Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects, all files hidden


  • Please log in to reply
5 replies to this topic

#1 pacunning

pacunning

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 09 May 2012 - 02:02 AM

I have been having Google redirect me to spam websites. I noticed a couple days ago my desktop icons got transparent, and now they are completely gone. Also when I right mouse click the desktop, nothing happens. I got the whole "your drive is being corrupted" messages too. I don't have those messages anymore, so I'm not sure if it got fixed or what, but I still have no desktop and Google still redirects.

My Start Menu>Programs is also 99% gone. Also tried to run System Restore and got "System Restore is not able to protect your computer. Please restart..." etc etc. I have tried the "SR" reinstall fix and it was not able to find the required files. I also read that if I reinstall it, I'll lose my backup checkpoints, which would kind of be pointless.

I have run Spybot, Antimalware, Adaware, and HitmanPro. Each of which found things others didn't. I have done a few regedit "fixes" that led to nothing too. I have tried doing all the above in safe mode as well, to no avail. I'm not sure if I have one problem, or multiples.

Sorry for being so vague, but I'm a noob.

So far I went into My Computer Settings and enabled "show hidden folders" and I can maneuver around that way for now. I also did a hijackthis log, but i know I'm not supposed to post it here. I also don't know the names of the malware I have.

Let me know if there is any other info missing that would be of help.

Oh and I'm running XP home

Thanks!

Edited by pacunning, 09 May 2012 - 02:03 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:07 PM

Posted 09 May 2012 - 02:20 AM

Boot the PC in safemode with networking

Press Windows+R key and type

cmd and click ok

If your task manager is disabled,copy and run this command

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr

Press ENTER

If you're desktop is blank and unable to right click on it ,run this command

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop


Restart your PC in safemode with networking


Press WIndows+R key and type

%temp% and click ok

If you find a folder called SMTMP,Copy the folder to a safe location.

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in normal mode until you get a clean log


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default scan result options unless instructed.

Download

http://www.bleepingcomputer.com/download/anti-virus/unhide

Run the UNHIDE tool,which should restore the hidden files

good luck

Edited by narenxp, 09 May 2012 - 02:20 AM.


#3 pacunning

pacunning
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 10 May 2012 - 04:08 PM

Still having some popups happening while running Firefox. Also still having Google redirects. This is all after a clean MBAM scan. I didn't
remove what TDSS killer found yet though.


