Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with the Happili Redirect


  • Please log in to reply
5 replies to this topic

#1 Pantsamander

Pantsamander

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 05 April 2012 - 09:42 AM

On Firefox and Safari, all browsers sometimes redirect to Happili and other sites like that. Also, I don't know if this is a side effect of that, but some of the google sites (images, docs, etc.) don't work. I'm running Windows XP, by the way.

I've scanned with MalwareBytes, AVG, and TDSSKiller. They all detected stuff, but none of it was the redirect virus.

What should I do now?

Edited by Pantsamander, 05 April 2012 - 09:55 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:21 PM

Posted 05 April 2012 - 11:34 AM

Hello,would you please post the contents of the TDSS text file.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt


The problem may be an add-on in Firefox called "performance cache" or another one.

Try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Pantsamander

Pantsamander
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 05 April 2012 - 12:18 PM

Okay, here is the TDSS log. It doesn't seem to be the add-ons, though.

12:35:13.0867 7468 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
12:35:14.0949 7468 ============================================================
12:35:14.0949 7468 Current date / time: 2012/03/25 12:35:14.0949
12:35:14.0949 7468 SystemInfo:
12:35:14.0949 7468
12:35:14.0949 7468 OS Version: 5.1.2600 ServicePack: 2.0
12:35:14.0949 7468 Product type: Workstation
12:35:14.0949 7468 ComputerName: molllee2-lxp
12:35:14.0949 7468 UserName: molllee
12:35:14.0949 7468 Windows directory: C:\WINDOWS
12:35:14.0949 7468 System windows directory: C:\WINDOWS
12:35:14.0949 7468 Processor architecture: Intel x86
12:35:14.0949 7468 Number of processors: 1
12:35:14.0949 7468 Page size: 0x1000
12:35:14.0949 7468 Boot type: Normal boot
12:35:14.0949 7468 ============================================================
12:35:32.0144 7468 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
12:35:32.0204 7468 \Device\Harddisk0\DR0:
12:35:32.0204 7468 MBR used
12:35:32.0204 7468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC4131
12:35:32.0234 7468 Initialize success
12:35:32.0234 7468 ============================================================
12:35:53.0154 2624 ============================================================
12:35:53.0154 2624 Scan started
12:35:53.0154 2624 Mode: Manual;
12:35:53.0154 2624 ============================================================
12:35:54.0836 2624 Abiosdsk - ok
12:35:54.0916 2624 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:35:54.0996 2624 abp480n5 - ok
12:35:55.0137 2624 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
12:35:55.0277 2624 ac97intc - ok
12:35:55.0367 2624 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:35:55.0397 2624 ACPI - ok
12:35:55.0467 2624 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:35:55.0477 2624 ACPIEC - ok
12:35:55.0627 2624 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:35:55.0747 2624 adpu160m - ok
12:35:55.0938 2624 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
12:35:56.0979 2624 aeaudio - ok
12:35:57.0520 2624 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
12:35:57.0590 2624 aec - ok
12:35:57.0921 2624 AFD (944ca435bfcfc82cc1ed9e3a7d731aa9) C:\WINDOWS\System32\drivers\afd.sys
12:35:57.0981 2624 AFD - ok
12:35:58.0141 2624 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:35:58.0151 2624 agp440 - ok
12:35:58.0271 2624 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:35:58.0281 2624 agpCPQ - ok
12:35:58.0722 2624 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:35:58.0742 2624 Aha154x - ok
12:35:58.0892 2624 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:35:58.0922 2624 aic78u2 - ok
12:35:59.0172 2624 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:35:59.0182 2624 aic78xx - ok
12:35:59.0533 2624 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
12:36:01.0245 2624 Alerter - ok
12:36:01.0496 2624 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
12:36:02.0437 2624 ALG - ok
12:36:02.0557 2624 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:36:02.0567 2624 AliIde - ok
12:36:02.0597 2624 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:36:02.0597 2624 alim1541 - ok
12:36:02.0617 2624 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:36:02.0617 2624 amdagp - ok
12:36:02.0647 2624 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:36:02.0647 2624 amsint - ok
12:36:02.0798 2624 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
12:36:02.0948 2624 ANC - ok
12:36:03.0449 2624 ApfiltrService (ab9570fa938bcd68362f6701b136ccd1) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:36:03.0549 2624 ApfiltrService - ok
12:36:03.0659 2624 Apple Mobile Device (acb095e7e1663f1b83a41c22c5d75f90) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:36:03.0809 2624 Apple Mobile Device - ok
12:36:03.0979 2624 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
12:36:04.0670 2624 AppMgmt - ok
12:36:04.0790 2624 AR5211 (275521a350a6f770fea954d5b8b2d35b) C:\WINDOWS\system32\DRIVERS\ar5211.sys
12:36:04.0800 2624 AR5211 - ok
12:36:04.0861 2624 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:36:04.0861 2624 asc - ok
12:36:04.0901 2624 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:36:04.0911 2624 asc3350p - ok
