Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects and large svchost


  • Please log in to reply
14 replies to this topic

#1 footbeat

footbeat

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 06 April 2012 - 03:53 PM

Originally, I was getting redirects to sites like happilli from Google using internet explorer and firefox. This redirected me to a site that automatically loaded Internet Security which I know is malware. I was able to find the path to the executable for this and searched for that in the registry. I removed the registry key and deleted the executable. Then my computer started to be unbearably slow. When looking at the task manager, there is a svchost.exe entry with memory usage of nearly 600Mb.

I ran malwarebytes until I had a clean scan, but after restarting the computer, I still got the redirects and the slowness.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:47 PM

Posted 06 April 2012 - 07:38 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 footbeat

footbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 08 April 2012 - 06:48 PM

Hi Broni,

Thanks for taking a look at my problem. Sorry about taking so long to post a response... with Easter and all, it has been a hectic weekend. I've posted all that you asked for. I've had to comment out some of the installed programs because they are proprietary in the Results.txt from the MiniToolBox scan. If you need to see these, I can PM them to you, but I don't think I can do it publicly. I have replaced these with hash symbols like this... ######

Thanks again

contents of checkup.txt==================================================================
notcheckup25.txt
``````````End of Log````````````

contents of FSS.txt======================================================================
Farbar Service Scanner Version: 01-03-2012
Ran by michaell (administrator) on 07-04-2012 at 18:08:19
Running from "C:\Documents and Settings\michaell\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(13) Eacfilt(12) FW1(8) Gpc(6) IPSec(4) IPSECEXT(10) IPSECSHM(11) NEOFLTR_600_13705(16) NetBT(5) Odptdi(15) PSched(7) SYMTDI(9) Tcpip(3) tcpipBM(17) VPCNetS2(14)
0x1300000004000000010000000200000003000000090000001300000011000000100000000F000000050000000600000007000000080000000A0000000B0000000C0000000D0000000E00000012000000
IpSec Tag value is correct.

**** End of log ****

contents of Result.txt===================================================================
MiniToolBox by Farbar Version: 18-01-2012
Ran by michaell (administrator) on 07-04-2012 at 18:11:19
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: firewall.#######.com:80

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 9 (Disconnected)
Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Intel® 82567LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Bluetooth LAN Access Server Driver = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "{DA912DCD-5275-45D8-9E94-5C574C1DF7D3}"

set address name="{DA912DCD-5275-45D8-9E94-5C574C1DF7D3}" source=static addr=0.0.0.0 mask=0.0.0.0
set dns name="{DA912DCD-5275-45D8-9E94-5C574C1DF7D3}" source=static addr=none register=PRIMARY
set wins name="{DA912DCD-5275-45D8-9E94-5C574C1DF7D3}" source=static addr=none

# Interface IP Configuration for "{EF6EF121-4A84-455F-8CC8-D7B8921BD619}"

set address name="{EF6EF121-4A84-455F-8CC8-D7B8921BD619}" source=dhcp
set dns name="{EF6EF121-4A84-455F-8CC8-D7B8921BD619}" source=dhcp register=NONE
set wins name="{EF6EF121-4A84-455F-8CC8-D7B8921BD619}" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : ############

Primary Dns Suffix . . . . . . . : #########

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : ###########

########

#########

###########

############

################

################



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN

Physical Address. . . . . . . . . : 00-22-FA-47-52-EE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Saturday, April 07, 2012 5:58:16 PM

Lease Expires . . . . . . . . . . : Sunday, April 08, 2012 5:58:16 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® 82567LM Gigabit Network Connection

Physical Address. . . . . . . . . : 00-24-7E-10-52-A3



Ethernet adapter {DA912DCD-5275-45D8-9E94-5C574C1DF7D3}:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Nortel IPSECSHM Adapter - SecuRemote Miniport

Physical Address. . . . . . . . . : 44-45-53-54-42-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :



Ethernet adapter {EF6EF121-4A84-455F-8CC8-D7B8921BD619}:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Check Point Virtual Network Adapter For SecureClient - SecuRemote Miniport

Physical Address. . . . . . . . . : 54-FB-08-B3-07-03



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

Physical Address. . . . . . . . . : 00-23-4D-F5-C6-05

Server: UnKnown
Address: 192.168.1.1

Name: google.com.#########
Address: 67.63.55.3



Pinging google.com [173.194.43.37] with 32 bytes of data:



Reply from 173.194.43.37: bytes=32 time=17ms TTL=55

Reply from 173.194.43.37: bytes=32 time=14ms TTL=55



Ping statistics for 173.194.43.37:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 17ms, Average = 15ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com.###########
Address: 67.63.55.3



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=106ms TTL=51

Reply from 72.30.38.140: bytes=32 time=94ms TTL=50



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 94ms, Maximum = 106ms, Average = 100ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 22 fa 47 52 ee ...... Intel® WiFi Link 5100 AGN - SecuRemote Miniport
0x3 ...00 24 7e 10 52 a3 ...... Intel® 82567LM Gigabit Network Connection - SecuRemote Miniport
0x4 ...44 45 53 54 42 00 ...... Nortel IPSECSHM Adapter - SecuRemote Miniport
0x10006 ...54 fb 08 b3 07 03 ...... Check Point Virtual Network Adapter For SecureClient - SecuRemote Miniport
0x20007 ...00 23 4d f5 c6 05 ...... Bluetooth LAN Access Server Driver - SecuRemote Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 25
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 25
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 25
255.255.255.255 255.255.255.255 192.168.1.3 20007 1
255.255.255.255 255.255.255.255 192.168.1.3 10006 1
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
255.255.255.255 255.255.255.255 192.168.1.3 3 1
255.255.255.255 255.255.255.255 192.168.1.3 4 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 02 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [71032] (Juniper Networks)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [71032] (Juniper Networks)
Catalog9 01 bmnet.dll [File Not found] ()
Catalog9 02 bmnet.dll [File Not found] ()
Catalog9 03 bmnet.dll [File Not found] ()
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/06/2012 05:28:26 PM) (Source: Communicator) (User: )
Description: Communicator was unable to resolve the DNS hostname of the login server ################.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for ########### because it could not be resolved.

Error: (04/06/2012 05:28:26 PM) (Source: Communicator) (User: )
Description: Communicator was unable to resolve the DNS hostname of the login server ################.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for ############# because it could not be resolved.

Error: (04/06/2012 01:28:08 PM) (Source: Communicator) (User: )
Description: Communicator was unable to resolve the DNS hostname of the login server ################.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for ############# because it could not be resolved.

Error: (04/06/2012 10:58:38 AM) (Source: ###########) (User: )
Description: user messages:
COM Error. COM Source: Microsoft OLE DB Provider for ODBC Drivers. COM Error message: Unspecified error. COM Description: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified.
technical messages:
{Repository manager:}Function: RepositoryHandle::Init.
{Distribution Object:} Function: DatabaseADO::Connect.
COM Error. COM Source: Microsoft OLE DB Provider for ODBC Drivers. COM Error message: Unspecified error. COM Description: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified.

Error: (04/06/2012 10:58:38 AM) (Source: ###########) (User: )
Description: user messages:
COM Error. COM Source: Microsoft OLE DB Provider for ODBC Drivers. COM Error message: Unspecified error. COM Description: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified.
technical messages:
{Repository manager:}Function: RepositoryHandle::Init.
{Distribution Object:} Function: DatabaseADO::Connect.
COM Error. COM Source: Microsoft OLE DB Provider for ODBC Drivers. COM Error message: Unspecified error. COM Description: [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified.

Error: (04/06/2012 10:58:31 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (04/05/2012 09:07:09 PM) (Source: Communicator) (User: )
Description: Communicator was unable to resolve the DNS hostname of the login server ################.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for ########### because it could not be resolved.

Error: (04/05/2012 09:06:56 PM) (Source: Communicator) (User: )
Description: Communicator was unable to resolve the DNS hostname of the login server ################.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for ########### because it could not be resolved.

Error: (04/05/2012 09:06:56 PM) (Source: Communicator) (User: )
Description: Communicator was unable to resolve the DNS hostname of the login server ################.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for ########### because it could not be resolved.

Error: (04/05/2012 09:05:58 PM) (Source: Communicator) (User: )
Description: Communicator was unable to resolve the DNS hostname of the login server ################.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for ############### because it could not be resolved.


System errors:
=============
Error: (04/07/2012 05:57:38 PM) (Source: DCOM) (User: SYSTEM)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2012 05:49:34 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (04/07/2012 05:49:12 PM) (Source: DCOM) (User: SYSTEM)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2012 05:48:24 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
oreans32

Error: (04/07/2012 05:47:53 PM) (Source: Service Control Manager) (User: )
Description: The ############################################ terminated with the following error:
%%4294967295

Error: (04/07/2012 05:47:05 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain ####### due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (04/06/2012 07:05:22 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain ####### due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (04/06/2012 06:31:51 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (04/06/2012 06:31:14 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register with DCOM within the required timeout.

