Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/sirefef.EB virus infection


  • This topic is locked This topic is locked
26 replies to this topic

#1 remy888

remy888

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 03 May 2012 - 11:43 AM

Good morning fellow Bleepers,

My computer is currently running Windows XP Professional SP 3. My antivirus (CA etrust) indicates that Win32/sirefef.EB has been cured and needs to restart computer. I have done this a number of times and continue to to get the same notification but with different dlls. When opening IE it would open and redirect to either crave videos, women's health site, or registry cleaner site. Windows security sometimes pops up indicating no firewall.

Please help in getting rid of this infection.

I have ran DDS but CANNOT run GMER. GMER starts running and then a blue screen pops up indicating memory dump of some sort along with
there have been changes in software or hardware and needs to be shut down.

Thanks in advance.
remy888

Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by GEORGE at 18:42:50 on 2012-05-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.947 [GMT -4:00]
.
AV: eTrust ITM *Enabled/Updated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.
============== Running Processes ===============
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\emsisoft anti-malware\a2guard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.live.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyServer = 192.168.2.10:8888
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Realtime Monitor] "c:\program files\ca\etrustitm\realmon.exe" -s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxps://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254865275203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.25 192.168.1.30
TCP: Interfaces\{2CB3641E-629A-49E5-813F-719996BFB58A} : DhcpNameServer = 192.168.0.25 192.168.1.30
Notify: intelUsb3Sevices - usbniw32.dll
Notify: usbniw32 - usbniw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\george\application data\mozilla\firefox\profiles\uefohymq.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-5-2 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2012-5-2 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2012-5-2 11776]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-5-2 3065120]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-9-10 3653632]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-5-2 51632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NEC Usb3;NEC USB3 Service;c:\windows\system32\svchost.exe -k NECUsb3s [2008-4-25 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-02 18:21:49 7680 ----a-w- c:\windows\2639218.exe
2012-05-02 17:36:20 7680 ----a-w- c:\windows\13615562.exe
2012-05-02 14:12:19 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-04-30 20:29:14 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-30 20:27:57 -------- d-----w- c:\program files\common files\MPEG
2012-04-30 20:27:57 -------- d-----w- c:\documents and settings\all users\application data\B7E8587A000391E3000392C4D151FC4E
2012-04-30 20:27:49 -------- d-----w- c:\documents and settings\george\application data\Ycel
2012-04-30 20:27:49 -------- d-----w- c:\documents and settings\george\application data\Epniu
2012-04-30 20:27:49 -------- d-----w- c:\documents and settings\george\application data\Dyiqw
2012-04-25 14:11:55 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 14:11:50 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-25 14:11:50 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-04 21:06:20 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-25 14:38:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-22 15:22:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-22 15:22:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:43:08.31 ===============

Edited by remy888, 03 May 2012 - 11:47 AM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:34 AM

Posted 03 May 2012 - 02:45 PM

Good evening. :)

When you ran DDS it should have created an additional file - Attach.txt. Will you post the contents of that in your next reply, re-running DDS if you didn't retain a copy. Also, pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#3 remy888

remy888
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 03 May 2012 - 04:46 PM

Good evening to you Noviciate.

Thank you for reading my post. Hopefully with your help we'll get rid of this bugger. It took about seven to eight tries to even get onto ESET's site as it kept getting hijacked to different sites.


Here is Attach log:

DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/20/2009 11:26:00 AM
System Uptime: 5/2/2012 2:23:00 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0TP412
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPU | 2393/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 44.028 GiB free.
D: is CDROM ()
E: is NetworkDisk (NTFS) - 434 GiB total, 404.855 GiB free.
F: is NetworkDisk (NTFS) - 434 GiB total, 404.855 GiB free.
G: is NetworkDisk (NTFS) - 434 GiB total, 404.855 GiB free.
H: is NetworkDisk (NTFS) - 434 GiB total, 404.855 GiB free.
I: is NetworkDisk (NTFS) - 434 GiB total, 404.855 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP542: 1/30/2012 1:03:58 PM - System Checkpoint
RP543: 1/31/2012 1:09:31 PM - System Checkpoint
RP544: 2/2/2012 1:06:28 PM - System Checkpoint
RP545: 2/3/2012 4:45:55 PM - System Checkpoint
RP546: 2/6/2012 12:58:48 PM - System Checkpoint
RP547: 2/7/2012 1:08:20 PM - System Checkpoint
RP548: 2/8/2012 5:01:13 PM - System Checkpoint
RP549: 2/15/2012 10:17:38 AM - Software Distribution Service 3.0
RP550: 2/15/2012 4:06:06 PM - Removed Java™ 6 Update 21
RP551: 2/15/2012 4:06:24 PM - Installed Java™ 6 Update 31
RP552: 2/17/2012 12:59:47 PM - System Checkpoint
RP553: 2/21/2012 1:30:11 PM - Removed Java™ 6 Update 31
RP554: 2/21/2012 1:32:15 PM - Installed J2SE Runtime Environment 5.0 Update 1
RP555: 2/22/2012 10:22:22 AM - Installed Java™ 6 Update 29
RP556: 2/23/2012 11:12:49 AM - System Checkpoint
RP557: 2/24/2012 1:09:50 PM - System Checkpoint
RP558: 2/24/2012 3:36:45 PM - Installed TurboTax 2011 wrapper
RP559: 2/24/2012 3:53:03 PM - Installed TurboTax 2011 wnjiper
RP560: 2/24/2012 3:53:09 PM - Installed TurboTax 2011 wnyiper
RP561: 2/24/2012 3:53:18 PM - Installed TurboTax 2011 wmaiper
RP562: 2/27/2012 2:31:35 PM - System Checkpoint
RP563: 2/29/2012 7:55:49 PM - System Checkpoint
RP564: 3/2/2012 1:13:02 PM - System Checkpoint
RP565: 3/7/2012 2:58:11 PM - System Checkpoint
RP566: 3/9/2012 1:07:08 PM - System Checkpoint
RP567: 3/14/2012 5:31:35 PM - Software Distribution Service 3.0
RP568: 3/16/2012 1:11:55 PM - System Checkpoint
RP569: 3/19/2012 10:38:28 AM - System Checkpoint
RP570: 3/20/2012 1:09:07 PM - System Checkpoint
RP571: 3/21/2012 7:50:21 PM - System Checkpoint
RP572: 3/23/2012 12:57:58 PM - System Checkpoint
RP573: 3/26/2012 10:38:54 AM - System Checkpoint
RP574: 3/27/2012 7:34:25 PM - System Checkpoint
RP575: 3/29/2012 10:45:55 AM - System Checkpoint
RP576: 3/30/2012 11:40:50 AM - Installed Microsoft Office Professional Plus 2007
RP577: 3/30/2012 12:31:17 PM - Software Distribution Service 3.0
RP578: 3/30/2012 12:59:17 PM - Software Distribution Service 3.0
RP579: 3/30/2012 1:11:08 PM - Software Distribution Service 3.0
RP580: 3/30/2012 2:49:44 PM - Software Distribution Service 3.0
RP581: 3/30/2012 3:24:07 PM - Software Distribution Service 3.0
RP582: 3/30/2012 3:50:32 PM - Software Distribution Service 3.0
RP583: 4/3/2012 12:15:48 PM - System Checkpoint
RP584: 4/4/2012 1:02:43 PM - System Checkpoint
RP585: 4/5/2012 1:13:30 PM - System Checkpoint
RP586: 4/9/2012 3:36:06 PM - System Checkpoint
RP587: 4/11/2012 10:57:48 AM - Software Distribution Service 3.0
RP588: 4/12/2012 11:42:07 AM - System Checkpoint
RP589: 4/17/2012 3:15:45 PM - System Checkpoint
RP590: 4/18/2012 10:26:58 AM - Software Distribution Service 3.0
RP591: 4/24/2012 1:11:14 PM - System Checkpoint
RP592: 4/25/2012 1:56:50 PM - System Checkpoint
RP593: 4/27/2012 1:14:00 PM - System Checkpoint
RP594: 4/30/2012 6:56:39 PM - Restore Operation
RP595: 4/30/2012 6:59:45 PM - Restore Operation
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
AnswerWorks 5.0 English Runtime
Broadcom ASF Management Applications
Broadcom Management Programs
CA eTrustITM Agent
CA iTechnology iGateway
Choice Guard
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Dell ETS Factory Installation
Emsisoft Anti-Malware
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Matrix Storage Manager
J2SE Runtime Environment 5.0 Update 1
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Lotus NotesSQL 2.06 driver
Lotus SmartSuite - English
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
NVIDIA Drivers
NVIDIA Performance Drivers
PowerDVD
QuickBooks Pro 2006
Remote Administrator v2.1
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shadow Copy Client
Sonic CinePlayer Decoder Pack
swMSM
Tax Forms Helper 2008 8.5
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnyiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnjiper
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmaiper
TurboTax 2010 wnjiper
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmaiper
TurboTax 2011 wnjiper
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
WRQ Reflection for HP with NS/VT 11.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
5/2/2012 9:53:55 AM, error: Service Control Manager [7023] - The Sandboxu service terminated with the following error: The specified module could not be found.
5/2/2012 9:51:55 AM, error: Service Control Manager [7023] - The Sbcssvc service terminated with the following error: The specified module could not be found.
5/2/2012 9:51:27 AM, error: Service Control Manager [7023] - The Networkx service terminated with the following error: The specified module could not be found.
5/2/2012 9:51:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/2/2012 9:51:27 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/2/2012 9:50:06 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
5/2/2012 2:06:39 PM, error: Service Control Manager [7023] - The Aeclienthostservice service terminated with the following error: The specified module could not be found.
5/2/2012 12:52:00 PM, error: Service Control Manager [7023] - The SrvcSSIOMngr service terminated with the following error: The specified module could not be found.
5/2/2012 12:37:00 PM, error: Service Control Manager [7023] - The Nsm1bus service terminated with the following error: The specified module could not be found.
5/2/2012 12:22:02 PM, error: Service Control Manager [7023] - The ZuneBusEnum service terminated with the following error: The specified module could not be found.
5/2/2012 12:07:01 PM, error: Service Control Manager [7023] - The Nmap service terminated with the following error: The specified module could not be found.
5/2/2012 11:52:00 AM, error: Service Control Manager [7023] - The Usbvm321 service terminated with the following error: The specified module could not be found.
5/2/2012 11:37:00 AM, error: Service Control Manager [7023] - The Oracleorahome92pagingserver service terminated with the following error: The specified module could not be found.
5/2/2012 11:22:00 AM, error: Service Control Manager [7023] - The Sansaservice service terminated with the following error: The specified module could not be found.
5/2/2012 11:06:59 AM, error: Service Control Manager [7023] - The Traprcvr service terminated with the following error: The specified module could not be found.
5/2/2012 10:51:58 AM, error: Service Control Manager [7023] - The Digictrl service terminated with the following error: The specified module could not be found.
5/2/2012 10:36:58 AM, error: Service Control Manager [7023] - The LHidUsbK service terminated with the following error: The system cannot find the file specified.
5/2/2012 10:21:57 AM, error: Service Control Manager [7023] - The Siswlsvc service terminated with the following error: The specified module could not be found.
5/2/2012 10:06:56 AM, error: Service Control Manager [7023] - The Dladresn service terminated with the following error: The specified module could not be found.
5/2/2012 1:51:37 PM, error: Service Control Manager [7023] - The S3twistr service terminated with the following error: The specified module could not be found.
5/2/2012 1:50:40 PM, error: Service Control Manager [7023] - The ISODrive service terminated with the following error: The specified module could not be found.
5/2/2012 1:22:01 PM, error: Service Control Manager [7023] - The BCMTPM service terminated with the following error: The specified module could not be found.
5/2/2012 1:07:01 PM, error: Service Control Manager [7023] - The W39n51 service terminated with the following error: The specified module could not be found.
5/1/2012 6:54:12 PM, error: Service Control Manager [7023] - The AsDsm service terminated with the following error: The specified module could not be found.
5/1/2012 6:53:12 PM, error: Service Control Manager [7023] - The Gemserv service terminated with the following error: The specified module could not be found.
5/1/2012 6:39:41 PM, error: Service Control Manager [7023] - The WINFLASH service terminated with the following error: The specified module could not be found.
5/1/2012 6:24:41 PM, error: Service Control Manager [7023] - The ShockMgr service terminated with the following error: The specified module could not be found.
5/1/2012 6:09:40 PM, error: Service Control Manager [7023] - The Lxcj_device service terminated with the following error: The specified module could not be found.
5/1/2012 5:54:41 PM, error: Service Control Manager [7023] - The Rpcsvr4x service terminated with the following error: The specified module could not be found.
5/1/2012 5:39:41 PM, error: Service Control Manager [7023] - The Ssm_mdfl service terminated with the following error: The specified module could not be found.
5/1/2012 5:24:39 PM, error: Service Control Manager [7023] - The Procexp100 service terminated with the following error: The specified module could not be found.
5/1/2012 5:09:38 PM, error: Service Control Manager [7023] - The VC6SecS service terminated with the following error: The specified module could not be found.
5/1/2012 4:54:38 PM, error: Service Control Manager [7023] - The Sleepy service terminated with the following error: The specified module could not be found.
5/1/2012 4:39:38 PM, error: Service Control Manager [7023] - The Lxcz_device service terminated with the following error: The specified module could not be found.
5/1/2012 4:24:08 PM, error: Service Control Manager [7023] - The LCcfltr service terminated with the following error: The specified module could not be found.
5/1/2012 4:08:49 PM, error: Service Control Manager [7023] - The Bantext service terminated with the following error: The specified module could not be found.
5/1/2012 3:53:47 PM, error: Service Control Manager [7023] - The RecAgent service terminated with the following error: The specified module could not be found.
5/1/2012 3:38:47 PM, error: Service Control Manager [7023] - The Srescan service terminated with the following error: The specified module could not be found.
5/1/2012 3:23:46 PM, error: Service Control Manager [7023] - The Itchfltr service terminated with the following error: The specified module could not be found.
5/1/2012 3:08:48 PM, error: Service Control Manager [7023] - The W700mdfl service terminated with the following error: The specified module could not be found.
5/1/2012 2:53:48 PM, error: Service Control Manager [7023] - The Symproxysvc service terminated with the following error: The specified module could not be found.
5/1/2012 2:38:50 PM, error: Service Control Manager [7023] - The Sentinel service terminated with the following error: The specified module could not be found.
5/1/2012 2:23:50 PM, error: Service Control Manager [7023] - The Wuolservice service terminated with the following error: The specified module could not be found.
5/1/2012 2:08:47 PM, error: Service Control Manager [7023] - The Backupexecjobengine service terminated with the following error: The specified module could not be found.
5/1/2012 2:08:38 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
5/1/2012 2:08:37 PM, error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.
5/1/2012 2:08:16 PM, error: Service Control Manager [7023] - The Sit_mdm service terminated with the following error: The specified module could not be found.
5/1/2012 2:06:59 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
5/1/2012 2:06:54 PM, error: NETLOGON [3210] - This computer could not authenticate with \\INFO.rubies.lck, a Windows domain controller for domain RUBIES, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
5/1/2012 12:54:12 PM, error: Service Control Manager [7023] - The Ktp service terminated with the following error: The specified module could not be found.
5/1/2012 12:39:13 PM, error: Service Control Manager [7023] - The Zfdwm service terminated with the following error: The specified module could not be found.
5/1/2012 12:24:17 PM, error: NETLOGON [3210] - This computer could not authenticate with \\ACCNTSERVER2.rubies.lck, a Windows domain controller for domain RUBIES, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
5/1/2012 12:24:13 PM, error: Service Control Manager [7023] - The NWSLP service terminated with the following error: The specified module could not be found.
5/1/2012 12:23:18 PM, error: Service Control Manager [7023] - The SQLAgent$ABBEYIIOFFLINE service terminated with the following error: The specified module could not be found.
5/1/2012 12:09:30 PM, error: Service Control Manager [7023] - The Bgsvcgen service terminated with the following error: The specified module could not be found.
5/1/2012 11:54:28 AM, error: Service Control Manager [7023] - The NSNDIS5 service terminated with the following error: The specified module could not be found.
5/1/2012 11:39:30 AM, error: Service Control Manager [7023] - The Askernel service terminated with the following error: The specified module could not be found.
5/1/2012 11:24:25 AM, error: Service Control Manager [7023] - The Sqlagent$pinnaclesys service terminated with the following error: The specified module could not be found.
5/1/2012 11:09:24 AM, error: Service Control Manager [7023] - The V0070VID service terminated with the following error: The specified module could not be found.
5/1/2012 10:54:25 AM, error: Service Control Manager [7023] - The Apphostsvc service terminated with the following error: The system cannot find the file specified.
5/1/2012 10:39:23 AM, error: Service Control Manager [7023] - The Iaimtv1 service terminated with the following error: The specified module could not be found.
5/1/2012 10:24:22 AM, error: Service Control Manager [7023] - The Tga service terminated with the following error: The specified module could not be found.
5/1/2012 10:23:54 AM, error: Service Control Manager [7023] - The Wlmel51b service terminated with the following error: The specified module could not be found.
5/1/2012 1:54:14 PM, error: Service Control Manager [7023] - The CiscoVpnInstallService service terminated with the following error: The specified module could not be found.
5/1/2012 1:39:13 PM, error: Service Control Manager [7023] - The Motmodem service terminated with the following error: The specified module could not be found.
5/1/2012 1:24:15 PM, error: Service Control Manager [7023] - The Aksusb service terminated with the following error: The specified module could not be found.
5/1/2012 1:09:13 PM, error: Service Control Manager [7023] - The Ca-messagequeuing service terminated with the following error: The specified module could not be found.
4/30/2012 6:44:19 PM, error: Service Control Manager [7023] - The Awlegacy service terminated with the following error: The specified module could not be found.
4/30/2012 6:43:21 PM, error: Service Control Manager [7023] - The Lvpr2mon service terminated with the following error: The specified module could not be found.
4/30/2012 6:43:03 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
4/30/2012 6:29:48 PM, error: Service Control Manager [7023] - The CnxtHdAudService service terminated with the following error: The specified module could not be found.
4/30/2012 6:14:50 PM, error: Service Control Manager [7023] - The Se44obex service terminated with the following error: The specified module could not be found.
4/30/2012 5:59:47 PM, error: Service Control Manager [7023] - The Rnadirmultiplexor service terminated with the following error: The specified module could not be found.
4/30/2012 5:44:47 PM, error: Service Control Manager [7023] - The Btkrnl service terminated with the following error: The specified module could not be found.
4/30/2012 5:29:46 PM, error: Service Control Manager [7023] - The Symndis service terminated with the following error: The specified module could not be found.
4/30/2012 5:14:46 PM, error: Service Control Manager [7023] - The GetPlusHelper service terminated with the following error: The specified module could not be found.
4/30/2012 5:00:46 PM, error: Service Control Manager [7023] - The Savscan service terminated with the following error: The specified module could not be found.
4/30/2012 4:59:45 PM, error: Service Control Manager [7023] - The Smserial service terminated with the following error: The specified module could not be found.
4/30/2012 4:58:48 PM, error: Service Control Manager [7023] - The Wscsvc service terminated with the following error: The specified module could not be found.
4/30/2012 4:51:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
4/30/2012 4:51:13 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/30/2012 4:32:06 PM, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:06 PM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 4.0.0.0 service to connect.
4/30/2012 4:32:06 PM, error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 4.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The Remote Administrator Service service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The NVIDIA Performance Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The iTechnology iGateway 4.2 service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The eTrust ITM RPC Service service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The eTrust ITM Job Service service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7034] - The eTrust Antivirus Realtime Service service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 4:32:05 PM, error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/30/2012 4:29:16 PM, error: Service Control Manager [7023] - The Nsengine service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================



