Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SMART antivirus infection


  • Please log in to reply
20 replies to this topic

#1 jpd9930

jpd9930

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 01 June 2012 - 10:29 AM

Hi all!

I have possibly 2 items here. I'm positive they are related. If you feel they are not please let me know which one you would like to address and I will start a new thread for the the other.

I got the S.M.A.R.T. antivirus infection. No question

the other item is I am getting Write Fault Errors on bootup. I receive multiple instances of the following error:

"A write command during the test has failed to complete. this may be due to a media or read/write error. the system generates an exception error when using a reference to an invalid system memory address"

If I wait a while a new batch will popup if I dont clear the first batch. The SMART infection will popup whether I clear or not. Once I do clear the messages I have not desktop icons. I have the systray but all links in the start menu are empty. Going to add/remove software shows all installed software. I get the same results from boot to safe mode.

My systray has the normal icons for the running programs (IE printer, etc). Just noticed a "critical error: Hard drive controller failure" and "Serious Disk Error Writing to Drive C\:" "device initialization failed". Just found I have IE link in START menu and it works. Desktop is still black with no visible Icons.

SMART is resident in systray and can not be closed.

Ran Dir in cmd.exe...."file not found" at C:\.

Tired to run task manager..got "sector not found" and would not load

I am able to navagate with IE

SMART proclaiming "hard drive boot sector readin error"

No additions to add/remove programs that would indicate anything associated with SMART

SMART doesnt come up in safe mode but desktop is still all black but I am able to connect to internet, "file not found" doing DIR in cmd.exe window.

Running WINXP Pro SP3

I didnt do the items requested since I didnt think I could prior to today. I will try to get that done ASAP to be in complience with your wishes...

Edited by jpd9930, 01 June 2012 - 10:34 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:26 PM

Posted 01 June 2012 - 10:32 AM

Boot the PC in safemode with networking

Press Windows+R key and type

cmd and click ok


If your task manager is disabled,copy and run this command

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr

Press ENTER

If you're desktop is blank and unable to right click on it ,run this command

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop

After the command is successful

Restart your PC in safemode with networking

Press WIndows+R key and type

%temp% and click ok

If you find a folder called SMTMP,Copy the folder to a safe location.


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 01 June 2012 - 10:35 AM.


#3 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 01 June 2012 - 10:42 AM

wow!!!! on it so standby...I am typing from infected computer at this time so we should be able to do this quickly...brb as reboot to safe mode and do as you ask