12:36:04.0971 2624 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:36:04.0971 2624 asc3550 - ok
12:36:05.0061 2624 aspnet_state (4eabf511b1af176a971c3271e48fa3a8) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:36:05.0311 2624 aspnet_state - ok
12:36:05.0451 2624 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:36:05.0542 2624 AsyncMac - ok
12:36:05.0622 2624 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:36:05.0632 2624 atapi - ok
12:36:05.0652 2624 Atdisk - ok
12:36:05.0792 2624 Ati HotKey Poller (6633cbf0d658440f0962d90e5bd20dde) C:\WINDOWS\System32\Ati2evxx.exe
12:36:05.0812 2624 Ati HotKey Poller - ok
12:36:05.0892 2624 ati2mtag (2fbdfec8cd60cec3d55e615865333033) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:36:06.0643 2624 ati2mtag - ok
12:36:06.0813 2624 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:36:06.0883 2624 Atmarpc - ok
12:36:06.0944 2624 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
12:36:06.0944 2624 AudioSrv - ok
12:36:07.0004 2624 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:36:07.0294 2624 audstub - ok
12:36:07.0474 2624 AutoSyncService (91ae926364bfcf947fbdddad920d4ade) C:\Program Files\Memeo\AutoSync\MemeoService.exe
12:36:07.0675 2624 AutoSyncService - ok
12:36:08.0656 2624 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
12:36:09.0257 2624 AVGIDSAgent - ok
12:36:09.0367 2624 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:36:09.0467 2624 AVGIDSDriver - ok
12:36:09.0527 2624 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:36:09.0537 2624 AVGIDSEH - ok
12:36:09.0577 2624 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:36:09.0678 2624 AVGIDSFilter - ok
12:36:09.0728 2624 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:36:09.0808 2624 AVGIDSShim - ok
12:36:09.0888 2624 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:36:10.0068 2624 Avgldx86 - ok
12:36:10.0158 2624 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:36:10.0158 2624 Avgmfx86 - ok
12:36:10.0208 2624 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:36:10.0208 2624 Avgrkx86 - ok
12:36:10.0258 2624 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:36:10.0389 2624 Avgtdix - ok
12:36:10.0499 2624 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
12:36:10.0509 2624 avgwd - ok
12:36:10.0579 2624 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:36:10.0879 2624 Beep - ok
12:36:11.0059 2624 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\System32\qmgr.dll
12:36:11.0120 2624 BITS - ok
12:36:11.0230 2624 Bonjour Service (a065f048e9e23e6c026a7bb548d126a7) C:\Program Files\Bonjour\mDNSResponder.exe
12:36:11.0230 2624 Bonjour Service - ok
12:36:11.0310 2624 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
12:36:11.0320 2624 Browser - ok
12:36:11.0390 2624 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:36:11.0390 2624 cbidf - ok
12:36:11.0420 2624 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:36:11.0430 2624 cbidf2k - ok
12:36:11.0460 2624 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:36:11.0460 2624 cd20xrnt - ok
12:36:11.0510 2624 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:36:11.0961 2624 Cdaudio - ok
12:36:12.0081 2624 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
12:36:12.0081 2624 Cdfs - ok
12:36:12.0111 2624 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:36:12.0161 2624 Cdrom - ok
12:36:12.0181 2624 Changer - ok
12:36:12.0231 2624 cisvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\System32\cisvc.exe
12:36:12.0682 2624 cisvc - ok
12:36:12.0842 2624 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
12:36:13.0453 2624 ClipSrv - ok
12:36:13.0553 2624 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:36:13.0653 2624 clr_optimization_v2.0.50727_32 - ok
12:36:13.0753 2624 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:36:13.0864 2624 CmBatt - ok
12:36:13.0954 2624 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:36:13.0954 2624 CmdIde - ok
12:36:14.0034 2624 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:36:14.0054 2624 Compbatt - ok
12:36:14.0124 2624 COMSysApp - ok
12:36:14.0234 2624 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:36:14.0264 2624 Cpqarray - ok
12:36:14.0324 2624 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
12:36:14.0344 2624 CryptSvc - ok
12:36:14.0404 2624 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
12:36:14.0544 2624 CVirtA - ok
12:36:14.0695 2624 CVPND (7e1a89338d8b7e1fde676fc2df0b399f) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
12:36:14.0725 2624 CVPND - ok
12:36:14.0845 2624 CVPNDRVA (091581087292b681725e6bc623ef2f82) C:\WINDOWS\System32\Drivers\CVPNDRVA.sys
12:36:15.0085 2624 CVPNDRVA - ok
12:36:15.0145 2624 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:36:15.0155 2624 dac2w2k - ok
12:36:15.0195 2624 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:36:15.0215 2624 dac960nt - ok
12:36:15.0296 2624 DcomLaunch (ce94a2bd25e3e9f4d46a7373ff455c6d) C:\WINDOWS\system32\rpcss.dll
12:36:15.0306 2624 DcomLaunch - ok
12:36:15.0486 2624 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
12:36:15.0506 2624 Dhcp - ok
12:36:15.0596 2624 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
12:36:15.0606 2624 Disk - ok
12:36:15.0626 2624 dmadmin - ok
12:36:15.0686 2624 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
12:36:15.0736 2624 dmboot - ok
12:36:15.0806 2624 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
12:36:16.0287 2624 dmio - ok