Here is ESET log:
C:\Documents and Settings\GEORGE\Application Data\Sun\Java\Deployment\cache\6.0\44\7e707b6c-3d8298ca Java/Exploit.Agent.NBI trojan
C:\Documents and Settings\GEORGE\Local Settings\Temp\hnszs0.exe a variant of Win32/Kryptik.AFAR trojan
C:\Documents and Settings\GEORGE\Local Settings\Temp\jar_cache7306834963702475441.tmp multiple threats
C:\Documents and Settings\GEORGE\Local Settings\Temp\L.class Java/Exploit.CVE-2011-3544.BK trojan
C:\Documents and Settings\GEORGE\Local Settings\Temporary Internet Files\Content.IE5\0JAXMH8Z\WinRAR.v4.01.Beta.1.x86.x64.Incl.Keygen-FFF[1].rar a variant of Win32/Keygen.AI application
C:\Documents and Settings\GEORGE\Local Settings\Temporary Internet Files\Content.IE5\2JSTM34V\gjkov[1].pdf PDF/Exploit.Pidief.NIM.Gen trojan
C:\Documents and Settings\GEORGE\Local Settings\Temporary Internet Files\Content.IE5\AQRH97T7\cfiq[1].pdf PDF/Exploit.Pidief.NIM.Gen trojan
C:\WINDOWS\system32\drivers\ipsec.sys Win32/Sirefef.DA trojan
C:\WINDOWS\Temp\jar_cache3118171932779376817.tmp multiple threats
Operating memory multiple threats

Have a good day.
remy888

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:34 AM

Posted 03 May 2012 - 05:48 PM

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • The log that the tool creates will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt. - i'd like a copy of the contents in your next reply.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#5 remy888

remy888
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 04 May 2012 - 09:27 AM

Good morning Noviciate,

Here is the logs from TDSSKiller:

09:49:32.0984 3704 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
09:49:33.0625 3704 ============================================================
09:49:33.0625 3704 Current date / time: 2012/05/04 09:49:33.0625
09:49:33.0625 3704 SystemInfo:
09:49:33.0625 3704
09:49:33.0625 3704 OS Version: 5.1.2600 ServicePack: 3.0
09:49:33.0625 3704 Product type: Workstation
09:49:33.0625 3704 ComputerName: GEORGEK
09:49:33.0625 3704 UserName: GEORGE
09:49:33.0625 3704 Windows directory: C:\WINDOWS
09:49:33.0625 3704 System windows directory: C:\WINDOWS
09:49:33.0625 3704 Processor architecture: Intel x86
09:49:33.0625 3704 Number of processors: 4
09:49:33.0625 3704 Page size: 0x1000
09:49:33.0625 3704 Boot type: Normal boot
09:49:33.0625 3704 ============================================================
09:49:35.0218 3704 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:49:35.0218 3704 ============================================================
09:49:35.0218 3704 \Device\Harddisk0\DR0:
09:49:35.0218 3704 MBR partitions:
09:49:35.0218 3704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x94DF3B5
09:49:35.0218 3704 ============================================================
09:49:35.0250 3704 C: <-> \Device\Harddisk0\DR0\Partition0
09:49:35.0265 3704 ============================================================
09:49:35.0265 3704 Initialize success
09:49:35.0265 3704 ============================================================
09:50:52.0796 3368 ============================================================
09:50:52.0796 3368 Scan started
09:50:52.0796 3368 Mode: Manual; SigCheck; TDLFS;
09:50:52.0796 3368 ============================================================
09:50:53.0015 3368 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
09:50:53.0140 3368 a2acc - ok
09:50:53.0312 3368 a2AntiMalware (0d5cb73fd036d9e904e0fc443e4e71ca) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
09:50:53.0546 3368 a2AntiMalware - ok
09:50:53.0609 3368 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
09:50:53.0640 3368 A2DDA - ok
09:50:53.0656 3368 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
09:50:53.0671 3368 a2injectiondriver - ok
09:50:53.0671 3368 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
09:50:53.0687 3368 a2util - ok
09:50:53.0828 3368 Abiosdsk - ok
09:50:53.0843 3368 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:50:54.0343 3368 abp480n5 - ok
09:50:54.0406 3368 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:50:54.0484 3368 ACPI - ok
09:50:54.0515 3368 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:50:54.0593 3368 ACPIEC - ok
09:50:54.0656 3368 ADIHdAudAddService (de25fc7de3a464e455c0d0012757b0ac) C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:50:54.0734 3368 ADIHdAudAddService - ok
09:50:54.0812 3368 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:50:54.0828 3368 AdobeFlashPlayerUpdateSvc - ok
09:50:55.0125 3368 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:50:55.0203 3368 adpu160m - ok
09:50:55.0250 3368 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:50:55.0343 3368 aec - ok
09:50:55.0375 3368 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:50:55.0468 3368 AFD - ok
09:50:55.0515 3368 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:50:55.0593 3368 agp440 - ok
09:50:55.0593 3368 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:50:55.0687 3368 agpCPQ - ok
09:50:55.0937 3368 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:50:55.0984 3368 Aha154x - ok
09:50:55.0984 3368 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:50:56.0062 3368 aic78u2 - ok
09:50:56.0078 3368 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:50:56.0156 3368 aic78xx - ok
09:50:56.0187 3368 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:50:56.0281 3368 Alerter - ok
09:50:56.0296 3368 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:50:56.0328 3368 ALG - ok
09:50:56.0343 3368 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:50:56.0421 3368 AliIde - ok
09:50:56.0421 3368 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:50:56.0515 3368 alim1541 - ok
09:50:56.0531 3368 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:50:56.0640 3368 amdagp - ok
09:50:56.0687 3368 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:50:56.0718 3368 amsint - ok
09:50:56.0718 3368 apfiltrservice - ok
09:50:56.0765 3368 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:50:56.0843 3368 AppMgmt - ok
09:50:56.0843 3368 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:50:56.0937 3368 asc - ok
09:50:56.0968 3368 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:50:57.0000 3368 asc3350p - ok
09:50:57.0015 3368 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:50:57.0093 3368 asc3550 - ok
09:50:57.0187 3368 ASFIPmon (6295dd28d0ecbc4e6e450c279fef5ed9) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
09:50:57.0203 3368 ASFIPmon - ok
09:50:57.0328 3368 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:50:57.0406 3368 aspnet_state - ok
09:50:57.0421 3368 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:50:57.0515 3368 AsyncMac - ok
09:50:57.0546 3368 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:50:57.0625 3368 atapi - ok
09:50:57.0625 3368 Atdisk - ok
09:50:57.0625 3368 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:50:57.0718 3368 Atmarpc - ok
09:50:57.0765 3368 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:50:57.0859 3368 AudioSrv - ok
09:50:57.0906 3368 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:50:57.0984 3368 audstub - ok
09:50:58.0031 3368 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:50:58.0078 3368 b57w2k - ok
09:50:58.0109 3368 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
09:50:58.0109 3368 BASFND ( UnsignedFile.Multi.Generic ) - warning
09:50:58.0109 3368 BASFND - detected UnsignedFile.Multi.Generic (1)
09:50:58.0171 3368 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:50:58.0250 3368 Beep - ok
09:50:58.0312 3368 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:50:58.0468 3368 BITS - ok
09:50:58.0546 3368 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:50:58.0625 3368 Browser - ok
09:50:58.0656 3368 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:50:58.0734 3368 cbidf - ok
09:50:58.0734 3368 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:50:58.0812 3368 cbidf2k - ok
09:50:58.0843 3368 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:50:58.0906 3368 cd20xrnt - ok
09:50:58.0921 3368 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:50:59.0000 3368 Cdaudio - ok
09:50:59.0000 3368 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:50:59.0078 3368 Cdfs - ok
09:50:59.0140 3368 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:50:59.0218 3368 Cdrom - ok
09:50:59.0218 3368 Changer - ok
09:50:59.0265 3368 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:50:59.0343 3368 CiSvc - ok
09:50:59.0343 3368 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:50:59.0421 3368 ClipSrv - ok
09:50:59.0531 3368 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:50:59.0578 3368 clr_optimization_v2.0.50727_32 - ok
09:50:59.0671 3368 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:50:59.0750 3368 clr_optimization_v4.0.30319_32 - ok
09:50:59.0781 3368 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:50:59.0875 3368 CmdIde - ok
09:50:59.0875 3368 COMSysApp - ok
09:50:59.0906 3368 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:51:00.0000 3368 Cpqarray - ok
09:51:00.0046 3368 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:51:00.0140 3368 CryptSvc - ok
09:51:00.0140 3368 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:51:00.0234 3368 dac2w2k - ok
09:51:00.0250 3368 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:51:00.0343 3368 dac960nt - ok
09:51:00.0406 3368 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:51:00.0468 3368 DcomLaunch - ok
09:51:00.0500 3368 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:51:00.0593 3368 Dhcp - ok
09:51:00.0656 3368 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:51:00.0750 3368 Disk - ok
09:51:00.0765 3368 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
09:51:00.0781 3368 DLABMFSM - ok
09:51:00.0781 3368 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
09:51:00.0796 3368 DLABOIOM - ok
09:51:00.0796 3368 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:51:00.0812 3368 DLACDBHM - ok
09:51:00.0812 3368 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
09:51:00.0828 3368 DLADResM - ok
09:51:00.0828 3368 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
09:51:00.0843 3368 DLAIFS_M - ok
09:51:00.0843 3368 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
09:51:00.0859 3368 DLAOPIOM - ok
09:51:00.0875 3368 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
09:51:00.0875 3368 DLAPoolM - ok
09:51:00.0875 3368 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
09:51:00.0890 3368 DLARTL_M - ok
09:51:00.0906 3368 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
09:51:00.0906 3368 DLAUDFAM - ok
09:51:00.0921 3368 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
09:51:00.0937 3368 DLAUDF_M - ok
09:51:00.0937 3368 dmadmin - ok
09:51:00.0968 3368 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:51:01.0140 3368 dmboot - ok
09:51:01.0171 3368 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:51:01.0296 3368 dmio - ok
09:51:01.0296 3368 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:51:01.0375 3368 dmload - ok
09:51:01.0421 3368 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:51:01.0500 3368 dmserver - ok
09:51:01.0531 3368 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:51:01.0625 3368 DMusic - ok
09:51:01.0671 3368 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:51:01.0781 3368 Dnscache - ok
09:51:02.0078 3368 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:51:02.0187 3368 Dot3svc - ok
09:51:02.0218 3368 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:51:02.0312 3368 dpti2o - ok
09:51:02.0359 3368 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:51:02.0437 3368 drmkaud - ok
09:51:02.0484 3368 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:51:02.0515 3368 DRVMCDB - ok
09:51:02.0515 3368 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:51:02.0531 3368 DRVNDDM - ok
09:51:02.0562 3368 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:51:02.0671 3368 EapHost - ok
09:51:02.0687 3368 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:51:02.0765 3368 ERSvc - ok
09:51:02.0812 3368 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:51:02.0843 3368 Eventlog - ok
09:51:02.0890 3368 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:51:02.0953 3368 EventSystem - ok
09:51:02.0984 3368 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:51:03.0078 3368 Fastfat - ok
09:51:03.0125 3368 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:51:03.0203 3368 FastUserSwitchingCompatibility - ok
09:51:03.0250 3368 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
09:51:03.0328 3368 Fax - ok
09:51:03.0343 3368 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:51:03.0437 3368 Fdc - ok
09:51:03.0453 3368 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:51:03.0546 3368 Fips - ok
09:51:03.0578 3368 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:51:03.0656 3368 Flpydisk - ok
09:51:03.0671 3368 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:51:03.0765 3368 FltMgr - ok
09:51:03.0906 3368 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:51:03.0921 3368 FontCache3.0.0.0 - ok
09:51:03.0937 3368 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:51:04.0015 3368 Fs_Rec - ok
09:51:04.0078 3368 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:51:04.0171 3368 Ftdisk - ok
09:51:04.0218 3368 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:51:04.0312 3368 Gpc - ok
09:51:04.0328 3368 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:51:04.0406 3368 HDAudBus - ok
09:51:04.0515 3368 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:51:04.0593 3368 helpsvc - ok
09:51:04.0625 3368 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:51:04.0703 3368 HidServ - ok
09:51:04.0765 3368 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:51:04.0890 3368 hidusb - ok
09:51:05.0046 3368 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:51:05.0156 3368 hkmsvc - ok
09:51:05.0265 3368 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:51:05.0343 3368 hpn - ok
09:51:05.0515 3368 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:51:05.0546 3368 HTTP - ok
09:51:05.0640 3368 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:51:05.0750 3368 HTTPFilter - ok
09:51:05.0828 3368 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:51:05.0953 3368 i2omgmt - ok
09:51:06.0062 3368 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:51:06.0171 3368 i2omp - ok
09:51:06.0375 3368 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:51:06.0500 3368 i8042prt - ok
09:51:06.0703 3368 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
09:51:06.0718 3368 IAANTMON - ok
09:51:06.0781 3368 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
09:51:06.0796 3368 iaStor - ok
09:51:07.0000 3368 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:51:07.0062 3368 idsvc - ok
09:51:07.0265 3368 iGateway (404544c1b48aac95a839f5d48cf82ba6) C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
09:51:07.0281 3368 iGateway ( UnsignedFile.Multi.Generic ) - warning
09:51:07.0281 3368 iGateway - detected UnsignedFile.Multi.Generic (1)
09:51:07.0390 3368 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:51:07.0484 3368 Imapi - ok
09:51:07.0531 3368 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:51:07.0609 3368 ImapiService - ok
09:51:07.0671 3368 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:51:07.0765 3368 ini910u - ok
09:51:07.0843 3368 InoRPC (4f7d1520bbe672fd9364a9f6f1def47c) C:\Program Files\CA\eTrustITM\InoRpc.exe
09:51:07.0859 3368 InoRPC ( UnsignedFile.Multi.Generic ) - warning
09:51:07.0859 3368 InoRPC - detected UnsignedFile.Multi.Generic (1)
09:51:07.0875 3368 InoRT (a08267418c7fd4cc79cbe392373209db) C:\Program Files\CA\eTrustITM\InoRT.exe
09:51:07.0890 3368 InoRT ( UnsignedFile.Multi.Generic ) - warning
09:51:07.0890 3368 InoRT - detected UnsignedFile.Multi.Generic (1)
09:51:07.0921 3368 InoTask (289d11b07c61f1e8f65312081b26ac6b) C:\Program Files\CA\eTrustITM\InoTask.exe
09:51:07.0937 3368 InoTask - ok
09:51:07.0984 3368 INO_FLPY (4eb3cd8cd2210807ada276542eb99b06) C:\WINDOWS\system32\Drivers\ino_flpy.sys
09:51:08.0000 3368 INO_FLPY - ok
09:51:08.0015 3368 INO_FLTR (ebfb9e788557aded04aef87247ae56dd) C:\WINDOWS\system32\Drivers\ino_fltr.sys
09:51:08.0031 3368 INO_FLTR - ok
09:51:08.0062 3368 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:51:08.0140 3368 IntelIde - ok
09:51:08.0156 3368 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:51:08.0250 3368 intelppm - ok
09:51:08.0390 3368 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
09:51:08.0406 3368 IntuitUpdateService - ok
09:51:08.0468 3368 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
09:51:08.0484 3368 IntuitUpdateServiceV4 - ok
09:51:08.0515 3368 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:51:08.0593 3368 Ip6Fw - ok
09:51:08.0609 3368 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:51:08.0687 3368 IpFilterDriver - ok
09:51:08.0703 3368 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:51:08.0781 3368 IpInIp - ok
09:51:08.0796 3368 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:51:08.0890 3368 IpNat - ok
09:51:08.0906 3368 IPSec (159d71d0f2a697513f703fcbb3d410f6) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:51:08.0921 3368 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 159d71d0f2a697513f703fcbb3d410f6, Fake md5: 23c74d75e36e7158768dd63d92789a91
09:51:08.0921 3368 IPSec ( Virus.Win32.ZAccess.k ) - infected
09:51:08.0921 3368 IPSec - detected Virus.Win32.ZAccess.k (0)
09:51:08.0921 3368 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:51:08.0953 3368 IRENUM - ok
09:51:08.0968 3368 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:51:09.0062 3368 isapnp - ok
09:51:09.0203 3368 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
09:51:09.0218 3368 JavaQuickStarterService - ok
09:51:09.0250 3368 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:51:09.0343 3368 Kbdclass - ok
09:51:09.0390 3368 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:51:09.0484 3368 kbdhid - ok
09:51:09.0515 3368 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:51:09.0609 3368 kmixer - ok
09:51:09.0671 3368 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:51:09.0812 3368 KSecDD - ok
09:51:09.0859 3368 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:51:09.0906 3368 LanmanServer - ok
09:51:09.0953 3368 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:51:10.0015 3368 lanmanworkstation - ok
09:51:10.0015 3368 lbrtfdc - ok
09:51:10.0046 3368 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:51:10.0140 3368 LmHosts - ok
09:51:10.0234 3368 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:51:10.0250 3368 MDM - ok
09:51:10.0296 3368 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:51:10.0390 3368 Messenger - ok
09:51:10.0437 3368 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:51:10.0515 3368 mnmdd - ok
09:51:10.0531 3368 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:51:10.0609 3368 mnmsrvc - ok
09:51:10.0640 3368 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:51:10.0718 3368 Modem - ok
09:51:10.0734 3368 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:51:10.0828 3368 Mouclass - ok
09:51:10.0843 3368 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:51:10.0921 3368 mouhid - ok
09:51:10.0921 3368 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:51:11.0015 3368 MountMgr - ok
09:51:11.0062 3368 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:51:11.0093 3368 MozillaMaintenance - ok
09:51:11.0109 3368 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:51:11.0203 3368 mraid35x - ok
09:51:11.0265 3368 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:51:11.0375 3368 MRxDAV - ok
09:51:11.0437 3368 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:51:11.0515 3368 MRxSmb - ok
09:51:11.0546 3368 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:51:11.0671 3368 MSDTC - ok
09:51:11.0718 3368 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:51:11.0796 3368 Msfs - ok
09:51:11.0796 3368 MSIServer - ok
09:51:11.0843 3368 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:51:11.0921 3368 MSKSSRV - ok
09:51:11.0937 3368 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:51:12.0015 3368 MSPCLOCK - ok
09:51:12.0046 3368 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:51:12.0140 3368 MSPQM - ok
09:51:12.0156 3368 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:51:12.0234 3368 mssmbios - ok