17:00:47.0937 3904 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:00:48.0437 3904 ============================================================
17:00:48.0437 3904 Current date / time: 2012/05/10 17:00:48.0437
17:00:48.0437 3904 SystemInfo:
17:00:48.0437 3904
17:00:48.0437 3904 OS Version: 5.1.2600 ServicePack: 3.0
17:00:48.0437 3904 Product type: Workstation
17:00:48.0437 3904 ComputerName: MONSTERCOMPUTER
17:00:48.0437 3904 UserName: Owner
17:00:48.0437 3904 Windows directory: C:\WINDOWS
17:00:48.0437 3904 System windows directory: C:\WINDOWS
17:00:48.0437 3904 Processor architecture: Intel x86
17:00:48.0437 3904 Number of processors: 1
17:00:48.0437 3904 Page size: 0x1000
17:00:48.0437 3904 Boot type: Normal boot
17:00:48.0437 3904 ============================================================
17:00:53.0562 3904 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:00:53.0593 3904 ============================================================
17:00:53.0593 3904 \Device\Harddisk0\DR0:
17:00:53.0593 3904 MBR partitions:
17:00:53.0593 3904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4C7F241
17:00:53.0593 3904 ============================================================
17:00:53.0750 3904 C: <-> \Device\Harddisk0\DR0\Partition0
17:00:54.0046 3904 ============================================================
17:00:54.0046 3904 Initialize success
17:00:54.0046 3904 ============================================================
17:01:52.0593 0816 ============================================================
17:01:52.0593 0816 Scan started
17:01:52.0593 0816 Mode: Manual; TDLFS;
17:01:52.0593 0816 ============================================================
17:01:53.0328 0816 3compxe - ok
17:01:53.0359 0816 a016bus - ok
17:01:53.0375 0816 A88xXBar - ok
17:01:53.0390 0816 Abiosdsk - ok
17:01:53.0406 0816 abp480n5 - ok
17:01:53.0468 0816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:01:53.0500 0816 ACPI - ok
17:01:53.0546 0816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:01:53.0578 0816 ACPIEC - ok
17:01:53.0812 0816 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
17:01:53.0937 0816 Ad-Aware Service - ok
17:01:53.0968 0816 ADIDTSFiltService - ok
17:01:53.0968 0816 adpu160m - ok
17:01:54.0031 0816 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
17:01:54.0031 0816 aeaudio - ok
17:01:54.0078 0816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:01:54.0093 0816 aec - ok
17:01:54.0140 0816 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:01:54.0187 0816 AFD - ok
17:01:54.0218 0816 agnfilt - ok
17:01:54.0296 0816 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:01:54.0312 0816 agp440 - ok
17:01:54.0312 0816 Aha154x - ok
17:01:54.0328 0816 aic78u2 - ok
17:01:54.0343 0816 aic78xx - ok
17:01:54.0390 0816 aksusb - ok
17:01:54.0468 0816 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:01:54.0515 0816 Alerter - ok
17:01:54.0578 0816 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:01:54.0578 0816 ALG - ok
17:01:54.0593 0816 AliIde - ok
17:01:54.0609 0816 amoagent - ok
17:01:54.0625 0816 amsint - ok
17:01:54.0640 0816 aniwzcsdservice - ok
17:01:54.0828 0816 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:01:54.0937 0816 Apple Mobile Device - ok
17:01:54.0937 0816 AppMgmt - ok
17:01:54.0984 0816 ARCSOFTVIRTUALCAPTURE - ok
17:01:55.0000 0816 asc - ok
17:01:55.0015 0816 asc3350p - ok
17:01:55.0015 0816 asc3550 - ok
17:01:55.0171 0816 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:01:55.0265 0816 aspnet_state - ok
17:01:55.0296 0816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:01:55.0296 0816 AsyncMac - ok
17:01:55.0343 0816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:01:55.0343 0816 atapi - ok
17:01:55.0359 0816 atchksrv - ok
17:01:55.0375 0816 Atdisk - ok
17:01:55.0390 0816 atinevxx - ok
17:01:55.0406 0816 atkkeyboardservice - ok
17:01:55.0453 0816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:01:55.0500 0816 Atmarpc - ok
17:01:55.0531 0816 ATMsrvc - ok
17:01:55.0609 0816 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:01:55.0625 0816 AudioSrv - ok
17:01:55.0671 0816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:01:55.0671 0816 audstub - ok
17:01:55.0703 0816 AVCSTRM - ok
17:01:55.0718 0816 avg7rsxp - ok
17:01:55.0734 0816 avgntflt - ok
17:01:55.0750 0816 awecho - ok
17:01:55.0812 0816 BCM43XX (ebf36d658d0da5b1ea667fa403919c26) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:01:55.0859 0816 BCM43XX - ok
17:01:55.0937 0816 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys
17:01:55.0953 0816 BCMModem - ok
17:01:56.0015 0816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:01:56.0031 0816 Beep - ok
17:01:56.0093 0816 bglivesvc - ok
17:01:56.0156 0816 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:01:56.0171 0816 BITS - ok
17:01:56.0359 0816 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:01:56.0437 0816 Bonjour Service - ok
17:01:56.0484 0816 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
17:01:56.0484 0816 Bridge - ok
17:01:56.0515 0816 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
17:01:56.0531 0816 BridgeMP - ok
17:01:56.0609 0816 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:01:56.0609 0816 Browser - ok
17:01:56.0656 0816 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17:01:56.0656 0816 BthEnum - ok
17:01:56.0718 0816 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
17:01:56.0718 0816 BTHMODEM - ok
17:01:56.0781 0816 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
17:01:56.0781 0816 BthPan - ok
17:01:56.0875 0816 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
17:01:56.0890 0816 BTHPORT - ok
17:01:56.0953 0816 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
17:01:56.0953 0816 BthServ - ok
17:01:57.0015 0816 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
17:01:57.0015 0816 BTHUSB - ok