12:36:16.0387 2624 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:36:16.0427 2624 dmload - ok
12:36:16.0477 2624 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
12:36:16.0928 2624 dmserver - ok
12:36:16.0978 2624 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
12:36:16.0988 2624 DMusic - ok
12:36:17.0128 2624 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
12:36:17.0138 2624 DNE - ok
12:36:17.0198 2624 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
12:36:17.0208 2624 Dnscache - ok
12:36:17.0268 2624 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:36:17.0288 2624 dpti2o - ok
12:36:17.0318 2624 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
12:36:17.0339 2624 drmkaud - ok
12:36:17.0389 2624 E1000 (9dcf8770a06b1e12100c9b06ede3d45b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
12:36:17.0559 2624 E1000 - ok
12:36:17.0619 2624 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:36:17.0679 2624 E100B - ok
12:36:17.0899 2624 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
12:36:17.0919 2624 ERSvc - ok
12:36:17.0979 2624 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
12:36:17.0979 2624 Eventlog - ok
12:36:18.0050 2624 EventSystem (34bbd9acc1538818f2c878898c64e793) C:\WINDOWS\System32\es.dll
12:36:18.0060 2624 EventSystem - ok
12:36:18.0130 2624 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
12:36:18.0510 2624 Fastfat - ok
12:36:18.0610 2624 FastUserSwitchingCompatibility (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
12:36:18.0620 2624 FastUserSwitchingCompatibility - ok
12:36:18.0670 2624 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:36:19.0221 2624 Fdc - ok
12:36:19.0341 2624 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
12:36:19.0762 2624 Fips - ok
12:36:19.0872 2624 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:36:20.0263 2624 Flpydisk - ok
12:36:20.0393 2624 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
12:36:20.0403 2624 FltMgr - ok
12:36:20.0533 2624 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:36:20.0773 2624 FontCache3.0.0.0 - ok
12:36:20.0864 2624 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:36:21.0264 2624 Fs_Rec - ok
12:36:21.0404 2624 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:36:21.0404 2624 Ftdisk - ok
12:36:21.0474 2624 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:36:21.0595 2624 GEARAspiWDM - ok
12:36:21.0675 2624 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:36:21.0755 2624 Gpc - ok
12:36:21.0835 2624 hcmon (45cc5b2f0cceffd5fb48473f32cc58c8) C:\WINDOWS\system32\Drivers\hcmon.sys
12:36:21.0975 2624 hcmon - ok
12:36:22.0085 2624 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:36:22.0085 2624 helpsvc - ok
12:36:22.0196 2624 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
12:36:22.0196 2624 HidServ - ok
12:36:22.0266 2624 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:36:22.0346 2624 HidUsb - ok
12:36:22.0506 2624 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:36:22.0506 2624 hpn - ok
12:36:22.0716 2624 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:36:22.0736 2624 hpqcxs08 - ok
12:36:22.0876 2624 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:36:22.0886 2624 hpqddsvc - ok
12:36:23.0057 2624 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
12:36:23.0137 2624 HPSLPSVC - ok
12:36:23.0277 2624 hpt3xx - ok
12:36:23.0567 2624 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:36:23.0688 2624 HPZid412 - ok
12:36:23.0738 2624 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:36:23.0988 2624 HPZipr12 - ok
12:36:24.0268 2624 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:36:24.0329 2624 HPZius12 - ok
12:36:24.0479 2624 HSFHWICH (e7bcc7ec37dd2dd36a39bb9ac87a897b) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
12:36:24.0629 2624 HSFHWICH - ok
12:36:24.0839 2624 HSF_DP (43b60f94718841e13b9dd8905366bdbd) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:36:24.0959 2624 HSF_DP - ok
12:36:25.0240 2624 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:36:25.0480 2624 HSF_DPV - ok
12:36:25.0650 2624 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
12:36:25.0681 2624 HTTP - ok
12:36:25.0771 2624 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
12:36:26.0341 2624 HTTPFilter - ok
12:36:26.0692 2624 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:36:27.0303 2624 i2omgmt - ok
12:36:27.0443 2624 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:36:27.0453 2624 i2omp - ok
12:36:27.0513 2624 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:36:27.0904 2624 i8042prt - ok
12:36:27.0944 2624 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
12:36:28.0024 2624 IBMPMDRV - ok
12:36:28.0104 2624 IBMPMSVC (a75ce11915e4ecc5e1597d6e0f7bb2db) C:\WINDOWS\system32\ibmpmsvc.exe
12:36:28.0104 2624 IBMPMSVC - ok
12:36:28.0174 2624 IBMTPCHK (df674a176eb71300c4e01720a4cbfc57) C:\WINDOWS\system32\drivers\IBMBLDID.SYS
12:36:28.0274 2624 IBMTPCHK - ok
12:36:28.0334 2624 idisw2km (710e9133c89a666d6fdca3ef88ece15c) C:\WINDOWS\system32\DRIVERS\idisw2km.sys
12:36:28.0475 2624 idisw2km - ok
12:36:28.0605 2624 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:36:28.0855 2624 IDriverT - ok
12:36:29.0246 2624 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:36:29.0286 2624 idsvc - ok
12:36:29.0416 2624 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:36:29.0476 2624 Imapi - ok
12:36:29.0546 2624 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\System32\imapi.exe
