss - ok
21:20:11.0320 1860 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:20:11.0320 1860 RDPCDD - ok
21:20:11.0367 1860 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:20:11.0367 1860 RDPWD - ok
21:20:11.0398 1860 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:20:11.0413 1860 RDSessMgr - ok
21:20:11.0445 1860 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:20:11.0460 1860 RemoteAccess - ok
21:20:11.0476 1860 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
21:20:11.0476 1860 RpcLocator - ok
21:20:11.0507 1860 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:20:11.0523 1860 RpcSs - ok
21:20:11.0554 1860 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
21:20:11.0570 1860 RSVP - ok
21:20:11.0570 1860 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:20:11.0585 1860 SamSs - ok
21:20:11.0601 1860 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:20:11.0617 1860 SCardSvr - ok
21:20:11.0663 1860 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:20:11.0679 1860 Schedule - ok
21:20:11.0710 1860 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:20:11.0710 1860 Secdrv - ok
21:20:11.0742 1860 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:20:11.0757 1860 seclogon - ok
21:20:11.0757 1860 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:20:11.0757 1860 SENS - ok
21:20:11.0773 1860 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:20:11.0788 1860 serenum - ok
21:20:11.0804 1860 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:20:11.0804 1860 Serial - ok
21:20:11.0835 1860 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:20:11.0835 1860 Sfloppy - ok
21:20:11.0851 1860 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:20:11.0851 1860 ShellHWDetection - ok
21:20:11.0867 1860 Simbad - ok
21:20:11.0867 1860 Sparrow - ok
21:20:11.0882 1860 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:20:11.0882 1860 splitter - ok
21:20:11.0882 1860 Spooler - ok
21:20:11.0929 1860 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:20:11.0929 1860 sr - ok
21:20:11.0976 1860 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
21:20:11.0992 1860 srservice - ok
21:20:12.0038 1860 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:20:12.0038 1860 Srv - ok
21:20:12.0070 1860 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
21:20:12.0085 1860 sscdbus - ok
21:20:12.0101 1860 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
21:20:12.0101 1860 sscdmdfl - ok
21:20:12.0117 1860 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
21:20:12.0117 1860 sscdmdm - ok
21:20:12.0148 1860 [ D04BD59F28C78E2E66632092CAFC0A2B ] sscdserd C:\WINDOWS\system32\DRIVERS\sscdserd.sys
21:20:12.0148 1860 sscdserd - ok
21:20:12.0195 1860 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:20:12.0195 1860 SSDPSRV - ok
21:20:12.0242 1860 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:20:12.0242 1860 stisvc - ok
21:20:12.0257 1860 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:20:12.0257 1860 swenum - ok
21:20:12.0288 1860 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:20:12.0304 1860 swmidi - ok
21:20:12.0304 1860 SwPrv - ok
21:20:12.0304 1860 symc810 - ok
21:20:12.0320 1860 symc8xx - ok
21:20:12.0320 1860 sym_hi - ok
21:20:12.0335 1860 sym_u3 - ok
21:20:12.0335 1860 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:20:12.0335 1860 sysaudio - ok
21:20:12.0367 1860 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:20:12.0367 1860 SysmonLog - ok
21:20:12.0398 1860 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:20:12.0413 1860 TapiSrv - ok
21:20:12.0460 1860 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:20:12.0476 1860 Tcpip - ok
21:20:12.0507 1860 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
21:20:12.0523 1860 Tcpip6 - ok
21:20:12.0538 1860 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:20:12.0538 1860 TDPIPE - ok
21:20:12.0554 1860 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:20:12.0554 1860 TDTCP - ok
21:20:12.0585 1860 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:20:12.0585 1860 TermDD - ok
21:20:12.0617 1860 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:20:12.0632 1860 TermService - ok
21:20:12.0679 1860 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:20:12.0679 1860 Themes - ok
21:20:12.0695 1860 TosIde - ok
21:20:12.0695 1860 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:20:12.0710 1860 TrkWks - ok
21:20:12.0742 1860 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
21:20:12.0742 1860 TrueSight - ok
21:20:12.0773 1860 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
21:20:12.0773 1860 tunmp - ok
21:20:12.0804 1860 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:20:12.0804 1860 Udfs - ok
21:20:12.0804 1860 ultra - ok
21:20:12.0835 1860 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:20:12.0851 1860 Update - ok
21:20:12.0882 1860 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:20:12.0898 1860 upnphost - ok
21:20:12.0913 1860 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:20:12.0929 1860 UPS - ok
21:20:12.0945 1860 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:20:12.0960 1860 usbccgp - ok
21:20:12.0960 1860 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:20:12.0960 1860 usbhub - ok
21:20:12.0960 1860 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:20:12.0976 1860 usbohci - ok
21:20:12.0992 1860 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:20:13.0007 1860 usbscan - ok
21:20:13.0023 1860 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:20:13.0023 1860 USBSTOR - ok
21:20:13.0038 1860 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:20:13.0038 1860 VgaSave - ok
21:20:13.0038 1860 ViaIde - ok
21:20:13.0054 1860 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:20:13.0054 1860 VolSnap - ok
21:20:13.0085 1860 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:20:13.0117 1860 VSS - ok
21:20:13.0117 1860 vzandnetdiag - ok
21:20:13.0117 1860 vzandnetdiag2 - ok
21:20:13.0132 1860 vzandnetmodem - ok
21:20:13.0132 1860 vzandnetndis - ok
21:20:13.0163 1860 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
21:20:13.0179 1860 W32Time - ok
21:20:13.0195 1860 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:20:13.0195 1860 Wanarp - ok
21:20:13.0242 1860 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:20:13.0257 1860 Wdf01000 - ok
21:20:13.0257 1860 WDICA - ok
21:20:13.0304 1860 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:20:13.0304 1860 wdmaud - ok
21:20:13.0320 1860 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:20:13.0320 1860 WebClient - ok
21:20:13.0382 1860 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:20:13.0398 1860 winmgmt - ok
21:20:13.0429 1860 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
21:20:13.0445 1860 WmdmPmSN - ok
21:20:13.0460 1860 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:20:13.0460 1860 WmiApSrv - ok
21:20:13.0523 1860 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:20:13.0538 1860 WZCSVC - ok
21:20:13.0601 1860 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:20:13.0617 1860 xmlprov - ok
21:20:13.0617 1860 ================ Scan global ===============================
21:20:13.0648 1860 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:20:13.0679 1860 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:20:13.0742 1860 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:20:13.0773 1860 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:20:13.0788 1860 [Global] - ok
21:20:13.0788 1860 ================ Scan MBR ==================================
21:20:13.0804 1860 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:20:13.0929 1860 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:20:13.0929 1860 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:20:13.0929 1860 ================ Scan VBR ==================================
21:20:13.0945 1860 [ 2E91C0EE12643EF9876FEFF30C95C332 ] \Device\Harddisk0\DR0\Partition1
21:20:13.0945 1860 \Device\Harddisk0\DR0\Partition1 - ok
21:20:13.0945 1860 ============================================================
21:20:13.0945 1860 Scan finished
21:20:13.0945 1860 ============================================================
21:20:13.0945 3188 Detected object count: 1
21:20:13.0945 3188 Actual detected object count: 1
21:20:40.0304 3188 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:20:40.0304 3188 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:20:46.0429 1976 Deinitialize success