17:01:57.0031 0816 btwdins - ok
17:01:57.0046 0816 c-dillacdac11ba - ok
17:01:57.0109 0816 Cam5607 - ok
17:01:57.0140 0816 CAMCAUD - ok
17:01:57.0156 0816 carboniteservice - ok
17:01:57.0187 0816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:01:57.0234 0816 cbidf2k - ok
17:01:57.0281 0816 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:01:57.0281 0816 CCDECODE - ok
17:01:57.0328 0816 ccproxy - ok
17:01:57.0343 0816 ccsetmgr - ok
17:01:57.0359 0816 cd20xrnt - ok
17:01:57.0375 0816 CdaD10BA - ok
17:01:57.0421 0816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:01:57.0468 0816 Cdaudio - ok
17:01:57.0500 0816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:01:57.0531 0816 Cdfs - ok
17:01:57.0562 0816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:01:57.0562 0816 Cdrom - ok
17:01:57.0578 0816 centennialiptransferagent - ok
17:01:57.0593 0816 Changer - ok
17:01:57.0625 0816 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:01:57.0625 0816 CiSvc - ok
17:01:57.0656 0816 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:01:57.0671 0816 ClipSrv - ok
17:01:57.0703 0816 clr_optimization_v2.0.50215_32 - ok
17:01:57.0796 0816 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:01:58.0015 0816 clr_optimization_v2.0.50727_32 - ok
17:01:58.0015 0816 CmdIde - ok
17:01:58.0046 0816 cobbmservice - ok
17:01:58.0062 0816 COMSysApp - ok
17:01:58.0078 0816 Cpqarray - ok
17:01:58.0125 0816 cpqfcalm - ok
17:01:58.0140 0816 Crypkey License - ok
17:01:58.0156 0816 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:01:58.0171 0816 CryptSvc - ok
17:01:58.0187 0816 csctl50 - ok
17:01:58.0203 0816 CTAUDFX.DLL - ok
17:01:58.0218 0816 CTEXFIFX.DLL - ok
17:01:58.0234 0816 cwafadmincontroller - ok
17:01:58.0265 0816 cwcwdm - ok
17:01:58.0265 0816 cxlpt - ok
17:01:58.0281 0816 dac2w2k - ok
17:01:58.0296 0816 dac960nt - ok
17:01:58.0359 0816 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:01:58.0390 0816 DcomLaunch - ok
17:01:58.0437 0816 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:01:58.0453 0816 Dhcp - ok
17:01:58.0484 0816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:01:58.0500 0816 Disk - ok
17:01:58.0515 0816 dmadmin - ok
17:01:58.0562 0816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:01:58.0578 0816 dmboot - ok
17:01:58.0609 0816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:01:58.0625 0816 dmio - ok
17:01:58.0656 0816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:01:58.0656 0816 dmload - ok
17:01:58.0703 0816 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:01:58.0703 0816 dmserver - ok
17:01:58.0750 0816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:01:58.0765 0816 DMusic - ok
17:01:58.0812 0816 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:01:58.0812 0816 Dnscache - ok
17:01:58.0890 0816 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:01:58.0890 0816 Dot3svc - ok
17:01:58.0953 0816 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
17:01:58.0968 0816 dot4 - ok
17:01:59.0062 0816 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
17:01:59.0062 0816 Dot4Print - ok
17:01:59.0078 0816 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
17:01:59.0078 0816 Dot4Scan - ok
17:01:59.0093 0816 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
17:01:59.0109 0816 dot4usb - ok
17:01:59.0125 0816 dpti2o - ok
17:01:59.0171 0816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:01:59.0171 0816 drmkaud - ok
17:01:59.0187 0816 DumaNT - ok
17:01:59.0203 0816 DVDVRRdr_xp - ok
17:01:59.0250 0816 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:01:59.0265 0816 E100B - ok
17:01:59.0328 0816 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:01:59.0343 0816 EapHost - ok
17:01:59.0375 0816 ELacpi - ok
17:01:59.0437 0816 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:01:59.0437 0816 ERSvc - ok
17:01:59.0500 0816 ESDCR - ok
17:01:59.0562 0816 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:01:59.0609 0816 Eventlog - ok
17:01:59.0687 0816 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
17:01:59.0703 0816 EventSystem - ok
17:01:59.0765 0816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:01:59.0828 0816 Fastfat - ok
17:01:59.0890 0816 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:01:59.0921 0816 FastUserSwitchingCompatibility - ok
17:01:59.0984 0816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:01:59.0984 0816 Fdc - ok
17:02:00.0000 0816 FiltUSBEMPIA - ok
17:02:00.0046 0816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:02:00.0140 0816 Fips - ok
17:02:00.0187 0816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:02:00.0187 0816 Flpydisk - ok
17:02:00.0250 0816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:02:00.0250 0816 FltMgr - ok
17:02:00.0375 0816 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:02:00.0421 0816 FontCache3.0.0.0 - ok
17:02:00.0437 0816 freebsd - ok
17:02:00.0484 0816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:02:00.0515 0816 Fs_Rec - ok
17:02:00.0562 0816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:02:00.0578 0816 Ftdisk - ok
17:02:00.0593 0816 FTSER2K - ok
17:02:00.0640 0816 GameConsoleService - ok
17:02:00.0687 0816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:02:00.0687 0816 GEARAspiWDM - ok
17:02:00.0718 0816 genregistrar - ok
17:02:00.0781 0816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:02:00.0796 0816 Gpc - ok
17:02:00.0843 0816 GTPTSER - ok
17:02:00.0859 0816 gv3 - ok
17:02:00.0890 0816 GVCplDrv - ok
17:02:00.0953 0816 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:02:00.0953 0816 hamachi - ok
17:02:01.0046 0816 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:02:01.0062 0816 helpsvc - ok
17:02:01.0062 0816 HFACSVC - ok
17:02:01.0125 0816 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:02:01.0140 0816 HidServ - ok