#4 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 01 June 2012 - 12:30 PM

12:00:59.0890 0380 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:01:00.0218 0380 ============================================================
12:01:00.0218 0380 Current date / time: 2012/06/01 12:01:00.0218
12:01:00.0218 0380 SystemInfo:
12:01:00.0218 0380
12:01:00.0218 0380 OS Version: 5.1.2600 ServicePack: 3.0
12:01:00.0218 0380 Product type: Workstation
12:01:00.0218 0380 ComputerName: XP2600
12:01:00.0218 0380 UserName: Jon
12:01:00.0218 0380 Windows directory: C:\WINDOWS
12:01:00.0218 0380 System windows directory: C:\WINDOWS
12:01:00.0218 0380 Processor architecture: Intel x86
12:01:00.0218 0380 Number of processors: 1
12:01:00.0218 0380 Page size: 0x1000
12:01:00.0218 0380 Boot type: Safe boot with network
12:01:00.0218 0380 ============================================================
12:01:04.0328 0380 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:01:04.0328 0380 Drive \Device\Harddisk1\DR5 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:01:04.0328 0380 Drive \Device\Harddisk2\DR7 - Size: 0x3BA00000 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:01:04.0328 0380 ============================================================
12:01:04.0328 0380 \Device\Harddisk0\DR0:
12:01:04.0328 0380 MBR partitions:
12:01:04.0328 0380 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x21B891A
12:01:04.0359 0380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24E47A7, BlocksNum 0x973EEA
12:01:04.0375 0380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x319BD65, BlocksNum 0xBB867E
12:01:04.0390 0380 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4031B1D, BlocksNum 0xA576A4
12:01:04.0390 0380 \Device\Harddisk1\DR5:
12:01:04.0390 0380 MBR partitions:
12:01:04.0390 0380 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE8080
12:01:04.0390 0380 \Device\Harddisk2\DR7:
12:01:04.0390 0380 MBR partitions:
12:01:04.0390 0380 \Device\Harddisk2\DR7\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1DCFE0
12:01:04.0390 0380 ============================================================
12:01:04.0453 0380 C: <-> \Device\Harddisk0\DR0\Partition0
12:01:04.0484 0380 D: <-> \Device\Harddisk0\DR0\Partition1
12:01:04.0515 0380 E: <-> \Device\Harddisk0\DR0\Partition2
12:01:04.0546 0380 F: <-> \Device\Harddisk0\DR0\Partition3
12:01:04.0593 0380 ============================================================
12:01:04.0593 0380 Initialize success
12:01:04.0593 0380 ============================================================
12:01:39.0562 2028 ============================================================
12:01:39.0562 2028 Scan started
12:01:39.0562 2028 Mode: Manual; TDLFS;
12:01:39.0562 2028 ============================================================
12:01:40.0765 2028 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
12:01:40.0765 2028 61883 - ok
12:01:40.0828 2028 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
12:01:40.0828 2028 6to4 - ok
12:01:40.0859 2028 Abiosdsk - ok
12:01:40.0875 2028 abp480n5 - ok
12:01:40.0937 2028 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:01:40.0937 2028 ACPI - ok
12:01:41.0000 2028 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:01:41.0000 2028 ACPIEC - ok
12:01:41.0093 2028 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:01:41.0109 2028 AdobeFlashPlayerUpdateSvc - ok
12:01:41.0140 2028 adpu160m - ok
12:01:41.0203 2028 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:01:41.0203 2028 aec - ok
12:01:41.0281 2028 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:01:41.0281 2028 AFD - ok
12:01:41.0312 2028 Aha154x - ok
12:01:41.0359 2028 aic78u2 - ok
12:01:41.0406 2028 aic78xx - ok
12:01:41.0468 2028 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:01:41.0468 2028 Alerter - ok
12:01:41.0515 2028 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:01:41.0515 2028 ALG - ok
12:01:41.0546 2028 AliIde - ok
12:01:41.0625 2028 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
12:01:41.0625 2028 AmdK7 - ok
12:01:41.0640 2028 amsint - ok
12:01:41.0750 2028 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:01:41.0843 2028 AppMgmt - ok
12:01:41.0921 2028 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:01:41.0921 2028 Arp1394 - ok
12:01:41.0968 2028 asc - ok
12:01:42.0000 2028 asc3350p - ok
12:01:42.0046 2028 asc3550 - ok
12:01:42.0218 2028 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:01:42.0359 2028 aspnet_state - ok
12:01:42.0421 2028 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:01:42.0421 2028 AsyncMac - ok
12:01:42.0468 2028 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:01:42.0468 2028 atapi - ok
12:01:42.0500 2028 Atdisk - ok
12:01:42.0546 2028 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:01:42.0562 2028 Atmarpc - ok
12:01:42.0625 2028 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:01:42.0625 2028 AudioSrv - ok
12:01:42.0687 2028 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:01:42.0687 2028 audstub - ok
12:01:42.0750 2028 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
12:01:42.0750 2028 Avc - ok
12:01:42.0828 2028 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:01:42.0843 2028 Beep - ok
12:01:42.0953 2028 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:01:43.0187 2028 BITS - ok
12:01:43.0218 2028 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:01:43.0234 2028 Bridge - ok
12:01:43.0265 2028 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
12:01:43.0265 2028 BridgeMP - ok
12:01:43.0328 2028 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:01:43.0343 2028 Browser - ok
12:01:43.0375 2028 BVRPMPR5 - ok
12:01:43.0421 2028 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:01:43.0421 2028 cbidf2k - ok
12:01:43.0468 2028 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:01:43.0468 2028 CCDECODE - ok
12:01:43.0500 2028 cd20xrnt - ok
12:01:43.0546 2028 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:01:43.0546 2028 Cdaudio - ok
12:01:43.0593 2028 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:01:43.0593 2028 Cdfs - ok
12:01:43.0640 2028 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
12:01:43.0640 2028 cdrbsvsd - ok
12:01:43.0671 2028 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:01:43.0687 2028 Cdrom - ok
12:01:43.0796 2028 cdudf_xp (168764ee13165440c03b712ce90fd9d9) C:\WINDOWS\system32\drivers\cdudf_xp.sys
12:01:43.0796 2028 cdudf_xp - ok
12:01:43.0843 2028 Changer - ok
12:01:43.0890 2028 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:01:43.0890 2028 CiSvc - ok
12:01:43.0953 2028 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:01:43.0968 2028 ClipSrv - ok
12:01:44.0093 2028 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:44.0234 2028 clr_optimization_v2.0.50727_32 - ok
12:01:44.0281 2028 CmdIde - ok
12:01:44.0328 2028 COMSysApp - ok
12:01:44.0390 2028 Cpqarray - ok
12:01:44.0453 2028 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:01:44.0453 2028 CryptSvc - ok
12:01:44.0515 2028 dac2w2k - ok
12:01:44.0531 2028 dac960nt - ok
12:01:44.0609 2028 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:01:44.0640 2028 DcomLaunch - ok
12:01:44.0718 2028 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:01:44.0718 2028 Dhcp - ok
12:01:44.0765 2028 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:01:44.0781 2028 Disk - ok
12:01:44.0796 2028 dmadmin - ok
12:01:45.0015 2028 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:01:45.0187 2028 dmboot - ok
12:01:45.0250 2028 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
12:01:45.0250 2028 dmio - ok
12:01:45.0281 2028 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:01:45.0296 2028 dmload - ok
12:01:45.0375 2028 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:01:45.0375 2028 dmserver - ok
12:01:45.0453 2028 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:01:45.0453 2028 DMusic - ok
12:01:45.0484 2028 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:01:45.0484 2028 Dnscache - ok
12:01:45.0562 2028 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:01:45.0578 2028 Dot3svc - ok
12:01:45.0671 2028 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
12:01:45.0718 2028 Dot4 - ok
12:01:45.0750 2028 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
12:01:45.0750 2028 Dot4Print - ok
12:01:45.0781 2028 dpti2o - ok
12:01:45.0828 2028 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:01:45.0843 2028 drmkaud - ok
12:01:45.0875 2028 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys
12:01:45.0875 2028 drvmcdb - ok
12:01:45.0953 2028 dvd_2K (02bc107fcfff26d756b5df73ad38f98f) C:\WINDOWS\system32\drivers\dvd_2K.sys
12:01:45.0953 2028 dvd_2K - ok
12:01:46.0000 2028 dwshd - ok
12:01:46.0078 2028 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:01:46.0078 2028 EapHost - ok
12:01:46.0140 2028 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:01:46.0140 2028 ERSvc - ok
12:01:46.0203 2028 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:01:46.0218 2028 Eventlog - ok
12:01:46.0281 2028 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
12:01:46.0296 2028 EventSystem - ok
12:01:46.0343 2028 FA312 (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
12:01:46.0343 2028 FA312 - ok
12:01:46.0406 2028 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:01:46.0406 2028 Fastfat - ok
12:01:46.0468 2028 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:01:46.0468 2028 FastUserSwitchingCompatibility - ok
12:01:46.0515 2028 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:01:46.0515 2028 Fdc - ok
12:01:46.0578 2028 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:01:46.0578 2028 Fips - ok
12:01:46.0625 2028 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:01:46.0625 2028 Flpydisk - ok
12:01:46.0687 2028 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:01:46.0687 2028 FltMgr - ok
12:01:46.0812 2028 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:01:46.0812 2028 FontCache3.0.0.0 - ok
12:01:46.0875 2028 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:01:46.0875 2028 Fs_Rec - ok
12:01:46.0937 2028 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:01:46.0937 2028 Ftdisk - ok
12:01:46.0984 2028 FVNETusb - ok
12:01:47.0015 2028 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:01:47.0031 2028 gameenum - ok
12:01:47.0062 2028 GEARAspiWDM - ok
12:01:47.0125 2028 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:01:47.0125 2028 Gpc - ok
12:01:47.0296 2028 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:01:47.0312 2028 gupdate - ok
12:01:47.0375 2028 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:01:47.0375 2028 gupdatem - ok
12:01:47.0484 2028 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:01:47.0484 2028 gusvc - ok
12:01:47.0578 2028 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:01:47.0578 2028 helpsvc - ok
12:01:47.0640 2028 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:01:47.0640 2028 HidServ - ok
12:01:47.0687 2028 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:01:47.0687 2028 HidUsb - ok
12:01:47.0765 2028 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:01:47.0765 2028 hkmsvc - ok
12:01:47.0812 2028 hpn - ok
12:01:47.0875 2028 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:01:47.0890 2028 HTTP - ok
12:01:47.0937 2028 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:01:47.0984 2028 HTTPFilter - ok
12:01:48.0015 2028 i2omgmt - ok
12:01:48.0046 2028 i2omp - ok
12:01:48.0093 2028 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:01:48.0109 2028 i8042prt - ok
12:01:48.0218 2028 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:01:48.0281 2028 IDriverT - ok
12:01:48.0484 2028 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:01:48.0625 2028 idsvc - ok
12:01:48.0671 2028 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:01:48.0671 2028 Imapi - ok
12:01:48.0734 2028 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:01:48.0750 2028 ImapiService - ok
12:01:48.0796 2028 ini910u - ok
12:01:48.0859 2028 IntelIde - ok
12:01:48.0921 2028 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:01:48.0921 2028 Ip6Fw - ok
12:01:48.0968 2028 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:01:48.0968 2028 IpFilterDriver - ok
12:01:49.0046 2028 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:01:49.0046 2028 IpInIp - ok
12:01:49.0109 2028 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:01:49.0109 2028 IpNat - ok
12:01:49.0171 2028 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:01:49.0171 2028 IPSec - ok