Error: (04/06/2012 06:31:11 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (02/15/2012 10:14:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 218079 seconds with 12300 seconds of active time. This session ended with a crash.

Error: (11/09/2011 09:51:12 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 164799 seconds with 6660 seconds of active time. This session ended with a crash.

Error: (09/07/2011 04:05:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 11541 seconds with 480 seconds of active time. This session ended with a crash.

Error: (09/07/2011 00:26:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 73073 seconds with 540 seconds of active time. This session ended with a crash.

Error: (09/01/2011 06:01:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 42443 seconds with 5460 seconds of active time. This session ended with a crash.

Error: (07/21/2011 05:53:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 287638 seconds with 6960 seconds of active time. This session ended with a crash.

Error: (06/24/2011 01:39:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 93991 seconds with 3840 seconds of active time. This session ended with a crash.

Error: (04/20/2011 11:15:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30138 seconds with 180 seconds of active time. This session ended with a crash.

Error: (03/24/2011 03:18:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22576 seconds with 1080 seconds of active time. This session ended with a crash.

Error: (09/27/2010 03:32:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7981 seconds with 180 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 8.1.1)
7-Zip 9.20
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
##########################################
########################################################
############################################
####################################################
##################################################
####################################################
##################################################
##################################################
##################################################
##################################################
##################################################
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
AIS Server 4
Altova XMLSpy® 2010 rel. 2 Enterprise Edition (Version: 2010.02.00)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
AT&T Conferencing Outlook Add-in v9.0.72 (Version: 9.0.72)
AT&T Connect Participant Application v9.0.82 (Version: 9.0.82)
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.008.0818.2240)
ATI Display Driver (Version: 8.503.2.2-080818a-069536C-Lenovo)
Aventail Access Manager (Version: 8.81.205)
Aventail Connect (Version: 9.1.7)
Aventail OnDemand Proxy Agent (Version: 10.2.38)
Aventail Web Proxy Agent (Version: 10.2.38)
Aventail Webifiers (Version: 10.2.38)
Beyond Compare Version 3.1.11
Bing Bar (Version: 7.0.609.0)
Canon iP2600 series
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0818.2241.38746)
Catalyst Control Center Graphics Full Existing (Version: 2008.0818.2241.38746)
Catalyst Control Center Graphics Full New (Version: 2008.0818.2241.38746)
Catalyst Control Center Graphics Light (Version: 2008.0818.2241.38746)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0818.2241.38746)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0818.2241.38746)
Catalyst Control Center Localization Dutch (Version: 2008.0818.2241.38746)
Catalyst Control Center Localization French (Version: 2008.0818.2241.38746)
Catalyst Control Center Localization German (Version: 2008.0818.2241.38746)
Catalyst Control Center Localization Italian (Version: 2008.0818.2241.38746)
Catalyst Control Center Localization Japanese (Version: 2008.0818.2241.38746)
Catalyst Control Center Localization Korean (Version: 2008.0818.2241.38746)
Catalyst Control Center Localization Portuguese (Version: 2008.0818.2241.38746)
Catalyst Control Center Localization Spanish (Version: 2008.0818.2241.38746)
Catalyst Control Center Localization Swedish (Version: 2008.0818.2241.38746)
ccc-core-preinstall (Version: 2008.0818.2241.38746)
ccc-core-static (Version: 2008.0818.2241.38746)
ccc-utility (Version: 2008.0818.2241.38746)
CCC Help Chinese Standard (Version: 2008.0818.2240.38746)
CCC Help Chinese Traditional (Version: 2008.0818.2240.38746)
CCC Help Dutch (Version: 2008.0818.2240.38746)
CCC Help English (Version: 2008.0818.2240.38746)
CCC Help French (Version: 2008.0818.2240.38746)
CCC Help German (Version: 2008.0818.2240.38746)
CCC Help Italian (Version: 2008.0818.2240.38746)
CCC Help Japanese (Version: 2008.0818.2240.38746)
CCC Help Korean (Version: 2008.0818.2240.38746)
CCC Help Portuguese (Version: 2008.0818.2240.38746)
CCC Help Spanish (Version: 2008.0818.2240.38746)
CCC Help Swedish (Version: 2008.0818.2240.38746)
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2 (Version: 1.00.0000)
Cisco Systems VPN Client 5.0.05.0290 (Version: 5.0.5)
Cisco WebEx Meetings
Citrix online plug-in (Web) (Version: 11.2.0.31560)
Citrix Presentation Server Client (Version: 10.00.52110)
CollectIT Service (Version: 3.3.18)
Conexant HD Audio (Version: 3.53.0.0)
Configuration Manager Client (Version: 4.00.6487.2000)
CorrectAddress v5.0 Development (Version: 5.0)
DirectXInstallService (Version: 9.0.2)
Drag-to-Disc (Version: 9.05)
ESET Online Scanner v3
FileZilla Client 3.5.0 (Version: 3.5.0)
GDR 3080 for SQL Server Analysis Services 2005 ENU (KB970895) (Version: 9.2.3080)
GDR 3080 for SQL Server Database Services 2005 ENU (KB970895) (Version: 9.2.3080)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
High Availability Tester (Version: 1.0.0)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HTTP Analyzer V5.1.1 (Version: 5.1.1)
HTTP Analyzer V6.1.1 (Version: 6.1.1)
iLinc Client
InstallVC90Support (Version: 1.01.0000)
Intel PROSet Wireless
Intel® Management Engine Interface
Intel® Network Connections Drivers
Intel® PROSet/Wireless WiFi Software (Version: 12.01.1000)
Intel® Active Management Technology
Intel® Trusted Platform Module
Internet Explorer (Version: 8)
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1243)
IP Office User Suite (Version: 4.1.17)
J2SE Development Kit 5.0 Update 22 (Version: 1.5.0.220)
J2SE Runtime Environment 5.0 Update 22 (Version: 1.5.0.220)
Java Auto Updater (Version: 2.0.4.1)
Java DB 10.6.2.1 (Version: 10.6.2.1)
Java™ 6 Update 25 (Version: 6.0.250)
Java™ SE Development Kit 6 Update 25 (Version: 1.6.0.250)
Juniper Networks Cache Cleaner 6.0.0 (Version: 6.0.0.13705)
Juniper Networks Secure Application Manager (Version: 6.0.0.13705)
Just Great Software EditPad Pro 7 DEMO 7.0.2 (Version: DEMO 7.0.2)
KODAK EASYSHARE Gallery Upload ActiveX Control
Lenovo Fingerprint Software (Version: 3.2.0.275)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.61)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Compact Framework 1.0 SP3 Developer (Version: 1.0.4292)
Microsoft .NET Compact Framework 2.0 (Version: 2.0.5238)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Baseline Security Analyzer 2.1 (Version: 2.1.0000)
Microsoft Calculator Plus (Version: 1.0.0)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Device Emulator version 1.0 - ENU (Version: 1.0.50727.42)
Microsoft Document Explorer 2005 (Version: 8.0.50727.42)
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Communicator 2007 R2 (Version: 3.5.6907.221)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 (Version: 9.2.3042.00)
Microsoft SQL Server 2005 Analysis Services (Version: 9.2.3042.00)
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.2312)
Microsoft SQL Server 2005 Books Online (English) (Version: 9.00.1399.06)
Microsoft SQL Server 2005 Integration Services (Version: 9.3.4035.00)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (Version: 3.0.0.0)
Microsoft SQL Server 2005 Notification Services (Version: 9.3.4035.00)
Microsoft SQL Server 2005 Tools (Version: 9.3.4035.00)
Microsoft SQL Server 2005
Microsoft SQL Server 2008 BI Development Studio (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Client Tools (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Management Studio (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Policies (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Setup Support Files (English) (Version: 10.0.1600.22)
Microsoft SQL Server 2008
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 Query Tools English (Version: 3.5.5692.0)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft Virtual PC 2007 (Version: 6.0.156.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Premier Partner Edition - ENU (Version: 8.0.50728)
Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601) (Version: 1)
Microsoft Visual Studio 2005 Professional Edition - ENU (Version: 8.0.50728)
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) (Version: 1)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60891.0)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack (Version: 8.0.50727.42)
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
MiKTeX 2.8 (Version: 2.8)
Move Media Player
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSDN Library for Visual Studio 2005 (Version: 8.0.50727.42)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Notepad++ (Version: 5.6.8)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Ogg Codecs 0.81.15562 (Version: 0.81.15562)
On Screen Display (Version: 5.13.01)
OpenSSL 1.0.0d (32-bit)
Oracle Data Provider for .NET Help (Version: 11.1.0600)
Oracle Fusion Middleware 11.1.1.0.2
PC-Doctor 5 for Windows (Version: 5.1.4957.02)
PDFCreator (Version: 0.9.6)
PDFCreator Toolbar (Version: 3.3.0.1)
PhoneManager (Version: 4.1.17)
Picasa 3 (Version: 3.8)
Presentation Director (Version: 4.00a)
Productivity Center Supplement for ThinkPad (Version: 3.00b)