17:02:01.0203 0816 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:02:01.0203 0816 hidusb - ok
17:02:01.0250 0816 hitmanpro35 (e695a1bf42b5b8c946cb259ee10f4629) C:\WINDOWS\system32\drivers\hitmanpro36.sys
17:02:01.0265 0816 hitmanpro35 - ok
17:02:01.0343 0816 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:02:01.0359 0816 hkmsvc - ok
17:02:01.0359 0816 hpn - ok
17:02:01.0546 0816 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:02:01.0625 0816 hpqcxs08 - ok
17:02:01.0718 0816 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:02:01.0718 0816 hpqddsvc - ok
17:02:01.0781 0816 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:02:01.0843 0816 HPSLPSVC - ok
17:02:01.0906 0816 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:02:01.0921 0816 HPZid412 - ok
17:02:01.0937 0816 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:02:01.0937 0816 HPZipr12 - ok
17:02:01.0968 0816 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:02:01.0968 0816 HPZius12 - ok
17:02:02.0031 0816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:02:02.0046 0816 HTTP - ok
17:02:02.0109 0816 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:02:02.0109 0816 HTTPFilter - ok
17:02:02.0125 0816 HWIONT - ok
17:02:02.0125 0816 i2omgmt - ok
17:02:02.0140 0816 i2omp - ok
17:02:02.0218 0816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:02:02.0218 0816 i8042prt - ok
17:02:02.0234 0816 iaimtv0 - ok
17:02:02.0312 0816 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:02:02.0359 0816 ialm - ok
17:02:02.0656 0816 iap - ok
17:02:02.0687 0816 idrivert - ok
17:02:02.0843 0816 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:02:02.0890 0816 idsvc - ok
17:02:02.0984 0816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:02:03.0000 0816 Imapi - ok
17:02:03.0046 0816 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
17:02:03.0062 0816 ImapiService - ok
17:02:03.0078 0816 ini910u - ok
17:02:03.0109 0816 inort - ok
17:02:03.0125 0816 IntelIde - ok
17:02:03.0218 0816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:02:03.0234 0816 intelppm - ok
17:02:03.0234 0816 Invoker - ok
17:02:03.0281 0816 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:02:03.0296 0816 ip6fw - ok
17:02:03.0296 0816 ipahelper.exe - ok
17:02:03.0343 0816 iPassPeriodicUpdateService - ok
17:02:03.0390 0816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:02:03.0390 0816 IpFilterDriver - ok
17:02:03.0421 0816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:02:03.0437 0816 IpInIp - ok
17:02:03.0484 0816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:02:03.0484 0816 IpNat - ok
17:02:03.0671 0816 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
17:02:03.0796 0816 iPod Service - ok
17:02:03.0828 0816 IPSec (0bd8e9f725bbcd56957adc6dc17bd716) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:02:03.0828 0816 IPSec ( Virus.Win32.ZAccess.k ) - infected
17:02:03.0828 0816 IPSec - detected Virus.Win32.ZAccess.k (0)
17:02:03.0859 0816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:02:03.0859 0816 IRENUM - ok
17:02:03.0937 0816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:02:03.0953 0816 isapnp - ok
17:02:03.0953 0816 iSMBIOS - ok
17:02:03.0984 0816 ISODrive - ok
17:02:04.0000 0816 iviregmgr - ok
17:02:04.0156 0816 JavaQuickStarterService (890369aed0dde1a98f09f7dc239ca2bd) C:\Program Files\Java\jre6\bin\jqs.exe
17:02:04.0156 0816 JavaQuickStarterService - ok
17:02:04.0171 0816 JiaoIO - ok
17:02:04.0343 0816 jswmidin - ok
17:02:04.0359 0816 k750mdfl - ok
17:02:04.0390 0816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:02:04.0390 0816 Kbdclass - ok
17:02:04.0468 0816 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:02:04.0468 0816 kbdhid - ok
17:02:04.0500 0816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:02:04.0515 0816 kmixer - ok
17:02:04.0562 0816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:02:04.0593 0816 KSecDD - ok
17:02:04.0656 0816 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:02:04.0656 0816 lanmanserver - ok
17:02:04.0718 0816 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:02:04.0734 0816 lanmanworkstation - ok
17:02:04.0750 0816 lbrtfdc - ok
17:02:04.0765 0816 LEX_AS_NIC_SERVICE_YNOS - ok
17:02:04.0781 0816 licensemanagersocket - ok
17:02:04.0843 0816 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:02:04.0843 0816 LmHosts - ok
17:02:04.0906 0816 lne100v5 (5f9003b24c4d301affb4b3f340b76394) C:\WINDOWS\system32\DRIVERS\lne100v5.sys
17:02:04.0921 0816 lne100v5 - ok
17:02:04.0937 0816 lockmgr - ok
17:02:04.0953 0816 lpds - ok
17:02:04.0968 0816 ltmodem5 - ok
17:02:04.0984 0816 MA8032M - ok
17:02:04.0984 0816 MailService - ok
17:02:05.0000 0816 mbackmonitor - ok
17:02:05.0046 0816 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
17:02:05.0062 0816 MBAMSwissArmy - ok
17:02:05.0265 0816 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
17:02:05.0281 0816 McciCMService - ok
17:02:05.0296 0816 mclogmanagerservice - ok
17:02:05.0312 0816 mcstrm - ok
17:02:05.0359 0816 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:02:05.0375 0816 Messenger - ok
17:02:05.0390 0816 mirrorv3 - ok
17:02:05.0406 0816 MKEMUSB - ok
17:02:05.0484 0816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:02:05.0500 0816 mnmdd - ok
17:02:05.0562 0816 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
17:02:05.0562 0816 mnmsrvc - ok
17:02:05.0609 0816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:02:05.0656 0816 Modem - ok
17:02:05.0703 0816 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:02:05.0703 0816 MODEMCSA - ok
17:02:05.0718 0816 motmodem - ok
17:02:05.0750 0816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:02:05.0750 0816 Mouclass - ok
17:02:05.0812 0816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:02:05.0812 0816 mouhid - ok
17:02:05.0859 0816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:02:05.0890 0816 MountMgr - ok