12:01:49.0218 2028 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:01:49.0218 2028 IRENUM - ok
12:01:49.0281 2028 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:01:49.0281 2028 isapnp - ok
12:01:49.0453 2028 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
12:01:49.0453 2028 JavaQuickStarterService - ok
12:01:49.0531 2028 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:01:49.0531 2028 Kbdclass - ok
12:01:49.0578 2028 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:01:49.0578 2028 kbdhid - ok
12:01:49.0656 2028 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
12:01:49.0671 2028 klmd23 - ok
12:01:49.0718 2028 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:01:49.0734 2028 kmixer - ok
12:01:49.0781 2028 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:01:49.0781 2028 KSecDD - ok
12:01:49.0843 2028 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:01:49.0859 2028 LanmanServer - ok
12:01:49.0937 2028 LanmanWorkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:01:49.0953 2028 LanmanWorkstation - ok
12:01:50.0000 2028 lbrtfdc - ok
12:01:50.0093 2028 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:01:50.0093 2028 LmHosts - ok
12:01:50.0156 2028 LxrJD31d (72f30fa2e98d628dff8d82011e687ebb) C:\WINDOWS\system32\Drivers\LxrJD31d.sys
12:01:50.0156 2028 LxrJD31d - ok
12:01:50.0171 2028 LxrJD31s - ok
12:01:50.0296 2028 MDM (8b23e29b211cfed059adb5a5e4a00147) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
12:01:50.0312 2028 MDM - ok
12:01:50.0375 2028 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:01:50.0375 2028 Messenger - ok
12:01:50.0437 2028 mmc_2K (1f4a94215f1640695e402697b3045261) C:\WINDOWS\system32\drivers\mmc_2K.sys
12:01:50.0437 2028 mmc_2K - ok
12:01:50.0484 2028 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:01:50.0484 2028 mnmdd - ok
12:01:50.0578 2028 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
12:01:50.0578 2028 mnmsrvc - ok
12:01:50.0609 2028 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:01:50.0609 2028 Modem - ok
12:01:50.0640 2028 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:01:50.0656 2028 Mouclass - ok
12:01:50.0703 2028 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:01:50.0703 2028 mouhid - ok
12:01:50.0781 2028 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:01:50.0781 2028 MountMgr - ok
12:01:50.0828 2028 mraid35x - ok
12:01:50.0890 2028 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:01:50.0890 2028 MRxDAV - ok
12:01:50.0968 2028 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:01:50.0984 2028 MRxSmb - ok
12:01:51.0046 2028 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
12:01:51.0062 2028 MSDTC - ok
12:01:51.0156 2028 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
12:01:51.0156 2028 MSDV - ok
12:01:51.0203 2028 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:01:51.0203 2028 Msfs - ok
12:01:51.0250 2028 MSIServer - ok
12:01:51.0312 2028 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:01:51.0312 2028 MSKSSRV - ok
12:01:51.0406 2028 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:01:51.0406 2028 MSPCLOCK - ok
12:01:51.0453 2028 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:01:51.0453 2028 MSPQM - ok
12:01:51.0515 2028 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:01:51.0531 2028 mssmbios - ok
12:01:51.0562 2028 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:01:51.0562 2028 MSTEE - ok
12:01:51.0640 2028 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
12:01:51.0640 2028 ms_mpu401 - ok
12:01:51.0703 2028 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:01:51.0718 2028 Mup - ok
12:01:51.0765 2028 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:01:51.0765 2028 NABTSFEC - ok
12:01:51.0859 2028 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:01:51.0875 2028 napagent - ok
12:01:51.0937 2028 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:01:51.0953 2028 NDIS - ok
12:01:52.0000 2028 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:01:52.0000 2028 NdisIP - ok
12:01:52.0046 2028 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:01:52.0046 2028 NdisTapi - ok
12:01:52.0078 2028 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:01:52.0078 2028 Ndisuio - ok
12:01:52.0156 2028 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:01:52.0156 2028 NdisWan - ok
12:01:52.0218 2028 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:01:52.0218 2028 NDProxy - ok
12:01:52.0250 2028 neokdss (0ee5f325df54c6fe0fbae0bbf3b2cab6) C:\WINDOWS\system32\Drivers\neokdss.sys
12:01:52.0250 2028 neokdss - ok
12:01:52.0296 2028 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:01:52.0296 2028 NetBIOS - ok
12:01:52.0343 2028 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:01:52.0343 2028 NetBT - ok
12:01:52.0453 2028 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:01:52.0453 2028 NetDDE - ok
12:01:52.0484 2028 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:01:52.0484 2028 NetDDEdsdm - ok
12:01:52.0546 2028 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:01:52.0562 2028 Netlogon - ok
12:01:52.0640 2028 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:01:52.0656 2028 Netman - ok
12:01:52.0750 2028 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:01:52.0765 2028 NetTcpPortSharing - ok
12:01:52.0812 2028 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:01:52.0812 2028 NIC1394 - ok
12:01:52.0890 2028 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:01:52.0906 2028 Nla - ok
12:01:52.0968 2028 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:01:52.0968 2028 Npfs - ok
12:01:53.0062 2028 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:01:53.0093 2028 Ntfs - ok
12:01:53.0140 2028 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
12:01:53.0140 2028 NtLmSsp - ok
12:01:53.0265 2028 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:01:53.0406 2028 NtmsSvc - ok
12:01:53.0484 2028 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:01:53.0484 2028 Null - ok
12:01:53.0906 2028 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:01:54.0140 2028 nv - ok
12:01:54.0281 2028 nvax (a9af177d2543315108bd974e469f4d45) C:\WINDOWS\system32\drivers\nvax.sys
12:01:54.0296 2028 nvax - ok
12:01:54.0359 2028 NVENET (e07c1f16e5a4e32fc3c0f62b59815ef0) C:\WINDOWS\system32\DRIVERS\NVENET.sys
12:01:54.0359 2028 NVENET - ok
12:01:54.0421 2028 nvnforce (ab0f1072ac0e24567effcb0c4f3499f5) C:\WINDOWS\system32\drivers\nvapu.sys
12:01:54.0437 2028 nvnforce - ok
12:01:54.0531 2028 NVSvc (0c41c4acfe00d826db479c40c1d9edc8) C:\WINDOWS\system32\nvsvc32.exe
12:01:54.0531 2028 NVSvc - ok
12:01:54.0578 2028 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
12:01:54.0578 2028 nv_agp - ok
12:01:54.0609 2028 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:01:54.0609 2028 NwlnkFlt - ok
12:01:54.0656 2028 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:01:54.0656 2028 NwlnkFwd - ok
12:01:54.0703 2028 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
12:01:54.0703 2028 NwlnkIpx - ok
12:01:54.0750 2028 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
12:01:54.0765 2028 NwlnkNb - ok
12:01:54.0812 2028 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
12:01:54.0812 2028 NwlnkSpx - ok
12:01:54.0859 2028 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:01:54.0859 2028 ohci1394 - ok
12:01:54.0968 2028 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:01:54.0968 2028 ose - ok
12:01:55.0046 2028 P2k (137e20f75102ed639b11417c9f779ee6) C:\WINDOWS\system32\DRIVERS\P2k.sys
12:01:55.0046 2028 P2k - ok
12:01:55.0109 2028 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:01:55.0125 2028 Parport - ok
12:01:55.0171 2028 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:01:55.0171 2028 PartMgr - ok
12:01:55.0218 2028 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:01:55.0218 2028 ParVdm - ok
12:01:55.0265 2028 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:01:55.0265 2028 PCI - ok
12:01:55.0312 2028 PCIDump - ok
12:01:55.0359 2028 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:01:55.0359 2028 PCIIde - ok
12:01:55.0421 2028 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:01:55.0437 2028 Pcmcia - ok
12:01:55.0468 2028 Pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\Pcouffin.sys
12:01:55.0468 2028 Pcouffin - ok
12:01:55.0531 2028 PDCOMP - ok
12:01:55.0562 2028 PDFRAME - ok
12:01:55.0593 2028 PDRELI - ok
12:01:55.0640 2028 PDRFRAME - ok
12:01:55.0671 2028 perc2 - ok
12:01:55.0703 2028 perc2hib - ok
12:01:55.0859 2028 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:01:55.0859 2028 PlugPlay - ok
12:01:55.0906 2028 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:01:55.0921 2028 PolicyAgent - ok
12:01:56.0000 2028 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:01:56.0000 2028 PptpMiniport - ok
12:01:56.0046 2028 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
12:01:56.0046 2028 PQNTDrv - ok
12:01:56.0093 2028 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:01:56.0093 2028 Processor - ok
12:01:56.0125 2028 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:01:56.0140 2028 ProtectedStorage - ok
12:01:56.0187 2028 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:01:56.0187 2028 PSched - ok
12:01:56.0234 2028 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:01:56.0234 2028 Ptilink - ok
12:01:56.0281 2028 pwd_2k (2f0e42255bb18fbb4e031b3149ec9d2f) C:\WINDOWS\system32\drivers\pwd_2k.sys
12:01:56.0296 2028 pwd_2k - ok
12:01:56.0328 2028 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:01:56.0343 2028 PxHelp20 - ok
12:01:56.0359 2028 ql1080 - ok
12:01:56.0390 2028 Ql10wnt - ok
12:01:56.0437 2028 ql12160 - ok
12:01:56.0468 2028 ql1240 - ok
12:01:56.0500 2028 ql1280 - ok
12:01:56.0531 2028 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:01:56.0546 2028 RasAcd - ok
12:01:56.0578 2028 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:01:56.0593 2028 RasAuto - ok
12:01:56.0640 2028 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:01:56.0640 2028 Rasl2tp - ok
12:01:56.0687 2028 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:01:56.0703 2028 RasMan - ok
12:01:56.0750 2028 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:01:56.0750 2028 RasPppoe - ok
12:01:56.0796 2028 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:01:56.0796 2028 Raspti - ok
12:01:56.0859 2028 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:01:56.0859 2028 Rdbss - ok
12:01:56.0906 2028 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:01:56.0906 2028 RDPCDD - ok
12:01:56.0984 2028 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:01:57.0000 2028 rdpdr - ok
12:01:57.0093 2028 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:01:57.0093 2028 RDPWD - ok
12:01:57.0156 2028 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:01:57.0171 2028 RDSessMgr - ok
12:01:57.0218 2028 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:01:57.0218 2028 redbook - ok
12:01:57.0296 2028 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:01:57.0296 2028 RemoteAccess - ok
12:01:57.0343 2028 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:01:57.0359 2028 RemoteRegistry - ok
12:01:57.0468 2028 RoxLiveShare (080fa1c65389021a6fd98d9ed16b7b39) C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
12:01:57.0531 2028 RoxLiveShare - ok
12:01:57.0625 2028 RoxUpnpRenderer (5dd655620734ea6046064af17567a76c) C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
12:01:57.0656 2028 RoxUpnpRenderer - ok
12:01:57.0796 2028 RoxUpnpServer (d831f4bc511337766c2d1d208b7334fb) C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
12:01:57.0906 2028 RoxUpnpServer - ok
12:01:57.0968 2028 RoxWatch (eaf5f830825343f31d1c94f028543aa3) C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
12:01:57.0984 2028 RoxWatch - ok
12:01:58.0031 2028 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
12:01:58.0046 2028 RpcLocator - ok
12:01:58.0125 2028 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
12:01:58.0140 2028 RpcSs - ok
12:01:58.0203 2028 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:01:58.0218 2028 RSVP - ok
12:01:58.0281 2028 RxFilter (04cc07c9f18b137e17e8a3c3d8b90c23) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
12:01:58.0281 2028 RxFilter - ok
12:01:58.0312 2028 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:01:58.0312 2028 SamSs - ok
12:01:58.0375 2028 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) F:\SASDIFSV.SYS
12:01:58.0375 2028 SASDIFSV - ok
12:01:58.0468 2028 SASKUTIL (61db0d0756a99506207fd724e3692b25) F:\SASKUTIL.SYS
12:01:58.0468 2028 SASKUTIL - ok