Python 3.2.2 (Version: 3.2.2150)
QuickTime (Version: 7.69.80.9)
RDC
Rescue and Recovery (Version: 4.21.0016.00)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (Version: 3.54.02)
RTC Client API v1.2 (Version: 1.2.0000)
Showcase 5 (Version: 1.01)
Showcase 5 (Version: v1.01)
Skins (Version: 2008.0818.2241.38746)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
SoftConsole (Version: 4.1.6)
Sonic Icons for Lenovo (Version: 2.0.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Sprint SmartView (Version: 2.40.0040.0)
SQL Server System CLR Types (Version: 10.0.1600.22)
SQLXML4 (Version: 9.00.4035.00)
Symantec Endpoint Protection (Version: 11.0.2010.25)
System Update (Version: 3.14.0019)
TAPI (Version: 3.2.14)
tcpmon latest release
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 5.5.0.3100)
ThinkPad EasyEject Utility (Version: 2.36)
ThinkPad FullScreen Magnifier (Version: 2.03)
ThinkPad Modem Adapter (Version: 7.73.00)
ThinkPad PC Card Power Policy (Version: 1.02)
ThinkPad Power Management Driver (Version: 1.45)
ThinkPad Power Manager (Version: 1.46)
ThinkPad UltraNav Driver (Version: 15.0.18.0)
ThinkPad UltraNav Utility (Version: 2.04)
ThinkVantage Productivity Center (Version: 3.02)
ThinkVantage Technologies Welcome Message (Version: 1.20)
Trojan Killer (Version: 2.1.2.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2264107) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
User Profile Hive Cleanup Service (Version: 1.6.30)
Visual Studio 2005 Tools for Office Second Edition Runtime
Wallpapers
WebFldrs XP (Version: 9.50.7523)
WIMGAPI (Version: 1.0.0.0)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37) (Version: 10/02/2008 8.1.2.37)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Management Framework Core
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Resource Kit Tools (Version: 5.2.3790)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR archiver
Wireshark 1.4.1 (Version: 1.4.1)
XML Notepad 2007 (Version: 2.3.0.0)
XP Themes (Version: 1.00.0000)

========================= Devices: ================================

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 95%
Total physical RAM: 2025.92 MB
Available physical RAM: 85.56 MB
Total Pagefile: 3917.94 MB
Available Pagefile: 1693.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.33 MB

========================= Partitions: =====================================

1 Drive c: (Preload) (Fixed) (Total:143.22 GB) (Free:44.12 GB) NTFS

========================= Users: ========================================

User accounts for \\NYLTMICHAELL

ASPNET Guest HelpAssistant
nysupport SUPPORT_388945a0


**** End of log ****

contents of mbam-log-2012-04-07==========================================================
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.07.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
michaell :: NYLTMICHAELL [administrator]

4/7/2012 6:51:42 PM
mbam-log-2012-04-07 (18-51-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 340634
Time elapsed: 1 hour(s), 24 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

contents of aswMBR.txt===================================================================
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-08 16:08:56
-----------------------------
16:08:56.078 OS Version: Windows 5.1.2600 Service Pack 3
16:08:56.078 Number of processors: 2 586 0x1706
16:08:56.078 ComputerName: NYLTMICHAELL UserName: michaell
16:09:02.953 Initialize success
16:10:26.062 AVAST engine defs: 12040801
16:11:16.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:11:16.078 Disk 0 Vendor: HITACHI_ FC2Z Size: 152627MB BusType: 3
16:11:16.093 Disk 0 MBR read successfully
16:11:16.093 Disk 0 MBR scan
16:11:16.203 Disk 0 MBR:Alureon-M [Rtk]
16:11:16.218 Disk 0 TDL4@MBR code has been found
16:11:16.218 Disk 0 Windows XP default MBR code found via API
16:11:16.218 Disk 0 MBR hidden
16:11:16.250 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 146656 MB offset 2048
16:11:16.296 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 5969 MB offset 300353536
16:11:16.312 Disk 0 MBR [TDL4] **ROOTKIT**
16:11:16.312 Disk 0 trace - called modules:
16:11:16.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89e4f49f]<<
16:11:16.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8d3030]
16:11:16.328 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000cf[0x8a8d7a00]
16:11:16.343 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a8d4028]
16:11:16.343 \Driver\iaStor[0x89ed4178] -> IRP_MJ_CREATE -> 0x89e4f49f
16:11:19.281 AVAST engine scan C:\WINDOWS
16:12:26.187 AVAST engine scan C:\WINDOWS\system32
16:36:20.859 AVAST engine scan C:\WINDOWS\system32\drivers
16:37:32.734 AVAST engine scan C:\Documents and Settings\michaell
16:55:14.093 File: C:\Documents and Settings\michaell\Local Settings\temp\nsq1F.tmp\tceskqa.dll **INFECTED** Win32:Trojan-gen
17:35:10.187 AVAST engine scan C:\Documents and Settings\All Users
17:37:20.875 Scan finished successfully
18:37:04.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\michaell\Desktop\MBR.dat"
18:37:04.109 The log file has been saved successfully to "C:\Documents and Settings\michaell\Desktop\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:47 PM

Posted 08 April 2012 - 08:43 PM

Security Check log is incomplete.
Please repost it.

Then....

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 footbeat

footbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 09 April 2012 - 07:45 AM

The security check log is being generated as I have posted it. I ran it again and it still comes out the same.

Here is the TDSKiller log

contents of TDSKiller_log.txt============================================================
06:26:46.0000 5132 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
06:26:46.0281 5132 ============================================================
06:26:46.0281 5132 Current date / time: 2012/04/09 06:26:46.0281
06:26:46.0281 5132 SystemInfo:
06:26:46.0281 5132
06:26:46.0281 5132 OS Version: 5.1.2600 ServicePack: 3.0
06:26:46.0281 5132 Product type: Workstation
06:26:46.0281 5132 ComputerName: NYLTMICHAELL
06:26:46.0281 5132 UserName: michaell
06:26:46.0281 5132 Windows directory: C:\WINDOWS
06:26:46.0281 5132 System windows directory: C:\WINDOWS
06:26:46.0281 5132 Processor architecture: Intel x86
06:26:46.0281 5132 Number of processors: 2
06:26:46.0281 5132 Page size: 0x1000
06:26:46.0281 5132 Boot type: Normal boot
06:26:46.0281 5132 ============================================================
06:26:48.0187 5132 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
06:26:48.0203 5132 \Device\Harddisk0\DR0:
06:26:48.0203 5132 MBR used
06:26:48.0203 5132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11E70000
06:26:48.0312 5132 Initialize success
06:26:48.0312 5132 ============================================================
06:26:49.0796 6328 ============================================================
06:26:49.0796 6328 Scan started
06:26:49.0796 6328 Mode: Manual;
06:26:49.0796 6328 ============================================================
06:26:56.0375 6328 Abiosdsk - ok
06:26:56.0421 6328 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
06:26:56.0484 6328 abp480n5 - ok
06:26:56.0593 6328 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
06:26:56.0609 6328 ac97intc - ok
06:26:56.0718 6328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:26:56.0718 6328 ACPI - ok
06:26:56.0890 6328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
06:26:56.0906 6328 ACPIEC - ok
06:26:57.0015 6328 ############################## - ok
06:26:57.0078 6328 ADMonitor (fb0be3b9ebc6219270e7e507582cf0ff) C:\WINDOWS\system32\ADMonitor.exe
06:26:57.0203 6328 ADMonitor - ok
06:26:57.0328 6328 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
06:26:57.0328 6328 adpu160m - ok
06:26:57.0406 6328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:26:57.0406 6328 aec - ok
06:26:57.0484 6328 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:26:57.0500 6328 AFD - ok
06:26:57.0515 6328 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
06:26:57.0515 6328 agp440 - ok
06:26:57.0765 6328 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
06:26:57.0781 6328 agpCPQ - ok
06:26:57.0953 6328 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
06:26:57.0968 6328 Aha154x - ok
06:26:58.0015 6328 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
06:26:58.0031 6328 aic78u2 - ok
06:26:58.0281 6328 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
06:26:58.0328 6328 aic78xx - ok
06:26:58.0406 6328 ##################### - ok
06:26:59.0718 6328 ####################### (7ee454315861b7b9c65a059b964e7008) C:\Program Files\##################################
06:27:02.0171 6328 ####################### - ok
06:27:02.0250 6328 ############# - ok
06:27:02.0906 6328 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
06:27:02.0968 6328 Alerter - ok
06:27:03.0203 6328 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
06:27:03.0203 6328 ALG - ok
06:27:03.0562 6328 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
06:27:04.0062 6328 AliIde - ok
06:27:04.0703 6328 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
06:27:04.0765 6328 alim1541 - ok
06:27:05.0093 6328 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
06:27:05.0109 6328 amdagp - ok
06:27:05.0656 6328 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
06:27:05.0687 6328 amsint - ok
06:27:05.0828 6328 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
06:27:06.0203 6328 AppMgmt - ok
06:27:06.0562 6328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:27:06.0593 6328 Arp1394 - ok
06:27:06.0765 6328 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
06:27:06.0781 6328 asc - ok
06:27:07.0156 6328 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