17:02:05.0968 0816 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:02:05.0984 0816 MozillaMaintenance - ok
17:02:05.0984 0816 mraid35x - ok
17:02:06.0046 0816 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
17:02:06.0062 0816 MREMP50 - ok
17:02:06.0093 0816 MREMP50a64 - ok
17:02:06.0140 0816 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
17:02:06.0140 0816 MRESP50 - ok
17:02:06.0156 0816 MRESP50a64 - ok
17:02:06.0187 0816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:02:06.0203 0816 MRxDAV - ok
17:02:06.0281 0816 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:02:06.0296 0816 MRxSmb - ok
17:02:06.0343 0816 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
17:02:06.0343 0816 MSDTC - ok
17:02:06.0359 0816 msdv - ok
17:02:06.0390 0816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:02:06.0406 0816 Msfs - ok
17:02:06.0437 0816 MSIServer - ok
17:02:06.0484 0816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:02:06.0484 0816 MSKSSRV - ok
17:02:06.0515 0816 msloop - ok
17:02:06.0531 0816 msmpsvc - ok
17:02:06.0546 0816 MSMQ - ok
17:02:06.0578 0816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:02:06.0593 0816 MSPCLOCK - ok
17:02:06.0656 0816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:02:06.0656 0816 MSPQM - ok
17:02:06.0687 0816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:02:06.0687 0816 mssmbios - ok
17:02:06.0781 0816 MSSQL$SQLEXPRESS - ok
17:02:06.0843 0816 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:02:06.0906 0816 MSSQLServerADHelper - ok
17:02:06.0968 0816 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:02:06.0968 0816 MSTEE - ok
17:02:07.0031 0816 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:02:07.0046 0816 Mup - ok
17:02:07.0062 0816 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:02:07.0078 0816 NABTSFEC - ok
17:02:07.0156 0816 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:02:07.0171 0816 napagent - ok
17:02:07.0203 0816 nchssvad - ok
17:02:07.0234 0816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:02:07.0281 0816 NDIS - ok
17:02:07.0359 0816 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:02:07.0359 0816 NdisIP - ok
17:02:07.0421 0816 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:02:07.0421 0816 NdisTapi - ok
17:02:07.0453 0816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:02:07.0453 0816 Ndisuio - ok
17:02:07.0500 0816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:02:07.0500 0816 NdisWan - ok
17:02:07.0562 0816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:02:07.0578 0816 NDProxy - ok
17:02:07.0671 0816 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
17:02:07.0687 0816 Net Driver HPZ12 - ok
17:02:07.0734 0816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:02:07.0750 0816 NetBIOS - ok
17:02:07.0796 0816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:02:07.0796 0816 NetBT - ok
17:02:07.0875 0816 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:02:07.0875 0816 NetDDE - ok
17:02:07.0890 0816 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:02:07.0890 0816 NetDDEdsdm - ok
17:02:07.0937 0816 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
17:02:07.0937 0816 Netlogon - ok
17:02:07.0953 0816 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:02:07.0968 0816 Netman - ok
17:02:08.0000 0816 netmnt - ok
17:02:08.0109 0816 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:02:08.0109 0816 NetTcpPortSharing - ok
17:02:08.0171 0816 NetworkX (f4b40e518cf12c8aa32de93d450749fa) C:\WINDOWS\system32\ckldrv.sys
17:02:08.0187 0816 NetworkX - ok
17:02:08.0218 0816 nfsds - ok
17:02:08.0234 0816 nhcDriverDevice - ok
17:02:08.0250 0816 NICSer_WPC54G - ok
17:02:08.0265 0816 nim32 - ok
17:02:08.0328 0816 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:02:08.0343 0816 Nla - ok
17:02:08.0406 0816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:02:08.0437 0816 Npfs - ok
17:02:08.0593 0816 npkcrypt (8bcb281a2540e7aff0cd00f9878fe21f) C:\Program Files\TriglowPictures\PristonTale\npkcrypt.sys
17:02:08.0593 0816 npkcrypt - ok
17:02:08.0625 0816 npkcusb - ok
17:02:08.0625 0816 NPPTNT - ok
17:02:08.0718 0816 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
17:02:08.0718 0816 NPPTNT2 - ok
17:02:08.0765 0816 nscservice - ok
17:02:08.0781 0816 nsm1bus - ok
17:02:08.0828 0816 NSSvcMgr - ok
17:02:08.0875 0816 nsvclog - ok
17:02:08.0937 0816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:02:08.0984 0816 Ntfs - ok
17:02:09.0031 0816 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
17:02:09.0046 0816 NtLmSsp - ok
17:02:09.0140 0816 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:02:09.0156 0816 NtmsSvc - ok
17:02:09.0203 0816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:02:09.0234 0816 Null - ok
17:02:09.0437 0816 nv (34da533ef41bafa187a38a78146fbe49) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:02:09.0562 0816 nv - ok
17:02:09.0875 0816 NVENET - ok
17:02:09.0921 0816 nvport - ok
17:02:10.0000 0816 NVSvc (cde37723e151f52f63a76e92bc19780b) C:\WINDOWS\system32\nvsvc32.exe
17:02:10.0015 0816 NVSvc - ok
17:02:10.0109 0816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:02:10.0109 0816 NwlnkFlt - ok
17:02:10.0156 0816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:02:10.0171 0816 NwlnkFwd - ok
17:02:10.0218 0816 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
17:02:10.0218 0816 NwlnkIpx - ok
17:02:10.0281 0816 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
17:02:10.0296 0816 NwlnkNb - ok
17:02:10.0312 0816 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
17:02:10.0312 0816 NwlnkSpx - ok
17:02:10.0328 0816 NxSysMon - ok
17:02:10.0343 0816 OEM02Vfx - ok
17:02:10.0390 0816 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
17:02:10.0390 0816 OMCI - ok
17:02:10.0406 0816 omsad - ok
17:02:10.0421 0816 openldap-slapd - ok
17:02:10.0468 0816 p2psvc - ok