12:36:29.0556 2624 ImapiService - ok
12:36:29.0626 2624 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:36:29.0626 2624 ini910u - ok
12:36:29.0666 2624 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:36:29.0676 2624 IntelIde - ok
12:36:29.0726 2624 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:36:29.0736 2624 intelppm - ok
12:36:29.0756 2624 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
12:36:29.0816 2624 ip6fw - ok
12:36:30.0247 2624 iPassConnectEngine (755b7bed8dfe2ec8f839f02ce904dddb) C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
12:36:30.0387 2624 iPassConnectEngine - ok
12:36:30.0437 2624 iPCAgent (3de88498eea24bbad19a70dcfda2df0b) C:\Program Files\iPass\iPassConnect\iPCAgent.exe
12:36:30.0437 2624 iPCAgent - ok
12:36:30.0568 2624 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:36:31.0008 2624 IpFilterDriver - ok
12:36:31.0068 2624 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:36:31.0098 2624 IpInIp - ok
12:36:31.0849 2624 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:36:31.0980 2624 IpNat - ok
12:36:32.0350 2624 iPod Service (d8389f60ec63fb8197772349e82b5bb7) C:\Program Files\iPod\bin\iPodService.exe
12:36:32.0370 2624 iPod Service - ok
12:36:32.0530 2624 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:36:32.0540 2624 IPSec - ok
12:36:32.0631 2624 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
12:36:32.0641 2624 irda - ok
12:36:32.0661 2624 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:36:32.0661 2624 IRENUM - ok
12:36:32.0711 2624 Irmon (a02512c315c84f475bd89f847048b27b) C:\WINDOWS\System32\irmon.dll
12:36:32.0711 2624 Irmon - ok
12:36:32.0801 2624 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:36:32.0801 2624 isapnp - ok
12:36:33.0071 2624 JavaQuickStarterService (77ac10db097dfd0cd3071465b644d0ab) C:\Program Files\Java\jre6\bin\jqs.exe
12:36:33.0211 2624 JavaQuickStarterService - ok
12:36:33.0321 2624 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:36:33.0362 2624 Kbdclass - ok
12:36:33.0462 2624 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:36:33.0512 2624 kbdhid - ok
12:36:33.0562 2624 kbstuff (bf9f10f0bef9e4be73f00c40f8f1de76) C:\WINDOWS\system32\DRIVERS\kbstuff5.sys
12:36:33.0642 2624 kbstuff - ok
12:36:33.0712 2624 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
12:36:33.0712 2624 kmixer - ok
12:36:33.0812 2624 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
12:36:33.0812 2624 KSecDD - ok
12:36:33.0882 2624 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
12:36:33.0892 2624 lanmanserver - ok
12:36:33.0982 2624 lanmanworkstation (ef48ed538b8bf80825dabb6ba17f2f09) C:\WINDOWS\System32\wkssvc.dll
12:36:33.0982 2624 lanmanworkstation - ok
12:36:34.0043 2624 lbrtfdc - ok
12:36:34.0093 2624 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
12:36:34.0093 2624 LmHosts - ok
12:36:34.0253 2624 LucentSoftModem (dd226891303d5118648ad4b911f37822) C:\WINDOWS\system32\DRIVERS\LTSM.sys
12:36:34.0683 2624 LucentSoftModem - ok
12:36:34.0884 2624 McAfeeFramework (1bc1a6b644d4cc1964cd851e92b604f4) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
12:36:34.0894 2624 McAfeeFramework - ok
12:36:35.0064 2624 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
12:36:35.0154 2624 McComponentHostService - ok
12:36:35.0264 2624 McShield (67cdb9415091a27fedc7685e7bc9e0d7) C:\Program Files\Network Associates\VirusScan\mcshield.exe
12:36:35.0264 2624 McShield - ok
12:36:35.0304 2624 McTaskManager (f408be9f01f20f349d60b07b458cc6b6) C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
12:36:35.0314 2624 McTaskManager - ok
12:36:35.0485 2624 MDC80211 (2c774d4b7169f2be2eefa549b12a94cc) C:\WINDOWS\system32\DRIVERS\mdc80211.sys
12:36:35.0615 2624 MDC80211 - ok
12:36:35.0815 2624 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
12:36:35.0825 2624 MDM - ok
12:36:35.0915 2624 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:36:35.0925 2624 mdmxsdk - ok
12:36:35.0975 2624 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
12:36:36.0466 2624 Messenger - ok
12:36:36.0596 2624 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:36:37.0027 2624 mnmdd - ok
12:36:37.0147 2624 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\System32\mnmsrvc.exe
12:36:37.0207 2624 mnmsrvc - ok
12:36:37.0337 2624 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
12:36:37.0347 2624 Modem - ok
12:36:37.0528 2624 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:36:38.0008 2624 Mouclass - ok
12:36:38.0158 2624 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:36:38.0178 2624 mouhid - ok
12:36:38.0239 2624 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
12:36:38.0239 2624 MountMgr - ok
12:36:38.0279 2624 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:36:38.0289 2624 mraid35x - ok
12:36:38.0329 2624 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:36:38.0339 2624 MRxDAV - ok
12:36:38.0419 2624 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:36:38.0429 2624 MRxSmb - ok
12:36:38.0549 2624 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\System32\msdtc.exe
12:36:38.0599 2624 MSDTC - ok
12:36:38.0699 2624 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
12:36:38.0699 2624 Msfs - ok
12:36:38.0739 2624 MSIServer - ok
12:36:38.0809 2624 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:36:38.0819 2624 MSKSSRV - ok
12:36:38.0859 2624 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:36:38.0879 2624 MSPCLOCK - ok