06:27:07.0187 6328 asc3350p - ok
06:27:07.0343 6328 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
06:27:07.0484 6328 asc3550 - ok
06:27:07.0812 6328 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:27:08.0109 6328 aspnet_state - ok
06:27:08.0515 6328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:27:08.0593 6328 AsyncMac - ok
06:27:08.0718 6328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:27:08.0921 6328 atapi - ok
06:27:09.0187 6328 Atdisk - ok
06:27:09.0500 6328 Ati HotKey Poller (c3950b07d50e469e4b94c8f738469ad7) C:\WINDOWS\system32\Ati2evxx.exe
06:27:09.0593 6328 Ati HotKey Poller - ok
06:27:10.0828 6328 ati2mtag (1e980a3848067cc5f5d2212f7f7510d8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
06:27:12.0421 6328 ati2mtag - ok
06:27:12.0890 6328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:27:13.0000 6328 Atmarpc - ok
06:27:13.0625 6328 ATService (6a0f37bc6e960e4baa47048d6d877d3c) C:\WINDOWS\system32\AtService.exe
06:27:14.0265 6328 ATService - ok
06:27:14.0953 6328 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
06:27:15.0687 6328 ATSwpWDF - ok
06:27:16.0109 6328 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
06:27:16.0109 6328 AudioSrv - ok
06:27:16.0546 6328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:27:16.0546 6328 audstub - ok
06:27:16.0859 6328 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
06:27:17.0500 6328 BBSvc - ok
06:27:18.0359 6328 bcm (14196079dddd871d8ba6c406c15c3f4a) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
06:27:18.0937 6328 bcm - ok
06:27:19.0890 6328 bcmbusctr (360c731bd6537c635c8d15b2f0d49669) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
06:27:20.0031 6328 bcmbusctr - ok
06:27:20.0296 6328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:27:20.0296 6328 Beep - ok
06:27:20.0906 6328 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
06:27:21.0125 6328 BITS - ok
06:27:21.0640 6328 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\WINDOWS\system32\drivers\BMLoad.sys
06:27:21.0687 6328 BMLoad - ok
06:27:21.0937 6328 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
06:27:22.0015 6328 Browser - ok
06:27:22.0625 6328 btaudio (ddefeec7e06adbbcf4a270bc297a3199) C:\WINDOWS\system32\drivers\btaudio.sys
06:27:23.0015 6328 btaudio - ok
06:27:23.0343 6328 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
06:27:23.0375 6328 BTDriver - ok
06:27:24.0171 6328 BTKRNL (c845ea0e2a968f4a954c780cf2155452) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
06:27:24.0437 6328 BTKRNL - ok
06:27:24.0828 6328 btwdins (5032935483b572b5294995d7083b4bc5) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
06:27:24.0859 6328 btwdins - ok
06:27:25.0328 6328 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
06:27:25.0828 6328 BTWDNDIS - ok
06:27:26.0312 6328 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
06:27:26.0437 6328 BTWUSB - ok
06:27:26.0609 6328 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
06:27:26.0640 6328 BVRPMPR5 - ok
06:27:26.0859 6328 catchme - ok
06:27:27.0250 6328 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
06:27:27.0328 6328 cbidf - ok
06:27:27.0640 6328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:27:27.0640 6328 cbidf2k - ok
06:27:27.0812 6328 ccEvtMgr (673d6de6d6e9d50cd5e9c78f0c916cb8) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
06:27:27.0828 6328 ccEvtMgr - ok
06:27:28.0296 6328 CcmExec (a454a9baa25b8c8e76735dd86bd4b017) C:\WINDOWS\system32\CCM\CcmExec.exe
06:27:28.0671 6328 CcmExec - ok
06:27:29.0203 6328 ccSetMgr (673d6de6d6e9d50cd5e9c78f0c916cb8) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
06:27:29.0250 6328 ccSetMgr - ok
06:27:29.0640 6328 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
06:27:29.0953 6328 cd20xrnt - ok
06:27:30.0234 6328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:27:30.0250 6328 Cdaudio - ok
06:27:30.0703 6328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:27:30.0718 6328 Cdfs - ok
06:27:30.0968 6328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:27:31.0859 6328 Cdrom - ok
06:27:32.0281 6328 Changer - ok
06:27:32.0484 6328 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
06:27:32.0531 6328 CiSvc - ok
06:27:32.0578 6328 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
06:27:32.0609 6328 ClipSrv - ok
06:27:32.0828 6328 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:27:33.0484 6328 clr_optimization_v2.0.50727_32 - ok
06:27:33.0890 6328 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:27:33.0906 6328 CmBatt - ok
06:27:34.0218 6328 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
06:27:34.0281 6328 CmdIde - ok
06:27:34.0796 6328 CnxtHdAudService (d0c7315ad6f3f573ef9ba5812432c9d4) C:\WINDOWS\system32\drivers\CHDAU32.sys
06:27:35.0156 6328 CnxtHdAudService - ok
06:27:35.0296 6328 CollectIT (23009c0fd38e3584b3bf2678c8dcb772) C:\Program Files\OptimizeIT\CollectIT Service\ServiceHost.exe
06:27:35.0312 6328 CollectIT - ok
06:27:35.0765 6328 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:27:36.0031 6328 Compbatt - ok
06:27:36.0156 6328 COMSysApp - ok
06:27:36.0296 6328 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
06:27:36.0328 6328 Cpqarray - ok
06:27:36.0843 6328 CP_OMDRV (7f1706911862276f5144984d07ba9e3b) C:\WINDOWS\system32\drivers\omdrv.sys
06:27:36.0859 6328 CP_OMDRV - ok
06:27:37.0093 6328 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
06:27:37.0109 6328 CryptSvc - ok
06:27:37.0468 6328 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
06:27:37.0500 6328 CVirtA - ok
06:27:38.0062 6328 CVPND (5ce32922f8f74a0d2d6ecc30cdad01e0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
06:27:38.0953 6328 CVPND - ok
06:27:39.0453 6328 CVPNDRVA (d46b2e0eeaf349f2085f8b164e462156) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
06:27:39.0531 6328 CVPNDRVA - ok
06:27:40.0000 6328 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
06:27:40.0125 6328 dac2w2k - ok
06:27:40.0703 6328 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
06:27:40.0796 6328 dac960nt - ok
06:27:41.0109 6328 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
06:27:41.0281 6328 DcomLaunch - ok
06:27:41.0625 6328 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
06:27:41.0687 6328 Dhcp - ok
06:27:42.0000 6328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:27:42.0109 6328 Disk - ok
06:27:42.0687 6328 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
06:27:42.0687 6328 DLABMFSM - ok
06:27:43.0015 6328 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
06:27:43.0015 6328 DLABOIOM - ok
06:27:43.0578 6328 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
06:27:43.0625 6328 DLACDBHM - ok
06:27:44.0062 6328 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS
06:27:44.0062 6328 DLADResM - ok
06:27:44.0359 6328 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
06:27:44.0421 6328 DLAIFS_M - ok
06:27:44.0578 6328 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
06:27:44.0578 6328 DLAOPIOM - ok
06:27:44.0796 6328 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
06:27:44.0796 6328 DLAPoolM - ok
06:27:45.0093 6328 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
06:27:45.0109 6328 DLARTL_M - ok
06:27:45.0250 6328 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
06:27:45.0281 6328 DLAUDFAM - ok
06:27:45.0546 6328 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
06:27:45.0906 6328 DLAUDF_M - ok
06:27:46.0015 6328 dmadmin - ok
06:27:46.0312 6328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:27:46.0984 6328 dmboot - ok
06:27:47.0781 6328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:27:48.0109 6328 dmio - ok
06:27:48.0781 6328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:27:48.0984 6328 dmload - ok
06:27:49.0203 6328 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
06:27:49.0218 6328 dmserver - ok
06:27:49.0781 6328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:27:49.0828 6328 DMusic - ok
06:27:50.0093 6328 DNE (694616f813fb627a32c9e32dec133078) C:\WINDOWS\system32\DRIVERS\dne2000.sys
06:27:50.0140 6328 DNE - ok
06:27:50.0578 6328 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
06:27:50.0593 6328 Dnscache - ok
06:27:50.0875 6328 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
06:27:51.0031 6328 Dot3svc - ok
06:27:51.0296 6328 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
06:27:51.0328 6328 dpti2o - ok
06:27:51.0781 6328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:27:51.0843 6328 drmkaud - ok
06:27:52.0500 6328 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
06:27:52.0812 6328 DRVMCDB - ok
06:27:53.0468 6328 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
06:27:53.0515 6328 DRVNDDM - ok
06:27:53.0812 6328 dtsvc (13f36b3cb0f73ad0a0b89a6afec97954) C:\WINDOWS\system32\DTS.exe
06:27:53.0843 6328 dtsvc - ok
06:27:54.0187 6328 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
06:27:54.0328 6328 E100B - ok
06:27:54.0796 6328 e1yexpress (340b96044611f8d7ec2514a989d6e5f7) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
06:27:55.0109 6328 e1yexpress - ok
06:27:55.0437 6328 Eacfilt (ef61caabcbc8f7992accec153b9bbf41) C:\WINDOWS\system32\DRIVERS\eacfilt.sys
06:27:55.0453 6328 Eacfilt - ok
06:27:55.0703 6328 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
06:27:55.0734 6328 EapHost - ok
06:27:56.0062 6328 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
06:27:56.0218 6328 eeCtrl - ok
06:27:56.0515 6328 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
06:27:56.0562 6328 EraserUtilRebootDrv - ok
06:27:56.0875 6328 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
06:27:56.0875 6328 ERSvc - ok
06:27:57.0109 6328 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:27:57.0125 6328 Eventlog - ok
06:27:57.0546 6328 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
06:27:57.0812 6328 EventSystem - ok