09:51:12.0296 3368 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:51:12.0343 3368 Mup - ok
09:51:12.0375 3368 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:51:12.0484 3368 napagent - ok
09:51:12.0546 3368 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:51:12.0656 3368 NDIS - ok
09:51:12.0703 3368 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:51:12.0765 3368 NdisTapi - ok
09:51:12.0812 3368 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:51:12.0890 3368 Ndisuio - ok
09:51:12.0906 3368 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:51:13.0000 3368 NdisWan - ok
09:51:13.0062 3368 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:51:13.0093 3368 NDProxy - ok
09:51:13.0109 3368 NEC Usb3 - ok
09:51:13.0125 3368 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:51:13.0203 3368 NetBIOS - ok
09:51:13.0250 3368 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:51:13.0359 3368 NetBT - ok
09:51:13.0390 3368 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:51:13.0484 3368 NetDDE - ok
09:51:13.0484 3368 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:51:13.0562 3368 NetDDEdsdm - ok
09:51:13.0609 3368 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:51:13.0703 3368 Netlogon - ok
09:51:13.0750 3368 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:51:13.0843 3368 Netman - ok
09:51:13.0984 3368 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:51:14.0031 3368 NetTcpPortSharing - ok
09:51:14.0078 3368 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:51:14.0093 3368 Nla - ok
09:51:14.0140 3368 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:51:14.0218 3368 Npfs - ok
09:51:14.0296 3368 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:51:14.0406 3368 Ntfs - ok
09:51:14.0406 3368 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:51:14.0484 3368 NtLmSsp - ok
09:51:14.0515 3368 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:51:14.0625 3368 NtmsSvc - ok
09:51:14.0656 3368 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:51:14.0750 3368 Null - ok
09:51:15.0046 3368 nv (b7ef2303b118b0994b37b6abdefb2b99) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:51:15.0406 3368 nv - ok
09:51:15.0593 3368 NVIDIA Performance Driver Service (cd5eb9cf8223973d356cff430829be63) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
09:51:15.0750 3368 NVIDIA Performance Driver Service ( UnsignedFile.Multi.Generic ) - warning
09:51:15.0750 3368 NVIDIA Performance Driver Service - detected UnsignedFile.Multi.Generic (1)
09:51:15.0875 3368 NVSvc (b9c89204c262a50fd35e9f56a24c36d9) C:\WINDOWS\system32\nvsvc32.exe
09:51:15.0890 3368 NVSvc - ok
09:51:15.0937 3368 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:51:16.0031 3368 NwlnkFlt - ok
09:51:16.0062 3368 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:51:16.0125 3368 NwlnkFwd - ok
09:51:16.0281 3368 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:51:16.0312 3368 odserv - ok
09:51:16.0359 3368 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:51:16.0390 3368 ose - ok
09:51:16.0421 3368 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:51:16.0515 3368 Parport - ok
09:51:16.0531 3368 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:51:16.0609 3368 PartMgr - ok
09:51:16.0625 3368 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:51:16.0703 3368 ParVdm - ok
09:51:16.0734 3368 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:51:16.0843 3368 PCI - ok
09:51:16.0843 3368 PCIDump - ok
09:51:16.0875 3368 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:51:16.0953 3368 PCIIde - ok
09:51:16.0984 3368 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:51:17.0093 3368 Pcmcia - ok
09:51:17.0093 3368 PDCOMP - ok
09:51:17.0093 3368 PDFRAME - ok
09:51:17.0093 3368 PDRELI - ok
09:51:17.0093 3368 PDRFRAME - ok
09:51:17.0125 3368 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:51:17.0218 3368 perc2 - ok
09:51:17.0218 3368 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:51:17.0296 3368 perc2hib - ok
09:51:17.0343 3368 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:51:17.0359 3368 PlugPlay - ok
09:51:17.0421 3368 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:51:17.0484 3368 PolicyAgent - ok
09:51:17.0531 3368 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:51:17.0609 3368 PptpMiniport - ok
09:51:17.0625 3368 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:51:17.0687 3368 ProtectedStorage - ok
09:51:17.0703 3368 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:51:17.0781 3368 PSched - ok
09:51:17.0781 3368 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:51:17.0859 3368 Ptilink - ok
09:51:17.0906 3368 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:51:17.0921 3368 PxHelp20 - ok
09:51:17.0937 3368 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:51:18.0046 3368 ql1080 - ok
09:51:18.0078 3368 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:51:18.0156 3368 Ql10wnt - ok
09:51:18.0187 3368 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:51:18.0265 3368 ql12160 - ok
09:51:18.0281 3368 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:51:18.0390 3368 ql1240 - ok
09:51:18.0406 3368 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:51:18.0515 3368 ql1280 - ok
09:51:18.0593 3368 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:51:18.0656 3368 RasAcd - ok
09:51:18.0687 3368 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:51:18.0796 3368 RasAuto - ok
09:51:18.0828 3368 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:51:18.0921 3368 Rasl2tp - ok
09:51:18.0953 3368 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:51:19.0046 3368 RasMan - ok
09:51:19.0046 3368 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:51:19.0140 3368 RasPppoe - ok
09:51:19.0171 3368 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:51:19.0265 3368 Raspti - ok
09:51:19.0281 3368 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:51:19.0390 3368 Rdbss - ok
09:51:19.0406 3368 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:51:19.0500 3368 RDPCDD - ok
09:51:19.0531 3368 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:51:19.0640 3368 rdpdr - ok
09:51:19.0687 3368 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:51:19.0750 3368 RDPWD - ok
09:51:19.0781 3368 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:51:19.0890 3368 RDSessMgr - ok
09:51:19.0937 3368 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:51:20.0015 3368 redbook - ok
09:51:20.0046 3368 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:51:20.0156 3368 RemoteAccess - ok
09:51:20.0203 3368 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:51:20.0296 3368 RemoteRegistry - ok
09:51:20.0328 3368 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:51:20.0406 3368 RpcLocator - ok
09:51:20.0468 3368 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:51:20.0484 3368 RpcSs - ok
09:51:20.0515 3368 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:51:20.0625 3368 RSVP - ok
09:51:20.0687 3368 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:51:20.0765 3368 SamSs - ok
09:51:20.0796 3368 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:51:20.0906 3368 SCardSvr - ok
09:51:20.0921 3368 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:51:21.0015 3368 Schedule - ok
09:51:21.0156 3368 SeaPort (58dc20eb15f071804c56fccc796417a2) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:51:21.0171 3368 SeaPort - ok
09:51:21.0250 3368 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:51:21.0312 3368 Secdrv - ok
09:51:21.0343 3368 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:51:21.0421 3368 seclogon - ok
09:51:21.0484 3368 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
09:51:21.0531 3368 SenFiltService - ok
09:51:21.0578 3368 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:51:21.0671 3368 SENS - ok
09:51:21.0703 3368 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:51:21.0781 3368 Serenum - ok
09:51:21.0796 3368 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:51:21.0890 3368 Serial - ok
09:51:21.0953 3368 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:51:22.0046 3368 Sfloppy - ok
09:51:22.0109 3368 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:51:22.0187 3368 SharedAccess - ok
09:51:22.0250 3368 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:51:22.0265 3368 ShellHWDetection - ok
09:51:22.0265 3368 Simbad - ok
09:51:22.0281 3368 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:51:22.0359 3368 sisagp - ok
09:51:22.0390 3368 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:51:22.0437 3368 Sparrow - ok
09:51:22.0484 3368 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:51:22.0546 3368 splitter - ok
09:51:22.0609 3368 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:51:22.0656 3368 Spooler - ok
09:51:22.0687 3368 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:51:22.0734 3368 sr - ok
09:51:22.0796 3368 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:51:22.0843 3368 srservice - ok
09:51:22.0875 3368 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:51:22.0921 3368 Srv - ok
09:51:22.0953 3368 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:51:22.0984 3368 SSDPSRV - ok
09:51:23.0031 3368 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:51:23.0140 3368 stisvc - ok
09:51:23.0234 3368 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:51:23.0281 3368 stllssvr ( UnsignedFile.Multi.Generic ) - warning
09:51:23.0281 3368 stllssvr - detected UnsignedFile.Multi.Generic (1)
09:51:23.0296 3368 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:51:23.0375 3368 swenum - ok
09:51:23.0421 3368 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:51:23.0500 3368 swmidi - ok
09:51:23.0500 3368 SwPrv - ok
09:51:23.0546 3368 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:51:23.0625 3368 symc810 - ok
09:51:23.0687 3368 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:51:23.0765 3368 symc8xx - ok
09:51:23.0765 3368 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:51:23.0859 3368 sym_hi - ok
09:51:23.0859 3368 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:51:23.0937 3368 sym_u3 - ok
09:51:23.0984 3368 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:51:24.0062 3368 sysaudio - ok
09:51:24.0109 3368 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:51:24.0187 3368 SysmonLog - ok
09:51:24.0234 3368 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:51:24.0328 3368 TapiSrv - ok
09:51:24.0390 3368 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:51:24.0421 3368 Tcpip - ok
09:51:24.0453 3368 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:51:24.0531 3368 TDPIPE - ok
09:51:24.0562 3368 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:51:24.0640 3368 TDTCP - ok
09:51:24.0671 3368 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:51:24.0750 3368 TermDD - ok
09:51:25.0171 3368 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:51:25.0265 3368 TermService - ok
09:51:25.0375 3368 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:51:25.0375 3368 Themes - ok
09:51:25.0421 3368 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:51:25.0484 3368 TlntSvr - ok
09:51:25.0500 3368 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:51:25.0578 3368 TosIde - ok
09:51:26.0140 3368 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:51:26.0281 3368 TrkWks - ok
09:51:26.0812 3368 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:51:27.0015 3368 Udfs - ok
09:51:27.0375 3368 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:51:27.0515 3368 ultra - ok
09:51:27.0906 3368 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:51:28.0031 3368 Update - ok
09:51:28.0062 3368 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:51:28.0156 3368 upnphost - ok
09:51:28.0171 3368 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:51:28.0281 3368 UPS - ok
09:51:28.0312 3368 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:51:28.0390 3368 usbccgp - ok
09:51:28.0437 3368 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:51:28.0515 3368 usbehci - ok
09:51:28.0578 3368 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:51:28.0671 3368 usbhub - ok
09:51:28.0703 3368 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:51:28.0781 3368 USBSTOR - ok
09:51:28.0796 3368 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:51:28.0875 3368 usbuhci - ok
09:51:28.0937 3368 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:51:29.0015 3368 VgaSave - ok
09:51:29.0046 3368 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:51:29.0140 3368 viaagp - ok
09:51:29.0171 3368 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:51:29.0250 3368 ViaIde - ok
09:51:29.0296 3368 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:51:29.0390 3368 VolSnap - ok
09:51:29.0453 3368 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:51:29.0515 3368 VSS - ok
09:51:29.0609 3368 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:51:29.0750 3368 w32time - ok
09:51:30.0000 3368 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:51:30.0140 3368 Wanarp - ok
09:51:30.0140 3368 WDICA - ok
09:51:30.0562 3368 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:51:30.0640 3368 wdmaud - ok
09:51:30.0718 3368 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:51:30.0812 3368 WebClient - ok
09:51:31.0343 3368 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:51:31.0437 3368 winmgmt - ok
09:51:31.0562 3368 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
09:51:31.0671 3368 WinRM - ok
09:51:31.0703 3368 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:51:31.0750 3368 WmdmPmSN - ok
09:51:31.0812 3368 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:51:31.0921 3368 Wmi - ok
09:51:32.0375 3368 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:51:32.0484 3368 WmiApSrv - ok
09:51:32.0843 3368 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:51:32.0937 3368 WMPNetworkSvc - ok
09:51:33.0265 3368 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:51:33.0781 3368 WPFFontCache_v0400 - ok
09:51:34.0140 3368 WSearch - ok
09:51:34.0187 3368 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:51:34.0281 3368 wuauserv - ok
09:51:34.0359 3368 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:51:34.0437 3368 WudfPf - ok
09:51:34.0468 3368 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:51:34.0515 3368 WudfRd - ok
09:51:34.0562 3368 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:51:34.0593 3368 WudfSvc - ok
09:51:34.0656 3368 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:51:34.0765 3368 WZCSVC - ok
09:51:34.0796 3368 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:51:34.0890 3368 xmlprov - ok
09:51:34.0921 3368 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:51:35.0046 3368 \Device\Harddisk0\DR0 - ok
09:51:35.0046 3368 Boot (0x1200) (6747163be5192d40dc1ad69b42d74efa) \Device\Harddisk0\DR0\Partition0
09:51:35.0046 3368 \Device\Harddisk0\DR0\Partition0 - ok
09:51:35.0062 3368 ============================================================
09:51:35.0062 3368 Scan finished
09:51:35.0062 3368 ============================================================
09:51:35.0187 3612 Detected object count: 7
09:51:35.0187 3612 Actual detected object count: 7
09:52:54.0953 3612 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
09:52:54.0953 3612 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:52:54.0953 3612 iGateway ( UnsignedFile.Multi.Generic ) - skipped by user
09:52:54.0953 3612 iGateway ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:52:54.0953 3612 InoRPC ( UnsignedFile.Multi.Generic ) - skipped by user
09:52:54.0953 3612 InoRPC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:52:54.0953 3612 InoRT ( UnsignedFile.Multi.Generic ) - skipped by user
09:52:54.0953 3612 InoRT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:52:55.0000 3612 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
09:52:55.0171 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\@ - copied to quarantine
09:52:55.0187 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\cfg.ini - copied to quarantine
09:52:55.0203 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\Desktop.ini - copied to quarantine
09:52:55.0234 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\L\rohepcid - copied to quarantine
09:52:55.0250 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\oemid - copied to quarantine
09:52:55.0281 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\00000001.@ - copied to quarantine
09:52:55.0312 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\00000002.@ - copied to quarantine
09:52:55.0328 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\00000004.@ - copied to quarantine
09:52:55.0343 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\80000000.@ - copied to quarantine
09:52:55.0375 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\80000004.@ - copied to quarantine
09:52:55.0421 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\80000032.@ - copied to quarantine
09:52:55.0421 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\version - copied to quarantine
09:52:56.0656 3612 Backup copy found, using it..
09:52:56.0671 3612 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
09:52:58.0125 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\@ - will be deleted on reboot
09:52:58.0125 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\cfg.ini - will be deleted on reboot
09:52:58.0125 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\Desktop.ini - will be deleted on reboot
09:52:58.0140 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\oemid - will be deleted on reboot
09:52:58.0140 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\00000001.@ - will be deleted on reboot
09:52:58.0140 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\00000002.@ - will be deleted on reboot
09:52:58.0140 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\00000004.@ - will be deleted on reboot
09:52:58.0140 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\80000000.@ - will be deleted on reboot
09:52:58.0140 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\80000004.@ - will be deleted on reboot
09:52:58.0140 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\U\80000032.@ - will be deleted on reboot
09:52:58.0140 3612 C:\WINDOWS\$NtUninstallKB11557$\1070797558\version - will be deleted on reboot
09:52:58.0140 3612 C:\WINDOWS\$NtUninstallKB11557$\2226891029 - will be deleted on reboot
09:52:58.0140 3612 IPSec ( Virus.Win32.ZAccess.k ) - User select action: Cure
09:52:58.0140 3612 NVIDIA Performance Driver Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:52:58.0140 3612 NVIDIA Performance Driver Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:52:58.0140 3612 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
09:52:58.0140 3612 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:53:39.0375 3960 Deinitialize success