12:36:38.0940 2624 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
12:36:38.0960 2624 MSPQM - ok
12:36:39.0020 2624 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:36:39.0020 2624 mssmbios - ok
12:36:39.0080 2624 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
12:36:39.0080 2624 Mup - ok
12:36:39.0150 2624 NaiAvFilter1 (f23b1892828fce3a380e8005c0f4b2af) C:\WINDOWS\system32\drivers\naiavf5x.sys
12:36:39.0180 2624 NaiAvFilter1 - ok
12:36:39.0230 2624 NaiAvTdi1 (5da16c4f19c8fbcb9fab34b3952e5f47) C:\WINDOWS\system32\drivers\mvstdi5x.sys
12:36:39.0230 2624 NaiAvTdi1 - ok
12:36:39.0320 2624 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
12:36:39.0330 2624 NDIS - ok
12:36:39.0460 2624 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:36:39.0651 2624 NdisTapi - ok
12:36:40.0522 2624 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:36:40.0792 2624 Ndisuio - ok
12:36:40.0882 2624 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:36:40.0922 2624 NdisWan - ok
12:36:40.0983 2624 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
12:36:41.0313 2624 NDProxy - ok
12:36:41.0383 2624 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
12:36:41.0393 2624 Net Driver HPZ12 - ok
12:36:41.0473 2624 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:36:41.0513 2624 NetBIOS - ok
12:36:41.0734 2624 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:36:41.0854 2624 NetBT - ok
12:36:42.0024 2624 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
12:36:42.0495 2624 NetDDE - ok
12:36:42.0505 2624 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
12:36:42.0505 2624 NetDDEdsdm - ok
12:36:42.0615 2624 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
12:36:42.0645 2624 Netlogon - ok
12:36:42.0745 2624 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
12:36:42.0765 2624 Netman - ok
12:36:42.0965 2624 NetTcpPortSharing (f9102685f97f9ba85f4a70afcf722cfe) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:36:42.0985 2624 NetTcpPortSharing - ok
12:36:43.0055 2624 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
12:36:43.0066 2624 Nla - ok
12:36:43.0156 2624 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
12:36:43.0186 2624 Npfs - ok
12:36:43.0206 2624 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
12:36:43.0676 2624 NSCIRDA - ok
12:36:43.0807 2624 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
12:36:43.0827 2624 Ntfs - ok
12:36:43.0877 2624 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
12:36:43.0877 2624 NtLmSsp - ok
12:36:43.0947 2624 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
12:36:44.0277 2624 NtmsSvc - ok
12:36:44.0397 2624 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:36:44.0488 2624 Null - ok
12:36:44.0548 2624 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:36:44.0888 2624 NwlnkFlt - ok
12:36:44.0988 2624 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:36:45.0008 2624 NwlnkFwd - ok
12:36:45.0159 2624 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:36:45.0299 2624 odserv - ok
12:36:45.0359 2624 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:36:45.0459 2624 ose - ok
12:36:45.0559 2624 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
12:36:45.0739 2624 PalmUSBD - ok
12:36:45.0870 2624 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
12:36:46.0170 2624 Parport - ok
12:36:46.0240 2624 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
12:36:46.0240 2624 PartMgr - ok
12:36:46.0300 2624 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:36:46.0320 2624 ParVdm - ok
12:36:46.0340 2624 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
12:36:46.0350 2624 PCI - ok
12:36:46.0370 2624 PCIDump - ok
12:36:46.0400 2624 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:36:46.0400 2624 PCIIde - ok
12:36:46.0470 2624 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:36:46.0480 2624 Pcmcia - ok
12:36:46.0561 2624 PCX504 (8a89a9aa0a6b9c3b3ad6d98fe211b560) C:\WINDOWS\system32\DRIVERS\PCX504.sys
12:36:46.0681 2624 PCX504 - ok
12:36:46.0761 2624 PDCOMP - ok
12:36:46.0801 2624 PDFRAME - ok
12:36:46.0821 2624 PDRELI - ok
12:36:46.0851 2624 PDRFRAME - ok
12:36:46.0891 2624 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:36:46.0901 2624 perc2 - ok
12:36:46.0921 2624 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:36:46.0921 2624 perc2hib - ok
12:36:47.0011 2624 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
12:36:47.0011 2624 PlugPlay - ok
12:36:47.0021 2624 pmem - ok
12:36:47.0081 2624 PMEMNT (fa292805788528c083f416e151b60ab6) C:\WINDOWS\pmemnt.sys
12:36:49.0355 2624 PMEMNT - ok
12:36:49.0455 2624 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
12:36:49.0465 2624 Pml Driver HPZ12 - ok
12:36:49.0525 2624 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\System32\lsass.exe
12:36:49.0525 2624 PolicyAgent - ok
12:36:49.0585 2624 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:36:50.0056 2624 PptpMiniport - ok
12:36:50.0136 2624 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
12:36:50.0336 2624 Processor - ok
12:36:50.0386 2624 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:36:50.0386 2624 ProtectedStorage - ok
12:36:50.0446 2624 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
12:36:50.0797 2624 PSched - ok
12:36:50.0937 2624 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:36:50.0937 2624 Ptilink - ok
12:36:50.0997 2624 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:36:50.0997 2624 PxHelp20 - ok