06:27:58.0562 6328 EvtEng (ba6063e3375f9bc11a9c8450a7f61e70) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
06:27:58.0796 6328 EvtEng - ok
06:27:59.0093 6328 ExtranetAccess (9c05985861e6e4e80271ea5da047c90b) C:\Program Files\Metavante VPN Client\Extranet_serv.exe
06:27:59.0937 6328 ExtranetAccess - ok
06:28:00.0390 6328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:28:00.0687 6328 Fastfat - ok
06:28:01.0093 6328 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:28:01.0140 6328 FastUserSwitchingCompatibility - ok
06:28:01.0312 6328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:28:01.0375 6328 Fdc - ok
06:28:01.0609 6328 FingerprintServer (d28b93001f499f102fffc6e73b4434a3) C:\WINDOWS\system32\FpLogonServ.exe
06:28:01.0796 6328 FingerprintServer - ok
06:28:02.0171 6328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:28:02.0203 6328 Fips - ok
06:28:02.0359 6328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:28:02.0421 6328 Flpydisk - ok
06:28:02.0593 6328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:28:02.0734 6328 FltMgr - ok
06:28:03.0140 6328 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:28:03.0203 6328 FontCache3.0.0.0 - ok
06:28:03.0437 6328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:28:03.0593 6328 Fs_Rec - ok
06:28:03.0765 6328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:28:03.0843 6328 Ftdisk - ok
06:28:04.0640 6328 FW1 (e03a6d546c2cccfcf07ae8a1a0a9347d) C:\WINDOWS\system32\DRIVERS\fw.sys
06:28:06.0109 6328 FW1 - ok
06:28:06.0984 6328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:28:07.0015 6328 Gpc - ok
06:28:07.0453 6328 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
06:28:07.0578 6328 gupdate - ok
06:28:07.0625 6328 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
06:28:07.0625 6328 gupdatem - ok
06:28:07.0859 6328 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
06:28:08.0046 6328 gusvc - ok
06:28:08.0406 6328 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:28:08.0484 6328 HDAudBus - ok
06:28:08.0671 6328 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys
06:28:08.0718 6328 HECI - ok
06:28:09.0093 6328 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:28:09.0109 6328 helpsvc - ok
06:28:09.0343 6328 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
06:28:09.0375 6328 HidServ - ok
06:28:09.0968 6328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:28:10.0015 6328 HidUsb - ok
06:28:10.0234 6328 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
06:28:10.0312 6328 hkmsvc - ok
06:28:10.0421 6328 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
06:28:10.0515 6328 hpn - ok
06:28:10.0765 6328 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
06:28:11.0125 6328 HSFHWAZL - ok
06:28:11.0953 6328 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
06:28:12.0531 6328 HSF_DPV - ok
06:28:13.0125 6328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:28:13.0218 6328 HTTP - ok
06:28:13.0781 6328 HttpAnalyzerV5 DllInjectService (f4b200f5ff25dd8eb71c65e06195f4bb) C:\Program Files\IEInspector\HTTPAnalyzerFullV5\InjectWinSockServiceV5.exe
06:28:13.0843 6328 HttpAnalyzerV5 DllInjectService - ok
06:28:14.0109 6328 HttpAnalyzerV6 DllInjectService (fa62d0cbeb4fe21fc92a3e7b0b8f5016) C:\Program Files\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe
06:28:14.0187 6328 HttpAnalyzerV6 DllInjectService - ok
06:28:14.0421 6328 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
06:28:14.0453 6328 HTTPFilter - ok
06:28:14.0765 6328 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
06:28:14.0812 6328 i2omgmt - ok
06:28:15.0000 6328 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
06:28:15.0046 6328 i2omp - ok
06:28:15.0343 6328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:28:16.0093 6328 i8042prt - ok
06:28:16.0375 6328 iaStor (37769c28e1c6489c56e41db7a32d58c5) C:\WINDOWS\system32\DRIVERS\iaStor.sys
06:28:16.0390 6328 iaStor - ok
06:28:16.0781 6328 IBMPMDRV (699052e165698013020d2ac693cd80c7) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
06:28:16.0906 6328 IBMPMDRV - ok
06:28:17.0265 6328 IBMPMSVC (5a92b2dc9cca34105a4125ba8d0ba035) C:\WINDOWS\system32\ibmpmsvc.exe
06:28:17.0296 6328 IBMPMSVC - ok
06:28:17.0578 6328 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
06:28:17.0734 6328 IDriverT - ok
06:28:18.0296 6328 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:28:19.0046 6328 idsvc - ok
06:28:19.0625 6328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:28:19.0937 6328 Imapi - ok
06:28:20.0265 6328 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
06:28:20.0296 6328 ImapiService - ok
06:28:20.0921 6328 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
06:28:20.0953 6328 ini910u - ok
06:28:21.0375 6328 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
06:28:21.0437 6328 IntelIde - ok
06:28:21.0906 6328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:28:21.0921 6328 intelppm - ok
06:28:22.0296 6328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:28:22.0453 6328 Ip6Fw - ok
06:28:22.0875 6328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:28:22.0953 6328 IpFilterDriver - ok
06:28:23.0312 6328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:28:23.0421 6328 IpInIp - ok
06:28:23.0828 6328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:28:23.0953 6328 IpNat - ok
06:28:24.0296 6328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:28:24.0312 6328 IPSec - ok
06:28:24.0781 6328 IPSECEXT (a663ff4cbe396f919cf1746ccb12481a) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
06:28:24.0968 6328 IPSECEXT - ok
06:28:25.0015 6328 IPSECSHM (a663ff4cbe396f919cf1746ccb12481a) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
06:28:25.0015 6328 IPSECSHM - ok
06:28:25.0500 6328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:28:25.0546 6328 IRENUM - ok
06:28:25.0828 6328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:28:25.0890 6328 isapnp - ok
06:28:26.0062 6328 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
06:28:26.0109 6328 IviRegMgr - ok
06:28:26.0562 6328 JavaQuickStarterService (11c3efb4bac41175d03b1595db1a4a4f) C:\Program Files\Java\jre6\bin\jqs.exe
06:28:26.0656 6328 JavaQuickStarterService - ok
06:28:27.0453 6328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:28:27.0609 6328 Kbdclass - ok
06:28:28.0171 6328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:28:28.0171 6328 kbdhid - ok
06:28:29.0171 6328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:28:29.0281 6328 kmixer - ok
06:28:29.0656 6328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:28:29.0718 6328 KSecDD - ok
06:28:30.0000 6328 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
06:28:30.0031 6328 lanmanserver - ok
06:28:30.0343 6328 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
06:28:30.0437 6328 lanmanworkstation - ok
06:28:30.0921 6328 lbrtfdc - ok
06:28:31.0671 6328 LiveUpdate (64c6bf10972885b3260dda2ca328430d) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
06:28:32.0453 6328 LiveUpdate - ok
06:28:32.0750 6328 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
06:28:32.0781 6328 LmHosts - ok
06:28:32.0859 6328 LMS (dfcdb6c952e0394a6d7e4efbcc916839) C:\Program Files\Intel\AMT\LMS.exe
06:28:32.0875 6328 LMS - ok
06:28:33.0093 6328 MBAMSwissArmy - ok
06:28:33.0359 6328 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
06:28:33.0500 6328 MDM - ok
06:28:33.0968 6328 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
06:28:34.0015 6328 mdmxsdk - ok
06:28:34.0234 6328 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
06:28:34.0265 6328 Messenger - ok
06:28:34.0625 6328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:28:34.0703 6328 mnmdd - ok
06:28:34.0937 6328 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
06:28:34.0984 6328 mnmsrvc - ok
06:28:35.0203 6328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:28:35.0218 6328 Modem - ok
06:28:35.0515 6328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:28:35.0671 6328 Mouclass - ok
06:28:35.0937 6328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:28:36.0015 6328 mouhid - ok
06:28:36.0218 6328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:28:36.0281 6328 MountMgr - ok
06:28:36.0687 6328 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
06:28:36.0890 6328 mraid35x - ok
06:28:37.0562 6328 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:28:37.0625 6328 MRxDAV - ok
06:28:37.0968 6328 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:28:38.0046 6328 MRxSmb - ok
06:28:38.0312 6328 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
06:28:38.0375 6328 MSDTC - ok
06:28:38.0968 6328 MsDtsServer (e215d5fc84f52f0bcc3a90dc8316abac) C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
06:28:39.0125 6328 MsDtsServer - ok
06:28:40.0031 6328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:28:40.0171 6328 Msfs - ok
06:28:40.0781 6328 msftesql (f7e0900f9a8e3f71f2c16a932f0e03e0) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
06:28:41.0000 6328 msftesql - ok
06:28:41.0203 6328 MSIServer - ok
06:28:41.0359 6328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:28:41.0406 6328 MSKSSRV - ok
06:28:41.0734 6328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:28:41.0765 6328 MSPCLOCK - ok
06:28:42.0078 6328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:28:42.0109 6328 MSPQM - ok
06:28:42.0562 6328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:28:42.0578 6328 mssmbios - ok
06:28:42.0796 6328 MSSQLSERVER - ok
06:28:42.0906 6328 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
06:28:42.0968 6328 MSSQLServerADHelper - ok
06:28:45.0453 6328 MSSQLServerOLAPService (14db82287276d890848637f16860374f) C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
06:28:46.0453 6328 MSSQLServerOLAPService - ok
06:28:46.0734 6328 msvsmon80 (4c63cae8d026f5cfa96f8b21780d49ad) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