Not finding log the first time I reran TDSSKiller and this is the second log:

10:02:52.0531 4952 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:02:53.0203 4952 ============================================================
10:02:53.0203 4952 Current date / time: 2012/05/04 10:02:53.0203
10:02:53.0203 4952 SystemInfo:
10:02:53.0203 4952
10:02:53.0203 4952 OS Version: 5.1.2600 ServicePack: 3.0
10:02:53.0203 4952 Product type: Workstation
10:02:53.0203 4952 ComputerName: GEORGEK
10:02:53.0203 4952 UserName: GEORGE
10:02:53.0203 4952 Windows directory: C:\WINDOWS
10:02:53.0203 4952 System windows directory: C:\WINDOWS
10:02:53.0203 4952 Processor architecture: Intel x86
10:02:53.0203 4952 Number of processors: 4
10:02:53.0203 4952 Page size: 0x1000
10:02:53.0203 4952 Boot type: Normal boot
10:02:53.0203 4952 ============================================================
10:02:56.0140 4952 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:02:56.0140 4952 ============================================================
10:02:56.0140 4952 \Device\Harddisk0\DR0:
10:02:56.0140 4952 MBR partitions:
10:02:56.0140 4952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x94DF3B5
10:02:56.0140 4952 ============================================================
10:02:56.0187 4952 C: <-> \Device\Harddisk0\DR0\Partition0
10:02:56.0187 4952 ============================================================
10:02:56.0187 4952 Initialize success
10:02:56.0187 4952 ============================================================
10:03:09.0671 5372 ============================================================
10:03:09.0671 5372 Scan started
10:03:09.0671 5372 Mode: Manual; SigCheck; TDLFS;
10:03:09.0671 5372 ============================================================
10:03:10.0250 5372 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
10:03:10.0406 5372 a2acc - ok
10:03:10.0562 5372 a2AntiMalware (0d5cb73fd036d9e904e0fc443e4e71ca) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
10:03:10.0875 5372 a2AntiMalware - ok
10:03:10.0953 5372 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
10:03:10.0968 5372 A2DDA - ok
10:03:10.0968 5372 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
10:03:10.0984 5372 a2injectiondriver - ok
10:03:10.0984 5372 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
10:03:11.0000 5372 a2util - ok
10:03:11.0125 5372 Abiosdsk - ok
10:03:11.0234 5372 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:03:11.0875 5372 abp480n5 - ok
10:03:12.0015 5372 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:03:12.0093 5372 ACPI - ok
10:03:12.0109 5372 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:03:12.0203 5372 ACPIEC - ok
10:03:12.0265 5372 ADIHdAudAddService (de25fc7de3a464e455c0d0012757b0ac) C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:03:12.0312 5372 ADIHdAudAddService - ok
10:03:12.0406 5372 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:03:12.0437 5372 AdobeFlashPlayerUpdateSvc - ok
10:03:12.0500 5372 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:03:12.0593 5372 adpu160m - ok
10:03:12.0593 5372 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:03:12.0687 5372 aec - ok
10:03:12.0953 5372 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:03:13.0062 5372 AFD - ok
10:03:13.0093 5372 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:03:13.0171 5372 agp440 - ok
10:03:13.0187 5372 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:03:13.0265 5372 agpCPQ - ok
10:03:13.0312 5372 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:03:13.0359 5372 Aha154x - ok
10:03:13.0359 5372 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:03:13.0468 5372 aic78u2 - ok
10:03:13.0484 5372 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:03:13.0562 5372 aic78xx - ok
10:03:13.0593 5372 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:03:13.0703 5372 Alerter - ok
10:03:13.0703 5372 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:03:13.0750 5372 ALG - ok
10:03:13.0765 5372 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:03:13.0859 5372 AliIde - ok
10:03:13.0875 5372 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:03:13.0953 5372 alim1541 - ok
10:03:14.0250 5372 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:03:14.0375 5372 amdagp - ok
10:03:14.0421 5372 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:03:14.0468 5372 amsint - ok
10:03:14.0468 5372 apfiltrservice - ok
10:03:14.0515 5372 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:03:14.0593 5372 AppMgmt - ok
10:03:14.0625 5372 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:03:14.0718 5372 asc - ok
10:03:14.0750 5372 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:03:14.0796 5372 asc3350p - ok
10:03:14.0796 5372 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:03:14.0890 5372 asc3550 - ok
10:03:15.0265 5372 ASFIPmon (6295dd28d0ecbc4e6e450c279fef5ed9) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
10:03:15.0265 5372 ASFIPmon - ok
10:03:15.0437 5372 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:03:15.0515 5372 aspnet_state - ok
10:03:15.0546 5372 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:03:15.0640 5372 AsyncMac - ok
10:03:15.0687 5372 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:03:15.0781 5372 atapi - ok
10:03:15.0796 5372 Atdisk - ok
10:03:15.0796 5372 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:03:15.0890 5372 Atmarpc - ok
10:03:15.0953 5372 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:03:16.0031 5372 AudioSrv - ok
10:03:16.0078 5372 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:03:16.0156 5372 audstub - ok
10:03:16.0203 5372 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:03:16.0250 5372 b57w2k - ok
10:03:16.0328 5372 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
10:03:16.0328 5372 BASFND ( UnsignedFile.Multi.Generic ) - warning
10:03:16.0328 5372 BASFND - detected UnsignedFile.Multi.Generic (1)
10:03:16.0375 5372 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:03:16.0453 5372 Beep - ok
10:03:16.0765 5372 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:03:16.0937 5372 BITS - ok
10:03:17.0000 5372 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:03:17.0093 5372 Browser - ok
10:03:17.0093 5372 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:03:17.0187 5372 cbidf - ok
10:03:17.0187 5372 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:03:17.0265 5372 cbidf2k - ok
10:03:17.0296 5372 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:03:17.0343 5372 cd20xrnt - ok
10:03:17.0375 5372 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:03:17.0437 5372 Cdaudio - ok
10:03:17.0453 5372 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:03:17.0546 5372 Cdfs - ok
10:03:17.0593 5372 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:03:17.0671 5372 Cdrom - ok
10:03:17.0687 5372 Changer - ok
10:03:17.0718 5372 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:03:17.0796 5372 CiSvc - ok
10:03:17.0796 5372 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:03:17.0875 5372 ClipSrv - ok
10:03:17.0984 5372 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:03:18.0031 5372 clr_optimization_v2.0.50727_32 - ok
10:03:18.0140 5372 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:03:18.0218 5372 clr_optimization_v4.0.30319_32 - ok
10:03:18.0234 5372 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:03:18.0328 5372 CmdIde - ok
10:03:18.0328 5372 COMSysApp - ok
10:03:18.0390 5372 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:03:18.0484 5372 Cpqarray - ok
10:03:18.0546 5372 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:03:18.0625 5372 CryptSvc - ok
10:03:18.0640 5372 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:03:18.0734 5372 dac2w2k - ok
10:03:18.0765 5372 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:03:18.0843 5372 dac960nt - ok
10:03:18.0906 5372 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:03:18.0968 5372 DcomLaunch - ok
10:03:19.0015 5372 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:03:19.0109 5372 Dhcp - ok
10:03:19.0156 5372 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:03:19.0234 5372 Disk - ok
10:03:19.0265 5372 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
10:03:19.0281 5372 DLABMFSM - ok
10:03:19.0281 5372 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
10:03:19.0296 5372 DLABOIOM - ok
10:03:19.0296 5372 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:03:19.0312 5372 DLACDBHM - ok
10:03:19.0312 5372 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
10:03:19.0328 5372 DLADResM - ok
10:03:19.0328 5372 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
10:03:19.0343 5372 DLAIFS_M - ok
10:03:19.0343 5372 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
10:03:19.0359 5372 DLAOPIOM - ok
10:03:19.0359 5372 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
10:03:19.0375 5372 DLAPoolM - ok
10:03:19.0375 5372 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
10:03:19.0390 5372 DLARTL_M - ok
10:03:19.0406 5372 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
10:03:19.0421 5372 DLAUDFAM - ok
10:03:19.0421 5372 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
10:03:19.0437 5372 DLAUDF_M - ok
10:03:19.0437 5372 dmadmin - ok
10:03:19.0484 5372 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:03:19.0625 5372 dmboot - ok
10:03:19.0671 5372 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:03:19.0781 5372 dmio - ok
10:03:19.0781 5372 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:03:19.0875 5372 dmload - ok
10:03:19.0921 5372 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:03:20.0000 5372 dmserver - ok
10:03:20.0062 5372 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:03:20.0140 5372 DMusic - ok
10:03:20.0187 5372 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:03:20.0296 5372 Dnscache - ok
10:03:20.0343 5372 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:03:20.0437 5372 Dot3svc - ok
10:03:20.0500 5372 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:03:20.0578 5372 dpti2o - ok
10:03:20.0640 5372 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:03:20.0703 5372 drmkaud - ok
10:03:20.0765 5372 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:03:20.0781 5372 DRVMCDB - ok
10:03:20.0828 5372 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:03:20.0828 5372 DRVNDDM - ok
10:03:20.0859 5372 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:03:20.0953 5372 EapHost - ok
10:03:20.0953 5372 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:03:21.0046 5372 ERSvc - ok
10:03:21.0093 5372 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:03:21.0109 5372 Eventlog - ok
10:03:21.0187 5372 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:03:21.0250 5372 EventSystem - ok
10:03:21.0281 5372 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:03:21.0375 5372 Fastfat - ok
10:03:21.0421 5372 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:03:21.0500 5372 FastUserSwitchingCompatibility - ok
10:03:21.0546 5372 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
10:03:21.0640 5372 Fax - ok
10:03:21.0656 5372 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:03:21.0734 5372 Fdc - ok
10:03:21.0750 5372 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:03:21.0859 5372 Fips - ok
10:03:21.0906 5372 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:03:21.0984 5372 Flpydisk - ok
10:03:22.0000 5372 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:03:22.0078 5372 FltMgr - ok
10:03:22.0218 5372 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:03:22.0234 5372 FontCache3.0.0.0 - ok
10:03:22.0250 5372 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:03:22.0328 5372 Fs_Rec - ok
10:03:22.0359 5372 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:03:22.0453 5372 Ftdisk - ok
10:03:22.0515 5372 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:03:22.0609 5372 Gpc - ok
10:03:22.0656 5372 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:03:22.0750 5372 HDAudBus - ok
10:03:22.0828 5372 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:03:22.0906 5372 helpsvc - ok
10:03:22.0937 5372 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:03:23.0031 5372 HidServ - ok
10:03:23.0078 5372 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:03:23.0156 5372 hidusb - ok
10:03:23.0187 5372 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:03:23.0296 5372 hkmsvc - ok
10:03:23.0328 5372 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:03:23.0406 5372 hpn - ok
10:03:23.0656 5372 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:03:23.0703 5372 HTTP - ok
10:03:23.0734 5372 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:03:23.0843 5372 HTTPFilter - ok
10:03:23.0875 5372 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:03:23.0968 5372 i2omgmt - ok
10:03:24.0015 5372 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:03:24.0093 5372 i2omp - ok
10:03:24.0109 5372 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:03:24.0203 5372 i8042prt - ok
10:03:24.0343 5372 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
10:03:24.0359 5372 IAANTMON - ok
10:03:24.0421 5372 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
10:03:24.0437 5372 iaStor - ok
10:03:24.0609 5372 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:03:24.0687 5372 idsvc - ok
10:03:24.0812 5372 iGateway (404544c1b48aac95a839f5d48cf82ba6) C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
10:03:24.0828 5372 iGateway ( UnsignedFile.Multi.Generic ) - warning
10:03:24.0828 5372 iGateway - detected UnsignedFile.Multi.Generic (1)
10:03:24.0937 5372 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:03:25.0031 5372 Imapi - ok
10:03:25.0062 5372 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:03:25.0156 5372 ImapiService - ok
10:03:25.0187 5372 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:03:25.0265 5372 ini910u - ok
10:03:25.0359 5372 InoRPC (4f7d1520bbe672fd9364a9f6f1def47c) C:\Program Files\CA\eTrustITM\InoRpc.exe
10:03:25.0390 5372 InoRPC ( UnsignedFile.Multi.Generic ) - warning
10:03:25.0390 5372 InoRPC - detected UnsignedFile.Multi.Generic (1)
10:03:25.0406 5372 InoRT (a08267418c7fd4cc79cbe392373209db) C:\Program Files\CA\eTrustITM\InoRT.exe
10:03:25.0406 5372 InoRT ( UnsignedFile.Multi.Generic ) - warning
10:03:25.0406 5372 InoRT - detected UnsignedFile.Multi.Generic (1)
10:03:25.0453 5372 InoTask (289d11b07c61f1e8f65312081b26ac6b) C:\Program Files\CA\eTrustITM\InoTask.exe
10:03:25.0468 5372 InoTask - ok
10:03:25.0515 5372 INO_FLPY (4eb3cd8cd2210807ada276542eb99b06) C:\WINDOWS\system32\Drivers\ino_flpy.sys
10:03:25.0515 5372 INO_FLPY - ok
10:03:25.0531 5372 INO_FLTR (ebfb9e788557aded04aef87247ae56dd) C:\WINDOWS\system32\Drivers\ino_fltr.sys
10:03:25.0546 5372 INO_FLTR - ok
10:03:25.0578 5372 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:03:25.0656 5372 IntelIde - ok
10:03:25.0687 5372 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:03:25.0781 5372 intelppm - ok
10:03:25.0890 5372 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
10:03:25.0906 5372 IntuitUpdateService - ok
10:03:25.0968 5372 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
10:03:25.0984 5372 IntuitUpdateServiceV4 - ok
10:03:26.0000 5372 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:03:26.0078 5372 Ip6Fw - ok
10:03:26.0078 5372 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:03:26.0156 5372 IpFilterDriver - ok
10:03:26.0187 5372 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:03:26.0265 5372 IpInIp - ok
10:03:26.0312 5372 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:03:26.0406 5372 IpNat - ok
10:03:26.0437 5372 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:03:26.0515 5372 IPSec - ok
10:03:26.0531 5372 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:03:26.0562 5372 IRENUM - ok
10:03:26.0578 5372 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:03:26.0671 5372 isapnp - ok
10:03:26.0812 5372 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
10:03:26.0828 5372 JavaQuickStarterService - ok
10:03:26.0875 5372 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:03:26.0953 5372 Kbdclass - ok
10:03:27.0000 5372 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:03:27.0078 5372 kbdhid - ok
10:03:27.0140 5372 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:03:27.0218 5372 kmixer - ok
10:03:27.0265 5372 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:03:27.0375 5372 KSecDD - ok
10:03:27.0421 5372 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:03:27.0484 5372 LanmanServer - ok
10:03:27.0531 5372 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:03:27.0593 5372 lanmanworkstation - ok
10:03:27.0593 5372 lbrtfdc - ok
10:03:27.0640 5372 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:03:27.0734 5372 LmHosts - ok
10:03:27.0843 5372 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:03:27.0859 5372 MDM - ok
10:03:27.0921 5372 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:03:28.0015 5372 Messenger - ok
10:03:28.0062 5372 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:03:28.0140 5372 mnmdd - ok
10:03:28.0156 5372 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:03:28.0250 5372 mnmsrvc - ok
10:03:28.0281 5372 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:03:28.0359 5372 Modem - ok
10:03:28.0375 5372 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:03:28.0468 5372 Mouclass - ok