17:02:10.0531 0816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:02:10.0546 0816 Parport - ok
17:02:10.0578 0816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:02:10.0593 0816 PartMgr - ok
17:02:10.0671 0816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:02:10.0703 0816 ParVdm - ok
17:02:10.0765 0816 passthru - ok
17:02:10.0765 0816 pavsrv - ok
17:02:10.0781 0816 PBADRV - ok
17:02:10.0796 0816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:02:10.0812 0816 PCI - ok
17:02:10.0828 0816 PCIDump - ok
17:02:10.0875 0816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:02:10.0875 0816 PCIIde - ok
17:02:10.0921 0816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:02:10.0953 0816 Pcmcia - ok
17:02:10.0968 0816 PDCOMP - ok
17:02:10.0984 0816 PDFRAME - ok
17:02:11.0000 0816 pdlndint - ok
17:02:11.0000 0816 PDRELI - ok
17:02:11.0015 0816 PDRFRAME - ok
17:02:11.0031 0816 perc2 - ok
17:02:11.0031 0816 perc2hib - ok
17:02:11.0062 0816 pfmodnt - ok
17:02:11.0078 0816 PID_PEPI - ok
17:02:11.0140 0816 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:02:11.0140 0816 PlugPlay - ok
17:02:11.0187 0816 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
17:02:11.0218 0816 Pml Driver HPZ12 - ok
17:02:11.0250 0816 PNDIS5 - ok
17:02:11.0296 0816 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
17:02:11.0296 0816 PolicyAgent - ok
17:02:11.0406 0816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:02:11.0406 0816 PptpMiniport - ok
17:02:11.0421 0816 prevxagent - ok
17:02:11.0437 0816 procdd - ok
17:02:11.0468 0816 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:02:11.0468 0816 Processor - ok
17:02:11.0484 0816 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:02:11.0484 0816 ProtectedStorage - ok
17:02:11.0531 0816 proxyhostservice - ok
17:02:11.0578 0816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:02:11.0593 0816 PSched - ok
17:02:11.0593 0816 psdvdisk - ok
17:02:11.0656 0816 PSSdk21 - ok
17:02:11.0718 0816 PsSdk30 - ok
17:02:11.0781 0816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:02:11.0781 0816 Ptilink - ok
17:02:11.0859 0816 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:02:11.0875 0816 PxHelp20 - ok
17:02:11.0875 0816 qbcfmonitorservice - ok
17:02:11.0968 0816 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
17:02:11.0984 0816 QCDonner - ok
17:02:12.0031 0816 qfcoresvc - ok
17:02:12.0062 0816 qhwscsvc - ok
17:02:12.0062 0816 ql1080 - ok
17:02:12.0078 0816 Ql10wnt - ok
17:02:12.0093 0816 ql12160 - ok
17:02:12.0109 0816 ql1240 - ok
17:02:12.0109 0816 ql1280 - ok
17:02:12.0187 0816 raidmagt - ok
17:02:12.0234 0816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:02:12.0234 0816 RasAcd - ok
17:02:12.0281 0816 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:02:12.0296 0816 RasAuto - ok
17:02:12.0328 0816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:02:12.0343 0816 Rasl2tp - ok
17:02:12.0437 0816 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:02:12.0453 0816 RasMan - ok
17:02:12.0484 0816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:02:12.0484 0816 RasPppoe - ok
17:02:12.0531 0816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:02:12.0531 0816 Raspti - ok
17:02:12.0546 0816 rassstp - ok
17:02:12.0609 0816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:02:12.0625 0816 Rdbss - ok
17:02:12.0671 0816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:02:12.0671 0816 RDPCDD - ok
17:02:12.0750 0816 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:02:12.0765 0816 RDPWD - ok
17:02:12.0875 0816 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:02:12.0890 0816 RDSessMgr - ok
17:02:12.0937 0816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:02:12.0937 0816 redbook - ok
17:02:12.0968 0816 regdefend - ok
17:02:13.0015 0816 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:02:13.0015 0816 RemoteAccess - ok
17:02:13.0078 0816 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
17:02:13.0078 0816 RFCOMM - ok
17:02:13.0093 0816 rollbackclientservice - ok
17:02:13.0093 0816 roxmediadb - ok
17:02:13.0125 0816 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
17:02:13.0125 0816 RpcLocator - ok
17:02:13.0187 0816 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:02:13.0187 0816 RpcSs - ok
17:02:13.0203 0816 rrspy - ok
17:02:13.0250 0816 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
17:02:13.0265 0816 RSVP - ok
17:02:13.0281 0816 RTLE8023xp - ok
17:02:13.0328 0816 s217mdfl - ok
17:02:13.0343 0816 s24eventmonitor - ok
17:02:13.0390 0816 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:02:13.0390 0816 SamSs - ok
17:02:13.0406 0816 sandboxu - ok
17:02:13.0875 0816 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
17:02:14.0187 0816 SBAMSvc - ok
17:02:14.0531 0816 sbaphd (65a36563c0207824c8240662043c5304) C:\WINDOWS\system32\drivers\sbaphd.sys
17:02:14.0578 0816 sbaphd - ok
17:02:14.0609 0816 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\WINDOWS\system32\drivers\sbapifs.sys
17:02:14.0609 0816 sbapifs - ok
17:02:14.0656 0816 SbFw (eb4a2b5faa3decd33ed682a5569e287f) C:\WINDOWS\system32\drivers\SbFw.sys
17:02:14.0671 0816 SbFw - ok
17:02:14.0718 0816 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
17:02:14.0750 0816 SBFWIMCL - ok
17:02:14.0750 0816 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
17:02:14.0765 0816 SBFWIMCLMP - ok
17:02:14.0781 0816 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\WINDOWS\system32\drivers\sbhips.sys
17:02:14.0796 0816 sbhips - ok
17:02:14.0875 0816 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\WINDOWS\system32\drivers\SBREdrv.sys
17:02:14.0906 0816 SBRE - ok
17:02:15.0031 0816 SbTis (44062a740434b7c3946096d615aaa91c) C:\WINDOWS\system32\drivers\sbtis.sys
17:02:15.0046 0816 SbTis - ok
17:02:15.0140 0816 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:02:15.0140 0816 SCardSvr - ok