12:01:58.0531 2028 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:01:58.0546 2028 SCardSvr - ok
12:01:58.0593 2028 SCDEmu (65b47e763ed55f35f787a7918272d155) C:\WINDOWS\system32\drivers\SCDEmu.sys
12:01:58.0593 2028 SCDEmu - ok
12:01:58.0640 2028 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:01:58.0656 2028 Schedule - ok
12:01:58.0734 2028 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:01:58.0734 2028 Secdrv - ok
12:01:58.0781 2028 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:01:58.0781 2028 seclogon - ok
12:01:58.0828 2028 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:01:58.0828 2028 SENS - ok
12:01:58.0890 2028 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:01:58.0890 2028 serenum - ok
12:01:58.0953 2028 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:01:58.0953 2028 Serial - ok
12:01:59.0046 2028 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:01:59.0046 2028 Sfloppy - ok
12:01:59.0156 2028 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:01:59.0171 2028 SharedAccess - ok
12:01:59.0234 2028 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:01:59.0234 2028 ShellHWDetection - ok
12:01:59.0296 2028 SI3112r (3da2f680bfc8e92a535cea5a5d80ac37) C:\WINDOWS\system32\DRIVERS\SI3112r.sys
12:01:59.0312 2028 SI3112r - ok
12:01:59.0375 2028 SiFilter (d893aa1d1ee007b7ab1b16e1099e9f17) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
12:01:59.0375 2028 SiFilter - ok
12:01:59.0406 2028 Simbad - ok
12:01:59.0453 2028 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:01:59.0453 2028 SLIP - ok
12:01:59.0515 2028 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:01:59.0515 2028 SONYPVU1 - ok
12:01:59.0546 2028 Sparrow - ok
12:01:59.0593 2028 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:01:59.0593 2028 splitter - ok
12:01:59.0656 2028 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:01:59.0656 2028 Spooler - ok
12:01:59.0703 2028 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:01:59.0703 2028 sr - ok
12:01:59.0765 2028 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:01:59.0781 2028 srservice - ok
12:01:59.0875 2028 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:01:59.0890 2028 Srv - ok
12:01:59.0968 2028 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:01:59.0984 2028 SSDPSRV - ok
12:02:00.0031 2028 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:02:00.0031 2028 StillCam - ok
12:02:00.0140 2028 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:02:00.0171 2028 stisvc - ok
12:02:00.0203 2028 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:02:00.0203 2028 streamip - ok
12:02:00.0250 2028 SVKP (f05028b163b92c302a74409d683ac9b0) C:\WINDOWS\system32\SVKP.sys
12:02:00.0265 2028 SVKP - ok
12:02:00.0296 2028 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:02:00.0296 2028 swenum - ok
12:02:00.0375 2028 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:02:00.0375 2028 swmidi - ok
12:02:00.0421 2028 SwPrv - ok
12:02:00.0468 2028 symc810 - ok
12:02:00.0515 2028 symc8xx - ok
12:02:00.0546 2028 sym_hi - ok
12:02:00.0578 2028 sym_u3 - ok
12:02:00.0625 2028 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:02:00.0625 2028 sysaudio - ok
12:02:00.0687 2028 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:02:00.0687 2028 SysmonLog - ok
12:02:00.0765 2028 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:02:00.0781 2028 TapiSrv - ok
12:02:00.0843 2028 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:02:00.0859 2028 Tcpip - ok
12:02:00.0937 2028 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
12:02:00.0953 2028 Tcpip6 - ok
12:02:01.0046 2028 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:02:01.0046 2028 TDPIPE - ok
12:02:01.0093 2028 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:02:01.0093 2028 TDTCP - ok
12:02:01.0140 2028 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:02:01.0140 2028 TermDD - ok
12:02:01.0218 2028 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:02:01.0250 2028 TermService - ok
12:02:01.0296 2028 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:02:01.0312 2028 Themes - ok
12:02:01.0375 2028 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
12:02:01.0375 2028 TlntSvr - ok
12:02:01.0421 2028 tmactmon (333fd294e6c34232af115f3f11dcaa98) C:\WINDOWS\system32\drivers\tmactmon.sys
12:02:01.0421 2028 tmactmon - ok
12:02:01.0484 2028 tmcfw (73d3b5d101e3202c268ffe851574b6eb) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
12:02:01.0500 2028 tmcfw - ok
12:02:01.0546 2028 tmcomm (a31246180e61140ad7ff9dd7edf1f6a1) C:\WINDOWS\system32\drivers\tmcomm.sys
12:02:01.0562 2028 tmcomm - ok
12:02:01.0609 2028 tmevtmgr (76920d2989848744b47b6de8c46fa175) C:\WINDOWS\system32\drivers\tmevtmgr.sys
12:02:01.0609 2028 tmevtmgr - ok
12:02:01.0703 2028 tmpreflt (1615eb81a09c3c36ba8b4a1b1d525d8f) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
12:02:01.0703 2028 tmpreflt - ok
12:02:01.0765 2028 tmtdi (ce1321671eee4520b9b50cd513f67dad) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
12:02:01.0781 2028 tmtdi - ok
12:02:01.0843 2028 tmxpflt (44b4a683b8de31b709d1e5fc5d01dcc6) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
12:02:01.0859 2028 tmxpflt - ok
12:02:01.0875 2028 TosIde - ok
12:02:01.0921 2028 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:02:01.0937 2028 TrkWks - ok
12:02:01.0968 2028 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
12:02:01.0984 2028 tunmp - ok
12:02:02.0031 2028 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:02:02.0031 2028 Udfs - ok
12:02:02.0046 2028 ultra - ok
12:02:02.0109 2028 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:02:02.0125 2028 Update - ok
12:02:02.0218 2028 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:02:02.0218 2028 upnphost - ok
12:02:02.0281 2028 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:02:02.0281 2028 UPS - ok
12:02:02.0343 2028 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:02:02.0343 2028 USBAAPL - ok
12:02:02.0375 2028 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:02:02.0390 2028 usbccgp - ok
12:02:02.0453 2028 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:02:02.0453 2028 usbehci - ok
12:02:02.0500 2028 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:02:02.0500 2028 usbhub - ok
12:02:02.0546 2028 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:02:02.0546 2028 usbohci - ok
12:02:02.0609 2028 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:02:02.0609 2028 usbscan - ok
12:02:02.0671 2028 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:02:02.0671 2028 usbser - ok
12:02:02.0718 2028 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:02:02.0734 2028 USBSTOR - ok
12:02:02.0796 2028 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:02:02.0796 2028 VgaSave - ok
12:02:02.0828 2028 ViaIde - ok
12:02:02.0875 2028 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:02:02.0875 2028 VolSnap - ok
12:02:03.0015 2028 vsapint (84b4bfc6808adfdeb0716af857dd9519) C:\WINDOWS\system32\DRIVERS\vsapint.sys
12:02:03.0062 2028 vsapint - ok
12:02:03.0171 2028 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:02:03.0234 2028 VSS - ok
12:02:03.0328 2028 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:02:03.0328 2028 W32Time - ok
12:02:03.0390 2028 w600bus - ok
12:02:03.0421 2028 w600mdfl - ok
12:02:03.0453 2028 w600mdm - ok
12:02:03.0515 2028 w600mgmt - ok
12:02:03.0546 2028 w600obex - ok
12:02:03.0609 2028 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:02:03.0609 2028 Wanarp - ok
12:02:03.0687 2028 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:02:03.0718 2028 Wdf01000 - ok
12:02:03.0765 2028 WDICA - ok
12:02:03.0828 2028 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:02:03.0843 2028 wdmaud - ok
12:02:03.0890 2028 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:02:03.0906 2028 WebClient - ok
12:02:04.0031 2028 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:02:04.0031 2028 winmgmt - ok
12:02:04.0171 2028 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:02:04.0171 2028 WmdmPmSN - ok
12:02:04.0250 2028 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:02:04.0281 2028 Wmi - ok
12:02:04.0359 2028 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:02:04.0375 2028 WmiApSrv - ok
12:02:04.0484 2028 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:02:04.0593 2028 WMPNetworkSvc - ok
12:02:04.0656 2028 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:02:04.0656 2028 WpdUsb - ok
12:02:04.0703 2028 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:02:04.0734 2028 wscsvc - ok
12:02:04.0812 2028 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:02:04.0812 2028 WSTCODEC - ok
12:02:04.0875 2028 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:02:04.0937 2028 wuauserv - ok
12:02:05.0000 2028 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:02:05.0000 2028 WudfPf - ok
12:02:05.0062 2028 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:02:05.0062 2028 WudfRd - ok
12:02:05.0125 2028 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:02:05.0125 2028 WudfSvc - ok
12:02:05.0203 2028 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:02:05.0234 2028 WZCSVC - ok
12:02:05.0312 2028 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:02:05.0375 2028 xmlprov - ok
12:02:05.0437 2028 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
12:02:05.0453 2028 yukonwxp - ok
12:02:05.0515 2028 zumbus (763ac56e714907e9d420b9ab694f7b18) C:\WINDOWS\system32\DRIVERS\zumbus.sys
12:02:05.0515 2028 zumbus - ok
12:02:05.0593 2028 ZuneBusEnum (c639569d7f3b15a82be5d27081f79d66) C:\WINDOWS\system32\ZuneBusEnum.exe
12:02:05.0593 2028 ZuneBusEnum - ok
12:02:05.0656 2028 ZuneWlanCfgSvc (9de7fad6bb49931488ce8f5f48590e7e) C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
12:02:05.0671 2028 ZuneWlanCfgSvc - ok
12:02:05.0843 2028 MBR (0x1B8) (5230d466bf6c3901f6e5c62770b36546) \Device\Harddisk0\DR0
12:02:05.0859 2028 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
12:02:05.0859 2028 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
12:02:05.0875 2028 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:02:05.0875 2028 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:02:05.0906 2028 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR5
12:02:06.0015 2028 \Device\Harddisk1\DR5 - ok
12:02:06.0078 2028 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR7
12:02:08.0265 2028 \Device\Harddisk2\DR7 - ok
12:02:08.0296 2028 Boot (0x1200) (e26c00371525aab569bfb8ea151439a2) \Device\Harddisk0\DR0\Partition0
12:02:08.0312 2028 \Device\Harddisk0\DR0\Partition0 - ok
12:02:08.0359 2028 Boot (0x1200) (528afeeb0b0c0d28934fa44513ef6b59) \Device\Harddisk0\DR0\Partition1
12:02:08.0359 2028 \Device\Harddisk0\DR0\Partition1 - ok
12:02:08.0406 2028 Boot (0x1200) (9acf08a096e759f4ed126ed88231e79c) \Device\Harddisk0\DR0\Partition2
12:02:08.0406 2028 \Device\Harddisk0\DR0\Partition2 - ok
12:02:08.0453 2028 Boot (0x1200) (b54be7b57c2ab18454ee382279dd9d81) \Device\Harddisk0\DR0\Partition3
12:02:08.0453 2028 \Device\Harddisk0\DR0\Partition3 - ok
12:02:08.0500 2028 Boot (0x1200) (3859ae149db268a24630c3621f409be3) \Device\Harddisk1\DR5\Partition0
12:02:08.0500 2028 \Device\Harddisk1\DR5\Partition0 - ok
12:02:08.0531 2028 Boot (0x1200) (5e2247b481974e70c354917c5c65255d) \Device\Harddisk2\DR7\Partition0
12:02:08.0531 2028 \Device\Harddisk2\DR7\Partition0 - ok
12:02:08.0546 2028 ============================================================
12:02:08.0546 2028 Scan finished
12:02:08.0546 2028 ============================================================
12:02:08.0609 1800 Detected object count: 2
12:02:08.0609 1800 Actual detected object count: 2
12:02:24.0859 1800 \Device\Harddisk0\DR0\# - copied to quarantine
12:02:24.0859 1800 \Device\Harddisk0\DR0 - copied to quarantine
12:02:24.0921 1800 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:02:24.0953 1800 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
12:02:24.0953 1800 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
12:02:24.0953 1800 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
12:02:24.0953 1800 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
12:02:24.0953 1800 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
12:02:24.0984 1800 \Device\Harddisk0\DR0 - processing error
12:02:46.0484 1800 \Device\Harddisk0\DR0 - will be restored on reboot
12:02:47.0515 1800 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
12:02:47.0531 1800 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:02:47.0531 1800 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:03:49.0546 0376 Deinitialize success