10:03:28.0484 5372 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:03:28.0562 5372 mouhid - ok
10:03:28.0578 5372 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:03:28.0656 5372 MountMgr - ok
10:03:28.0718 5372 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:03:28.0750 5372 MozillaMaintenance - ok
10:03:28.0796 5372 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:03:28.0875 5372 mraid35x - ok
10:03:28.0921 5372 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:03:29.0031 5372 MRxDAV - ok
10:03:29.0093 5372 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:03:29.0187 5372 MRxSmb - ok
10:03:29.0218 5372 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:03:29.0296 5372 MSDTC - ok
10:03:29.0359 5372 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:03:29.0437 5372 Msfs - ok
10:03:29.0437 5372 MSIServer - ok
10:03:29.0468 5372 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:03:29.0578 5372 MSKSSRV - ok
10:03:29.0609 5372 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:03:29.0687 5372 MSPCLOCK - ok
10:03:29.0703 5372 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:03:29.0812 5372 MSPQM - ok
10:03:29.0828 5372 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:03:29.0906 5372 mssmbios - ok
10:03:29.0953 5372 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:03:30.0015 5372 Mup - ok
10:03:30.0046 5372 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:03:30.0156 5372 napagent - ok
10:03:30.0203 5372 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:03:30.0312 5372 NDIS - ok
10:03:30.0343 5372 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:03:30.0390 5372 NdisTapi - ok
10:03:30.0406 5372 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:03:30.0484 5372 Ndisuio - ok
10:03:30.0500 5372 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:03:30.0578 5372 NdisWan - ok
10:03:30.0640 5372 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:03:30.0671 5372 NDProxy - ok
10:03:30.0687 5372 NEC Usb3 - ok
10:03:30.0734 5372 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:03:30.0812 5372 NetBIOS - ok
10:03:30.0859 5372 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:03:30.0953 5372 NetBT - ok
10:03:30.0984 5372 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:03:31.0093 5372 NetDDE - ok
10:03:31.0109 5372 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:03:31.0187 5372 NetDDEdsdm - ok
10:03:31.0234 5372 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:03:31.0312 5372 Netlogon - ok
10:03:31.0343 5372 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:03:31.0437 5372 Netman - ok
10:03:31.0578 5372 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:03:31.0625 5372 NetTcpPortSharing - ok
10:03:31.0671 5372 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:03:31.0687 5372 Nla - ok
10:03:31.0750 5372 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:03:31.0828 5372 Npfs - ok
10:03:31.0906 5372 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:03:32.0000 5372 Ntfs - ok
10:03:32.0015 5372 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:03:32.0093 5372 NtLmSsp - ok
10:03:32.0140 5372 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:03:32.0234 5372 NtmsSvc - ok
10:03:32.0265 5372 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:03:32.0343 5372 Null - ok
10:03:32.0625 5372 nv (b7ef2303b118b0994b37b6abdefb2b99) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:03:33.0031 5372 nv - ok
10:03:33.0218 5372 NVIDIA Performance Driver Service (cd5eb9cf8223973d356cff430829be63) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
10:03:33.0375 5372 NVIDIA Performance Driver Service ( UnsignedFile.Multi.Generic ) - warning
10:03:33.0375 5372 NVIDIA Performance Driver Service - detected UnsignedFile.Multi.Generic (1)
10:03:33.0546 5372 NVSvc (b9c89204c262a50fd35e9f56a24c36d9) C:\WINDOWS\system32\nvsvc32.exe
10:03:33.0562 5372 NVSvc - ok
10:03:33.0609 5372 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:03:33.0703 5372 NwlnkFlt - ok
10:03:33.0734 5372 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:03:33.0812 5372 NwlnkFwd - ok
10:03:33.0968 5372 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:03:34.0000 5372 odserv - ok
10:03:34.0046 5372 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:03:34.0062 5372 ose - ok
10:03:34.0109 5372 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:03:34.0187 5372 Parport - ok
10:03:34.0203 5372 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:03:34.0281 5372 PartMgr - ok
10:03:34.0312 5372 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:03:34.0375 5372 ParVdm - ok
10:03:34.0437 5372 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:03:34.0515 5372 PCI - ok
10:03:34.0531 5372 PCIDump - ok
10:03:34.0578 5372 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:03:34.0656 5372 PCIIde - ok
10:03:34.0687 5372 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:03:34.0796 5372 Pcmcia - ok
10:03:34.0796 5372 PDCOMP - ok
10:03:34.0796 5372 PDFRAME - ok
10:03:34.0812 5372 PDRELI - ok
10:03:34.0812 5372 PDRFRAME - ok
10:03:34.0859 5372 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:03:34.0937 5372 perc2 - ok
10:03:34.0968 5372 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:03:35.0062 5372 perc2hib - ok
10:03:35.0125 5372 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:03:35.0140 5372 PlugPlay - ok
10:03:35.0187 5372 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:03:35.0265 5372 PolicyAgent - ok
10:03:35.0312 5372 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:03:35.0390 5372 PptpMiniport - ok
10:03:35.0406 5372 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:03:35.0468 5372 ProtectedStorage - ok
10:03:35.0484 5372 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:03:35.0562 5372 PSched - ok
10:03:35.0562 5372 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:03:35.0640 5372 Ptilink - ok
10:03:35.0687 5372 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:03:35.0703 5372 PxHelp20 - ok
10:03:35.0734 5372 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:03:35.0843 5372 ql1080 - ok
10:03:35.0875 5372 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:03:35.0953 5372 Ql10wnt - ok
10:03:35.0984 5372 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:03:36.0062 5372 ql12160 - ok
10:03:36.0078 5372 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:03:36.0187 5372 ql1240 - ok
10:03:36.0218 5372 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:03:36.0328 5372 ql1280 - ok
10:03:36.0343 5372 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:03:36.0421 5372 RasAcd - ok
10:03:36.0453 5372 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:03:36.0562 5372 RasAuto - ok
10:03:36.0578 5372 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:03:36.0656 5372 Rasl2tp - ok
10:03:36.0703 5372 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:03:36.0781 5372 RasMan - ok
10:03:36.0796 5372 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:03:36.0890 5372 RasPppoe - ok
10:03:36.0921 5372 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:03:37.0015 5372 Raspti - ok
10:03:37.0046 5372 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:03:37.0140 5372 Rdbss - ok
10:03:37.0156 5372 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:03:37.0234 5372 RDPCDD - ok
10:03:37.0265 5372 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:03:37.0375 5372 rdpdr - ok
10:03:37.0406 5372 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:03:37.0453 5372 RDPWD - ok
10:03:37.0484 5372 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:03:37.0593 5372 RDSessMgr - ok
10:03:37.0656 5372 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:03:37.0734 5372 redbook - ok
10:03:37.0781 5372 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:03:37.0890 5372 RemoteAccess - ok
10:03:37.0937 5372 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:03:38.0015 5372 RemoteRegistry - ok
10:03:38.0062 5372 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:03:38.0140 5372 RpcLocator - ok
10:03:38.0203 5372 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:03:38.0218 5372 RpcSs - ok
10:03:38.0265 5372 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:03:38.0359 5372 RSVP - ok
10:03:38.0406 5372 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:03:38.0484 5372 SamSs - ok
10:03:38.0515 5372 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:03:38.0625 5372 SCardSvr - ok
10:03:38.0640 5372 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:03:38.0734 5372 Schedule - ok
10:03:38.0875 5372 SeaPort (58dc20eb15f071804c56fccc796417a2) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:03:38.0890 5372 SeaPort - ok
10:03:38.0968 5372 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:03:39.0031 5372 Secdrv - ok
10:03:39.0078 5372 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:03:39.0156 5372 seclogon - ok
10:03:39.0187 5372 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
10:03:39.0218 5372 SenFiltService - ok
10:03:39.0218 5372 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:03:39.0296 5372 SENS - ok
10:03:39.0312 5372 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:03:39.0390 5372 Serenum - ok
10:03:39.0421 5372 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:03:39.0515 5372 Serial - ok
10:03:39.0578 5372 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:03:39.0671 5372 Sfloppy - ok
10:03:39.0734 5372 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:03:39.0843 5372 SharedAccess - ok
10:03:39.0875 5372 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:03:39.0890 5372 ShellHWDetection - ok
10:03:39.0890 5372 Simbad - ok
10:03:39.0937 5372 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:03:40.0031 5372 sisagp - ok
10:03:40.0062 5372 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:03:40.0125 5372 Sparrow - ok
10:03:40.0171 5372 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:03:40.0250 5372 splitter - ok
10:03:40.0296 5372 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:03:40.0343 5372 Spooler - ok
10:03:40.0390 5372 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:03:40.0437 5372 sr - ok
10:03:40.0500 5372 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:03:40.0546 5372 srservice - ok
10:03:40.0578 5372 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:03:40.0671 5372 Srv - ok
10:03:40.0687 5372 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:03:40.0734 5372 SSDPSRV - ok
10:03:40.0781 5372 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:03:40.0906 5372 stisvc - ok
10:03:41.0000 5372 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:03:41.0031 5372 stllssvr ( UnsignedFile.Multi.Generic ) - warning
10:03:41.0031 5372 stllssvr - detected UnsignedFile.Multi.Generic (1)
10:03:41.0031 5372 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:03:41.0109 5372 swenum - ok
10:03:41.0156 5372 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:03:41.0250 5372 swmidi - ok
10:03:41.0250 5372 SwPrv - ok
10:03:41.0296 5372 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:03:41.0375 5372 symc810 - ok
10:03:41.0406 5372 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:03:41.0484 5372 symc8xx - ok
10:03:41.0484 5372 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:03:41.0578 5372 sym_hi - ok
10:03:41.0578 5372 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:03:41.0656 5372 sym_u3 - ok
10:03:41.0703 5372 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:03:41.0796 5372 sysaudio - ok
10:03:41.0843 5372 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:03:41.0937 5372 SysmonLog - ok
10:03:41.0968 5372 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:03:42.0078 5372 TapiSrv - ok
10:03:42.0140 5372 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:03:42.0187 5372 Tcpip - ok
10:03:42.0203 5372 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:03:42.0281 5372 TDPIPE - ok
10:03:42.0328 5372 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:03:42.0406 5372 TDTCP - ok
10:03:42.0421 5372 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:03:42.0500 5372 TermDD - ok
10:03:42.0578 5372 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:03:42.0671 5372 TermService - ok
10:03:42.0718 5372 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:03:42.0718 5372 Themes - ok
10:03:42.0750 5372 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:03:42.0796 5372 TlntSvr - ok
10:03:42.0828 5372 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:03:42.0906 5372 TosIde - ok
10:03:42.0937 5372 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:03:43.0015 5372 TrkWks - ok
10:03:43.0062 5372 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:03:43.0156 5372 Udfs - ok
10:03:43.0203 5372 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:03:43.0265 5372 ultra - ok
10:03:43.0296 5372 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:03:43.0390 5372 Update - ok
10:03:43.0453 5372 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:03:43.0531 5372 upnphost - ok
10:03:43.0562 5372 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:03:43.0656 5372 UPS - ok
10:03:43.0750 5372 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:03:43.0828 5372 usbccgp - ok
10:03:43.0843 5372 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:03:43.0921 5372 usbehci - ok
10:03:43.0984 5372 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:03:44.0062 5372 usbhub - ok
10:03:44.0093 5372 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:03:44.0171 5372 USBSTOR - ok
10:03:44.0187 5372 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:03:44.0265 5372 usbuhci - ok
10:03:44.0328 5372 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:03:44.0421 5372 VgaSave - ok
10:03:44.0468 5372 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:03:44.0578 5372 viaagp - ok
10:03:44.0609 5372 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:03:44.0687 5372 ViaIde - ok
10:03:44.0765 5372 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:03:44.0875 5372 VolSnap - ok
10:03:44.0921 5372 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:03:44.0968 5372 VSS - ok
10:03:45.0015 5372 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:03:45.0093 5372 w32time - ok
10:03:45.0109 5372 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:03:45.0203 5372 Wanarp - ok
10:03:45.0203 5372 WDICA - ok
10:03:45.0265 5372 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:03:45.0343 5372 wdmaud - ok
10:03:45.0421 5372 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:03:45.0500 5372 WebClient - ok
10:03:45.0593 5372 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:03:45.0671 5372 winmgmt - ok
10:03:45.0734 5372 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
10:03:45.0843 5372 WinRM - ok
10:03:45.0906 5372 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:03:45.0984 5372 WmdmPmSN - ok
10:03:46.0046 5372 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:03:46.0140 5372 Wmi - ok
10:03:46.0218 5372 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:03:46.0296 5372 WmiApSrv - ok
10:03:46.0453 5372 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:03:46.0546 5372 WMPNetworkSvc - ok
10:03:46.0750 5372 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:03:46.0828 5372 WPFFontCache_v0400 - ok
10:03:46.0906 5372 WSearch - ok
10:03:46.0953 5372 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:03:47.0031 5372 wuauserv - ok
10:03:47.0078 5372 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:03:47.0156 5372 WudfPf - ok
10:03:47.0171 5372 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:03:47.0203 5372 WudfRd - ok
10:03:47.0234 5372 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:03:47.0281 5372 WudfSvc - ok
10:03:47.0343 5372 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:03:47.0453 5372 WZCSVC - ok
10:03:47.0468 5372 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:03:47.0562 5372 xmlprov - ok
10:03:47.0593 5372 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:03:47.0718 5372 \Device\Harddisk0\DR0 - ok
10:03:47.0734 5372 Boot (0x1200) (6747163be5192d40dc1ad69b42d74efa) \Device\Harddisk0\DR0\Partition0
10:03:47.0734 5372 \Device\Harddisk0\DR0\Partition0 - ok
10:03:47.0734 5372 ============================================================
10:03:47.0734 5372 Scan finished
10:03:47.0734 5372 ============================================================
10:03:47.0843 5340 Detected object count: 6
10:03:47.0843 5340 Actual detected object count: 6
10:03:56.0546 5340 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:56.0546 5340 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:03:56.0546 5340 iGateway ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:56.0546 5340 iGateway ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:03:56.0546 5340 InoRPC ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:56.0546 5340 InoRPC ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:03:56.0546 5340 InoRT ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:56.0546 5340 InoRT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:03:56.0546 5340 NVIDIA Performance Driver Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:56.0546 5340 NVIDIA Performance Driver Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:03:56.0546 5340 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
10:03:56.0546 5340 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:12.0625 4924 Deinitialize success