17:02:15.0218 0816 SCDEmu (85a26c37b91b1187550c99b046840691) C:\WINDOWS\system32\drivers\SCDEmu.sys
17:02:15.0703 0816 SCDEmu - ok
17:02:15.0750 0816 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:02:15.0781 0816 Schedule - ok
17:02:15.0796 0816 se27nd5 - ok
17:02:15.0812 0816 se44mdfl - ok
17:02:15.0843 0816 se58bus - ok
17:02:15.0906 0816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:02:15.0906 0816 Secdrv - ok
17:02:15.0953 0816 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:02:15.0953 0816 seclogon - ok
17:02:15.0968 0816 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:02:15.0984 0816 SENS - ok
17:02:16.0031 0816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:02:16.0031 0816 serenum - ok
17:02:16.0062 0816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:02:16.0062 0816 Serial - ok
17:02:16.0187 0816 ServiceLayer (019ab047b932ad277a4da2673e5cc19c) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:02:16.0203 0816 ServiceLayer - ok
17:02:16.0234 0816 sf - ok
17:02:16.0265 0816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:02:16.0296 0816 Sfloppy - ok
17:02:16.0328 0816 sgeclient - ok
17:02:16.0390 0816 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:02:16.0406 0816 SharedAccess - ok
17:02:16.0500 0816 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:02:16.0500 0816 ShellHWDetection - ok
17:02:16.0515 0816 Simbad - ok
17:02:16.0515 0816 SiS7018 - ok
17:02:16.0531 0816 sisperf - ok
17:02:16.0546 0816 Sk9920nt - ok
17:02:16.0562 0816 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:02:16.0578 0816 SLIP - ok
17:02:16.0687 0816 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
17:02:16.0718 0816 smwdm - ok
17:02:16.0734 0816 Sparrow - ok
17:02:16.0796 0816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:02:16.0796 0816 splitter - ok
17:02:16.0875 0816 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:02:16.0875 0816 Spooler - ok
17:02:16.0890 0816 sprtsvc_dellsupportcenter - ok
17:02:16.0890 0816 Spsmqvsm - ok
17:02:17.0078 0816 SQLBrowser (3612108d36ea74f6f9fc5005e88e353b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:02:17.0078 0816 SQLBrowser - ok
17:02:17.0125 0816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:02:17.0125 0816 sr - ok
17:02:17.0187 0816 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
17:02:17.0203 0816 srservice - ok
17:02:17.0265 0816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:02:17.0281 0816 Srv - ok
17:02:17.0281 0816 SRVLOC - ok
17:02:17.0296 0816 sr_service - ok
17:02:17.0359 0816 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
17:02:17.0375 0816 ssadbus - ok
17:02:17.0390 0816 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
17:02:17.0406 0816 ssadmdfl - ok
17:02:17.0484 0816 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
17:02:17.0500 0816 ssadmdm - ok
17:02:17.0531 0816 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
17:02:17.0531 0816 ssadserd - ok
17:02:17.0593 0816 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:02:17.0593 0816 SSDPSRV - ok
17:02:17.0609 0816 st330service - ok
17:02:17.0656 0816 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:02:17.0656 0816 StillCam - ok
17:02:17.0734 0816 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:02:17.0750 0816 stisvc - ok
17:02:17.0828 0816 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:02:17.0828 0816 streamip - ok
17:02:17.0859 0816 STV680 - ok
17:02:17.0906 0816 SunkFilt39 - ok
17:02:17.0953 0816 surveyor - ok
17:02:17.0984 0816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:02:17.0984 0816 swenum - ok
17:02:18.0046 0816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:02:18.0062 0816 swmidi - ok
17:02:18.0109 0816 SwPrv - ok
17:02:18.0125 0816 SWUMX51 - ok
17:02:18.0140 0816 symc810 - ok
17:02:18.0156 0816 symc8xx - ok
17:02:18.0156 0816 symidsco - ok
17:02:18.0171 0816 sym_hi - ok
17:02:18.0187 0816 sym_u3 - ok
17:02:18.0218 0816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:02:18.0218 0816 sysaudio - ok
17:02:18.0265 0816 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:02:18.0281 0816 SysmonLog - ok
17:02:18.0312 0816 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:02:18.0328 0816 TapiSrv - ok
17:02:18.0390 0816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:02:18.0406 0816 Tcpip - ok
17:02:18.0421 0816 tcpip6 - ok
17:02:18.0437 0816 tdimsys - ok
17:02:18.0500 0816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:02:18.0531 0816 TDPIPE - ok
17:02:18.0578 0816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:02:18.0625 0816 TDTCP - ok
17:02:18.0671 0816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:02:18.0671 0816 TermDD - ok
17:02:18.0812 0816 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:02:18.0828 0816 TermService - ok
17:02:18.0843 0816 tfsnifs - ok
17:02:18.0890 0816 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:02:18.0890 0816 Themes - ok
17:02:18.0906 0816 tifm21 - ok
17:02:18.0921 0816 tmmbd - ok
17:02:18.0937 0816 tng-doba - ok
17:02:18.0953 0816 TosIde - ok
17:02:18.0968 0816 tosrfusb - ok
17:02:18.0968 0816 traprcvr - ok
17:02:19.0031 0816 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:02:19.0031 0816 TrkWks - ok
17:02:19.0062 0816 Udfreadr_xp - ok
17:02:19.0093 0816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:02:19.0125 0816 Udfs - ok
17:02:19.0140 0816 ulcdrhlp - ok
17:02:19.0156 0816 ultra - ok
17:02:19.0234 0816 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
17:02:19.0250 0816 UMWdf - ok
17:02:19.0265 0816 umxfwhlp - ok
17:02:19.0265 0816 UPATC - ok
17:02:19.0343 0816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:02:19.0375 0816 Update - ok
17:02:19.0421 0816 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:02:19.0437 0816 upnphost - ok
17:02:19.0468 0816 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:02:19.0468 0816 UPS - ok