Malwarebytes

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.11.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chris Pizarro :: TRANSFORMER [administrator]

1/10/2013 9:22:40 PM
mbam-log-2013-01-10 (21-22-40).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 311297
Time elapsed: 51 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

minitoolbox

MiniToolBox by Farbar Version:10-01-2013
Ran by Chris Pizarro (administrator) on 11-01-2013 at 06:17:51
Running from "C:\Documents and Settings\Chris Pizarro\Local Settings\Temporary Internet Files\Content.IE5\OET4NY06"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

108Mbps High Speed Wireless Network Adapter = Wireless Network Connection 2 (Connected)
NVIDIA nForce Networking Controller = Local Area Connection 2 (Media disconnected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : transformer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-17-31-58-F5-0B

Ethernet adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . : hsd1.nj.comcast.net.

Description . . . . . . . . . . . : 108Mbps High Speed Wireless Network Adapter

Physical Address. . . . . . . . . : 00-18-E7-0B-5C-9A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::218:e7ff:fe0b:5c9a%7

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Friday, January 11, 2013 6:15:27 AM

Lease Expires . . . . . . . . . . : Saturday, January 12, 2013 6:15:27 AM

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : hsd1.nj.comcast.net.

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-66

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.102%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 173.194.43.5, 173.194.43.4, 173.194.43.9, 173.194.43.6
173.194.43.7, 173.194.43.3, 173.194.43.14, 173.194.43.8, 173.194.43.1
173.194.43.0, 173.194.43.2

Pinging google.com [74.125.226.200] with 32 bytes of data:

Reply from 74.125.226.200: bytes=32 time<1ms TTL=56

Reply from 74.125.226.200: bytes=32 time<1ms TTL=56

Ping statistics for 74.125.226.200:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=83ms TTL=51

Reply from 98.139.183.24: bytes=32 time=106ms TTL=53

Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 83ms, Maximum = 106ms, Average = 94ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=-14ms TTL=128

Reply from 127.0.0.1: bytes=32 time=-14ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = -14ms, Maximum = -14ms, Average = 2147483634ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 58 f5 0b ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x20003 ...00 18 e7 0b 5c 9a ...... 108Mbps High Speed Wireless Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 30
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 30
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 30
255.255.255.255 255.255.255.255 192.168.1.102 2 1
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 mswsock.dll [File not found] ()
Catalog9 12 mswsock.dll [File not found] ()
Catalog9 13 mswsock.dll [File not found] ()
Catalog9 14 mswsock.dll [File not found] ()
Catalog9 15 mswsock.dll [File not found] ()
Catalog9 16 mswsock.dll [File not found] ()
Catalog9 17 mswsock.dll [File not found] ()
Catalog9 18 mswsock.dll [File not found] ()
Catalog9 19 mswsock.dll [File not found] ()
Catalog9 20 mswsock.dll [File not found] ()
Catalog9 21 mswsock.dll [File not found] ()
Catalog9 22 mswsock.dll [File not found] ()
Catalog9 23 mswsock.dll [File not found] ()
Catalog9 24 mswsock.dll [File not found] ()
Catalog9 25 mswsock.dll [File not found] ()
Catalog9 26 mswsock.dll [File not found] ()
Catalog9 27 mswsock.dll [File not found] ()
Catalog9 28 mswsock.dll [File not found] ()
Catalog9 29 mswsock.dll [File not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/08/2013 10:20:59 PM) (Source: Application Error) (User: )
Description: Faulting application RogueKiller.exe, version 8.4.3.0, faulting module RogueKiller.exe, version 8.4.3.0, fault address 0x0008a975.
Processing media-specific event for [RogueKiller.exe!ws!]

Error: (01/08/2013 10:20:31 PM) (Source: Application Error) (User: )
Description: Faulting application RogueKiller.exe, version 8.4.3.0, faulting module RogueKiller.exe, version 8.4.3.0, fault address 0x0008a975.
Processing media-specific event for [RogueKiller.exe!ws!]

Error: (01/08/2013 08:23:08 PM) (Source: Application Error) (User: )
Description: Faulting application trendnet.exe, version 1.1.19.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.
Processing media-specific event for [trendnet.exe!ws!]

Error: (01/03/2013 08:10:19 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 14996, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (01/03/2013 08:10:16 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (01/03/2013 08:10:16 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 14996, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (12/21/2012 07:07:21 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/18/2012 05:20:30 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash32_11_2_202_235.ocx, version 11.2.202.235, fault address 0x0026681d.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/16/2012 07:24:11 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/16/2012 07:24:10 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (01/10/2013 05:42:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/10/2013 05:42:17 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%2

Error: (01/10/2013 05:35:32 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (01/10/2013 05:35:32 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/10/2013 05:35:32 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%2

Error: (01/08/2013 10:19:09 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (01/08/2013 10:19:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/08/2013 10:19:09 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%2

Error: (01/08/2013 08:20:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/08/2013 08:20:51 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (01/08/2013 10:20:59 PM) (Source: Application Error)(User: )
Description: RogueKiller.exe8.4.3.0RogueKiller.exe8.4.3.00008a975

Error: (01/08/2013 10:20:31 PM) (Source: Application Error)(User: )
Description: RogueKiller.exe8.4.3.0RogueKiller.exe8.4.3.00008a975

Error: (01/08/2013 08:23:08 PM) (Source: Application Error)(User: )
Description: trendnet.exe1.1.19.0ntdll.dll5.1.2600.605500011689

Error: (01/03/2013 08:10:19 PM) (Source: LoadPerf)(User: )
Description: 14996

Error: (01/03/2013 08:10:16 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (01/03/2013 08:10:16 PM) (Source: LoadPerf)(User: )
Description: 14996

Error: (12/21/2012 07:07:21 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/18/2012 05:20:30 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702flash32_11_2_202_235.ocx11.2.202.2350026681d