06:28:46.0859 6328 msvsmon80 - ok
06:28:47.0078 6328 msvsmon90 (70e994d23895df6b1ee1e70145299fcf) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
06:28:47.0234 6328 msvsmon90 - ok
06:28:47.0359 6328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:28:47.0390 6328 Mup - ok
06:28:47.0515 6328 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
06:28:47.0625 6328 napagent - ok
06:28:47.0796 6328 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120407.016\NAVENG.SYS
06:28:47.0796 6328 NAVENG - ok
06:28:47.0921 6328 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120407.016\NAVEX15.SYS
06:28:48.0000 6328 NAVEX15 - ok
06:28:48.0140 6328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:28:48.0296 6328 NDIS - ok
06:28:48.0390 6328 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:28:48.0484 6328 NdisTapi - ok
06:28:48.0546 6328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:28:48.0562 6328 Ndisuio - ok
06:28:48.0609 6328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:28:48.0828 6328 NdisWan - ok
06:28:48.0968 6328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:28:49.0015 6328 NDProxy - ok
06:28:49.0078 6328 NEOFLTR_600_13705 (91720d7ec577d51e1576f4e05e23a92e) C:\WINDOWS\system32\Drivers\NEOFLTR_600_13705.SYS
06:28:49.0093 6328 NEOFLTR_600_13705 - ok
06:28:49.0171 6328 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
06:28:49.0187 6328 Net Driver HPZ12 - ok
06:28:49.0234 6328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:28:49.0234 6328 NetBIOS - ok
06:28:49.0296 6328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:28:49.0328 6328 NetBT - ok
06:28:49.0437 6328 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:28:49.0546 6328 NetDDE - ok
06:28:49.0578 6328 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:28:49.0578 6328 NetDDEdsdm - ok
06:28:49.0656 6328 NetDirect - ok
06:28:49.0687 6328 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:28:49.0687 6328 Netlogon - ok
06:28:49.0718 6328 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
06:28:49.0734 6328 Netman - ok
06:28:49.0812 6328 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:28:49.0906 6328 NetTcpPortSharing - ok
06:28:50.0046 6328 NETw5x32 (aa88346ab7849a1cb34bd3424febfece) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
06:28:50.0171 6328 NETw5x32 - ok
06:28:50.0375 6328 NgFilter (489656af3326aa9e714d48efea4dc1d3) C:\WINDOWS\system32\DRIVERS\ngfilter.sys
06:28:50.0406 6328 NgFilter - ok
06:28:50.0453 6328 NgLog (16bcfac4a0778091333eb66e2ea2edf1) C:\WINDOWS\system32\DRIVERS\nglog.sys
06:28:50.0500 6328 NgLog - ok
06:28:50.0531 6328 NgVpn (58c7c92be442e78fdc0d242f3b57f15a) C:\WINDOWS\system32\DRIVERS\ngvpn.sys
06:28:50.0546 6328 NgVpn - ok
06:28:50.0593 6328 NgVpnMgr (02c5bdb791bf8bddf260a0ab9a372a95) C:\WINDOWS\system32\ngvpnmgr.exe
06:28:50.0656 6328 NgVpnMgr - ok
06:28:50.0703 6328 NgWfp (4a5deb9c282edd6436aa1233f78ef59d) C:\WINDOWS\system32\DRIVERS\ngwfp.sys
06:28:50.0750 6328 NgWfp - ok
06:28:50.0812 6328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:28:50.0812 6328 NIC1394 - ok
06:28:50.0859 6328 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
06:28:50.0875 6328 Nla - ok
06:28:51.0062 6328 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys
06:28:51.0093 6328 Nmea - ok
06:28:51.0140 6328 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
06:28:51.0140 6328 NPF - ok
06:28:51.0171 6328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:28:51.0171 6328 Npfs - ok
06:28:51.0203 6328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:28:51.0281 6328 Ntfs - ok
06:28:51.0375 6328 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:28:51.0390 6328 NtLmSsp - ok
06:28:51.0546 6328 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
06:28:51.0640 6328 NtmsSvc - ok
06:28:51.0671 6328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:28:51.0687 6328 Null - ok
06:28:51.0796 6328 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
06:28:51.0921 6328 nv - ok
06:28:52.0078 6328 NvtlService (7d4ed787e0d06677776339318df25bdc) C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
06:28:52.0078 6328 NvtlService - ok
06:28:52.0234 6328 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
06:28:52.0250 6328 NWADI - ok
06:28:52.0328 6328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:28:52.0343 6328 NwlnkFlt - ok
06:28:52.0359 6328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:28:52.0390 6328 NwlnkFwd - ok
06:28:52.0453 6328 Odptdi (98af5a4422414fa254ad19ee2e4c37cf) C:\WINDOWS\system32\drivers\odptdi.sys
06:28:52.0453 6328 Odptdi - ok
06:28:52.0546 6328 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:28:52.0640 6328 odserv - ok
06:28:52.0687 6328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:28:52.0687 6328 ohci1394 - ok
06:28:52.0718 6328 OnePointDomainAdminService - ok
06:28:52.0812 6328 oreans32 - ok
06:28:52.0875 6328 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:28:53.0015 6328 ose - ok
06:28:53.0062 6328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:28:53.0078 6328 Parport - ok
06:28:53.0093 6328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:28:53.0109 6328 PartMgr - ok
06:28:53.0156 6328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:28:53.0156 6328 ParVdm - ok
06:28:53.0218 6328 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
06:28:53.0234 6328 PCASp50 - ok
06:28:53.0281 6328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:28:53.0343 6328 PCI - ok
06:28:53.0375 6328 PCIDump - ok
06:28:53.0390 6328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:28:53.0421 6328 PCIIde - ok
06:28:53.0437 6328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:28:53.0484 6328 Pcmcia - ok
06:28:53.0515 6328 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
06:28:53.0593 6328 PCTINDIS5 - ok
06:28:53.0609 6328 PDCOMP - ok
06:28:53.0625 6328 PDFRAME - ok
06:28:53.0640 6328 PDRELI - ok
06:28:53.0781 6328 PDRFRAME - ok
06:28:53.0796 6328 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
06:28:53.0859 6328 perc2 - ok
06:28:53.0875 6328 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
06:28:53.0890 6328 perc2hib - ok
06:28:53.0968 6328 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:28:53.0968 6328 PlugPlay - ok
06:28:54.0062 6328 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
06:28:54.0062 6328 pmem - ok
06:28:54.0109 6328 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
06:28:54.0109 6328 Pml Driver HPZ12 - ok
06:28:54.0187 6328 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:28:54.0187 6328 PolicyAgent - ok
06:28:54.0359 6328 Power Manager DBC Service (ba2279137be4a242bac8716f15730efe) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
06:28:54.0375 6328 Power Manager DBC Service - ok
06:28:54.0750 6328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:28:54.0843 6328 PptpMiniport - ok
06:28:54.0921 6328 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\WINDOWS\system32\CCM\prepdrv.sys
06:28:55.0015 6328 prepdrvr - ok
06:28:55.0140 6328 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
06:28:55.0156 6328 Processor - ok
06:28:55.0218 6328 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:28:55.0218 6328 ProtectedStorage - ok
06:28:55.0281 6328 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
06:28:55.0296 6328 psadd - ok
06:28:55.0750 6328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:28:55.0781 6328 PSched - ok
06:28:55.0921 6328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:28:55.0937 6328 Ptilink - ok
06:28:56.0015 6328 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:28:56.0046 6328 PxHelp20 - ok
06:28:56.0078 6328 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
06:28:56.0109 6328 ql1080 - ok
06:28:56.0140 6328 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
06:28:56.0156 6328 Ql10wnt - ok
06:28:56.0203 6328 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
06:28:56.0234 6328 ql12160 - ok
06:28:56.0281 6328 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
06:28:56.0312 6328 ql1240 - ok
06:28:56.0359 6328 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
06:28:56.0390 6328 ql1280 - ok
06:28:56.0421 6328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:28:56.0437 6328 RasAcd - ok
06:28:56.0500 6328 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
06:28:56.0625 6328 RasAuto - ok
06:28:56.0828 6328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:28:56.0875 6328 Rasl2tp - ok
06:28:56.0984 6328 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
06:28:56.0984 6328 RasMan - ok
06:28:57.0062 6328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:28:57.0171 6328 RasPppoe - ok
06:28:57.0281 6328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:28:57.0312 6328 Raspti - ok
06:28:57.0421 6328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:28:57.0421 6328 Rdbss - ok
06:28:57.0500 6328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:28:57.0500 6328 RDPCDD - ok
06:28:57.0578 6328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:28:57.0609 6328 rdpdr - ok
06:28:57.0718 6328 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
06:28:57.0765 6328 RDPWD - ok
06:28:57.0875 6328 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
06:28:58.0015 6328 RDSessMgr - ok
06:28:58.0156 6328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:28:58.0328 6328 redbook - ok
06:28:58.0484 6328 RegSrvc (7eeeec28a34516e66137f355dcc15bdb) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
06:28:58.0500 6328 RegSrvc - ok
06:28:58.0656 6328 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
06:28:58.0687 6328 RemoteAccess - ok
06:28:58.0750 6328 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
06:28:58.0750 6328 RemoteRegistry - ok
06:28:58.0828 6328 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