------------------------------------------------------

C:\Documents and Settings\All Users\Application Data\INDH0YrpAqP8jB.exe a variant of Win32/Kryptik.AGGA trojan cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\TSiFWymxJhtONR.exe a variant of Win32/Kryptik.AGGA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.06.2012_12.01.00\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.XU trojan cleaned by deleting - quarantined

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:26 PM

Posted 01 June 2012 - 01:10 PM

Press WIndows+R key and type

%temp% and click ok

If you find a folder called SMTMP,Copy the folder to a safe location.


???


Reboot to normal now,run TDSSkiller once again and post the log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

Unhide

Run it ,this should unhide your files


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#6 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 01 June 2012 - 01:42 PM

No SMTMP file when entering %temp%..will run MWB and the rest and post




14:42:53.0593 2644 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:42:54.0187 2644 ============================================================
14:42:54.0187 2644 Current date / time: 2012/06/01 14:42:54.0187
14:42:54.0187 2644 SystemInfo:
14:42:54.0187 2644
14:42:54.0187 2644 OS Version: 5.1.2600 ServicePack: 3.0
14:42:54.0187 2644 Product type: Workstation
14:42:54.0187 2644 ComputerName: XP2600
14:42:54.0187 2644 UserName: Jon
14:42:54.0187 2644 Windows directory: C:\WINDOWS
14:42:54.0187 2644 System windows directory: C:\WINDOWS
14:42:54.0187 2644 Processor architecture: Intel x86
14:42:54.0187 2644 Number of processors: 1
14:42:54.0187 2644 Page size: 0x1000
14:42:54.0187 2644 Boot type: Normal boot
14:42:54.0187 2644 ============================================================
14:42:59.0140 2644 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:42:59.0171 2644 Drive \Device\Harddisk1\DR5 - Size: 0x3BA00000 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:42:59.0171 2644 Drive \Device\Harddisk2\DR6 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:42:59.0171 2644 ============================================================
14:42:59.0171 2644 \Device\Harddisk0\DR0:
14:42:59.0171 2644 MBR partitions:
14:42:59.0171 2644 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x21B891A
14:42:59.0187 2644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24E47A7, BlocksNum 0x973EEA
14:42:59.0203 2644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x319BD65, BlocksNum 0xBB867E
14:42:59.0218 2644 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4031B1D, BlocksNum 0xA576A4
14:42:59.0218 2644 \Device\Harddisk1\DR5:
14:42:59.0218 2644 MBR partitions:
14:42:59.0218 2644 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1DCFE0
14:42:59.0218 2644 \Device\Harddisk2\DR6:
14:42:59.0218 2644 MBR partitions:
14:42:59.0218 2644 \Device\Harddisk2\DR6\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE8080
14:42:59.0218 2644 ============================================================
14:42:59.0265 2644 C: <-> \Device\Harddisk0\DR0\Partition0
14:42:59.0312 2644 D: <-> \Device\Harddisk0\DR0\Partition1
14:42:59.0343 2644 E: <-> \Device\Harddisk0\DR0\Partition2
14:42:59.0375 2644 F: <-> \Device\Harddisk0\DR0\Partition3
14:42:59.0421 2644 ============================================================
14:42:59.0421 2644 Initialize success
14:42:59.0421 2644 ============================================================
14:43:14.0421 3836 ============================================================
14:43:14.0421 3836 Scan started
14:43:14.0421 3836 Mode: Manual; TDLFS;
14:43:14.0421 3836 ============================================================
14:43:20.0078 3836 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
14:43:20.0093 3836 61883 - ok
14:43:20.0125 3836 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
14:43:20.0140 3836 6to4 - ok
14:43:20.0140 3836 Abiosdsk - ok
14:43:20.0171 3836 abp480n5 - ok
14:43:20.0203 3836 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:43:20.0203 3836 ACPI - ok
14:43:20.0234 3836 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:43:20.0234 3836 ACPIEC - ok
14:43:20.0296 3836 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:43:20.0328 3836 AdobeFlashPlayerUpdateSvc - ok
14:43:20.0343 3836 adpu160m - ok
14:43:20.0390 3836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:43:20.0406 3836 aec - ok
14:43:20.0437 3836 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:43:20.0453 3836 AFD - ok
14:43:20.0468 3836 Aha154x - ok
14:43:20.0484 3836 aic78u2 - ok
14:43:20.0500 3836 aic78xx - ok
14:43:20.0531 3836 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:43:20.0531 3836 Alerter - ok
14:43:20.0562 3836 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:43:20.0562 3836 ALG - ok
14:43:20.0578 3836 AliIde - ok
14:43:20.0625 3836 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
14:43:20.0625 3836 AmdK7 - ok
14:43:20.0640 3836 amsint - ok
14:43:20.0750 3836 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:43:20.0843 3836 AppMgmt - ok
14:43:20.0890 3836 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:43:20.0890 3836 Arp1394 - ok
14:43:20.0906 3836 asc - ok
14:43:20.0921 3836 asc3350p - ok
14:43:20.0937 3836 asc3550 - ok
14:43:21.0078 3836 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:43:21.0156 3836 aspnet_state - ok
14:43:21.0203 3836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:43:21.0203 3836 AsyncMac - ok
14:43:21.0218 3836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:43:21.0234 3836 atapi - ok
14:43:21.0234 3836 Atdisk - ok
14:43:21.0265 3836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:43:21.0265 3836 Atmarpc - ok
14:43:21.0312 3836 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:43:21.0312 3836 AudioSrv - ok
14:43:21.0343 3836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:43:21.0343 3836 audstub - ok
14:43:21.0390 3836 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
14:43:21.0390 3836 Avc - ok
14:43:21.0437 3836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:43:21.0437 3836 Beep - ok
14:43:21.0562 3836 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:43:21.0703 3836 BITS - ok
14:43:21.0734 3836 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
14:43:21.0734 3836 Bridge - ok
14:43:21.0750 3836 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
14:43:21.0750 3836 BridgeMP - ok
14:43:21.0781 3836 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:43:21.0781 3836 Browser - ok
14:43:21.0796 3836 BVRPMPR5 - ok
14:43:21.0828 3836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:43:21.0828 3836 cbidf2k - ok
14:43:21.0843 3836 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:43:21.0843 3836 CCDECODE - ok
14:43:21.0859 3836 cd20xrnt - ok
14:43:21.0906 3836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:43:21.0906 3836 Cdaudio - ok
14:43:21.0937 3836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:43:21.0953 3836 Cdfs - ok
14:43:21.0984 3836 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
14:43:21.0984 3836 cdrbsvsd - ok
14:43:22.0015 3836 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:43:22.0031 3836 Cdrom - ok
14:43:22.0078 3836 cdudf_xp (168764ee13165440c03b712ce90fd9d9) C:\WINDOWS\system32\drivers\cdudf_xp.sys
14:43:22.0109 3836 cdudf_xp - ok
14:43:22.0125 3836 Changer - ok
14:43:22.0156 3836 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:43:22.0156 3836 CiSvc - ok
14:43:22.0187 3836 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:43:22.0187 3836 ClipSrv - ok
14:43:22.0296 3836 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:43:22.0421 3836 clr_optimization_v2.0.50727_32 - ok
14:43:22.0437 3836 CmdIde - ok
14:43:22.0453 3836 COMSysApp - ok
14:43:22.0484 3836 Cpqarray - ok
14:43:22.0531 3836 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:43:22.0531 3836 CryptSvc - ok
14:43:22.0546 3836 dac2w2k - ok
14:43:22.0562 3836 dac960nt - ok
14:43:22.0640 3836 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:43:22.0671 3836 DcomLaunch - ok
14:43:22.0718 3836 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:43:22.0718 3836 Dhcp - ok
14:43:22.0765 3836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:43:22.0765 3836 Disk - ok
14:43:22.0781 3836 dmadmin - ok
14:43:23.0015 3836 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:43:23.0171 3836 dmboot - ok
14:43:23.0218 3836 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
14:43:23.0218 3836 dmio - ok
14:43:23.0250 3836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:43:23.0250 3836 dmload - ok
14:43:23.0296 3836 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:43:23.0296 3836 dmserver - ok
14:43:23.0343 3836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:43:23.0343 3836 DMusic - ok
14:43:23.0390 3836 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:43:23.0390 3836 Dnscache - ok
14:43:23.0437 3836 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:43:23.0453 3836 Dot3svc - ok
14:43:23.0531 3836 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
14:43:23.0578 3836 Dot4 - ok
14:43:23.0625 3836 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
14:43:23.0625 3836 Dot4Print - ok
14:43:23.0640 3836 dpti2o - ok
14:43:23.0671 3836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:43:23.0671 3836 drmkaud - ok
14:43:23.0718 3836 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys
14:43:23.0718 3836 drvmcdb - ok
14:43:23.0765 3836 dvd_2K (02bc107fcfff26d756b5df73ad38f98f) C:\WINDOWS\system32\drivers\dvd_2K.sys
14:43:23.0765 3836 dvd_2K - ok
14:43:23.0781 3836 dwshd - ok
14:43:23.0843 3836 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:43:23.0843 3836 EapHost - ok
14:43:23.0890 3836 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:43:23.0890 3836 ERSvc - ok
14:43:23.0937 3836 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:43:23.0937 3836 Eventlog - ok
14:43:23.0984 3836 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
14:43:24.0000 3836 EventSystem - ok
14:43:24.0031 3836 FA312 (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
14:43:24.0046 3836 FA312 - ok
14:43:24.0078 3836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:43:24.0093 3836 Fastfat - ok
14:43:24.0125 3836 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:43:24.0140 3836 FastUserSwitchingCompatibility - ok
14:43:24.0156 3836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:43:24.0171 3836 Fdc - ok
14:43:24.0203 3836 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:43:24.0203 3836 Fips - ok
14:43:24.0234 3836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:43:24.0234 3836 Flpydisk - ok
14:43:24.0281 3836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:43:24.0281 3836 FltMgr - ok
14:43:24.0390 3836 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:43:24.0390 3836 FontCache3.0.0.0 - ok
14:43:24.0421 3836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:43:24.0421 3836 Fs_Rec - ok
14:43:24.0453 3836 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:43:24.0468 3836 Ftdisk - ok
14:43:24.0468 3836 FVNETusb - ok
14:43:24.0500 3836 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:43:24.0500 3836 gameenum - ok
14:43:24.0515 3836 GEARAspiWDM - ok
14:43:24.0546 3836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:43:24.0562 3836 Gpc - ok
14:43:24.0671 3836 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:43:24.0671 3836 gupdate - ok
14:43:24.0671 3836 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:43:24.0687 3836 gupdatem - ok
14:43:24.0828 3836 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:43:24.0875 3836 gusvc - ok
14:43:24.0937 3836 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:43:25.0046 3836 helpsvc - ok
14:43:25.0109 3836 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:43:25.0125 3836 HidServ - ok
14:43:25.0171 3836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:43:25.0171 3836 HidUsb - ok
14:43:25.0468 3836 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:43:25.0500 3836 hkmsvc - ok
14:43:25.0531 3836 hpn - ok
14:43:26.0015 3836 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:43:26.0109 3836 HTTP - ok
14:43:26.0250 3836 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:43:26.0312 3836 HTTPFilter - ok
14:43:26.0328 3836 i2omgmt - ok
14:43:26.0343 3836 i2omp - ok
14:43:26.0609 3836 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:43:26.0609 3836 i8042prt - ok
14:43:27.0218 3836 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:43:27.0328 3836 IDriverT - ok
14:43:32.0218 3836 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:43:32.0343 3836 idsvc - ok