Error: (12/16/2012 07:24:11 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/16/2012 07:24:10 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader 9.5.2 (Version: 9.5.2)
AIM 7
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.1.116)
avast! Free Antivirus (Version: 7.0.1474.0)
Bonjour (Version: 2.0.5.0)
Brewtarget-1.2.4 (Version: 1.2.4)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
ePrism
ESET Online Scanner v3
Google Chrome (Version: 23.0.1271.97)
Google Update Helper (Version: 1.3.21.123)
Homebuyer's Toolkit
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
LG Verizon United Drivers (Version: 2.6.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Display Control Panel (Version: 6.14.11.9745)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA nView Desktop Manager (Version: 6.14.10.12561)
NVIDIA PhysX (Version: 9.09.0814)
Pando Media Booster (Version: 2.3.4.3)
Quicken 2012 (Version: 21.1.7.18)
QuickTime (Version: 7.69.80.9)
Realtek AC'97 Audio (Version: 5.24)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.550.0)
System Requirements Lab
TRENDnet TEW-441PC/TEW-443PI 802.11g Wireless Cardbus/PCI Adapter Driver and Utility (Version: 1.1.19.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (Version: 1.11.1001)
Verizon Wireless Software Upgrade Assistant - Samsung (Version: 1.11.1201)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)
World of Warcraft (Version: 4.2.2.14545)

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 1022.42 MB
Available physical RAM: 424.83 MB
Total Pagefile: 2461.17 MB
Available Pagefile: 2054.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.34 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:127.99 GB) (Free:48.95 GB) NTFS

========================= Users: ========================================

User accounts for \\TRANSFORMER

Administrator ASPNET Chris Pizarro
Guest HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================

13-10-2012 12:59:54 Software Distribution Service 3.0
14-10-2012 18:28:22 System Checkpoint
15-10-2012 19:15:03 System Checkpoint
16-10-2012 20:26:41 System Checkpoint
17-10-2012 21:26:41 System Checkpoint
18-10-2012 22:14:44 System Checkpoint
19-10-2012 22:21:40 System Checkpoint
20-10-2012 22:26:44 System Checkpoint
21-10-2012 23:26:28 System Checkpoint
23-10-2012 00:58:39 System Checkpoint
24-10-2012 01:14:21 System Checkpoint
25-10-2012 01:38:24 System Checkpoint
26-10-2012 02:26:22 System Checkpoint
27-10-2012 03:26:23 System Checkpoint
28-10-2012 04:14:22 System Checkpoint
29-10-2012 04:26:15 System Checkpoint
30-10-2012 17:36:31 System Checkpoint
31-10-2012 18:30:57 System Checkpoint
04-11-2012 16:06:01 System Checkpoint
05-11-2012 16:42:36 System Checkpoint
06-11-2012 16:54:28 System Checkpoint
07-11-2012 17:30:25 System Checkpoint
08-11-2012 17:37:57 System Checkpoint
09-11-2012 17:42:24 System Checkpoint
10-11-2012 18:46:37 System Checkpoint
11-11-2012 19:42:26 System Checkpoint
12-11-2012 20:30:26 System Checkpoint
13-11-2012 20:42:24 System Checkpoint
14-11-2012 21:42:14 System Checkpoint
15-11-2012 01:31:49 Installed Verizon Wireless Software Upgrade Assistant - Samsung.
16-11-2012 01:53:34 System Checkpoint
17-11-2012 02:42:12 System Checkpoint
18-11-2012 03:00:12 Software Distribution Service 3.0
19-11-2012 05:34:51 System Checkpoint
20-11-2012 06:30:15 System Checkpoint
21-11-2012 07:30:15 System Checkpoint
22-11-2012 07:41:52 System Checkpoint
23-11-2012 08:32:03 System Checkpoint
24-11-2012 08:52:20 System Checkpoint
25-11-2012 09:04:19 System Checkpoint
26-11-2012 09:57:06 System Checkpoint
27-11-2012 10:04:19 System Checkpoint
28-11-2012 10:37:19 System Checkpoint
29-11-2012 10:41:34 System Checkpoint
30-11-2012 11:02:20 System Checkpoint
02-12-2012 06:49:19 System Checkpoint
03-12-2012 07:41:36 System Checkpoint
04-12-2012 08:41:36 System Checkpoint
06-12-2012 10:54:59 System Checkpoint
07-12-2012 11:23:14 System Checkpoint
08-12-2012 11:28:35 System Checkpoint
09-12-2012 12:22:02 System Checkpoint
10-12-2012 13:28:37 System Checkpoint
11-12-2012 14:16:37 System Checkpoint
12-12-2012 15:28:37 System Checkpoint
13-12-2012 16:17:05 System Checkpoint
14-12-2012 16:28:36 System Checkpoint
15-12-2012 17:09:57 System Checkpoint
16-12-2012 03:00:12 Software Distribution Service 3.0
18-12-2012 03:16:46 System Checkpoint
19-12-2012 03:56:00 System Checkpoint
20-12-2012 05:08:03 System Checkpoint
21-12-2012 06:08:04 System Checkpoint
22-12-2012 06:56:04 System Checkpoint
23-12-2012 08:08:01 System Checkpoint
24-12-2012 09:08:00 System Checkpoint
25-12-2012 10:08:00 System Checkpoint
26-12-2012 10:57:07 System Checkpoint
27-12-2012 12:08:00 System Checkpoint
04-01-2013 01:51:56 System Checkpoint
05-01-2013 02:23:49 System Checkpoint
05-01-2013 15:57:17 Software Distribution Service 3.0
06-01-2013 16:25:32 System Checkpoint
07-01-2013 17:25:32 System Checkpoint
08-01-2013 02:26:52 Removed Ask Toolbar.
08-01-2013 02:27:47 Removed Ventrilo Client
08-01-2013 03:43:25 Installed SpyHunter
08-01-2013 04:06:33 Removed SpyHunter
08-01-2013 04:11:17 avast! Free Antivirus Setup
11-01-2013 00:31:19 System Checkpoint

**** End of log ****

Farbar

Farbar Service Scanner Version: 05-01-2013
Ran by Chris Pizarro (administrator) on 11-01-2013 at 06:22:18
Running from "C:\Documents and Settings\Chris Pizarro\Local Settings\Temporary Internet Files\Content.IE5\2OPPB1F6"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) aswTdi(12) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4) Tcpip6(11)
0x0C00000005000000010000000200000003000000040000000C000000060000000700000008000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

adware

# AdwCleaner v2.105 - Logfile created 01/11/2013 at 06:23:13
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Chris Pizarro - TRANSFORMER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Chris Pizarro\Local Settings\Temporary Internet Files\Content.IE5\3O6OVV8R\adwcleaner[1].exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Chris Pizarro\Application Data\Mozilla\Firefox\Profiles\hbq1mxp1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Chris Pizarro\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2676 octets] - [08/01/2013 22:15:04]
AdwCleaner[R2].txt - [2736 octets] - [08/01/2013 22:15:37]
AdwCleaner[S1].txt - [2836 octets] - [08/01/2013 22:15:56]
AdwCleaner[S2].txt - [1149 octets] - [11/01/2013 06:23:13]