17:02:19.0531 0816 Usb20Scan - ok
17:02:19.0593 0816 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:02:19.0609 0816 USBAAPL - ok
17:02:19.0687 0816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:02:19.0687 0816 usbccgp - ok
17:02:19.0703 0816 usbcm - ok
17:02:19.0765 0816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:02:19.0765 0816 usbehci - ok
17:02:19.0859 0816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:02:19.0859 0816 usbhub - ok
17:02:19.0875 0816 usbmate - ok
17:02:19.0937 0816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:02:19.0953 0816 usbprint - ok
17:02:20.0000 0816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:02:20.0000 0816 usbscan - ok
17:02:20.0062 0816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:02:20.0078 0816 USBSTOR - ok
17:02:20.0125 0816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:02:20.0140 0816 usbuhci - ok
17:02:20.0156 0816 UWProSys - ok
17:02:20.0171 0816 VAIOMediaPlatform-PhotoServer-HTTP - ok
17:02:20.0187 0816 vc5secs - ok
17:02:20.0203 0816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:02:20.0218 0816 VgaSave - ok
17:02:20.0234 0816 ViaIde - ok
17:02:20.0265 0816 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
17:02:20.0281 0816 vncdrv - ok
17:02:20.0312 0816 VNUSB - ok
17:02:20.0359 0816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:02:20.0406 0816 VolSnap - ok
17:02:20.0437 0816 vpctcom - ok
17:02:20.0437 0816 vsbus - ok
17:02:20.0515 0816 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:02:20.0562 0816 VSS - ok
17:02:20.0578 0816 vzupsvc - ok
17:02:20.0625 0816 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
17:02:20.0640 0816 W32Time - ok
17:02:20.0656 0816 w550mdfl - ok
17:02:20.0687 0816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:02:20.0703 0816 Wanarp - ok
17:02:20.0703 0816 WDICA - ok
17:02:20.0765 0816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:02:20.0781 0816 wdmaud - ok
17:02:20.0843 0816 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:02:20.0859 0816 WebClient - ok
17:02:20.0875 0816 websensecpmcommunicationagent - ok
17:02:20.0906 0816 websenseusagemonitor - ok
17:02:20.0921 0816 winachsx - ok
17:02:20.0953 0816 WinDriver6 - ok
17:02:20.0968 0816 Winjo48 - ok
17:02:21.0078 0816 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:02:21.0093 0816 winmgmt - ok
17:02:21.0125 0816 WinVd32 - ok
17:02:21.0125 0816 wm - ok
17:02:21.0171 0816 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
17:02:21.0187 0816 WmdmPmSN - ok
17:02:21.0234 0816 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:02:21.0250 0816 WmiApSrv - ok
17:02:21.0250 0816 wpsdrvnt - ok
17:02:21.0328 0816 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:02:21.0328 0816 WSTCODEC - ok
17:02:21.0359 0816 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:02:21.0390 0816 wuauserv - ok
17:02:21.0390 0816 wudfrd - ok
17:02:21.0437 0816 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:02:21.0468 0816 WZCSVC - ok
17:02:21.0468 0816 xfilt - ok
17:02:21.0515 0816 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:02:21.0593 0816 xmlprov - ok
17:02:21.0593 0816 Xyz777b - ok
17:02:21.0625 0816 YahooAUService - ok
17:02:21.0640 0816 z525bus - ok
17:02:21.0656 0816 ZDCNDIS5 - ok
17:02:21.0671 0816 ZDPNDIS5 - ok
17:02:21.0687 0816 ZTEusbmdm6k - ok
17:02:21.0718 0816 ZuneBusEnum - ok
17:02:21.0843 0816 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
17:02:21.0843 0816 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
17:02:21.0875 0816 {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} - ok
17:02:21.0937 0816 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
17:02:21.0937 0816 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
17:02:21.0968 0816 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
17:02:21.0984 0816 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:02:21.0984 0816 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:02:22.0015 0816 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:02:22.0015 0816 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:02:22.0046 0816 Boot (0x1200) (b080911ddc623d0476a81f9147ec179a) \Device\Harddisk0\DR0\Partition0
17:02:22.0046 0816 \Device\Harddisk0\DR0\Partition0 - ok
17:02:22.0046 0816 ============================================================
17:02:22.0046 0816 Scan finished
17:02:22.0046 0816 ============================================================
17:02:22.0078 3384 Detected object count: 3
17:02:22.0078 3384 Actual detected object count: 3

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:07 PM

Posted 10 May 2012 - 04:52 PM

17:02:21.0984 0816 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

Cure it

17:02:22.0015 0816 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

Delete it

C:\WINDOWS\system32\drivers\ialmsbw.sys

Skip it

Upload the file ialmsbw.sys to www.virustotal.com and post the generated log

good luck

#5 pacunning

pacunning
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 10 May 2012 - 08:39 PM

SHA256: 808941e9d1c389b9f4662fa3187766d64a09e41cbec3a1db44d6569aeebf2f7f
File name: ialmsbw.sys
Detection ratio: 0 / 42
Analysis date: 2012-05-11 01:36:25 UTC ( 0 minutes ago )



Seems like that's not going to be a problem. pretty cool website!

No more problems with my computer or redirects!

You guys are awesome, thanks!!!

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:07 PM

Posted 10 May 2012 - 08:51 PM

Thanks for your feedback,we still have few more scans :thumbup2:

Press WIndows+R key and type

%temp% and click ok

If you find a folder called SMTMP,Copy the folder to a safe location.


Restart the PC ,run tdsskiller once again and post the log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 10 May 2012 - 09:03 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users