12:36:51.0077 2624 QCNDISIF (c854eb3a54aae73046d187a77f54efc5) C:\WINDOWS\system32\drivers\qcndisif.SYS
12:36:51.0167 2624 QCNDISIF - ok
12:36:51.0227 2624 QCONSVC (03480c3ed91a3abeccf1cb0035431cfd) C:\WINDOWS\system32\QCONSVC.EXE
12:36:51.0227 2624 QCONSVC - ok
12:36:51.0287 2624 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:36:51.0297 2624 ql1080 - ok
12:36:51.0317 2624 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:36:51.0327 2624 Ql10wnt - ok
12:36:51.0367 2624 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:36:51.0377 2624 ql12160 - ok
12:36:51.0397 2624 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:36:51.0418 2624 ql1240 - ok
12:36:51.0468 2624 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:36:51.0468 2624 ql1280 - ok
12:36:51.0508 2624 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:36:51.0528 2624 RasAcd - ok
12:36:51.0578 2624 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
12:36:52.0129 2624 RasAuto - ok
12:36:52.0239 2624 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:36:52.0239 2624 Rasirda - ok
12:36:52.0279 2624 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:36:52.0569 2624 Rasl2tp - ok
12:36:52.0679 2624 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
12:36:52.0679 2624 RasMan - ok
12:36:52.0729 2624 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:36:53.0220 2624 RasPppoe - ok
12:36:53.0350 2624 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:36:53.0380 2624 Raspti - ok
12:36:53.0450 2624 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:36:53.0470 2624 Rdbss - ok
12:36:53.0491 2624 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:36:53.0721 2624 RDPCDD - ok
12:36:53.0821 2624 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:36:54.0272 2624 rdpdr - ok
12:36:54.0392 2624 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
12:36:54.0402 2624 RDPWD - ok
12:36:54.0462 2624 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
12:36:55.0684 2624 RDSessMgr - ok
12:36:55.0874 2624 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:36:56.0325 2624 redbook - ok
12:36:56.0475 2624 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
12:36:56.0805 2624 RemoteAccess - ok
12:36:56.0865 2624 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
12:36:56.0875 2624 RemoteRegistry - ok
12:36:56.0935 2624 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\System32\locator.exe
12:36:57.0036 2624 RpcLocator - ok
12:36:57.0176 2624 RpcSs (ce94a2bd25e3e9f4d46a7373ff455c6d) C:\WINDOWS\system32\rpcss.dll
12:36:57.0196 2624 RpcSs - ok
12:36:57.0256 2624 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
12:36:57.0286 2624 RSVP - ok
12:36:57.0346 2624 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:36:57.0346 2624 SamSs - ok
12:36:57.0396 2624 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
12:36:57.0967 2624 SCardSvr - ok
12:36:58.0097 2624 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
12:36:58.0107 2624 Schedule - ok
12:36:58.0197 2624 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:36:58.0247 2624 Secdrv - ok
12:36:58.0277 2624 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
12:36:58.0287 2624 seclogon - ok
12:36:58.0337 2624 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
12:36:58.0337 2624 SENS - ok
12:36:58.0398 2624 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:36:58.0718 2624 serenum - ok
12:36:58.0878 2624 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
12:36:59.0679 2624 Serial - ok
12:37:04.0156 2624 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys
12:37:04.0196 2624 sfdrv01 - ok
12:37:05.0868 2624 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys
12:37:05.0938 2624 sfhlp02 - ok
12:37:07.0631 2624 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
12:37:08.0342 2624 Sfloppy - ok
12:37:09.0053 2624 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
12:37:10.0295 2624 SharedAccess - ok
12:37:10.0875 2624 ShellHWDetection (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
12:37:10.0896 2624 ShellHWDetection - ok
12:37:12.0067 2624 ShockMgr (482ddb9f0f6d88f0503910e1b9728042) C:\WINDOWS\system32\drivers\ShockMgr.sys
12:37:12.0928 2624 ShockMgr - ok
12:37:13.0499 2624 Shockprf (3d593b089133f134f52d6de29b0d058b) C:\WINDOWS\system32\drivers\Shockprf.sys
12:37:13.0529 2624 Shockprf - ok
12:37:13.0559 2624 Simbad - ok
12:37:13.0619 2624 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:37:13.0680 2624 sisagp - ok
12:37:13.0750 2624 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
12:37:13.0900 2624 Smapint - ok
12:37:14.0270 2624 smwdm (9b8aeed0dc8198efb83d06baf2fab2e2) C:\WINDOWS\system32\drivers\smwdm.sys
12:37:14.0591 2624 smwdm - ok
12:37:14.0931 2624 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:37:14.0971 2624 Sparrow - ok
12:37:15.0192 2624 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
12:37:15.0342 2624 splitter - ok
12:37:15.0412 2624 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
12:37:15.0472 2624 Spooler - ok
12:37:15.0572 2624 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
12:37:15.0592 2624 sr - ok
12:37:15.0813 2624 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\System32\srsvc.dll
12:37:15.0893 2624 srservice - ok
12:37:16.0043 2624 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
12:37:16.0073 2624 Srv - ok
12:37:16.0103 2624 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
12:37:16.0884 2624 SSDPSRV - ok
12:37:17.0335 2624 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:37:17.0415 2624 StillCam - ok