14:43:32.0375 3836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:43:32.0375 3836 Imapi - ok
14:43:32.0421 3836 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:43:32.0421 3836 ImapiService - ok
14:43:32.0453 3836 ini910u - ok
14:43:32.0468 3836 IntelIde - ok
14:43:32.0515 3836 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:43:32.0515 3836 Ip6Fw - ok
14:43:32.0546 3836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:43:32.0546 3836 IpFilterDriver - ok
14:43:32.0593 3836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:43:32.0593 3836 IpInIp - ok
14:43:32.0625 3836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:43:32.0640 3836 IpNat - ok
14:43:32.0671 3836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:43:32.0671 3836 IPSec - ok
14:43:32.0703 3836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:43:32.0703 3836 IRENUM - ok
14:43:32.0750 3836 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:43:32.0750 3836 isapnp - ok
14:43:32.0859 3836 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
14:43:32.0859 3836 JavaQuickStarterService - ok
14:43:32.0906 3836 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:43:32.0906 3836 Kbdclass - ok
14:43:32.0937 3836 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:43:32.0937 3836 kbdhid - ok
14:43:32.0984 3836 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
14:43:32.0984 3836 klmd23 - ok
14:43:33.0046 3836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:43:33.0046 3836 kmixer - ok
14:43:33.0078 3836 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:43:33.0093 3836 KSecDD - ok
14:43:33.0125 3836 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:43:33.0140 3836 LanmanServer - ok
14:43:33.0171 3836 LanmanWorkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:43:33.0187 3836 LanmanWorkstation - ok
14:43:33.0203 3836 lbrtfdc - ok
14:43:33.0265 3836 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:43:33.0265 3836 LmHosts - ok
14:43:33.0312 3836 LxrJD31d (72f30fa2e98d628dff8d82011e687ebb) C:\WINDOWS\system32\Drivers\LxrJD31d.sys
14:43:33.0312 3836 LxrJD31d - ok
14:43:33.0328 3836 LxrJD31s - ok
14:43:33.0421 3836 MDM (8b23e29b211cfed059adb5a5e4a00147) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
14:43:33.0437 3836 MDM - ok
14:43:33.0500 3836 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:43:33.0500 3836 Messenger - ok
14:43:33.0531 3836 mmc_2K (1f4a94215f1640695e402697b3045261) C:\WINDOWS\system32\drivers\mmc_2K.sys
14:43:33.0531 3836 mmc_2K - ok
14:43:33.0562 3836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:43:33.0562 3836 mnmdd - ok
14:43:33.0609 3836 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
14:43:33.0609 3836 mnmsrvc - ok
14:43:33.0656 3836 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:43:33.0656 3836 Modem - ok
14:43:33.0687 3836 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:43:33.0687 3836 Mouclass - ok
14:43:33.0734 3836 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:43:33.0734 3836 mouhid - ok
14:43:33.0765 3836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:43:33.0765 3836 MountMgr - ok
14:43:33.0781 3836 mraid35x - ok
14:43:33.0812 3836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:43:33.0828 3836 MRxDAV - ok
14:43:33.0890 3836 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:43:33.0921 3836 MRxSmb - ok
14:43:33.0953 3836 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
14:43:33.0968 3836 MSDTC - ok
14:43:34.0000 3836 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
14:43:34.0000 3836 MSDV - ok
14:43:34.0046 3836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:43:34.0046 3836 Msfs - ok
14:43:34.0062 3836 MSIServer - ok
14:43:34.0093 3836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:43:34.0093 3836 MSKSSRV - ok
14:43:34.0156 3836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:43:34.0156 3836 MSPCLOCK - ok
14:43:34.0187 3836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:43:34.0187 3836 MSPQM - ok
14:43:34.0218 3836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:43:34.0218 3836 mssmbios - ok
14:43:34.0250 3836 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:43:34.0250 3836 MSTEE - ok
14:43:34.0281 3836 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
14:43:34.0281 3836 ms_mpu401 - ok
14:43:34.0328 3836 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:43:34.0343 3836 Mup - ok
14:43:34.0375 3836 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:43:34.0390 3836 NABTSFEC - ok
14:43:34.0437 3836 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:43:34.0453 3836 napagent - ok
14:43:34.0484 3836 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:43:34.0500 3836 NDIS - ok
14:43:34.0515 3836 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:43:34.0515 3836 NdisIP - ok
14:43:34.0562 3836 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:43:34.0562 3836 NdisTapi - ok
14:43:34.0609 3836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:43:34.0609 3836 Ndisuio - ok
14:43:34.0640 3836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:43:34.0640 3836 NdisWan - ok
14:43:34.0687 3836 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:43:34.0687 3836 NDProxy - ok
14:43:34.0718 3836 neokdss (0ee5f325df54c6fe0fbae0bbf3b2cab6) C:\WINDOWS\system32\Drivers\neokdss.sys
14:43:34.0734 3836 neokdss - ok
14:43:34.0750 3836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:43:34.0750 3836 NetBIOS - ok
14:43:34.0796 3836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:43:34.0812 3836 NetBT - ok
14:43:34.0843 3836 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:43:34.0859 3836 NetDDE - ok
14:43:34.0875 3836 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:43:34.0875 3836 NetDDEdsdm - ok
14:43:34.0921 3836 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:43:34.0921 3836 Netlogon - ok
14:43:34.0953 3836 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:43:34.0968 3836 Netman - ok
14:43:35.0046 3836 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:43:35.0062 3836 NetTcpPortSharing - ok
14:43:35.0078 3836 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:43:35.0078 3836 NIC1394 - ok
14:43:35.0125 3836 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:43:35.0140 3836 Nla - ok
14:43:35.0171 3836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:43:35.0171 3836 Npfs - ok
14:43:35.0250 3836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:43:35.0281 3836 Ntfs - ok
14:43:35.0312 3836 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
14:43:35.0312 3836 NtLmSsp - ok
14:43:35.0468 3836 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:43:35.0609 3836 NtmsSvc - ok
14:43:35.0656 3836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:43:35.0656 3836 Null - ok
14:43:36.0078 3836 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:43:36.0546 3836 nv - ok
14:43:36.0656 3836 nvax (a9af177d2543315108bd974e469f4d45) C:\WINDOWS\system32\drivers\nvax.sys
14:43:36.0656 3836 nvax - ok
14:43:36.0703 3836 NVENET (e07c1f16e5a4e32fc3c0f62b59815ef0) C:\WINDOWS\system32\DRIVERS\NVENET.sys
14:43:36.0703 3836 NVENET - ok
14:43:36.0765 3836 nvnforce (ab0f1072ac0e24567effcb0c4f3499f5) C:\WINDOWS\system32\drivers\nvapu.sys
14:43:36.0781 3836 nvnforce - ok
14:43:36.0828 3836 NVSvc (0c41c4acfe00d826db479c40c1d9edc8) C:\WINDOWS\system32\nvsvc32.exe
14:43:36.0843 3836 NVSvc - ok
14:43:36.0875 3836 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
14:43:36.0875 3836 nv_agp - ok
14:43:36.0921 3836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:43:36.0921 3836 NwlnkFlt - ok
14:43:36.0937 3836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:43:36.0953 3836 NwlnkFwd - ok
14:43:37.0000 3836 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
14:43:37.0000 3836 NwlnkIpx - ok
14:43:37.0046 3836 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
14:43:37.0046 3836 NwlnkNb - ok
14:43:37.0093 3836 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
14:43:37.0093 3836 NwlnkSpx - ok
14:43:37.0125 3836 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:43:37.0125 3836 ohci1394 - ok
14:43:37.0203 3836 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:43:37.0203 3836 ose - ok
14:43:37.0250 3836 P2k (137e20f75102ed639b11417c9f779ee6) C:\WINDOWS\system32\DRIVERS\P2k.sys
14:43:37.0250 3836 P2k - ok
14:43:37.0281 3836 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:43:37.0296 3836 Parport - ok
14:43:37.0312 3836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:43:37.0312 3836 PartMgr - ok
14:43:37.0359 3836 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:43:37.0359 3836 ParVdm - ok
14:43:37.0375 3836 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:43:37.0375 3836 PCI - ok
14:43:37.0406 3836 PCIDump - ok
14:43:37.0468 3836 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:43:37.0484 3836 PCIIde - ok
14:43:37.0546 3836 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:43:37.0546 3836 Pcmcia - ok
14:43:38.0343 3836 Pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\Pcouffin.sys
14:43:38.0406 3836 Pcouffin - ok
14:43:38.0421 3836 PDCOMP - ok
14:43:38.0437 3836 PDFRAME - ok
14:43:38.0453 3836 PDRELI - ok
14:43:38.0468 3836 PDRFRAME - ok
14:43:38.0500 3836 perc2 - ok
14:43:38.0515 3836 perc2hib - ok
14:43:38.0875 3836 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:43:38.0890 3836 PlugPlay - ok
14:43:38.0921 3836 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:43:38.0921 3836 PolicyAgent - ok
14:43:38.0968 3836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:43:38.0968 3836 PptpMiniport - ok
14:43:39.0000 3836 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
14:43:39.0000 3836 PQNTDrv - ok
14:43:39.0031 3836 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:43:39.0031 3836 Processor - ok
14:43:39.0046 3836 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:43:39.0046 3836 ProtectedStorage - ok
14:43:39.0078 3836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:43:39.0093 3836 PSched - ok
14:43:39.0125 3836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:43:39.0125 3836 Ptilink - ok
14:43:39.0171 3836 pwd_2k (2f0e42255bb18fbb4e031b3149ec9d2f) C:\WINDOWS\system32\drivers\pwd_2k.sys
14:43:39.0171 3836 pwd_2k - ok
14:43:39.0203 3836 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
14:43:39.0203 3836 PxHelp20 - ok
14:43:39.0218 3836 ql1080 - ok
14:43:39.0234 3836 Ql10wnt - ok
14:43:39.0250 3836 ql12160 - ok
14:43:39.0281 3836 ql1240 - ok
14:43:39.0296 3836 ql1280 - ok
14:43:39.0328 3836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:43:39.0328 3836 RasAcd - ok
14:43:39.0390 3836 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:43:39.0390 3836 RasAuto - ok
14:43:39.0421 3836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:43:39.0437 3836 Rasl2tp - ok
14:43:39.0484 3836 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:43:39.0484 3836 RasMan - ok
14:43:39.0531 3836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:43:39.0531 3836 RasPppoe - ok
14:43:39.0562 3836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:43:39.0578 3836 Raspti - ok
14:43:39.0593 3836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:43:39.0609 3836 Rdbss - ok
14:43:39.0625 3836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:43:39.0625 3836 RDPCDD - ok
14:43:39.0671 3836 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:43:39.0687 3836 rdpdr - ok
14:43:39.0734 3836 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:43:39.0750 3836 RDPWD - ok
14:43:39.0796 3836 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:43:39.0812 3836 RDSessMgr - ok
14:43:39.0828 3836 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:43:39.0828 3836 redbook - ok
14:43:39.0875 3836 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:43:39.0875 3836 RemoteAccess - ok
14:43:39.0906 3836 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:43:39.0921 3836 RemoteRegistry - ok
14:43:40.0015 3836 RoxLiveShare (080fa1c65389021a6fd98d9ed16b7b39) C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
14:43:40.0031 3836 RoxLiveShare - ok
14:43:40.0062 3836 RoxUpnpRenderer (5dd655620734ea6046064af17567a76c) C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
14:43:40.0078 3836 RoxUpnpRenderer - ok
14:43:40.0171 3836 RoxUpnpServer (d831f4bc511337766c2d1d208b7334fb) C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
14:43:40.0203 3836 RoxUpnpServer - ok
14:43:40.0234 3836 RoxWatch (eaf5f830825343f31d1c94f028543aa3) C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
14:43:40.0250 3836 RoxWatch - ok
14:43:40.0296 3836 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
14:43:40.0296 3836 RpcLocator - ok