########## EOF - C:\AdwCleaner[S2].txt - [1209 octets] ##########

junkware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Microsoft Windows XP x86
Ran by Chris Pizarro on Fri 01/11/2013 at 6:29:44.51
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Chris Pizarro\Local Settings\Application Data\visi_coupon"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/11/2013 at 6:37:08.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 narenxp

Forum Addict

BC Advisor
16,366 posts

Gender:Male
Location:India

Posted 11 January 2013 - 11:51 AM

Run TDSSkiller again and make sure to select delete option for this entry

21:20:40.0304 3188 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 sirhc1210

Member

Members
33 posts

Posted 11 January 2013 - 06:05 PM

TDSSkiller
17:50:31.0578 1060 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:50:32.0000 1060 ============================================================
17:50:32.0000 1060 Current date / time: 2013/01/11 17:50:32.0000
17:50:32.0000 1060 SystemInfo:
17:50:32.0000 1060
17:50:32.0000 1060 OS Version: 5.1.2600 ServicePack: 3.0
17:50:32.0000 1060 Product type: Workstation
17:50:32.0000 1060 ComputerName: TRANSFORMER
17:50:32.0000 1060 UserName: Chris Pizarro
17:50:32.0000 1060 Windows directory: C:\WINDOWS
17:50:32.0000 1060 System windows directory: C:\WINDOWS
17:50:32.0000 1060 Processor architecture: Intel x86
17:50:32.0000 1060 Number of processors: 2
17:50:32.0000 1060 Page size: 0x1000
17:50:32.0000 1060 Boot type: Normal boot
17:50:32.0000 1060 ============================================================
17:50:32.0406 1060 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:50:32.0406 1060 ============================================================
17:50:32.0406 1060 \Device\Harddisk0\DR0:
17:50:32.0406 1060 MBR partitions:
17:50:32.0406 1060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
17:50:32.0406 1060 ============================================================
17:50:32.0437 1060 C: <-> \Device\Harddisk0\DR0\Partition1
17:50:32.0437 1060 ============================================================
17:50:32.0437 1060 Initialize success
17:50:32.0437 1060 ============================================================
17:50:40.0296 3764 ============================================================
17:50:40.0296 3764 Scan started
17:50:40.0296 3764 Mode: Manual; TDLFS;
17:50:40.0296 3764 ============================================================
17:50:40.0437 3764 ================ Scan system memory ========================
17:50:40.0437 3764 System memory - ok
17:50:40.0437 3764 ================ Scan services =============================
17:50:40.0546 3764 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
17:50:40.0546 3764 6to4 - ok
17:50:40.0625 3764 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
17:50:40.0625 3764 Aavmker4 - ok
17:50:40.0625 3764 Abiosdsk - ok
17:50:40.0625 3764 abp480n5 - ok
17:50:40.0671 3764 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:50:40.0671 3764 ACPI - ok
17:50:40.0703 3764 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:50:40.0703 3764 ACPIEC - ok
17:50:40.0734 3764 [ 233235123F3D73228EC3D2BBA0E7143D ] ACS C:\WINDOWS\system32\acs.exe
17:50:40.0734 3764 ACS - ok
17:50:40.0750 3764 adpu160m - ok
17:50:40.0765 3764 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:50:40.0765 3764 aec - ok
17:50:40.0812 3764 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:50:40.0812 3764 AegisP - ok
17:50:40.0843 3764 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:50:40.0843 3764 AFD - ok
17:50:40.0843 3764 Aha154x - ok
17:50:40.0859 3764 aic78u2 - ok
17:50:40.0859 3764 aic78xx - ok
17:50:41.0015 3764 [ FCB505A7FA9DD4B8B98064792FD038A4 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:50:41.0125 3764 ALCXWDM - ok
17:50:41.0156 3764 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:50:41.0171 3764 Alerter - ok
17:50:41.0187 3764 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:50:41.0187 3764 ALG - ok
17:50:41.0203 3764 AliIde - ok
17:50:41.0203 3764 amsint - ok
17:50:41.0312 3764 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:50:41.0312 3764 Apple Mobile Device - ok
17:50:41.0312 3764 AppMgmt - ok
17:50:41.0375 3764 [ F6F31F142A2FF302B8D1ECDA9FE14A6B ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
17:50:41.0390 3764 AR5211 - ok
17:50:41.0390 3764 asc - ok
17:50:41.0406 3764 asc3350p - ok
17:50:41.0406 3764 asc3550 - ok
17:50:41.0484 3764 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:50:41.0484 3764 aspnet_state - ok
17:50:41.0500 3764 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:50:41.0500 3764 aswFsBlk - ok
17:50:41.0500 3764 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
17:50:41.0500 3764 aswMon2 - ok
17:50:41.0531 3764 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
17:50:41.0531 3764 AswRdr - ok
17:50:41.0578 3764 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:50:41.0593 3764 aswSnx - ok
17:50:41.0640 3764 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:50:41.0656 3764 aswSP - ok
17:50:41.0687 3764 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:50:41.0687 3764 aswTdi - ok
17:50:41.0734 3764 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:50:41.0734 3764 AsyncMac - ok
17:50:41.0750 3764 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:50:41.0750 3764 atapi - ok
17:50:41.0765 3764 Atdisk - ok
17:50:41.0781 3764 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:50:41.0781 3764 Atmarpc - ok
17:50:41.0812 3764 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:50:41.0812 3764 AudioSrv - ok
17:50:41.0843 3764 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:50:41.0843 3764 audstub - ok
17:50:41.0875 3764 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:50:41.0875 3764 avast! Antivirus - ok
17:50:41.0906 3764 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:50:41.0906 3764 Beep - ok
17:50:41.0953 3764 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:50:41.0984 3764 Bonjour Service - ok
17:50:42.0015 3764 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
17:50:42.0015 3764 Browser - ok
17:50:42.0046 3764 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:50:42.0046 3764 cbidf2k - ok
17:50:42.0062 3764 cd20xrnt - ok
17:50:42.0078 3764 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:50:42.0093 3764 Cdaudio - ok
17:50:42.0125 3764 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:50:42.0125 3764 Cdfs - ok
17:50:42.0140 3764 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:50:42.0140 3764 Cdrom - ok
17:50:42.0140 3764 Changer - ok
17:50:42.0156 3764 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
17:50:42.0156 3764 cisvc - ok
17:50:42.0187 3764 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:50:42.0187 3764 ClipSrv - ok
17:50:42.0218 3764 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:50:42.0218 3764 clr_optimization_v2.0.50727_32 - ok
17:50:42.0218 3764 CmdIde - ok
17:50:42.0234 3764 COMSysApp - ok
17:50:42.0234 3764 Cpqarray - ok
17:50:42.0250 3764 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:50:42.0250 3764 CryptSvc - ok
17:50:42.0281 3764 [ E2B1AEDB62845581D848037F0A614EE6 ] ctlsb16 C:\WINDOWS\system32\drivers\ctlsb16.sys
17:50:42.0281 3764 ctlsb16 - ok
17:50:42.0296 3764 dac2w2k - ok
17:50:42.0296 3764 dac960nt - ok
17:50:42.0343 3764 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:50:42.0375 3764 DcomLaunch - ok
17:50:42.0406 3764 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:50:42.0406 3764 Dhcp - ok
17:50:42.0437 3764 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:50:42.0437 3764 Disk - ok
17:50:42.0453 3764 dmadmin - ok