12:37:17.0535 2624 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
12:37:17.0575 2624 stisvc - ok
12:37:17.0645 2624 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:37:18.0326 2624 swenum - ok
12:37:18.0727 2624 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
12:37:18.0767 2624 swmidi - ok
12:37:18.0797 2624 SwPrv - ok
12:37:19.0057 2624 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:37:19.0077 2624 symc810 - ok
12:37:19.0228 2624 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:37:19.0298 2624 symc8xx - ok
12:37:19.0648 2624 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:37:19.0678 2624 sym_hi - ok
12:37:19.0919 2624 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:37:19.0929 2624 sym_u3 - ok
12:37:20.0249 2624 SynTP (58f3288f83a3e8169eeb6a10787c7f2e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:37:20.0469 2624 SynTP - ok
12:37:20.0579 2624 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
12:37:20.0630 2624 sysaudio - ok
12:37:20.0860 2624 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
12:37:21.0631 2624 SysmonLog - ok
12:37:22.0042 2624 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
12:37:22.0152 2624 TapiSrv - ok
12:37:22.0562 2624 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:37:22.0692 2624 Tcpip - ok
12:37:22.0933 2624 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:37:23.0414 2624 TDPIPE - ok
12:37:23.0674 2624 TDSMAPI (139b4d397d51cf60d6585597b1cf2f51) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
12:37:23.0754 2624 TDSMAPI - ok
12:37:23.0954 2624 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
12:37:24.0465 2624 TDTCP - ok
12:37:24.0705 2624 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:37:26.0398 2624 TermDD - ok
12:37:26.0999 2624 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
12:37:27.0279 2624 TermService - ok
12:37:27.0529 2624 Themes (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
12:37:27.0559 2624 Themes - ok
12:37:28.0321 2624 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\System32\tlntsvr.exe
12:37:29.0162 2624 TlntSvr - ok
12:37:30.0143 2624 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:37:30.0143 2624 TosIde - ok
12:37:30.0414 2624 TPHKDRV (1ced468858a1a4611961a24cf9dd05ef) C:\WINDOWS\system32\drivers\TPHKDRV.sys
12:37:31.0325 2624 TPHKDRV - ok
12:37:32.0136 2624 TPPWR (dc5c49a5f38d377f7c9a99a5b0c4d1a0) C:\WINDOWS\system32\drivers\Tppwr.sys
12:37:32.0386 2624 TPPWR - ok
12:37:32.0897 2624 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
12:37:32.0987 2624 TrkWks - ok
12:37:33.0228 2624 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
12:37:33.0398 2624 TSMAPIP - ok
12:37:33.0788 2624 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
12:37:34.0239 2624 Udfs - ok
12:37:34.0680 2624 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:37:34.0870 2624 ultra - ok
12:37:35.0411 2624 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
12:37:35.0721 2624 Update - ok
12:37:36.0783 2624 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
12:37:37.0033 2624 upnphost - ok
12:37:37.0874 2624 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
12:37:38.0065 2624 UPS - ok
12:37:38.0535 2624 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:37:38.0766 2624 usbccgp - ok
12:37:39.0376 2624 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:37:40.0007 2624 usbehci - ok
12:37:40.0849 2624 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:37:41.0449 2624 usbhub - ok
12:37:41.0830 2624 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:37:42.0481 2624 usbprint - ok
12:37:42.0861 2624 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:37:43.0352 2624 usbscan - ok
12:37:43.0733 2624 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:37:44.0684 2624 USBSTOR - ok
12:37:45.0245 2624 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:37:45.0535 2624 usbuhci - ok
12:37:45.0886 2624 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
12:37:46.0266 2624 usb_rndisx - ok
12:37:46.0967 2624 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
12:37:47.0618 2624 VgaSave - ok
12:37:48.0109 2624 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:37:48.0149 2624 viaagp - ok
12:37:48.0269 2624 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:37:48.0339 2624 ViaIde - ok
12:37:48.0500 2624 VMAuthdService (3c9e1ba0c63eecd8b17360344a820bdf) C:\Program Files\VMware\VMware Server\vmware-authd.exe
12:37:48.0510 2624 VMAuthdService - ok
12:37:48.0820 2624 VMnetAdapter (fdfd74ab4d0f27b5d062c2a39cbb6d54) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
12:37:48.0970 2624 VMnetAdapter - ok
12:37:49.0070 2624 VMnetBridge (da9b37f770dab5c19c731b1b2bc691c2) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
12:37:49.0131 2624 VMnetBridge - ok
12:37:49.0211 2624 VMnetDHCP (1fb64701b3b5b82ec196f6c702ec9d0a) C:\WINDOWS\system32\vmnetdhcp.exe
12:37:49.0231 2624 VMnetDHCP - ok
12:37:49.0261 2624 VMnetuserif (e4b6f9785a874aa7d799e7b6d56c9094) C:\WINDOWS\system32\drivers\vmnetuserif.sys
12:37:49.0351 2624 VMnetuserif - ok
12:37:49.0641 2624 vmount2 (ca262338d5f873dbce615c5d996ae4af) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
12:37:49.0651 2624 vmount2 - ok
12:37:50.0112 2624 VMparport (df3bde810abe9e4b7da72c547b1dfecd) C:\WINDOWS\system32\Drivers\VMparport.sys
12:37:50.0312 2624 VMparport - ok
12:37:51.0294 2624 vmserverdWin32 (16574501e06af83d848e8abd5225419a) C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