14:43:40.0375 3836 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:43:40.0375 3836 RpcSs - ok
14:43:40.0515 3836 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:43:40.0531 3836 RSVP - ok
14:43:40.0593 3836 RxFilter (04cc07c9f18b137e17e8a3c3d8b90c23) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
14:43:40.0593 3836 RxFilter - ok
14:43:40.0656 3836 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:43:40.0656 3836 SamSs - ok
14:43:40.0703 3836 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) F:\SASDIFSV.SYS
14:43:40.0703 3836 SASDIFSV - ok
14:43:40.0734 3836 SASKUTIL (61db0d0756a99506207fd724e3692b25) F:\SASKUTIL.SYS
14:43:40.0734 3836 SASKUTIL - ok
14:43:40.0796 3836 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:43:40.0812 3836 SCardSvr - ok
14:43:40.0843 3836 SCDEmu (65b47e763ed55f35f787a7918272d155) C:\WINDOWS\system32\drivers\SCDEmu.sys
14:43:40.0843 3836 SCDEmu - ok
14:43:40.0906 3836 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:43:40.0906 3836 Schedule - ok
14:43:40.0953 3836 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:43:40.0953 3836 Secdrv - ok
14:43:41.0000 3836 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:43:41.0000 3836 seclogon - ok
14:43:41.0046 3836 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:43:41.0046 3836 SENS - ok
14:43:41.0093 3836 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:43:41.0093 3836 serenum - ok
14:43:41.0156 3836 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:43:41.0156 3836 Serial - ok
14:43:41.0203 3836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:43:41.0203 3836 Sfloppy - ok
14:43:41.0265 3836 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:43:41.0281 3836 SharedAccess - ok
14:43:41.0328 3836 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:43:41.0343 3836 ShellHWDetection - ok
14:43:41.0390 3836 SI3112r (3da2f680bfc8e92a535cea5a5d80ac37) C:\WINDOWS\system32\DRIVERS\SI3112r.sys
14:43:41.0390 3836 SI3112r - ok
14:43:41.0421 3836 SiFilter (d893aa1d1ee007b7ab1b16e1099e9f17) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
14:43:41.0421 3836 SiFilter - ok
14:43:41.0437 3836 Simbad - ok
14:43:41.0468 3836 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:43:41.0468 3836 SLIP - ok
14:43:41.0515 3836 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:43:41.0515 3836 SONYPVU1 - ok
14:43:41.0531 3836 Sparrow - ok
14:43:41.0578 3836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:43:41.0578 3836 splitter - ok
14:43:41.0625 3836 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:43:41.0625 3836 Spooler - ok
14:43:41.0656 3836 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:43:41.0656 3836 sr - ok
14:43:41.0703 3836 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:43:41.0734 3836 srservice - ok
14:43:41.0781 3836 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:43:41.0812 3836 Srv - ok
14:43:41.0843 3836 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:43:41.0859 3836 SSDPSRV - ok
14:43:41.0890 3836 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:43:41.0890 3836 StillCam - ok
14:43:41.0953 3836 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:43:41.0984 3836 stisvc - ok
14:43:42.0015 3836 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:43:42.0031 3836 streamip - ok
14:43:42.0062 3836 SVKP (f05028b163b92c302a74409d683ac9b0) C:\WINDOWS\system32\SVKP.sys
14:43:42.0062 3836 SVKP - ok
14:43:42.0093 3836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:43:42.0093 3836 swenum - ok
14:43:42.0109 3836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:43:42.0125 3836 swmidi - ok
14:43:42.0125 3836 SwPrv - ok
14:43:42.0156 3836 symc810 - ok
14:43:42.0171 3836 symc8xx - ok
14:43:42.0203 3836 sym_hi - ok
14:43:42.0218 3836 sym_u3 - ok
14:43:42.0234 3836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:43:42.0250 3836 sysaudio - ok
14:43:42.0281 3836 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:43:42.0296 3836 SysmonLog - ok
14:43:42.0328 3836 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:43:42.0343 3836 TapiSrv - ok
14:43:42.0437 3836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:43:42.0453 3836 Tcpip - ok
14:43:42.0578 3836 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
14:43:42.0578 3836 Tcpip6 - ok
14:43:42.0625 3836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:43:42.0625 3836 TDPIPE - ok
14:43:42.0656 3836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:43:42.0656 3836 TDTCP - ok
14:43:42.0671 3836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:43:42.0687 3836 TermDD - ok
14:43:42.0750 3836 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:43:42.0750 3836 TermService - ok
14:43:42.0796 3836 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:43:42.0796 3836 Themes - ok
14:43:42.0843 3836 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
14:43:42.0859 3836 TlntSvr - ok
14:43:42.0890 3836 tmactmon (333fd294e6c34232af115f3f11dcaa98) C:\WINDOWS\system32\drivers\tmactmon.sys
14:43:42.0890 3836 tmactmon - ok
14:43:42.0937 3836 tmcfw (73d3b5d101e3202c268ffe851574b6eb) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
14:43:42.0937 3836 tmcfw - ok
14:43:43.0000 3836 tmcomm (a31246180e61140ad7ff9dd7edf1f6a1) C:\WINDOWS\system32\drivers\tmcomm.sys
14:43:43.0000 3836 tmcomm - ok
14:43:43.0031 3836 tmevtmgr (76920d2989848744b47b6de8c46fa175) C:\WINDOWS\system32\drivers\tmevtmgr.sys
14:43:43.0031 3836 tmevtmgr - ok
14:43:43.0078 3836 tmpreflt (1615eb81a09c3c36ba8b4a1b1d525d8f) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
14:43:43.0078 3836 tmpreflt - ok
14:43:43.0125 3836 tmtdi (ce1321671eee4520b9b50cd513f67dad) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
14:43:43.0125 3836 tmtdi - ok
14:43:43.0187 3836 tmxpflt (44b4a683b8de31b709d1e5fc5d01dcc6) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
14:43:43.0187 3836 tmxpflt - ok
14:43:43.0203 3836 TosIde - ok
14:43:43.0265 3836 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:43:43.0265 3836 TrkWks - ok
14:43:43.0312 3836 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
14:43:43.0312 3836 tunmp - ok
14:43:43.0359 3836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:43:43.0359 3836 Udfs - ok
14:43:43.0375 3836 ultra - ok
14:43:43.0437 3836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:43:43.0453 3836 Update - ok
14:43:43.0515 3836 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:43:43.0515 3836 upnphost - ok
14:43:43.0546 3836 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:43:43.0562 3836 UPS - ok
14:43:43.0609 3836 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:43:43.0609 3836 USBAAPL - ok
14:43:43.0640 3836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:43:43.0640 3836 usbccgp - ok
14:43:43.0687 3836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:43:43.0687 3836 usbehci - ok
14:43:43.0718 3836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:43:43.0718 3836 usbhub - ok
14:43:43.0750 3836 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:43:43.0750 3836 usbohci - ok
14:43:43.0796 3836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:43:43.0796 3836 usbscan - ok
14:43:43.0828 3836 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
14:43:43.0828 3836 usbser - ok
14:43:43.0859 3836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:43:43.0859 3836 USBSTOR - ok
14:43:43.0890 3836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:43:43.0890 3836 VgaSave - ok
14:43:43.0906 3836 ViaIde - ok
14:43:43.0937 3836 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:43:43.0937 3836 VolSnap - ok
14:43:44.0046 3836 vsapint (84b4bfc6808adfdeb0716af857dd9519) C:\WINDOWS\system32\DRIVERS\vsapint.sys
14:43:44.0062 3836 vsapint - ok
14:43:44.0156 3836 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:43:44.0218 3836 VSS - ok
14:43:44.0265 3836 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:43:44.0281 3836 W32Time - ok
14:43:44.0312 3836 w600bus - ok
14:43:44.0328 3836 w600mdfl - ok
14:43:44.0343 3836 w600mdm - ok
14:43:44.0375 3836 w600mgmt - ok
14:43:44.0390 3836 w600obex - ok
14:43:44.0421 3836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:43:44.0421 3836 Wanarp - ok
14:43:44.0500 3836 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:43:44.0515 3836 Wdf01000 - ok
14:43:44.0531 3836 WDICA - ok
14:43:44.0562 3836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:43:44.0562 3836 wdmaud - ok
14:43:44.0593 3836 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:43:44.0609 3836 WebClient - ok
14:43:44.0687 3836 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:43:44.0687 3836 winmgmt - ok
14:43:44.0734 3836 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:43:44.0750 3836 WmdmPmSN - ok
14:43:44.0828 3836 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:43:44.0859 3836 Wmi - ok
14:43:44.0906 3836 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:43:44.0906 3836 WmiApSrv - ok
14:43:45.0031 3836 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:43:45.0062 3836 WMPNetworkSvc - ok
14:43:45.0125 3836 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:43:45.0125 3836 WpdUsb - ok
14:43:45.0156 3836 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:43:45.0156 3836 wscsvc - ok
14:43:45.0203 3836 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:43:45.0203 3836 WSTCODEC - ok
14:43:45.0234 3836 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:43:45.0281 3836 wuauserv - ok
14:43:45.0312 3836 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:43:45.0328 3836 WudfPf - ok
14:43:45.0359 3836 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:43:45.0359 3836 WudfRd - ok
14:43:45.0390 3836 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:43:45.0390 3836 WudfSvc - ok
14:43:45.0468 3836 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:43:45.0500 3836 WZCSVC - ok
14:43:45.0531 3836 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:43:45.0546 3836 xmlprov - ok
14:43:45.0593 3836 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
14:43:45.0609 3836 yukonwxp - ok
14:43:45.0640 3836 zumbus (763ac56e714907e9d420b9ab694f7b18) C:\WINDOWS\system32\DRIVERS\zumbus.sys
14:43:45.0640 3836 zumbus - ok
14:43:45.0687 3836 ZuneBusEnum (c639569d7f3b15a82be5d27081f79d66) C:\WINDOWS\system32\ZuneBusEnum.exe
14:43:45.0687 3836 ZuneBusEnum - ok
14:43:45.0734 3836 ZuneWlanCfgSvc (9de7fad6bb49931488ce8f5f48590e7e) C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
14:43:45.0750 3836 ZuneWlanCfgSvc - ok
14:43:45.0828 3836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:43:46.0421 3836 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:43:46.0421 3836 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:43:46.0468 3836 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR5
14:43:48.0484 3836 \Device\Harddisk1\DR5 - ok
14:43:48.0500 3836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR6
14:43:48.0609 3836 \Device\Harddisk2\DR6 - ok
14:43:48.0609 3836 Boot (0x1200) (e26c00371525aab569bfb8ea151439a2) \Device\Harddisk0\DR0\Partition0
14:43:48.0625 3836 \Device\Harddisk0\DR0\Partition0 - ok
14:43:48.0640 3836 Boot (0x1200) (528afeeb0b0c0d28934fa44513ef6b59) \Device\Harddisk0\DR0\Partition1
14:43:48.0656 3836 \Device\Harddisk0\DR0\Partition1 - ok
14:43:48.0671 3836 Boot (0x1200) (9acf08a096e759f4ed126ed88231e79c) \Device\Harddisk0\DR0\Partition2
14:43:48.0671 3836 \Device\Harddisk0\DR0\Partition2 - ok
14:43:48.0687 3836 Boot (0x1200) (b54be7b57c2ab18454ee382279dd9d81) \Device\Harddisk0\DR0\Partition3
14:43:48.0718 3836 \Device\Harddisk0\DR0\Partition3 - ok
14:43:48.0734 3836 Boot (0x1200) (5e2247b481974e70c354917c5c65255d) \Device\Harddisk1\DR5\Partition0
14:43:48.0734 3836 \Device\Harddisk1\DR5\Partition0 - ok
14:43:48.0734 3836 Boot (0x1200) (3859ae149db268a24630c3621f409be3) \Device\Harddisk2\DR6\Partition0
14:43:48.0734 3836 \Device\Harddisk2\DR6\Partition0 - ok
14:43:48.0750 3836 ============================================================
14:43:48.0750 3836 Scan finished
14:43:48.0750 3836 ============================================================
14:43:48.0781 3828 Detected object count: 1
14:43:48.0781 3828 Actual detected object count: 1
14:43:59.0703 3828 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:43:59.0718 3828 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
14:43:59.0718 3828 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
14:43:59.0718 3828 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
14:43:59.0718 3828 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
14:43:59.0718 3828 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
14:43:59.0718 3828 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
14:44:14.0640 2640 Deinitialize success