Thanks,
remy888

Edited by remy888, 04 May 2012 - 02:15 PM.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:34 AM

Posted 04 May 2012 - 03:33 PM

Good evening. :)

I trust that you rebooted the PC after the first TDSSKiller run - if not, tell me. Also, how is the PC behaving now?

So long, and thanks for all the fish.

 

 


#7 remy888

remy888
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 04 May 2012 - 03:57 PM

Hi Noviciate,

I did reboot PC after first TDDSKiller run. The PC runs better than before thanks to your help.

IE browser does not appear to be redirecting at the moment, but occasionally when I click open IE, I will get a popup from Emsisoft (installed after I ended up with this Win32/sirefef.EB virus via a google search,not much help without your assistance) that indicates malware being blocked (re:altfarm.mediaplex.com).

The popup from Emsisoft states:
Anti- Malware has detected a connection attempt to the suspicious host:
leadback.ihg.db.advertising.com or dd.yieldmanager.com
The connection has been blocked automatically.

Apparently the bugger is persistent and wants to seek a connection?

Thanks,
remy888

Edited by remy888, 04 May 2012 - 05:10 PM.


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:34 AM

Posted 04 May 2012 - 05:11 PM

Run the PC for 24 hours, throwing in at least one reboot, and then post a fresh DDS log and tell me how the PC is behaving and we'll take it from there.

Edited by Noviciate, 04 May 2012 - 05:12 PM.

So long, and thanks for all the fish.

 

 


#9 remy888

remy888
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 04 May 2012 - 05:16 PM

I normally would have left PC running but will not be here for the weekend. Do you still want me to leave PC on for the weekend? I could then post log on Monday?

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:34 AM

Posted 05 May 2012 - 01:35 PM

Good evening. :)

As long as you give it a bit of a run before you create the logs it doesn't matter whether you turn it off or not.

So long, and thanks for all the fish.

 

 


#11 remy888

remy888
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 08 May 2012 - 10:04 AM

Good morning Noviciate,

I have ran the PC for 24 hours as per your instructions with at least 1 reboot. The PC is running much faster and there does not appear to be any IE nor Firefox redirects so far, other than a few popups from Emsisoft stating:

Anti- Malware has detected a connection attempt to the suspicious host:
leadback.ihg.db.advertising.com or dd.yieldmanager.com etc.....
The connection has been blocked automatically.

Is this normal?



Attached please find DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by GEORGE at 10:31:06 on 2012-05-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1316 [GMT -4:00]
.
AV: eTrust ITM *Enabled/Updated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.
============== Running Processes ===============
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\emsisoft anti-malware\a2guard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.live.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyServer = 192.168.2.10:8888
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Realtime Monitor] "c:\program files\ca\etrustitm\realmon.exe" -s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxps://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254865275203
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.25 192.168.1.30
TCP: Interfaces\{2CB3641E-629A-49E5-813F-719996BFB58A} : DhcpNameServer = 192.168.0.25 192.168.1.30
Notify: intelUsb3Sevices - usbniw32.dll
Notify: usbniw32 - usbniw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\george\application data\mozilla\firefox\profiles\uefohymq.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-5-2 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2012-5-2 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2012-5-2 11776]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-5-2 3065120]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-9-10 3653632]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-5-2 51632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NEC Usb3;NEC USB3 Service;c:\windows\system32\svchost.exe -k NECUsb3s [2008-4-25 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-04 13:52:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-03 20:03:05 -------- d-----w- c:\program files\ESET
2012-05-02 18:21:49 7680 ----a-w- c:\windows\2639218.exe
2012-05-02 17:36:20 7680 ----a-w- c:\windows\13615562.exe
2012-05-02 14:12:19 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-04-30 20:29:14 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-30 20:27:57 -------- d-----w- c:\program files\common files\MPEG
2012-04-30 20:27:57 -------- d-----w- c:\documents and settings\all users\application data\B7E8587A000391E3000392C4D151FC4E
2012-04-30 20:27:49 -------- d-----w- c:\documents and settings\george\application data\Ycel
2012-04-30 20:27:49 -------- d-----w- c:\documents and settings\george\application data\Epniu
2012-04-30 20:27:49 -------- d-----w- c:\documents and settings\george\application data\Dyiqw
2012-04-25 14:11:55 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 14:11:50 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-25 14:11:50 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-04 13:55:21 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-04-25 14:38:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-25 14:38:20 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-22 15:22:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-22 15:22:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 10:31:52.20 ===============