06:28:58.0875 6328 rpcapd - ok
06:28:58.0937 6328 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
06:28:58.0984 6328 RpcLocator - ok
06:28:59.0093 6328 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
06:28:59.0109 6328 RpcSs - ok
06:28:59.0218 6328 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
06:28:59.0390 6328 RSVP - ok
06:28:59.0593 6328 S24EventMonitor (8b09ff15d36b1d5108f6f3249ea16f5f) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
06:28:59.0625 6328 S24EventMonitor - ok
06:28:59.0734 6328 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys
06:28:59.0734 6328 s24trans - ok
06:28:59.0843 6328 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:28:59.0843 6328 SamSs - ok
06:28:59.0968 6328 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
06:29:00.0109 6328 SCardSvr - ok
06:29:00.0156 6328 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
06:29:00.0171 6328 Schedule - ok
06:29:00.0328 6328 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
06:29:00.0343 6328 SeaPort - ok
06:29:00.0609 6328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:29:00.0781 6328 Secdrv - ok
06:29:00.0890 6328 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
06:29:00.0906 6328 seclogon - ok
06:29:00.0953 6328 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
06:29:00.0953 6328 SENS - ok
06:29:01.0015 6328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:29:01.0093 6328 serenum - ok
06:29:01.0156 6328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:29:01.0218 6328 Serial - ok
06:29:01.0281 6328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:29:01.0328 6328 Sfloppy - ok
06:29:01.0390 6328 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
06:29:01.0421 6328 SharedAccess - ok
06:29:01.0578 6328 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:29:01.0578 6328 ShellHWDetection - ok
06:29:01.0671 6328 Simbad - ok
06:29:01.0750 6328 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
06:29:01.0937 6328 sisagp - ok
06:29:02.0093 6328 SmcService (848591d563ff6a996b6bccfcc7fe88ba) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
06:29:02.0187 6328 SmcService - ok
06:29:02.0375 6328 smsmdd (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
06:29:02.0531 6328 smsmdd - ok
06:29:02.0578 6328 smstsmgr - ok
06:29:02.0671 6328 SNAC (3bd745c86d1e4ed34eed8697443781bc) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
06:29:02.0906 6328 SNAC - ok
06:29:02.0984 6328 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
06:29:03.0000 6328 Sparrow - ok
06:29:03.0046 6328 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
06:29:03.0062 6328 SPBBCDrv - ok
06:29:03.0234 6328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:29:03.0234 6328 splitter - ok
06:29:03.0312 6328 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:29:03.0328 6328 Spooler - ok
06:29:03.0437 6328 SprintRcAppSvc (27271c2867267dd21770eebfe631c759) C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
06:29:03.0437 6328 SprintRcAppSvc - ok
06:29:03.0578 6328 SQLBrowser (d2b096cd2f56fac6eeeed9a77ddf6dc8) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
06:29:03.0937 6328 SQLBrowser - ok
06:29:04.0046 6328 SQLSERVERAGENT (a2b96e2e86e11f9aabf69fb199c28966) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
06:29:04.0156 6328 SQLSERVERAGENT - ok
06:29:04.0218 6328 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
06:29:04.0265 6328 SQLWriter - ok
06:29:04.0515 6328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:29:04.0593 6328 sr - ok
06:29:04.0687 6328 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
06:29:04.0703 6328 srservice - ok
06:29:04.0765 6328 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS
06:29:04.0781 6328 SRTSP - ok
06:29:04.0828 6328 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
06:29:04.0875 6328 SRTSPL - ok
06:29:04.0921 6328 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
06:29:05.0000 6328 SRTSPX - ok
06:29:05.0062 6328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:29:05.0125 6328 Srv - ok
06:29:05.0171 6328 SR_Service (addd489e5eea2f725cb13cebb36a042d) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
06:29:05.0187 6328 SR_Service - ok
06:29:05.0218 6328 SR_Watchdog (342e76ead7561675c67540750b5fda49) C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
06:29:05.0218 6328 SR_Watchdog - ok
06:29:05.0343 6328 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
06:29:05.0343 6328 SSDPSRV - ok
06:29:05.0406 6328 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
06:29:05.0437 6328 stisvc - ok
06:29:05.0531 6328 SUService (0a7b73e9c30a7f8f4e54db638611da39) c:\program files\lenovo\system update\suservice.exe
06:29:05.0546 6328 SUService - ok
06:29:05.0609 6328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:29:05.0656 6328 swenum - ok
06:29:05.0781 6328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:29:05.0796 6328 swmidi - ok
06:29:05.0906 6328 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\WINDOWS\system32\DRIVERS\swmx00.sys
06:29:06.0093 6328 swmx00 - ok
06:29:06.0156 6328 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
06:29:06.0390 6328 SWNC5E00 - ok
06:29:06.0406 6328 SwPrv - ok
06:29:06.0625 6328 Symantec AntiVirus (3ef7aa62c2ae7acf940c316c0158e3d2) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
06:29:06.0734 6328 Symantec AntiVirus - ok
06:29:06.0875 6328 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
06:29:06.0906 6328 symc810 - ok
06:29:06.0953 6328 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
06:29:06.0984 6328 symc8xx - ok
06:29:07.0031 6328 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
06:29:07.0078 6328 SymEvent - ok
06:29:07.0125 6328 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
06:29:07.0125 6328 SYMREDRV - ok
06:29:07.0171 6328 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
06:29:07.0187 6328 SYMTDI - ok
06:29:07.0203 6328 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
06:29:07.0234 6328 sym_hi - ok
06:29:07.0281 6328 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
06:29:07.0328 6328 sym_u3 - ok
06:29:07.0406 6328 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:29:07.0437 6328 SynTP - ok
06:29:07.0500 6328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:29:07.0500 6328 sysaudio - ok
06:29:07.0640 6328 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
06:29:07.0718 6328 SysmonLog - ok
06:29:07.0765 6328 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
06:29:07.0781 6328 TapiSrv - ok
06:29:07.0906 6328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:29:07.0937 6328 Tcpip - ok
06:29:08.0000 6328 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\WINDOWS\system32\drivers\tcpipBM.sys
06:29:08.0000 6328 tcpipBM - ok
06:29:08.0078 6328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:29:08.0171 6328 TDPIPE - ok
06:29:08.0187 6328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:29:08.0234 6328 TDTCP - ok
06:29:08.0265 6328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:29:08.0312 6328 TermDD - ok
06:29:08.0390 6328 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
06:29:08.0406 6328 TermService - ok
06:29:08.0484 6328 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:29:08.0484 6328 Themes - ok
06:29:08.0640 6328 ThinkVantage Registry Monitor Service (eb90a37aabaefd7b4f4f92befea8c2e2) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
06:29:08.0656 6328 ThinkVantage Registry Monitor Service - ok
06:29:08.0796 6328 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
06:29:08.0875 6328 TlntSvr - ok
06:29:08.0953 6328 Tomcat5 - ok
06:29:09.0078 6328 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
06:29:09.0093 6328 TosIde - ok
06:29:09.0187 6328 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
06:29:09.0187 6328 TPHKDRV - ok
06:29:09.0234 6328 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys
06:29:09.0296 6328 tpm - ok
06:29:09.0343 6328 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
06:29:09.0359 6328 TPPWRIF - ok
06:29:09.0515 6328 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
06:29:09.0531 6328 TrkWks - ok
06:29:09.0609 6328 TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\WINDOWS\system32\DRIVERS\gtkdrv.sys
06:29:09.0640 6328 TrojanKillerDriver - ok
06:29:09.0718 6328 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
06:29:09.0718 6328 TSMAPIP - ok
06:29:09.0859 6328 TVT Backup Protection Service (d6ee5dcb3ec401baa10395809047935e) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
06:29:09.0890 6328 TVT Backup Protection Service - ok
06:29:09.0921 6328 TVT Backup Service (0db73f3fb565cf028c7458c70fa59121) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
06:29:09.0937 6328 TVT Backup Service - ok
06:29:10.0078 6328 TVT Scheduler (6c69fe90f0cc12ef0638ae10dfa4db4e) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
06:29:10.0125 6328 TVT Scheduler - ok
06:29:10.0265 6328 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
06:29:10.0265 6328 tvtfilter - ok
06:29:10.0468 6328 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
06:29:10.0546 6328 TVTI2C - ok
06:29:10.0750 6328 TVT_UpdateMonitor (22a001f3fbb92e3811c3bfd8fdad3ed3) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
06:29:10.0765 6328 TVT_UpdateMonitor - ok
06:29:10.0812 6328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:29:10.0828 6328 Udfs - ok
06:29:10.0906 6328 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
06:29:10.0921 6328 ultra - ok
06:29:10.0984 6328 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
06:29:11.0000 6328 UMWdf - ok
06:29:11.0218 6328 UNS (a056ec8654cc5e767be552c4e38c08ac) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
06:29:11.0281 6328 UNS - ok
06:29:11.0468 6328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:29:11.0515 6328 Update - ok