#7 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 01 June 2012 - 05:00 PM

MiniToolBox by Farbar Version: 14-01-2012
Ran by Jon (administrator) on 01-06-2012 at 17:47:16
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR FA311 Fast Ethernet Adapter = Local Area Connection (Disconnected)
NVIDIA nForce MCP Networking Controller = Local Area Connection 4 (Disconnected)
1394 Net Adapter = 1394 Connection (Connected)
Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller = Local Area Connection 6 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 6"

set address name="Local Area Connection 6" source=dhcp
set dns name="Local Area Connection 6" source=dhcp register=PRIMARY
set wins name="Local Area Connection 6" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : xp2600

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 6:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller

Physical Address. . . . . . . . . : 00-0E-A6-01-B2-CA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.xxx.xxx

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::20e:a6ff:fe01:b2ca%4

Default Gateway . . . . . . . . . : 192.168.xxx.xxx

DHCP Server . . . . . . . . . . . : 192.168.xxx.xxx

DNS Servers . . . . . . . . . . . : 192.168.xxx.xxx

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Friday, June 01, 2012 4:11:38 PM

Lease Expires . . . . . . . . . . : Sunday, June 03, 2012 4:11:38 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-64-67

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.xxx.xxx%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 192.168.xxx.xxx

Name: google.com
Addresses: 173.194.37.67, 173.194.37.68, 173.194.37.69, 173.194.37.70
173.194.37.71, 173.194.37.72, 173.194.37.73, 173.194.37.78, 173.194.37.64
173.194.37.65, 173.194.37.66



Pinging google.com [74.125.45.102] with 32 bytes of data:



Reply from 74.125.45.102: bytes=32 time=28ms TTL=53

Reply from 74.125.45.102: bytes=32 time=28ms TTL=53



Ping statistics for 74.125.45.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 28ms, Average = 28ms

Server: UnKnown
Address: 192.168.xxx.xxx

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=48ms TTL=53

Reply from 209.191.122.70: bytes=32 time=50ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 50ms, Average = 49ms

Server: UnKnown
Address: 192.168.xxx.xxx

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0e a6 01 b2 ca ...... Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.xxx.xxx 192.168.xxx.xxx 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.xxx.xxx 192.168.xxx.xxx 1
192.168.xxx.xxx 255.255.255.0 192.168.xxx.xxx 192.168.xxx.xxx 20
192.168.xxx.xxx 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.100.255 255.255.255.255 192.168.xxx.xxx 192.168.xxx.xxx 20
224.0.0.0 240.0.0.0 192.168.xxx.xxx 192.168.xxx.xxx 20
255.255.255.255 255.255.255.255 192.168.xxx.xxx 192.168.xxx.xxx 1
Default Gateway: 192.168.xxx.xxx===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/01/2012 10:58:58 AM) (Source: MsiInstaller) (User: Jon)Jon
Description: Product: Zune -- Custom Action 10:58:57.531: Operation 'InstallDriver' has finished with result 0x80004005.

Error: (06/01/2012 10:58:53 AM) (Source: MsiInstaller) (User: Jon)Jon
Description: Product: Zune -- Custom Action 10:58:44.062: Operation 'RemoveDriver' has finished with result 0x80070003.

Error: (06/01/2012 10:58:03 AM) (Source: MsiInstaller) (User: Jon)Jon
Description: Product: Zune -- Custom Action 10:58:01.312: Operation 'InstallDriver' has finished with result 0x80004005.

Error: (06/01/2012 10:58:01 AM) (Source: MsiInstaller) (User: Jon)Jon
Description: Product: Zune -- Custom Action 10:57:56.171: Operation 'RemoveDriver' has finished with result 0x80070003.

Error: (05/31/2012 09:33:05 PM) (Source: Google Update) (User: Jon)Jon
Description: Network Request Error.
Error: 0x80072efd. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http s

Error: (05/31/2012 06:33:15 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/31/2012 06:33:15 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/28/2012 09:18:16 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/23/2012 06:16:24 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/23/2012 06:16:22 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (06/01/2012 04:17:49 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s).

Error: (06/01/2012 04:17:42 PM) (Source: Service Control Manager) (User: )
Description: The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (06/01/2012 04:12:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdrom
cdudf_xp
RxFilter
SI3112r

Error: (06/01/2012 04:11:48 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LiveShare P2P Server service to connect.

Error: (06/01/2012 04:11:48 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (06/01/2012 02:43:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdrom
cdudf_xp
RxFilter

Error: (06/01/2012 02:42:31 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LiveShare P2P Server service to connect.

Error: (06/01/2012 02:40:21 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/01/2012 02:07:50 PM) (Source: DCOM) (User: Jon)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (06/01/2012 01:53:07 PM) (Source: DCOM) (User: Jon)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}


Microsoft Office Sessions:
=========================
Error: (06/01/2012 10:58:58 AM) (Source: MsiInstaller)(User: Jon)Jon
Description: Product: Zune -- Custom Action 10:58:57.531: Operation 'InstallDriver' has finished with result 0x80004005.(NULL)(NULL)(NULL)

Error: (06/01/2012 10:58:53 AM) (Source: MsiInstaller)(User: Jon)Jon
Description: Product: Zune -- Custom Action 10:58:44.062: Operation 'RemoveDriver' has finished with result 0x80070003.(NULL)(NULL)(NULL)

Error: (06/01/2012 10:58:03 AM) (Source: MsiInstaller)(User: Jon)Jon
Description: Product: Zune -- Custom Action 10:58:01.312: Operation 'InstallDriver' has finished with result 0x80004005.(NULL)(NULL)(NULL)

Error: (06/01/2012 10:58:01 AM) (Source: MsiInstaller)(User: Jon)Jon
Description: Product: Zune -- Custom Action 10:57:56.171: Operation 'RemoveDriver' has finished with result 0x80070003.(NULL)(NULL)(NULL)

Error: (05/31/2012 09:33:05 PM) (Source: Google Update)(User: Jon)Jon
Description: Network Request Error.
Error: 0x80072efd. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying WinHTTP.
Send request returned 0x80072efd. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072efd. Http s

Error: (05/31/2012 06:33:15 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/31/2012 06:33:15 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/28/2012 09:18:16 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/23/2012 06:16:24 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/23/2012 06:16:22 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Reader 7.1.0 (Version: 7.1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Apple Application Support (Version: 1.3.0)
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon Utilities My Printer
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Cool Edit Pro 2.0
Coupon Printer for Windows (Version: 5.0.0.1)
ESET Online Scanner v3
ESSBrwr (Version: 6.04.0000.0001)
ESSCDBK (Version: 6.04.0000.0001)
ESScore (Version: 6.04.0000.0003)
ESSgui (Version: 6.04.0000.0001)
ESSini (Version: 6.04.0000.0001)
ESSPCD (Version: 6.04.0000.0001)
ESSSONIC (Version: 6.4.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.04.0000.0001)
F5U109 Driver Uninstall
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Google Chrome (Version: 19.0.1084.52)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
HijackThis 2.0.2 (Version: 2.0.2)
Internet Explorer (Enable DEP)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
JD Secure 3.1
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
KODAK Share Button App (Version: 4.00.0000.0000)
Macromedia Flash Player (Version: 7.0.14.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Marvell Miniport Driver (Version: 6.27)
MediaFACE 4.2 (Version: 4.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft IntelliType Pro 6.02 (Version: 6.02.303.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
netbrdg (Version: 6.04.0000.0001)
NVIDIA Drivers
OfotoXMI (Version: 6.04.0000.0001)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PartitionMagic (Version: 8.01.000)
Picture Package (Version: 1.00.000)
PowerISO
PowerQuest PartitionMagic 8.0 (Version: 8.01.000)
QuickTime (Version: 7.62.14.0)
Roxio Easy Media Creator 8 Suite (Version: 8.0.530)
SFR (Version: 6.04.0000.0001)
SHASTA (Version: 6.04.0000.0001)
skin0001 (Version: 6.04.0000.0004)
SKINXSDK (Version: 6.02.1001.0001)
staticcr (Version: 6.04.0000.0005)
SUPERAntiSpyware Free Edition (Version: 4.37.0.1000)
swMSM (Version: 12.0.0.1)
System Requirements Lab
Tardis 2000 V1.2
tooltips (Version: 6.04.0000.0001)
Trend Micro Internet Security Pro (Version: 17.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VPRINTOL (Version: 6.04.0000.0001)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows Support Tools (Version: 5.1.2510.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinZip 11.1 (Version: 11.1.7466)
WIRELESS (Version: 6.04.0000.0001)
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)
Yahoo! Detect
Zune (Version: 2.3.1338.00)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 2047.48 MB
Available physical RAM: 1471.83 MB
Total Pagefile: 3049.58 MB
Available Pagefile: 2660.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.52 MB

========================= Partitions: =====================================

2 Drive c: (XC) (Fixed) (Total:16.86 GB) (Free:0.63 GB) NTFS
3 Drive d: (XD To keep) (Fixed) (Total:4.73 GB) (Free:0.12 GB) NTFS
4 Drive e: (XE Games) (Fixed) (Total:5.86 GB) (Free:3.33 GB) NTFS
5 Drive f: (XF Programs) (Fixed) (Total:5.17 GB) (Free:0.91 GB) NTFS
6 Drive g: (STORE N GO) (Removable) (Total:7.45 GB) (Free:7.3 GB) FAT32
7 Drive h: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT

========================= Users: ========================================

User accounts for \\XP2600

admin Administrator ASPNET
Guest HelpAssistant Jon
Sue SUPPORT_388945a0


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:26 PM

Posted 01 June 2012 - 05:21 PM

Malwarebytes log?

Did unhide recover hidden files?

Edited by narenxp, 01 June 2012 - 05:22 PM.


#9 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 01 June 2012 - 06:02 PM

lots of files recovered...over 64k on c:\ alone...2nd MBAM run clean

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.01.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jon :: XP2600 [administrator]

Protection: Disabled

6/1/2012 2:53:48 PM
mbam-log-2012-06-01 (14-53-48).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324230
Time elapsed: 1 hour(s), 14 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\SVKP (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\System Volume Information\_restore{8AC37375-AF11-4828-8771-D39F2EAD99F8}\RP740\A0086366.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AC37375-AF11-4828-8771-D39F2EAD99F8}\RP740\A0086367.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SVKP.sys (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#10 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 01 June 2012 - 06:04 PM

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 06/01/2012 05:42:40 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive
Finished processing the C:\ drive. 61436 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 1595 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 1106 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 9471 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 117 files processed.

Processing the H:\ drive
Finished processing the H:\ drive. 1 files processed.

Restoring the Start Menu.
* 208 Shortcuts and Desktop items were restored.


Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
* HidNoChangingWallPaperden policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 06/01/2012 05:45:36 PM
Execution time: 0 hours(s), 2 minute(s), and 55 seconds(s)

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:26 PM

Posted 01 June 2012 - 07:48 PM

Re run malwarebytes again and post the clean log

How is your PC now?

#12 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 01 June 2012 - 09:14 PM

will post in the morning....

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:26 PM

Posted 02 June 2012 - 01:26 AM

:thumbup2:

#14 jpd9930

jpd9930
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:26 PM

Posted 02 June 2012 - 09:31 AM

Things are getting back to normal. The malware is gone and I have my Icons, files and desktop back. Still running very slow but I think that is another issue. Would you recommend using the minitool box every so often to flush DNS, reset IE proxy and reset FF proxy??


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.01.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jon :: XP2600 [administrator]

Protection: Disabled

6/1/2012 9:31:11 PM
mbam-log-2012-06-01 (21-31-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323504
Time elapsed: 1 hour(s), 19 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by jpd9930, 02 June 2012 - 09:57 AM.


#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:26 PM

Posted 02 June 2012 - 10:23 AM

You can use it :thumbup2:

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users