Attached please find attach log:
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/20/2009 11:26:00 AM
System Uptime: 5/7/2012 6:11:02 PM (16 hours ago)
.
Motherboard: Dell Inc. | | 0TP412
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 43.566 GiB free.
D: is CDROM ()
E: is NetworkDisk (NTFS) - 434 GiB total, 405.265 GiB free.
F: is NetworkDisk (NTFS) - 434 GiB total, 405.265 GiB free.
G: is NetworkDisk (NTFS) - 434 GiB total, 405.265 GiB free.
H: is NetworkDisk (NTFS) - 434 GiB total, 405.265 GiB free.
I: is NetworkDisk (NTFS) - 434 GiB total, 405.265 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP548: 2/8/2012 5:01:13 PM - System Checkpoint
RP549: 2/15/2012 10:17:38 AM - Software Distribution Service 3.0
RP550: 2/15/2012 4:06:06 PM - Removed Java™ 6 Update 21
RP551: 2/15/2012 4:06:24 PM - Installed Java™ 6 Update 31
RP552: 2/17/2012 12:59:47 PM - System Checkpoint
RP553: 2/21/2012 1:30:11 PM - Removed Java™ 6 Update 31
RP554: 2/21/2012 1:32:15 PM - Installed J2SE Runtime Environment 5.0 Update 1
RP555: 2/22/2012 10:22:22 AM - Installed Java™ 6 Update 29
RP556: 2/23/2012 11:12:49 AM - System Checkpoint
RP557: 2/24/2012 1:09:50 PM - System Checkpoint
RP558: 2/24/2012 3:36:45 PM - Installed TurboTax 2011 wrapper
RP559: 2/24/2012 3:53:03 PM - Installed TurboTax 2011 wnjiper
RP560: 2/24/2012 3:53:09 PM - Installed TurboTax 2011 wnyiper
RP561: 2/24/2012 3:53:18 PM - Installed TurboTax 2011 wmaiper
RP562: 2/27/2012 2:31:35 PM - System Checkpoint
RP563: 2/29/2012 7:55:49 PM - System Checkpoint
RP564: 3/2/2012 1:13:02 PM - System Checkpoint
RP565: 3/7/2012 2:58:11 PM - System Checkpoint
RP566: 3/9/2012 1:07:08 PM - System Checkpoint
RP567: 3/14/2012 5:31:35 PM - Software Distribution Service 3.0
RP568: 3/16/2012 1:11:55 PM - System Checkpoint
RP569: 3/19/2012 10:38:28 AM - System Checkpoint
RP570: 3/20/2012 1:09:07 PM - System Checkpoint
RP571: 3/21/2012 7:50:21 PM - System Checkpoint
RP572: 3/23/2012 12:57:58 PM - System Checkpoint
RP573: 3/26/2012 10:38:54 AM - System Checkpoint
RP574: 3/27/2012 7:34:25 PM - System Checkpoint
RP575: 3/29/2012 10:45:55 AM - System Checkpoint
RP576: 3/30/2012 11:40:50 AM - Installed Microsoft Office Professional Plus 2007
RP577: 3/30/2012 12:31:17 PM - Software Distribution Service 3.0
RP578: 3/30/2012 12:59:17 PM - Software Distribution Service 3.0
RP579: 3/30/2012 1:11:08 PM - Software Distribution Service 3.0
RP580: 3/30/2012 2:49:44 PM - Software Distribution Service 3.0
RP581: 3/30/2012 3:24:07 PM - Software Distribution Service 3.0
RP582: 3/30/2012 3:50:32 PM - Software Distribution Service 3.0
RP583: 4/3/2012 12:15:48 PM - System Checkpoint
RP584: 4/4/2012 1:02:43 PM - System Checkpoint
RP585: 4/5/2012 1:13:30 PM - System Checkpoint
RP586: 4/9/2012 3:36:06 PM - System Checkpoint
RP587: 4/11/2012 10:57:48 AM - Software Distribution Service 3.0
RP588: 4/12/2012 11:42:07 AM - System Checkpoint
RP589: 4/17/2012 3:15:45 PM - System Checkpoint
RP590: 4/18/2012 10:26:58 AM - Software Distribution Service 3.0
RP591: 4/24/2012 1:11:14 PM - System Checkpoint
RP592: 4/25/2012 1:56:50 PM - System Checkpoint
RP593: 4/27/2012 1:14:00 PM - System Checkpoint
RP594: 4/30/2012 6:56:39 PM - Restore Operation
RP595: 4/30/2012 6:59:45 PM - Restore Operation
RP596: 5/3/2012 7:18:38 PM - System Checkpoint
RP597: 5/7/2012 7:10:09 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
AnswerWorks 5.0 English Runtime
Broadcom ASF Management Applications
Broadcom Management Programs
CA eTrustITM Agent
CA iTechnology iGateway
Choice Guard
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Dell ETS Factory Installation
Emsisoft Anti-Malware
ESET Online Scanner v3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Matrix Storage Manager
J2SE Runtime Environment 5.0 Update 1
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Lotus NotesSQL 2.06 driver
Lotus SmartSuite - English
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
NVIDIA Drivers
NVIDIA Performance Drivers
PowerDVD
QuickBooks Pro 2006
Remote Administrator v2.1
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shadow Copy Client
Sonic CinePlayer Decoder Pack
swMSM
Tax Forms Helper 2008 8.5
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnyiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnjiper
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmaiper
TurboTax 2010 wnjiper
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmaiper
TurboTax 2011 wnjiper
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
WRQ Reflection for HP with NS/VT 11.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
5/4/2012 4:38:53 PM, error: Service Control Manager [7023] - The NEC USB3 Service service terminated with the following error: The specified module could not be found.
5/3/2012 6:57:17 PM, error: Service Control Manager [7023] - The DeviceScanner service terminated with the following error: The specified module could not be found.
5/3/2012 6:27:15 PM, error: Service Control Manager [7023] - The Cwcwdm service terminated with the following error: The specified module could not be found.
5/3/2012 5:12:22 PM, error: Service Control Manager [7023] - The Cmuda service terminated with the following error: The specified module could not be found.
5/3/2012 10:42:53 AM, error: Service Control Manager [7023] - The Epson_pm_rpcv2_01 service terminated with the following error: The specified module could not be found.
5/3/2012 10:29:12 AM, error: Service Control Manager [7023] - The Vaiomediaplatform-integratedserver-upnp service terminated with the following error: The specified module could not be found.
5/2/2012 9:53:55 AM, error: Service Control Manager [7023] - The Sandboxu service terminated with the following error: The specified module could not be found.
5/2/2012 9:51:55 AM, error: Service Control Manager [7023] - The Sbcssvc service terminated with the following error: The specified module could not be found.
5/2/2012 9:51:27 AM, error: Service Control Manager [7023] - The Networkx service terminated with the following error: The specified module could not be found.
5/2/2012 9:51:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/2/2012 9:51:27 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/2/2012 9:50:06 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
5/2/2012 2:06:39 PM, error: Service Control Manager [7023] - The Aeclienthostservice service terminated with the following error: The specified module could not be found.
5/2/2012 12:52:00 PM, error: Service Control Manager [7023] - The SrvcSSIOMngr service terminated with the following error: The specified module could not be found.
5/2/2012 12:37:00 PM, error: Service Control Manager [7023] - The Nsm1bus service terminated with the following error: The specified module could not be found.
5/2/2012 12:22:02 PM, error: Service Control Manager [7023] - The ZuneBusEnum service terminated with the following error: The specified module could not be found.
5/2/2012 12:07:01 PM, error: Service Control Manager [7023] - The Nmap service terminated with the following error: The specified module could not be found.
5/2/2012 11:52:00 AM, error: Service Control Manager [7023] - The Usbvm321 service terminated with the following error: The specified module could not be found.
5/2/2012 11:37:00 AM, error: Service Control Manager [7023] - The Oracleorahome92pagingserver service terminated with the following error: The specified module could not be found.
5/2/2012 11:22:00 AM, error: Service Control Manager [7023] - The Sansaservice service terminated with the following error: The specified module could not be found.
5/2/2012 11:06:59 AM, error: Service Control Manager [7023] - The Traprcvr service terminated with the following error: The specified module could not be found.
5/2/2012 10:51:58 AM, error: Service Control Manager [7023] - The Digictrl service terminated with the following error: The specified module could not be found.
5/2/2012 10:36:58 AM, error: Service Control Manager [7023] - The LHidUsbK service terminated with the following error: The system cannot find the file specified.
5/2/2012 10:21:57 AM, error: Service Control Manager [7023] - The Siswlsvc service terminated with the following error: The specified module could not be found.
5/2/2012 10:06:56 AM, error: Service Control Manager [7023] - The Dladresn service terminated with the following error: The specified module could not be found.
5/2/2012 1:51:37 PM, error: Service Control Manager [7023] - The S3twistr service terminated with the following error: The specified module could not be found.
5/2/2012 1:50:40 PM, error: Service Control Manager [7023] - The ISODrive service terminated with the following error: The specified module could not be found.
5/2/2012 1:29:43 PM, error: Service Control Manager [7034] - The Remote Administrator Service service terminated unexpectedly. It has done this 1 time(s).
5/2/2012 1:22:01 PM, error: Service Control Manager [7023] - The BCMTPM service terminated with the following error: The specified module could not be found.
5/2/2012 1:07:01 PM, error: Service Control Manager [7023] - The W39n51 service terminated with the following error: The specified module could not be found.
5/1/2012 6:54:12 PM, error: Service Control Manager [7023] - The AsDsm service terminated with the following error: The specified module could not be found.
5/1/2012 6:53:12 PM, error: Service Control Manager [7023] - The Gemserv service terminated with the following error: The specified module could not be found.
5/1/2012 6:39:41 PM, error: Service Control Manager [7023] - The WINFLASH service terminated with the following error: The specified module could not be found.
5/1/2012 6:24:41 PM, error: Service Control Manager [7023] - The ShockMgr service terminated with the following error: The specified module could not be found.
5/1/2012 6:22:43 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
5/1/2012 6:09:40 PM, error: Service Control Manager [7023] - The Lxcj_device service terminated with the following error: The specified module could not be found.
5/1/2012 5:54:41 PM, error: Service Control Manager [7023] - The Rpcsvr4x service terminated with the following error: The specified module could not be found.
5/1/2012 5:39:41 PM, error: Service Control Manager [7023] - The Ssm_mdfl service terminated with the following error: The specified module could not be found.
5/1/2012 5:24:39 PM, error: Service Control Manager [7023] - The Procexp100 service terminated with the following error: The specified module could not be found.
5/1/2012 5:09:38 PM, error: Service Control Manager [7023] - The VC6SecS service terminated with the following error: The specified module could not be found.
5/1/2012 4:54:38 PM, error: Service Control Manager [7023] - The Sleepy service terminated with the following error: The specified module could not be found.
5/1/2012 4:39:38 PM, error: Service Control Manager [7023] - The Lxcz_device service terminated with the following error: The specified module could not be found.
5/1/2012 4:24:45 PM, error: NETLOGON [3210] - This computer could not authenticate with \\INFO.rubies.lck, a Windows domain controller for domain RUBIES, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
5/1/2012 4:24:37 PM, error: Service Control Manager [7023] - The NWSLP service terminated with the following error: The specified module could not be found.
5/1/2012 4:24:08 PM, error: Service Control Manager [7023] - The Sit_mdm service terminated with the following error: The specified module could not be found.
5/1/2012 4:24:08 PM, error: Service Control Manager [7023] - The LCcfltr service terminated with the following error: The specified module could not be found.
5/1/2012 4:22:46 PM, error: NETLOGON [3210] - This computer could not authenticate with \\ACCNTSERVER2.rubies.lck, a Windows domain controller for domain RUBIES, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
5/1/2012 4:08:49 PM, error: Service Control Manager [7023] - The Bantext service terminated with the following error: The specified module could not be found.
5/1/2012 3:53:47 PM, error: Service Control Manager [7023] - The RecAgent service terminated with the following error: The specified module could not be found.
5/1/2012 3:38:47 PM, error: Service Control Manager [7023] - The Srescan service terminated with the following error: The specified module could not be found.
5/1/2012 3:23:46 PM, error: Service Control Manager [7023] - The Itchfltr service terminated with the following error: The specified module could not be found.
5/1/2012 3:08:48 PM, error: Service Control Manager [7023] - The W700mdfl service terminated with the following error: The specified module could not be found.
5/1/2012 2:53:48 PM, error: Service Control Manager [7023] - The Symproxysvc service terminated with the following error: The specified module could not be found.
5/1/2012 2:38:50 PM, error: Service Control Manager [7023] - The Sentinel service terminated with the following error: The specified module could not be found.
5/1/2012 2:23:50 PM, error: Service Control Manager [7023] - The Wuolservice service terminated with the following error: The specified module could not be found.
5/1/2012 2:08:47 PM, error: Service Control Manager [7023] - The Backupexecjobengine service terminated with the following error: The specified module could not be found.
5/1/2012 2:08:37 PM, error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.
5/1/2012 2:06:59 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
5/1/2012 12:54:12 PM, error: Service Control Manager [7023] - The Ktp service terminated with the following error: The specified module could not be found.
5/1/2012 12:39:13 PM, error: Service Control Manager [7023] - The Zfdwm service terminated with the following error: The specified module could not be found.
5/1/2012 12:23:18 PM, error: Service Control Manager [7023] - The SQLAgent$ABBEYIIOFFLINE service terminated with the following error: The specified module could not be found.
5/1/2012 12:09:30 PM, error: Service Control Manager [7023] - The Bgsvcgen service terminated with the following error: The specified module could not be found.
5/1/2012 11:54:28 AM, error: Service Control Manager [7023] - The NSNDIS5 service terminated with the following error: The specified module could not be found.
5/1/2012 11:39:30 AM, error: Service Control Manager [7023] - The Askernel service terminated with the following error: The specified module could not be found.
5/1/2012 11:24:25 AM, error: Service Control Manager [7023] - The Sqlagent$pinnaclesys service terminated with the following error: The specified module could not be found.
5/1/2012 11:09:24 AM, error: Service Control Manager [7023] - The V0070VID service terminated with the following error: The specified module could not be found.
5/1/2012 10:54:25 AM, error: Service Control Manager [7023] - The Apphostsvc service terminated with the following error: The system cannot find the file specified.
5/1/2012 10:39:23 AM, error: Service Control Manager [7023] - The Iaimtv1 service terminated with the following error: The specified module could not be found.
5/1/2012 10:24:22 AM, error: Service Control Manager [7023] - The Tga service terminated with the following error: The specified module could not be found.
5/1/2012 10:23:54 AM, error: Service Control Manager [7023] - The Wlmel51b service terminated with the following error: The specified module could not be found.
5/1/2012 1:54:14 PM, error: Service Control Manager [7023] - The CiscoVpnInstallService service terminated with the following error: The specified module could not be found.
5/1/2012 1:39:13 PM, error: Service Control Manager [7023] - The Motmodem service terminated with the following error: The specified module could not be found.
5/1/2012 1:24:15 PM, error: Service Control Manager [7023] - The Aksusb service terminated with the following error: The specified module could not be found.
5/1/2012 1:09:13 PM, error: Service Control Manager [7023] - The Ca-messagequeuing service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================


Have a good day.
remy888

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:34 AM

Posted 08 May 2012 - 02:17 PM

Good evening. :)

The connection has been blocked automatically.

Is this normal?

I'm not familiar with the inner workings of Emsisoft, but from what I can find out it's just blocking tracking cookies and you can have it do so silently if you configure it correctly.

As you have Malwarebytes' Anti-Malware installed, we'll have a dabble with that just to see if anything shows up:
  • Have the program check for updates before you scan - you'll need to clear it with your firewall if you haven't already.
  • Once that's done, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
I'd like to see the log contents in your next reply, if I may.

So long, and thanks for all the fish.

 

 


#13 remy888

remy888
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 08 May 2012 - 04:31 PM

Good evening to you as well.

Although I am nowhere near you in terms of knowledge of inner workings of these software programs, I have previously used Malwarebyte's Anti-Malware and have been quite successful. This time this virus seemed to circumvent MAB's definitions so I tried Emsisoft, which seemed to find a liitle bit more but couldn't quite help me get rid of it without your expertise. :clapping:

Attached please find MBAM log after a restart:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.08.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
GEORGE :: GEORGEK [administrator]

5/8/2012 3:58:53 PM
mbam-log-2012-05-08 (15-58-53).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 360023
Time elapsed: 50 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
c:\documents and settings\george\local settings\temp\~!#e5.tmp (Trojan.Medfos) -> Quarantined and deleted successfully.
C:\Documents and Settings\GEORGE\Local Settings\Temp\hnszs0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\2639218.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

(end)

Thanks,
remy888

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:34 AM

Posted 09 May 2012 - 03:31 PM

Good evening. :)

Is your anti-virus offering any warnings now, or does it seem to be happy?

So long, and thanks for all the fish.

 

 


#15 remy888

remy888
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 09 May 2012 - 03:51 PM

Good evening to you and hoping all is well, Noviciate.

The PC appears to be running fine at the moment. No popups of any kind from CA e-Trust, so far so good. Only occasional pop-ups from Emsisoft, as you had mentioned which supposedly is blocking cookies (have not had a chance to configure silent mode as of yet).

Do you feel that we (with your tremondous expert knowledge)have finally gotten rid of this bugger? If so, should I delete the programs and text logs that we used?

Thanks,
remy888




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users