06:29:11.0578 6328 UPHClean (3f9a3232e5f942874488981f3242c989) C:\Program Files\UPHClean\uphclean.exe
06:29:11.0593 6328 UPHClean - ok
06:29:11.0656 6328 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
06:29:11.0734 6328 upnphost - ok
06:29:11.0750 6328 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
06:29:11.0812 6328 UPS - ok
06:29:11.0859 6328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:29:11.0953 6328 usbccgp - ok
06:29:11.0984 6328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:29:12.0015 6328 usbehci - ok
06:29:12.0046 6328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:29:12.0125 6328 usbhub - ok
06:29:12.0281 6328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:29:12.0296 6328 usbprint - ok
06:29:12.0390 6328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:29:12.0500 6328 usbscan - ok
06:29:12.0562 6328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:29:12.0640 6328 USBSTOR - ok
06:29:12.0671 6328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:29:12.0703 6328 usbuhci - ok
06:29:12.0750 6328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:29:12.0765 6328 VgaSave - ok
06:29:12.0781 6328 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
06:29:12.0828 6328 viaagp - ok
06:29:12.0859 6328 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
06:29:12.0890 6328 ViaIde - ok
06:29:12.0937 6328 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
06:29:12.0953 6328 vmm - ok
06:29:13.0015 6328 VNASC (5fb77241b22bfbdc2fdef011696701b2) C:\WINDOWS\system32\DRIVERS\vnasc.sys
06:29:13.0046 6328 VNASC - ok
06:29:13.0203 6328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:29:13.0234 6328 VolSnap - ok
06:29:13.0296 6328 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
06:29:13.0328 6328 VPCNetS2 - ok
06:29:13.0468 6328 VPN-1 (f93742fa61f8b204d9a70d2d4b333782) C:\WINDOWS\System32\drivers\vpn.sys
06:29:13.0515 6328 VPN-1 - ok
06:29:13.0593 6328 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
06:29:13.0656 6328 vsdatant - ok
06:29:13.0765 6328 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
06:29:13.0812 6328 VSS - ok
06:29:13.0843 6328 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
06:29:13.0859 6328 W32Time - ok
06:29:14.0015 6328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:29:14.0015 6328 Wanarp - ok
06:29:14.0093 6328 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
06:29:14.0187 6328 Wdf01000 - ok
06:29:14.0203 6328 WDICA - ok
06:29:14.0234 6328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:29:14.0234 6328 wdmaud - ok
06:29:14.0281 6328 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
06:29:14.0281 6328 WebClient - ok
06:29:14.0718 6328 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
06:29:15.0046 6328 winachsf - ok
06:29:15.0390 6328 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:29:15.0390 6328 winmgmt - ok
06:29:15.0484 6328 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
06:29:15.0593 6328 WinRM - ok
06:29:15.0890 6328 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:29:15.0937 6328 wlidsvc - ok
06:29:16.0000 6328 WMConnectCDS (cd99c9feae87c1963273f6b150251e33) C:\Program Files\Windows Media Connect 2\wmccds.exe
06:29:16.0078 6328 WMConnectCDS - ok
06:29:16.0218 6328 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
06:29:16.0250 6328 WmdmPmSN - ok
06:29:16.0390 6328 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
06:29:16.0484 6328 Wmi - ok
06:29:16.0593 6328 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
06:29:16.0609 6328 WmiAcpi - ok
06:29:16.0765 6328 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:29:16.0796 6328 WmiApSrv - ok
06:29:16.0890 6328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:29:16.0890 6328 WS2IFSL - ok
06:29:16.0953 6328 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
06:29:16.0953 6328 wscsvc - ok
06:29:16.0984 6328 WSearch - ok
06:29:17.0156 6328 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
06:29:17.0171 6328 wuauserv - ok
06:29:17.0234 6328 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
06:29:17.0265 6328 WZCSVC - ok
06:29:17.0328 6328 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
06:29:17.0375 6328 xmlprov - ok
06:29:17.0453 6328 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
06:29:17.0484 6328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
06:29:17.0484 6328 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
06:29:17.0515 6328 Boot (0x1200) (475b33e3001814e0b3a1869b844fe108) \Device\Harddisk0\DR0\Partition0
06:29:17.0515 6328 \Device\Harddisk0\DR0\Partition0 - ok
06:29:17.0515 6328 ============================================================
06:29:17.0515 6328 Scan finished
06:29:17.0515 6328 ============================================================
06:29:17.0546 7132 Detected object count: 1
06:29:17.0546 7132 Actual detected object count: 1
06:39:17.0750 7132 \Device\Harddisk0\DR0\# - copied to quarantine
06:39:17.0750 7132 \Device\Harddisk0\DR0 - copied to quarantine
06:39:17.0859 7132 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
06:39:17.0906 7132 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
06:39:18.0546 7132 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
06:39:18.0687 7132 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
06:39:18.0828 7132 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
06:39:20.0140 7132 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
06:39:20.0687 7132 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
06:39:20.0828 7132 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
06:39:20.0875 7132 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
06:39:20.0890 7132 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
06:39:20.0906 7132 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
06:39:21.0062 7132 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
06:39:21.0187 7132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
06:39:21.0187 7132 \Device\Harddisk0\DR0 - ok
06:39:21.0203 7132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
06:40:09.0437 1612 Deinitialize success

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:47 PM

Posted 09 April 2012 - 10:48 AM

Post new aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 footbeat

footbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 09 April 2012 - 11:37 AM

contents of aswMBR.txt =====================================================================
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 12:18:42
-----------------------------
12:18:42.546 OS Version: Windows 5.1.2600 Service Pack 3
12:18:42.546 Number of processors: 2 586 0x1706
12:18:42.546 ComputerName: NYLTMICHAELL UserName: michaell
12:18:45.343 Initialize success
12:19:02.671 AVAST engine defs: 12040801
12:19:26.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:19:26.328 Disk 0 Vendor: HITACHI_ FC2Z Size: 152627MB BusType: 3
12:19:26.343 Disk 0 MBR read successfully
12:19:26.343 Disk 0 MBR scan
12:19:26.390 Disk 0 Windows XP default MBR code
12:19:26.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 146656 MB offset 2048
12:19:26.437 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 5969 MB offset 300353536
12:19:26.453 Disk 0 scanning sectors +312578048
12:19:26.531 Disk 0 scanning C:\WINDOWS\system32\drivers
12:19:54.656 Service scanning
12:21:06.250 Modules scanning
12:21:18.140 Disk 0 trace - called modules:
12:21:18.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
12:21:18.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8d6438]
12:21:18.171 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000cf[0x8a889320]
12:21:18.171 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a8d7028]
12:21:19.343 AVAST engine scan C:\WINDOWS
12:21:43.312 AVAST engine scan C:\WINDOWS\system32
12:34:46.921 AVAST engine scan C:\WINDOWS\system32\drivers
12:35:34.015 AVAST engine scan C:\Documents and Settings\michaell
12:37:26.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\michaell\Desktop\MBR.dat"
12:37:26.390 The log file has been saved successfully to "C:\Documents and Settings\michaell\Desktop\aswMBR.txt"

#8 footbeat

footbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 09 April 2012 - 11:39 AM

The issue of the large svchost seems to have gone away. Looks like the redirects have stopped also.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:47 PM

Posted 09 April 2012 - 12:22 PM

Good news :)

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 footbeat

footbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 09 April 2012 - 01:59 PM

TFC did its thing but I got an error during this that said, "The file of directory \$Mft is corrupt and unreadable. Please run the Chkdsk utility." The Symantec Endpoint Protection detected Bloodhound.MaIPE twice during this. After rebooting Chkdisk ran.

I can't disable the Symantec Endpoint Protection. This option is grayed out and I cannot change any of the settings.

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:47 PM

Posted 09 April 2012 - 02:21 PM

Run Eset with Norton on.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 footbeat

footbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 10 April 2012 - 01:57 PM

contents of ESETScan.txt =============================================================
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:47 PM

Posted 10 April 2012 - 02:01 PM

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==========================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 footbeat

footbeat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 11 April 2012 - 02:21 PM

I have implemented all of the recommendations in your final post. Thing are back to normal. Thanks for all the help.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:47 PM

Posted 11 April 2012 - 03:58 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users