17:50:42.0484 3764 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:50:42.0531 3764 dmboot - ok
17:50:42.0546 3764 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:50:42.0546 3764 dmio - ok
17:50:42.0562 3764 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:50:42.0562 3764 dmload - ok
17:50:42.0593 3764 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:50:42.0593 3764 dmserver - ok
17:50:42.0625 3764 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:50:42.0625 3764 DMusic - ok
17:50:42.0656 3764 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:50:42.0656 3764 Dnscache - ok
17:50:42.0687 3764 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:50:42.0687 3764 Dot3svc - ok
17:50:42.0703 3764 dpti2o - ok
17:50:42.0718 3764 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:50:42.0718 3764 drmkaud - ok
17:50:42.0750 3764 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:50:42.0750 3764 EapHost - ok
17:50:42.0765 3764 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:50:42.0765 3764 ERSvc - ok
17:50:42.0812 3764 esgiguard - ok
17:50:42.0843 3764 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:50:42.0843 3764 Eventlog - ok
17:50:42.0890 3764 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
17:50:42.0890 3764 EventSystem - ok
17:50:42.0906 3764 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:50:42.0906 3764 Fastfat - ok
17:50:42.0937 3764 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:50:42.0953 3764 FastUserSwitchingCompatibility - ok
17:50:42.0968 3764 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:50:42.0968 3764 Fdc - ok
17:50:42.0984 3764 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:50:42.0984 3764 Fips - ok
17:50:43.0000 3764 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:50:43.0000 3764 Flpydisk - ok
17:50:43.0031 3764 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:50:43.0031 3764 FltMgr - ok
17:50:43.0093 3764 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:50:43.0093 3764 FontCache3.0.0.0 - ok
17:50:43.0109 3764 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:50:43.0109 3764 Fs_Rec - ok
17:50:43.0125 3764 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:50:43.0125 3764 Ftdisk - ok
17:50:43.0171 3764 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:50:43.0171 3764 GEARAspiWDM - ok
17:50:43.0187 3764 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:50:43.0187 3764 Gpc - ok
17:50:43.0250 3764 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:50:43.0250 3764 gupdate - ok
17:50:43.0250 3764 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:50:43.0250 3764 gupdatem - ok
17:50:43.0328 3764 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:50:43.0343 3764 helpsvc - ok
17:50:43.0359 3764 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:50:43.0359 3764 HidServ - ok
17:50:43.0375 3764 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:50:43.0375 3764 hidusb - ok
17:50:43.0406 3764 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:50:43.0421 3764 hkmsvc - ok
17:50:43.0421 3764 hpn - ok
17:50:43.0421 3764 hpt3xx - ok
17:50:43.0468 3764 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:50:43.0468 3764 HTTP - ok
17:50:43.0500 3764 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:50:43.0515 3764 HTTPFilter - ok
17:50:43.0515 3764 i2omgmt - ok
17:50:43.0531 3764 i2omp - ok
17:50:43.0531 3764 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
17:50:43.0531 3764 i8042prt - ok
17:50:43.0578 3764 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:50:43.0578 3764 IDriverT - ok
17:50:43.0640 3764 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:50:43.0671 3764 idsvc - ok
17:50:43.0687 3764 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:50:43.0687 3764 Imapi - ok
17:50:43.0718 3764 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
17:50:43.0734 3764 ImapiService - ok
17:50:43.0734 3764 ini910u - ok
17:50:43.0750 3764 IntelIde - ok
17:50:43.0781 3764 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:50:43.0781 3764 ip6fw - ok
17:50:43.0812 3764 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:50:43.0812 3764 IpFilterDriver - ok
17:50:43.0828 3764 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:50:43.0828 3764 IpInIp - ok
17:50:43.0843 3764 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:50:43.0843 3764 IpNat - ok
17:50:43.0906 3764 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:50:43.0921 3764 iPod Service - ok
17:50:43.0953 3764 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:50:43.0953 3764 IPSec - ok
17:50:44.0000 3764 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:50:44.0000 3764 IRENUM - ok
17:50:44.0015 3764 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:50:44.0015 3764 isapnp - ok
17:50:44.0109 3764 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:50:44.0109 3764 JavaQuickStarterService - ok
17:50:44.0156 3764 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:50:44.0156 3764 Kbdclass - ok
17:50:44.0171 3764 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:50:44.0171 3764 kbdhid - ok
17:50:44.0218 3764 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:50:44.0218 3764 kmixer - ok
17:50:44.0250 3764 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:50:44.0250 3764 KSecDD - ok
17:50:44.0281 3764 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:50:44.0281 3764 lanmanserver - ok
17:50:44.0328 3764 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:50:44.0343 3764 lanmanworkstation - ok
17:50:44.0343 3764 lbrtfdc - ok
17:50:44.0390 3764 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:50:44.0390 3764 LmHosts - ok
17:50:44.0421 3764 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:50:44.0421 3764 Messenger - ok
17:50:44.0437 3764 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:50:44.0437 3764 mnmdd - ok
17:50:44.0468 3764 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:50:44.0468 3764 mnmsrvc - ok
17:50:44.0500 3764 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:50:44.0500 3764 Modem - ok
17:50:44.0500 3764 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:50:44.0500 3764 Mouclass - ok
17:50:44.0546 3764 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:50:44.0546 3764 mouhid - ok
17:50:44.0546 3764 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:50:44.0546 3764 MountMgr - ok
17:50:44.0578 3764 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:50:44.0593 3764 MozillaMaintenance - ok
17:50:44.0593 3764 mraid35x - ok
17:50:44.0625 3764 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:50:44.0625 3764 MRxDAV - ok
17:50:44.0656 3764 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:50:44.0671 3764 MRxSmb - ok
17:50:44.0687 3764 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:50:44.0703 3764 MSDTC - ok
17:50:44.0703 3764 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:50:44.0703 3764 Msfs - ok
17:50:44.0703 3764 MSIServer - ok
17:50:44.0718 3764 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:50:44.0718 3764 MSKSSRV - ok
17:50:44.0734 3764 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:50:44.0734 3764 MSPCLOCK - ok
17:50:44.0750 3764 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:50:44.0750 3764 MSPQM - ok
17:50:44.0765 3764 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:50:44.0781 3764 mssmbios - ok
17:50:44.0812 3764 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
17:50:44.0812 3764 ms_mpu401 - ok
17:50:44.0843 3764 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:50:44.0843 3764 MTsensor - ok
17:50:44.0875 3764 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:50:44.0875 3764 Mup - ok
17:50:44.0906 3764 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:50:44.0921 3764 napagent - ok