12:37:51.0474 2624 vmserverdWin32 - ok
12:37:51.0714 2624 VMware NAT Service (82765ecb7c1353b0a13f8960bc4e263a) C:\WINDOWS\system32\vmnat.exe
12:37:51.0724 2624 VMware NAT Service - ok
12:37:51.0894 2624 vmx86 (c138d55d9c59ab4d8628b13714bd3fbc) C:\WINDOWS\system32\Drivers\vmx86.sys
12:37:52.0065 2624 vmx86 - ok
12:37:52.0125 2624 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
12:37:52.0125 2624 VolSnap - ok
12:37:52.0185 2624 vsdatant (d658e49302c382b88c8e9a08e20b2e82) C:\WINDOWS\System32\vsdatant.sys
12:37:52.0405 2624 vsdatant - ok
12:37:52.0585 2624 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
12:37:53.0236 2624 VSS - ok
12:37:53.0377 2624 vstor2 (e3921c60f646744aae6761ead0bc2150) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
12:37:53.0527 2624 vstor2 - ok
12:37:54.0729 2624 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\System32\w32time.dll
12:37:54.0889 2624 W32Time - ok
12:37:55.0169 2624 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:37:55.0420 2624 Wanarp - ok
12:37:55.0960 2624 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
12:37:57.0633 2624 wceusbsh - ok
12:37:58.0474 2624 WDBtnMgrSvc.exe (78fac39d52fd2fc169971986079270da) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
12:37:58.0544 2624 WDBtnMgrSvc.exe - ok
12:37:59.0706 2624 WDICA - ok
12:38:02.0299 2624 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
12:38:02.0380 2624 wdmaud - ok
12:38:02.0720 2624 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
12:38:02.0760 2624 WebClient - ok
12:38:04.0713 2624 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:38:05.0003 2624 winachsf - ok
12:38:05.0224 2624 WinDefend (581061776e1b7c4c7771e97ae5eaf377) C:\Program Files\Windows Defender\MsMpEng.exe
12:38:05.0504 2624 WinDefend - ok
12:38:06.0215 2624 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:38:06.0285 2624 winmgmt - ok
12:38:06.0936 2624 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:38:07.0847 2624 WmdmPmSN - ok
12:38:08.0128 2624 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
12:38:08.0208 2624 Wmi - ok
12:38:08.0438 2624 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:38:10.0481 2624 WmiApSrv - ok
12:38:11.0252 2624 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:38:11.0443 2624 WMPNetworkSvc - ok
12:38:11.0943 2624 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:38:13.0716 2624 WS2IFSL - ok
12:38:14.0587 2624 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
12:38:14.0677 2624 wscsvc - ok
12:38:15.0108 2624 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
12:38:15.0238 2624 wuauserv - ok
12:38:16.0500 2624 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:38:16.0620 2624 WudfPf - ok
12:38:17.0611 2624 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:38:17.0672 2624 WudfRd - ok
12:38:18.0132 2624 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:38:20.0215 2624 WudfSvc - ok
12:38:20.0395 2624 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
12:38:20.0476 2624 WZCSVC - ok
12:38:20.0936 2624 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
12:38:21.0807 2624 xmlprov - ok
12:38:21.0898 2624 MBR (0x1B8) (b0b17de2470979f6aa7d36e451109b01) \Device\Harddisk0\DR0
12:38:21.0918 2624 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:38:21.0918 2624 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:38:21.0958 2624 Boot (0x1200) (fff42e6a89f16721c52c3e8fc2f7fc51) \Device\Harddisk0\DR0\Partition0
12:38:21.0958 2624 \Device\Harddisk0\DR0\Partition0 - ok
12:38:21.0968 2624 ============================================================
12:38:21.0968 2624 Scan finished
12:38:21.0968 2624 ============================================================
12:38:22.0068 7416 Detected object count: 1
12:38:22.0068 7416 Actual detected object count: 1
12:38:37.0961 7416 \Device\Harddisk0\DR0\# - copied to quarantine
12:38:37.0981 7416 \Device\Harddisk0\DR0 - copied to quarantine
12:38:38.0552 7416 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:38:38.0592 7416 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:38:38.0682 7416 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:38:38.0832 7416 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:38:38.0912 7416 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:38:39.0102 7416 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:38:39.0373 7416 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:38:39.0533 7416 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
12:38:39.0773 7416 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:38:40.0024 7416 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:38:40.0234 7416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:38:40.0274 7416 \Device\Harddisk0\DR0 - ok
12:38:40.0304 7416 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:38:47.0384 4348 Deinitialize success

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:21 PM

Posted 05 April 2012 - 12:31 PM

Did the machine get rebooted after that scan?

Run again like this if you havn't...
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Pantsamander

Pantsamander
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 05 April 2012 - 01:18 PM

That seems to have done the job. Google is back to normal.

Thanks for the help!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:21 PM

Posted 05 April 2012 - 01:25 PM

Great! If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users