17:50:44.0953 3764 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:50:44.0953 3764 NDIS - ok
17:50:44.0968 3764 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:50:44.0968 3764 NdisTapi - ok
17:50:44.0984 3764 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:50:44.0984 3764 Ndisuio - ok
17:50:44.0984 3764 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:50:45.0000 3764 NdisWan - ok
17:50:45.0015 3764 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:50:45.0015 3764 NDProxy - ok
17:50:45.0015 3764 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:50:45.0015 3764 NetBIOS - ok
17:50:45.0046 3764 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:50:45.0046 3764 NetBT - ok
17:50:45.0078 3764 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:50:45.0078 3764 NetDDE - ok
17:50:45.0093 3764 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:50:45.0093 3764 NetDDEdsdm - ok
17:50:45.0125 3764 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
17:50:45.0125 3764 Netlogon - ok
17:50:45.0171 3764 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:50:45.0187 3764 Netman - ok
17:50:45.0234 3764 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:50:45.0250 3764 NetTcpPortSharing - ok
17:50:45.0281 3764 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:50:45.0296 3764 Nla - ok
17:50:45.0328 3764 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
17:50:45.0328 3764 nm - ok
17:50:45.0343 3764 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:50:45.0359 3764 Npfs - ok
17:50:45.0390 3764 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:50:45.0421 3764 Ntfs - ok
17:50:45.0421 3764 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:50:45.0437 3764 NtLmSsp - ok
17:50:45.0484 3764 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:50:45.0500 3764 NtmsSvc - ok
17:50:45.0531 3764 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
17:50:45.0531 3764 NuidFltr - ok
17:50:45.0546 3764 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:50:45.0546 3764 Null - ok
17:50:45.0843 3764 [ 30913CBF518396912E54C2C9F1DD0F09 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:50:46.0109 3764 nv - ok
17:50:46.0140 3764 [ 0344AA9113DC16EEC379F4652020849D ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
17:50:46.0140 3764 nvata - ok
17:50:46.0171 3764 [ A545DF28F75BCB109A3AADBB07552B12 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:50:46.0171 3764 NVENETFD - ok
17:50:46.0187 3764 [ EA41F641420F3D8271804D287C1EF461 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:50:46.0203 3764 nvnetbus - ok
17:50:46.0234 3764 [ C0204C1A7A2D2433D48F49E4ECC09AB6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
17:50:46.0250 3764 nvsvc - ok
17:50:46.0281 3764 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:50:46.0281 3764 NwlnkFlt - ok
17:50:46.0296 3764 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:50:46.0296 3764 NwlnkFwd - ok
17:50:46.0312 3764 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
17:50:46.0312 3764 NwlnkIpx - ok
17:50:46.0328 3764 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
17:50:46.0328 3764 NwlnkNb - ok
17:50:46.0359 3764 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
17:50:46.0359 3764 NwlnkSpx - ok
17:50:46.0406 3764 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
17:50:46.0406 3764 NwSapAgent - ok
17:50:46.0468 3764 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:50:46.0468 3764 ose - ok
17:50:46.0500 3764 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:50:46.0500 3764 Parport - ok
17:50:46.0500 3764 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:50:46.0500 3764 PartMgr - ok
17:50:46.0531 3764 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:50:46.0531 3764 ParVdm - ok
17:50:46.0546 3764 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:50:46.0546 3764 PCI - ok
17:50:46.0546 3764 PCIDump - ok
17:50:46.0546 3764 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:50:46.0562 3764 PCIIde - ok
17:50:46.0578 3764 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:50:46.0578 3764 Pcmcia - ok
17:50:46.0593 3764 PDCOMP - ok
17:50:46.0593 3764 PDFRAME - ok
17:50:46.0593 3764 PDRELI - ok
17:50:46.0609 3764 PDRFRAME - ok
17:50:46.0609 3764 perc2 - ok
17:50:46.0625 3764 perc2hib - ok
17:50:46.0656 3764 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:50:46.0656 3764 PlugPlay - ok
17:50:46.0656 3764 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
17:50:46.0671 3764 PolicyAgent - ok
17:50:46.0671 3764 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:50:46.0671 3764 PptpMiniport - ok
17:50:46.0687 3764 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:50:46.0687 3764 Processor - ok
17:50:46.0703 3764 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:50:46.0703 3764 ProtectedStorage - ok
17:50:46.0703 3764 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:50:46.0703 3764 PSched - ok
17:50:46.0734 3764 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:50:46.0734 3764 Ptilink - ok
17:50:46.0734 3764 ql1080 - ok
17:50:46.0734 3764 Ql10wnt - ok
17:50:46.0750 3764 ql12160 - ok
17:50:46.0750 3764 ql1240 - ok
17:50:46.0765 3764 ql1280 - ok
17:50:46.0765 3764 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:50:46.0765 3764 RasAcd - ok
17:50:46.0781 3764 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:50:46.0796 3764 RasAuto - ok
17:50:46.0812 3764 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:50:46.0812 3764 Rasl2tp - ok
17:50:46.0843 3764 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:50:46.0859 3764 RasMan - ok
17:50:46.0875 3764 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:50:46.0875 3764 RasPppoe - ok
17:50:46.0875 3764 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:50:46.0890 3764 Raspti - ok
17:50:46.0890 3764 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:50:46.0906 3764 Rdbss - ok
17:50:46.0906 3764 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:50:46.0906 3764 RDPCDD - ok
17:50:46.0953 3764 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:50:46.0953 3764 RDPWD - ok
17:50:46.0984 3764 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:50:47.0000 3764 RDSessMgr - ok
17:50:47.0031 3764 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:50:47.0031 3764 RemoteAccess - ok
17:50:47.0046 3764 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
17:50:47.0046 3764 RpcLocator - ok
17:50:47.0078 3764 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:50:47.0093 3764 RpcSs - ok
17:50:47.0125 3764 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:50:47.0140 3764 RSVP - ok
17:50:47.0156 3764 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:50:47.0156 3764 SamSs - ok
17:50:47.0171 3764 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:50:47.0187 3764 SCardSvr - ok
17:50:47.0218 3764 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:50:47.0234 3764 Schedule - ok
17:50:47.0265 3764 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:50:47.0265 3764 Secdrv - ok
17:50:47.0281 3764 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:50:47.0296 3764 seclogon - ok
17:50:47.0296 3764 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:50:47.0296 3764 SENS - ok
17:50:47.0328 3764 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:50:47.0328 3764 serenum - ok
17:50:47.0359 3764 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:50:47.0375 3764 Serial - ok
17:50:47.0390 3764 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:50:47.0390 3764 Sfloppy - ok
17:50:47.0406 3764 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:50:47.0406 3764 ShellHWDetection - ok
17:50:47.0421 3764 Simbad - ok
17:50:47.0421 3764 Sparrow - ok
17:50:47.0437 3764 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:50:47.0437 3764 splitter - ok
17:50:47.0437 3764 Spooler - ok
17:50:47.0484 3764 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:50:47.0484 3764 sr - ok
17:50:47.0515 3764 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
17:50:47.0546 3764 srservice - ok
17:50:47.0593 3764 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:50:47.0593 3764 Srv - ok
17:50:47.0625 3764 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
17:50:47.0640 3764 sscdbus - ok
17:50:47.0640 3764 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
17:50:47.0656 3764 sscdmdfl - ok
17:50:47.0671 3764 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
17:50:47.0671 3764 sscdmdm - ok
17:50:47.0703 3764 [ D04BD59F28C78E2E66632092CAFC0A2B ] sscdserd C:\WINDOWS\system32\DRIVERS\sscdserd.sys
17:50:47.0703 3764 sscdserd - ok
17:50:47.0734 3764 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:50:47.0734 3764 SSDPSRV - ok
17:50:47.0781 3764 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:50:47.0796 3764 stisvc - ok
17:50:47.0812 3764 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:50:47.0812 3764 swenum - ok
17:50:47.0843 3764 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:50:47.0843 3764 swmidi - ok
17:50:47.0843 3764 SwPrv - ok
17:50:47.0859 3764 symc810 - ok
17:50:47.0859 3764 symc8xx - ok
17:50:47.0875 3764 sym_hi - ok
17:50:47.0875 3764 sym_u3 - ok
17:50:47.0875 3764 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:50:47.0890 3764 sysaudio - ok
17:50:47.0906 3764 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:50:47.0921 3764 SysmonLog - ok
17:50:47.0937 3764 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:50:47.0953 3764 TapiSrv - ok
17:50:48.0000 3764 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:50:48.0031 3764 Tcpip - ok
17:50:48.0062 3764 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
17:50:48.0078 3764 Tcpip6 - ok
17:50:48.0093 3764 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:50:48.0093 3764 TDPIPE - ok
17:50:48.0109 3764 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:50:48.0109 3764 TDTCP - ok
17:50:48.0125 3764 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:50:48.0125 3764 TermDD - ok
17:50:48.0156 3764 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:50:48.0171 3764 TermService - ok
17:50:48.0218 3764 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:50:48.0218 3764 Themes - ok
17:50:48.0234 3764 TosIde - ok
17:50:48.0234 3764 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:50:48.0234 3764 TrkWks - ok
17:50:48.0281 3764 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
17:50:48.0281 3764 TrueSight - ok
17:50:48.0312 3764 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
17:50:48.0312 3764 tunmp - ok
17:50:48.0343 3764 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:50:48.0343 3764 Udfs - ok
17:50:48.0343 3764 ultra - ok
17:50:48.0375 3764 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:50:48.0390 3764 Update - ok
17:50:48.0406 3764 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:50:48.0421 3764 upnphost - ok
17:50:48.0437 3764 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:50:48.0453 3764 UPS - ok
17:50:48.0484 3764 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:50:48.0484 3764 usbccgp - ok
17:50:48.0484 3764 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:50:48.0484 3764 usbhub - ok
17:50:48.0500 3764 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:50:48.0500 3764 usbohci - ok
17:50:48.0531 3764 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:50:48.0531 3764 usbscan - ok
17:50:48.0546 3764 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:50:48.0546 3764 USBSTOR - ok
17:50:48.0562 3764 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:50:48.0578 3764 VgaSave - ok
17:50:48.0578 3764 ViaIde - ok
17:50:48.0593 3764 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:50:48.0593 3764 VolSnap - ok
17:50:48.0609 3764 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:50:48.0625 3764 VSS - ok
17:50:48.0640 3764 vzandnetdiag - ok
17:50:48.0640 3764 vzandnetdiag2 - ok
17:50:48.0656 3764 vzandnetmodem - ok
17:50:48.0656 3764 vzandnetndis - ok
17:50:48.0671 3764 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
17:50:48.0687 3764 W32Time - ok
17:50:48.0718 3764 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:50:48.0718 3764 Wanarp - ok
17:50:48.0765 3764 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:50:48.0781 3764 Wdf01000 - ok
17:50:48.0781 3764 WDICA - ok
17:50:48.0796 3764 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:50:48.0796 3764 wdmaud - ok
17:50:48.0812 3764 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:50:48.0812 3764 WebClient - ok
17:50:48.0890 3764 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:50:48.0890 3764 winmgmt - ok
17:50:48.0921 3764 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:50:48.0921 3764 WmdmPmSN - ok
17:50:48.0953 3764 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:50:48.0953 3764 WmiApSrv - ok
17:50:49.0000 3764 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:50:49.0015 3764 WZCSVC - ok
17:50:49.0062 3764 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:50:49.0062 3764 xmlprov - ok
17:50:49.0078 3764 ================ Scan global ===============================
17:50:49.0093 3764 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:50:49.0140 3764 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:50:49.0171 3764 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:50:49.0203 3764 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:50:49.0218 3764 [Global] - ok
17:50:49.0218 3764 ================ Scan MBR ==================================
17:50:49.0234 3764 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:50:49.0359 3764 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:50:49.0359 3764 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:50:49.0359 3764 ================ Scan VBR ==================================
17:50:49.0375 3764 [ 2E91C0EE12643EF9876FEFF30C95C332 ] \Device\Harddisk0\DR0\Partition1
17:50:49.0375 3764 \Device\Harddisk0\DR0\Partition1 - ok
17:50:49.0375 3764 ============================================================
17:50:49.0375 3764 Scan finished
17:50:49.0375 3764 ============================================================
17:50:49.0390 2100 Detected object count: 1
17:50:49.0390 2100 Actual detected object count: 1
17:51:06.0406 2100 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:51:06.0437 2100 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:51:06.0515 2100 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:51:06.0562 2100 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:51:13.0812 2100 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:51:13.0921 2100 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:51:14.0000 2100 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:51:14.0062 2100 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:51:14.0078 2100 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:51:14.0078 2100 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:51:14.0078 2100 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:51:14.0171 2100 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:51:14.0234 2100 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:51:14.0234 2100 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:51:14.0281 2100 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:51:14.0281 2100 \Device\Harddisk0\DR0\TDLFS - deleted
17:51:14.0281 2100 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
17:51:43.0578 2756 Deinitialize success

Ran Services Repair Tool

FarBar
Farbar Service Scanner Version: 05-01-2013
Ran by Chris Pizarro (administrator) on 11-01-2013 at 17:55:14
Running from "C:\Documents and Settings\Chris Pizarro\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) aswTdi(12) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4) Tcpip6(11)
0x0C00000005000000010000000200000003000000040000000C000000060000000700000008000000090000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

RKill
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/11/2013 05:57:51 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\acs.exe (PID: 864) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/11/2013 05:58:25 PM
Execution time: 0 hours(s), 0 minute(s), and 34 seconds(s)

Autoruns
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe"
+ "BYRUA_AGENT" "B2C NotiAgent MFC 응용 프로그램" "LG Electronics" "c:\documents and settings\all users\application data\lgmobileax\byr_client\vzwuaagent.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "" "" "File not found: nwiz.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "108Mbps Wireless LAN Adapte.lnk" "108Mbps Wireless LAN Configuration Utility" "TRENDnet" "c:\program files\trendnet\tew-441pc_443pi\trendnet.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 125.61 " "NVIDIA Corporation" "c:\program files\nvidia corporation\nview\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files\yahoo!\companion\installs\cpn1\ytsingleinstance.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "avast! Emergency Update.job" "avast! Emergency Update" "AVAST Software" "c:\program files\avast software\avast\avastemupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACS" "Gives access to single sign on and a mechanism to communicate with the supplicant for security negotiation." "" "c:\windows\system32\acs.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Spooler" "Loads files to memory for later printing." "" "File not found: C:\WINDOWS\system32\spoolsv.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Aavmker4" "avast! Asynchronous Virus Monitor" "AVAST Software" "c:\windows\system32\drivers\aavmker4.sys"
+ "AegisP" "AEGIS Protocol (IEEE 802.1x) v3.2.0.3" "Meetinghouse Data Communications" "c:\windows\system32\drivers\aegisp.sys"
+ "ALCXWDM" "Realtek AC'97 Audio Driver (WDM)" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\alcxwdm.sys"
+ "AR5211" "Driver for Atheros AR5001 Wireless Network Adapter" "Atheros Communications, Inc." "c:\windows\system32\drivers\ar5211.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMon2" "avast! Standard Shield Support" "AVAST Software" "c:\windows\system32\drivers\aswmon2.sys"
+ "AswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "ctlsb16" "Sound Blaster 16 Adapter Driver" "Copyright © Creative Technology Ltd. 1994-2001" "c:\windows\system32\drivers\ctlsb16.sys"
+ "esgiguard" "" "" "File not found: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MTsensor" "ATK0110 ACPI Utility" "" "c:\windows\system32\drivers\asacpi.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.45 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "nvata" "NVIDIA® nForce™ IDE Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvata.sys"
+ "NVENETFD" "NVIDIA Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvenetfd.sys"
+ "nvnetbus" "NVIDIA Networking Bus Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvnetbus.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "sscdbus" "SAMSUNG USB Composite Device Driver" "MCCI Corporation" "c:\windows\system32\drivers\sscdbus.sys"
+ "sscdmdfl" "SAMSUNG Mobile Modem Filter" "MCCI Corporation" "c:\windows\system32\drivers\sscdmdfl.sys"
+ "sscdmdm" "SAMSUNG Mobile Modem Drivers" "MCCI Corporation" "c:\windows\system32\drivers\sscdmdm.sys"
+ "sscdserd" "SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)" "MCCI Corporation" "c:\windows\system32\drivers\sscdserd.sys"
+ "TrueSight" "" "" "c:\windows\system32\drivers\truesight.sys"
+ "vzandnetdiag" "LGE AndroidNet for VZW USB Serial Port" "" "File not found: system32\DRIVERS\lgvzandnetdiag.sys"
+ "vzandnetdiag2" "LGE AndroidNet for VZW Diagnostics Port" "" "File not found: system32\DRIVERS\lgvzandnetdiag2.sys"
+ "vzandnetmodem" "LGE AndroidNet for VZW Mobile Support" "" "File not found: system32\DRIVERS\lgvzandnetmdm.sys"
+ "vzandnetndis" "" "" "File not found: system32\DRIVERS\lgvzandnetndis.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3filter" "ac3filter" "" "c:\windows\system32\ac3filter.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.lags" "Lagarith" " " "c:\windows\system32\lagarith.dll"
+ "vidc.x264" "x264vfw - H.264/MPEG-4 AVC codec" "x264vfw project" "c:\windows\system32\x264vfw.dll"
+ "vidc.xvid" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LAV Audio Decoder" "" "" "File not found: C:\WINDOWS\system32\LAVAudio.ax"
+ "LAV Splitter" "" "" "File not found: C:\WINDOWS\system32\LAVSplitter.ax"
+ "LAV Splitter Source" "" "" "File not found: C:\WINDOWS\system32\LAVSplitter.ax"
+ "LAV Video Decoder" "" "" "File not found: C:\WINDOWS\system32\LAVVideo.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SYSTEM\Setup\CmdLine" "" "" ""
+ "/update" "" "" "File not found: /update"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"

#8 narenxp

Forum Addict

BC Advisor
16,366 posts

Gender:Male
Location:India

Posted 11 January 2013 - 06:11 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing