Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still infected after virus attack?


  • Please log in to reply
3 replies to this topic

#1 Ariana_1

Ariana_1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 12 September 2012 - 08:18 PM

Hi, I would like to know whether I have eradicated the Remove File Recovery virus from my computer. After this horrible virus attack, I downloaded and ran Malwarebytes Anti-Malware, RKill, Hitman-Pro, and unhid files using unhide.exe and restored shortcuts using RogueKiller. On the surface, everything seems back to normal now, but I need help to ensure that my computer is no longer infected.
Also, after I ran the above, I noticed that a new file was created on my desktop named RK-Quarantine and some RK reports - I would like to know whether can I delete those.

Thanks for your help.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:37 AM

Posted 12 September 2012 - 08:55 PM

Hello,,, I moved this down one tio the Am I Infected forum..

You probably are good.. I would like for you to run these also.
Delete the RK folders.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


>>>>

Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode

<<><<><><><><><><><><><><><><><><><><><><><>
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



Lastly... I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Ariana_1

Ariana_1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 13 September 2012 - 08:43 PM

Hello ... I completed all the steps as described. The RKill and TDSSKiller detected no threats. ESETOnline Scan identified viruses.

Results are posted below for your review:

1. MiniToolBox results:

MiniToolBox by Farbar Version: 23-07-2012
Ran by ariana (administrator) on 13-09-2012 at 12:14:42
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Toucan

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-1A-A0-07-C1-F9

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Thursday, September 13, 2012 8:13:43 AM

Lease Expires . . . . . . . . . . : Friday, September 14, 2012 8:13:43 AM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.226.68, 74.125.226.69, 74.125.226.70, 74.125.226.71
74.125.226.72, 74.125.226.73, 74.125.226.78, 74.125.226.64, 74.125.226.65
74.125.226.66, 74.125.226.67



Pinging google.com [74.125.226.72] with 32 bytes of data:



Reply from 74.125.226.72: bytes=32 time=10ms TTL=57

Reply from 74.125.226.72: bytes=32 time=10ms TTL=57



Ping statistics for 74.125.226.72:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 10ms, Maximum = 10ms, Average = 10ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=285ms TTL=46

Reply from 98.139.183.24: bytes=32 time=244ms TTL=46



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 244ms, Maximum = 285ms, Average = 264ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a a0 07 c1 f9 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
64.208.138.135 255.255.255.255 192.168.0.1 192.168.0.2 20
98.139.225.43 255.255.255.255 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.2 192.168.0.2 20
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 20
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 20
204.246.176.168 255.255.255.255 192.168.0.1 192.168.0.2 20
208.43.87.2 255.255.255.255 192.168.0.1 192.168.0.2 20
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 20
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/13/2012 08:33:05 AM) (Source: ESENT) (User: )
Description: SearchIndexer (2868) A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 257) of database C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (1384 => 10303, SearchIndexer0).

Error: (09/13/2012 08:17:49 AM) (Source: ESENT) (User: )
Description: SearchIndexer (2868) A bad page link (error -327) has been detected in a B-Tree (ObjectId: 10, PgnoRoot: 257) of database C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (1384 => 10303, SearchIndexer0).

Error: (09/13/2012 08:16:48 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/13/2012 02:06:33 AM) (Source: Symantec AntiVirus) (User: Toucan)Toucan
Description: Risk: in File: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDesktop by: Manual scan. Action: Clean failed : Quarantine failed. Action Description:

Risk: in File: Internet browser temporary file cache by: Manual scan. Action: Clean failed : Quarantine failed. Action Description: The file was deleted successfully.

Error: (09/13/2012 01:17:37 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.FakeAV in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP977\A0262555.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (09/13/2012 01:17:24 AM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Trojan.FakeAV in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP977\A0262555.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (09/13/2012 01:17:23 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.FakeAV in File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP977\A0262555.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (09/12/2012 11:48:57 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.FakeAV in File: C:\Documents and Settings\ariana\Desktop\RK_Quarantine\RMgOYWJNIRmTJbK.exe.vir by: Manual scan. Action: Cleaned by Deletion. Action Description:

Error: (09/12/2012 11:48:47 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Trojan.FakeAV in File: C:\Documents and Settings\ariana\Desktop\RK_Quarantine\RMgOYWJNIRmTJbK.exe.vir by: Manual scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (09/12/2012 07:49:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28695469


System errors:
=============
Error: (09/13/2012 00:00:03 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (09/13/2012 00:00:02 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (09/13/2012 10:26:01 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (09/13/2012 10:26:00 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (09/13/2012 08:14:08 AM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.6 Crusader (Boot) service failed to start due to the following error:
%%3

Error: (09/13/2012 08:11:43 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (09/13/2012 08:11:43 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (09/13/2012 08:11:43 AM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (09/12/2012 10:37:56 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.6 Crusader (Boot) service failed to start due to the following error:
%%3

Error: (09/12/2012 08:50:35 PM) (Source: 0) (User: )
Description: \Device\CdRom0


Microsoft Office Sessions:
=========================
Error: (04/29/2010 09:30:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/29/2010 09:07:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 bit Windows Card Reader Driver (Version: 1.1.0.0)
7-Zip 4.65
ABBYY FineReader 5.0 Sprint (Version: 5.0.0.22227)
Adobe Acrobat 8 Professional - English, Franšais, Deutsch (Version: 8.3.1)
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Professional (Version: 8.3.1)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Help Center 2.1 (Version: 2.1)
Adobe Photoshop 5.0.2 (Version: 5.0)
Adobe Photoshop Elements 5.0 (Version: 5.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AOL Deskbar
AOL Toolbar
AOL Uninstaller
AOL You've Got Pictures Screensaver
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Athlon 64 Processor Driver (Version: 1.3.2.0)
ATI AVIVO Codecs (Version: 10.0.0.40103)
Bing Bar (Version: 7.0.609.0)
Bonjour (Version: 3.0.0.10)
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01)
Broadcom Management Programs (Version: 10.15.03)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0727.2122.36516)
Catalyst Control Center Graphics Previews Common (Version: 2012.0727.2122.36516)
Catalyst Control Center InstallProxy (Version: 2012.0727.2122.36516)
Catalyst Control Center Localization All (Version: 2012.0727.2122.36516)
ccc-utility (Version: 2012.0727.2122.36516)
CCC Help Chinese Standard (Version: 2012.0727.2121.36516)
CCC Help Chinese Traditional (Version: 2012.0727.2121.36516)
CCC Help Czech (Version: 2012.0727.2121.36516)
CCC Help Danish (Version: 2012.0727.2121.36516)
CCC Help Dutch (Version: 2012.0727.2121.36516)
CCC Help English (Version: 2012.0727.2121.36516)
CCC Help Finnish (Version: 2012.0727.2121.36516)
CCC Help French (Version: 2012.0727.2121.36516)
CCC Help German (Version: 2012.0727.2121.36516)
CCC Help Greek (Version: 2012.0727.2121.36516)
CCC Help Hungarian (Version: 2012.0727.2121.36516)
CCC Help Italian (Version: 2012.0727.2121.36516)
CCC Help Japanese (Version: 2012.0727.2121.36516)
CCC Help Korean (Version: 2012.0727.2121.36516)
CCC Help Norwegian (Version: 2012.0727.2121.36516)
CCC Help Polish (Version: 2012.0727.2121.36516)
CCC Help Portuguese (Version: 2012.0727.2121.36516)
CCC Help Russian (Version: 2012.0727.2121.36516)
CCC Help Spanish (Version: 2012.0727.2121.36516)
CCC Help Swedish (Version: 2012.0727.2121.36516)
CCC Help Thai (Version: 2012.0727.2121.36516)
CCC Help Turkish (Version: 2012.0727.2121.36516)
CCleaner (Version: 3.08)
Conexant D850 56K V.9x DFVc Modem
Data Lifeguard Diagnostic for Windows (Version: 1.13)
Dell AIO Printer A940
Dell CinePlayer (Version: 3.0)
Dell Support 3.2.1 (Version: 5.5.2087)
Dell System Restore (Version: 2.00.0000)
Digital Line Detect (Version: 1.10)
DirectX 9 Runtime (Version: 1.00.0000)
FaxTools (Version: 5.08)
Google Desktop (Version: -)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
HelpSmith 3.0
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HTML Help Workshop
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 14.0.8117.416)
LiveUpdate 3.1 (Symantec Corporation) (Version: 3.1.0.99)
MATLAB R2009b (Version: 7.9)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31119)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124)
Microsoft Web Publishing Wizard 1.53
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
Microsoft Works (Version: 08.05.0818)
MobileMe Control Panel (Version: 3.1.6.0)
Modem Diagnostic Tool (Version: 1.0.17.2)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4SP2 (Version: 1.00.0000)
MySQL Connector/Net 5.0.9 (Version: 5.0.9)
MySQL Connector/ODBC 5.1 (Version: 5.1.5)
MySQL Server 5.1 (Version: 5.1.34)
MySQL Workbench 5.2 OSS (Version: 5.2.11)
NetWaiting (Version: 2.5.12)
NVIDIA Drivers
Parser Setup (Version: 1.0.0)
Python 2.5 MySQL-python-1.2.2
Python 2.5 pywin32-214
Python 2.5.4 (Version: 2.5.4150)
QuickTime (Version: 7.70.80.34)
RAMDisk (Version: 3.5.130)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.8.0)
Roxio Creator Business (Version: 10.3.56.24)
Roxio Creator Business v10 (Version: 3.8.0)
Roxio Creator Copy (Version: 3.8.0)
Roxio Creator Data (Version: 3.8.0)
Roxio Creator Tools (Version: 3.8.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.1.349)
Safari (Version: 5.33.21.1)
SearchAssist
Segoe UI (Version: 14.0.4327.805)
SigmaTel Audio (Version: 5.10.4820.0)
Soap 3.0 Toolkit (Version: 1.00.0000)
Sonic Activation Module (Version: 1.0)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Symantec AntiVirus (Version: 10.1.5000.5)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
URL Assistant
USB Video Driver (Version: 1.00)
Viewpoint Media Player
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
WD Drive Manager (x86) (Version: 2.107)
WebEx Support Manager for Internet Explorer (Version: 6.5.4917)
WebFldrs XP (Version: 9.50.7523)
Windows Backup Utility (Version: 5.1)
Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0) (Version: 08/31/2007 5.7.0831.0)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) (Version: 08/31/2007 5.7.0831.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinSCP 4.3.9 (Version: 4.3.9)

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 3070.42 MB
Available physical RAM: 2016.02 MB
Total Pagefile: 4956.43 MB
Available Pagefile: 4036.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:146.45 GB) (Free:71.35 GB) NTFS
7 Drive i: () (Fixed) (Total:3.99 GB) (Free:3.97 GB) FAT32


2. Results of RKill

Rkill 2.3.14 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/13/2012 01:18:31 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/13/2012 01:19:03 PM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)


Results of TDSSKiller.Exe

13:23:31.0218 1528 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:23:31.0546 1528 ============================================================
13:23:31.0546 1528 Current date / time: 2012/09/13 13:23:31.0546
13:23:31.0546 1528 SystemInfo:
13:23:31.0546 1528
13:23:31.0546 1528 OS Version: 5.1.2600 ServicePack: 3.0
13:23:31.0546 1528 Product type: Workstation
13:23:31.0546 1528 ComputerName: Toucan
13:23:31.0546 1528 UserName: ariana
13:23:31.0546 1528 Windows directory: C:\WINDOWS
13:23:31.0546 1528 System windows directory: C:\WINDOWS
13:23:31.0546 1528 Processor architecture: Intel x86
13:23:31.0546 1528 Number of processors: 2
13:23:31.0546 1528 Page size: 0x1000
13:23:31.0546 1528 Boot type: Safe boot with network
13:23:31.0546 1528 ============================================================
13:23:32.0265 1528 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:23:32.0312 1528 ============================================================
13:23:32.0312 1528 \Device\Harddisk0\DR0:
13:23:32.0312 1528 MBR partitions:
13:23:32.0312 1528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x124E712E
13:23:32.0375 1528 ============================================================
13:23:32.0437 1528 C: <-> \Device\Harddisk0\DR0\Partition1
13:23:32.0453 1528 ============================================================
13:23:32.0453 1528 Initialize success
13:23:32.0453 1528 ============================================================
13:23:42.0859 1292 ============================================================
13:23:42.0859 1292 Scan started
13:23:42.0859 1292 Mode: Manual;
13:23:42.0859 1292 ============================================================
13:23:42.0953 1292 ================ Scan system memory ========================
13:23:42.0953 1292 System memory - ok
13:23:42.0953 1292 ================ Scan services =============================
13:23:43.0062 1292 Abiosdsk - ok
13:23:43.0109 1292 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:23:43.0109 1292 abp480n5 - ok
13:23:43.0156 1292 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:23:43.0171 1292 ACPI - ok
13:23:43.0187 1292 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:23:43.0187 1292 ACPIEC - ok
13:23:43.0281 1292 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
13:23:43.0281 1292 AdobeActiveFileMonitor5.0 - ok
13:23:43.0328 1292 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:23:43.0328 1292 AdobeFlashPlayerUpdateSvc - ok
13:23:43.0375 1292 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:23:43.0375 1292 adpu160m - ok
13:23:43.0406 1292 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:23:43.0406 1292 aec - ok
13:23:43.0453 1292 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:23:43.0453 1292 AFD - ok
13:23:43.0484 1292 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
13:23:43.0484 1292 agp440 - ok
13:23:43.0500 1292 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:23:43.0500 1292 agpCPQ - ok
13:23:43.0515 1292 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:23:43.0515 1292 Aha154x - ok
13:23:43.0562 1292 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:23:43.0562 1292 aic78u2 - ok
13:23:43.0562 1292 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:23:43.0562 1292 aic78xx - ok
13:23:43.0625 1292 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:23:43.0625 1292 Alerter - ok
13:23:43.0656 1292 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:23:43.0656 1292 ALG - ok
13:23:43.0671 1292 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
13:23:43.0671 1292 AliIde - ok
13:23:43.0703 1292 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:23:43.0703 1292 alim1541 - ok
13:23:43.0718 1292 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:23:43.0718 1292 amdagp - ok
13:23:43.0750 1292 [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:23:43.0750 1292 AmdK8 - ok
13:23:43.0750 1292 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
13:23:43.0750 1292 amsint - ok
13:23:43.0812 1292 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
13:23:43.0812 1292 AOL ACS - ok
13:23:43.0859 1292 [ 7FB54900AA9792AB6307C699EC1859D4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
13:23:43.0859 1292 AOL TopSpeedMonitor - ok
13:23:43.0953 1292 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:23:43.0953 1292 Apple Mobile Device - ok
13:23:43.0953 1292 AppMgmt - ok
13:23:43.0984 1292 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
13:23:43.0984 1292 asc - ok
13:23:44.0015 1292 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:23:44.0015 1292 asc3350p - ok
13:23:44.0062 1292 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:23:44.0062 1292 asc3550 - ok
13:23:44.0156 1292 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:23:44.0171 1292 aspnet_state - ok
13:23:44.0203 1292 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:23:44.0203 1292 AsyncMac - ok
13:23:44.0218 1292 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:23:44.0218 1292 atapi - ok
13:23:44.0218 1292 Atdisk - ok
13:23:44.0265 1292 [ 6A5614F785DEEA2C17DA494B5198355C ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:23:44.0281 1292 Ati HotKey Poller - ok
13:23:44.0343 1292 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
13:23:44.0343 1292 ATI Smart - ok
13:23:44.0531 1292 [ 5CB8B6775285F2F908C3F810EAB78500 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:23:44.0703 1292 ati2mtag - ok
13:23:44.0765 1292 [ 924971A182E07463765EF9FA8876F24F ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
13:23:44.0765 1292 AtiHDAudioService - ok
13:23:44.0796 1292 [ DC6957811FF95F2DD3004361B20D8D3F ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
13:23:44.0796 1292 AtiHdmiService - ok
13:23:44.0812 1292 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:23:44.0828 1292 Atmarpc - ok
13:23:44.0843 1292 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:23:44.0843 1292 AudioSrv - ok
13:23:44.0890 1292 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:23:44.0890 1292 audstub - ok
13:23:44.0953 1292 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
13:23:44.0968 1292 BBSvc - ok
13:23:45.0000 1292 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
13:23:45.0000 1292 bcm4sbxp - ok
13:23:45.0031 1292 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:23:45.0031 1292 Beep - ok
13:23:45.0078 1292 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:23:45.0187 1292 BITS - ok
13:23:45.0265 1292 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:23:45.0265 1292 Bonjour Service - ok
13:23:45.0296 1292 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:23:45.0296 1292 Browser - ok
13:23:45.0328 1292 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
13:23:45.0328 1292 BVRPMPR5 - ok
13:23:45.0437 1292 catchme - ok
13:23:45.0484 1292 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:23:45.0484 1292 cbidf - ok
13:23:45.0500 1292 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:23:45.0500 1292 cbidf2k - ok
13:23:45.0531 1292 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:23:45.0531 1292 CCDECODE - ok
13:23:45.0578 1292 [ 0A6786C95A6F8715AA4285E3C27F201F ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
13:23:45.0593 1292 ccEvtMgr - ok
13:23:45.0625 1292 [ 3B4898CF051BB04FB76E94361E336A83 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
13:23:45.0625 1292 ccSetMgr - ok
13:23:45.0640 1292 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:23:45.0640 1292 cd20xrnt - ok
13:23:45.0656 1292 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:23:45.0656 1292 Cdaudio - ok
13:23:45.0687 1292 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:23:45.0703 1292 Cdfs - ok
13:23:45.0703 1292 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:23:45.0703 1292 Cdrom - ok
13:23:45.0703 1292 Changer - ok
13:23:45.0750 1292 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:23:45.0750 1292 CiSvc - ok
13:23:45.0765 1292 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:23:45.0765 1292 ClipSrv - ok
13:23:45.0812 1292 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:45.0812 1292 clr_optimization_v2.0.50727_32 - ok
13:23:45.0859 1292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:46.0000 1292 clr_optimization_v4.0.30319_32 - ok
13:23:46.0046 1292 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:23:46.0046 1292 CmdIde - ok
13:23:46.0062 1292 COMSysApp - ok
13:23:46.0078 1292 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:23:46.0078 1292 Cpqarray - ok
13:23:46.0093 1292 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:23:46.0093 1292 CryptSvc - ok
13:23:46.0109 1292 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:23:46.0109 1292 dac2w2k - ok
13:23:46.0125 1292 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:23:46.0125 1292 dac960nt - ok
13:23:46.0171 1292 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:23:46.0171 1292 DcomLaunch - ok
13:23:46.0203 1292 [ 1F709C66D8AADFF35530C56EE261C462 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
13:23:46.0203 1292 DefWatch - ok
13:23:46.0250 1292 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:23:46.0250 1292 Dhcp - ok
13:23:46.0265 1292 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:23:46.0265 1292 Disk - ok
13:23:46.0265 1292 dmadmin - ok
13:23:46.0296 1292 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:23:46.0296 1292 dmboot - ok
13:23:46.0296 1292 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:23:46.0312 1292 dmio - ok
13:23:46.0312 1292 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:23:46.0312 1292 dmload - ok
13:23:46.0328 1292 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:23:46.0328 1292 dmserver - ok
13:23:46.0343 1292 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:23:46.0343 1292 DMusic - ok
13:23:46.0375 1292 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:23:46.0375 1292 Dnscache - ok
13:23:46.0421 1292 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:23:46.0421 1292 Dot3svc - ok
13:23:46.0421 1292 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:23:46.0421 1292 dpti2o - ok
13:23:46.0437 1292 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:23:46.0437 1292 drmkaud - ok
13:23:46.0500 1292 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
13:23:46.0515 1292 DSproct - ok
13:23:46.0531 1292 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:23:46.0531 1292 E100B - ok
13:23:46.0531 1292 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:23:46.0531 1292 EapHost - ok
13:23:46.0609 1292 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:23:46.0609 1292 eeCtrl - ok
13:23:46.0656 1292 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:23:46.0656 1292 EraserUtilRebootDrv - ok
13:23:46.0687 1292 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:23:46.0687 1292 ERSvc - ok
13:23:46.0718 1292 esgiguard - ok
13:23:46.0750 1292 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:23:46.0750 1292 Eventlog - ok
13:23:46.0781 1292 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:23:46.0796 1292 EventSystem - ok
13:23:46.0796 1292 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:23:46.0796 1292 Fastfat - ok
13:23:46.0828 1292 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:23:46.0843 1292 FastUserSwitchingCompatibility - ok
13:23:46.0890 1292 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
13:23:46.0890 1292 Fax - ok
13:23:46.0906 1292 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:23:46.0906 1292 Fdc - ok
13:23:46.0937 1292 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:23:46.0937 1292 Fips - ok
13:23:47.0000 1292 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:23:47.0000 1292 FLEXnet Licensing Service - ok
13:23:47.0031 1292 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:23:47.0031 1292 Flpydisk - ok
13:23:47.0046 1292 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:23:47.0046 1292 FltMgr - ok
13:23:47.0109 1292 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:23:47.0125 1292 FontCache3.0.0.0 - ok
13:23:47.0125 1292 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:23:47.0125 1292 Fs_Rec - ok
13:23:47.0156 1292 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:23:47.0156 1292 Ftdisk - ok
13:23:47.0218 1292 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:23:47.0218 1292 GEARAspiWDM - ok
13:23:47.0234 1292 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:23:47.0234 1292 Gpc - ok
13:23:47.0296 1292 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:23:47.0296 1292 gupdate - ok
13:23:47.0312 1292 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:23:47.0312 1292 gupdatem - ok
13:23:47.0375 1292 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:23:47.0390 1292 gusvc - ok
13:23:47.0406 1292 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:23:47.0406 1292 HDAudBus - ok
13:23:47.0453 1292 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:23:47.0453 1292 helpsvc - ok
13:23:47.0500 1292 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:23:47.0500 1292 HidServ - ok
13:23:47.0500 1292 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:23:47.0500 1292 HidUsb - ok
13:23:47.0531 1292 [ 47EECE68857817F39C8C6F33A7E5E76C ] hitmanpro36 C:\WINDOWS\system32\drivers\hitmanpro36.sys
13:23:47.0546 1292 hitmanpro36 - ok
13:23:47.0546 1292 HitmanPro36CrusaderBoot - ok
13:23:47.0578 1292 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:23:47.0578 1292 hkmsvc - ok
13:23:47.0609 1292 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
13:23:47.0609 1292 hpn - ok
13:23:47.0656 1292 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:23:47.0656 1292 HSFHWBS2 - ok
13:23:47.0687 1292 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:23:47.0703 1292 HSF_DP - ok
13:23:47.0750 1292 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:23:47.0750 1292 HTTP - ok
13:23:47.0781 1292 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:23:47.0781 1292 HTTPFilter - ok
13:23:47.0781 1292 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
13:23:47.0796 1292 i2omgmt - ok
13:23:47.0796 1292 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:23:47.0796 1292 i2omp - ok
13:23:47.0812 1292 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:23:47.0812 1292 i8042prt - ok
13:23:47.0890 1292 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:23:47.0906 1292 idsvc - ok
13:23:47.0953 1292 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:23:47.0953 1292 Imapi - ok
13:23:47.0984 1292 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:23:47.0984 1292 ImapiService - ok
13:23:48.0000 1292 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:23:48.0000 1292 ini910u - ok
13:23:48.0000 1292 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:23:48.0000 1292 IntelIde - ok
13:23:48.0046 1292 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:23:48.0046 1292 intelppm - ok
13:23:48.0062 1292 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:23:48.0062 1292 Ip6Fw - ok
13:23:48.0093 1292 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:23:48.0109 1292 IpFilterDriver - ok
13:23:48.0125 1292 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:23:48.0125 1292 IpInIp - ok
13:23:48.0140 1292 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:23:48.0140 1292 IpNat - ok
13:23:48.0218 1292 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:23:48.0218 1292 iPod Service - ok
13:23:48.0234 1292 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:23:48.0250 1292 IPSec - ok
13:23:48.0265 1292 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:23:48.0265 1292 IRENUM - ok
13:23:48.0281 1292 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:23:48.0281 1292 isapnp - ok
13:23:48.0375 1292 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
13:23:48.0375 1292 JavaQuickStarterService - ok
13:23:48.0390 1292 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:23:48.0390 1292 Kbdclass - ok
13:23:48.0390 1292 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:23:48.0390 1292 kbdhid - ok
13:23:48.0406 1292 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:23:48.0406 1292 kmixer - ok
13:23:48.0421 1292 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:23:48.0437 1292 KSecDD - ok
13:23:48.0453 1292 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:23:48.0468 1292 lanmanserver - ok
13:23:48.0500 1292 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:23:48.0500 1292 lanmanworkstation - ok
13:23:48.0500 1292 lbrtfdc - ok
13:23:48.0546 1292 [ E7DBA76194F60D3FF8AADAF96AB19AA5 ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
13:23:48.0562 1292 LexBceS - ok
13:23:48.0671 1292 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
13:23:48.0703 1292 LiveUpdate - ok
13:23:48.0734 1292 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:23:48.0734 1292 LmHosts - ok
13:23:48.0750 1292 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:23:48.0750 1292 mdmxsdk - ok
13:23:48.0765 1292 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:23:48.0765 1292 Messenger - ok
13:23:48.0796 1292 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:23:48.0796 1292 mnmdd - ok
13:23:48.0828 1292 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:23:48.0828 1292 mnmsrvc - ok
13:23:48.0843 1292 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:23:48.0843 1292 Modem - ok
13:23:48.0875 1292 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:23:48.0875 1292 MODEMCSA - ok
13:23:48.0875 1292 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:23:48.0875 1292 Mouclass - ok
13:23:48.0906 1292 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:23:48.0906 1292 mouhid - ok
13:23:48.0937 1292 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:23:48.0937 1292 MountMgr - ok
13:23:48.0968 1292 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:23:48.0968 1292 mraid35x - ok
13:23:49.0000 1292 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:23:49.0000 1292 MRxDAV - ok
13:23:49.0046 1292 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:23:49.0046 1292 MRxSmb - ok
13:23:49.0125 1292 [ B03E3F64B70F8031E65EB26DA23DE91A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
13:23:49.0125 1292 MSCamSvc - ok
13:23:49.0156 1292 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:23:49.0156 1292 MSDTC - ok
13:23:49.0171 1292 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:23:49.0171 1292 Msfs - ok
13:23:49.0203 1292 [ 7A0F9CBDBDB135113B9A3C138E20C85D ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
13:23:49.0203 1292 MSHUSBVideo - ok
13:23:49.0218 1292 MSIServer - ok
13:23:49.0250 1292 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:23:49.0250 1292 MSKSSRV - ok
13:23:49.0265 1292 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:23:49.0265 1292 MSPCLOCK - ok
13:23:49.0281 1292 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:23:49.0281 1292 MSPQM - ok
13:23:49.0296 1292 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:23:49.0296 1292 mssmbios - ok
13:23:49.0343 1292 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:23:49.0343 1292 MSTEE - ok
13:23:49.0359 1292 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:23:49.0359 1292 Mup - ok
13:23:49.0437 1292 MySQL - ok
13:23:49.0453 1292 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:23:49.0468 1292 NABTSFEC - ok
13:23:49.0500 1292 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:23:49.0515 1292 napagent - ok
13:23:49.0578 1292 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120912.004\naveng.sys
13:23:49.0578 1292 NAVENG - ok
13:23:49.0625 1292 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120912.004\navex15.sys
13:23:49.0656 1292 NAVEX15 - ok
13:23:49.0671 1292 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:23:49.0671 1292 NDIS - ok
13:23:49.0718 1292 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:23:49.0718 1292 NdisIP - ok
13:23:49.0750 1292 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:23:49.0750 1292 NdisTapi - ok
13:23:49.0765 1292 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:23:49.0765 1292 Ndisuio - ok
13:23:49.0781 1292 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:23:49.0781 1292 NdisWan - ok
13:23:49.0812 1292 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:23:49.0812 1292 NDProxy - ok
13:23:49.0843 1292 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:23:49.0843 1292 NetBIOS - ok
13:23:49.0859 1292 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:23:49.0859 1292 NetBT - ok
13:23:49.0890 1292 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:23:49.0906 1292 NetDDE - ok
13:23:49.0906 1292 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:23:49.0906 1292 NetDDEdsdm - ok
13:23:49.0937 1292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:23:49.0937 1292 Netlogon - ok
13:23:49.0953 1292 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:23:49.0953 1292 Netman - ok
13:23:49.0984 1292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:23:50.0046 1292 NetTcpPortSharing - ok
13:23:50.0062 1292 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:23:50.0062 1292 Nla - ok
13:23:50.0078 1292 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:23:50.0078 1292 Npfs - ok
13:23:50.0093 1292 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:23:50.0093 1292 Ntfs - ok
13:23:50.0093 1292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:23:50.0109 1292 NtLmSsp - ok
13:23:50.0125 1292 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:23:50.0125 1292 NtmsSvc - ok
13:23:50.0140 1292 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:23:50.0140 1292 Null - ok
13:23:50.0203 1292 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:23:50.0234 1292 nv - ok
13:23:50.0250 1292 [ EF9941593B2E9B436F64A87DDB570D1A ] nvata C:\WINDOWS\system32\drivers\nvata.sys
13:23:50.0250 1292 nvata - ok
13:23:50.0265 1292 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:23:50.0265 1292 NwlnkFlt - ok
13:23:50.0281 1292 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:23:50.0281 1292 NwlnkFwd - ok
13:23:50.0359 1292 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:23:50.0375 1292 odserv - ok
13:23:50.0406 1292 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:23:50.0406 1292 ose - ok
13:23:50.0437 1292 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:23:50.0437 1292 Parport - ok
13:23:50.0453 1292 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:23:50.0453 1292 PartMgr - ok
13:23:50.0468 1292 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:23:50.0468 1292 ParVdm - ok
13:23:50.0468 1292 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:23:50.0468 1292 PCI - ok
13:23:50.0484 1292 PCIDump - ok
13:23:50.0500 1292 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:23:50.0500 1292 PCIIde - ok
13:23:50.0515 1292 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:23:50.0515 1292 Pcmcia - ok
13:23:50.0531 1292 PDCOMP - ok
13:23:50.0531 1292 PDFRAME - ok
13:23:50.0531 1292 PDRELI - ok
13:23:50.0546 1292 PDRFRAME - ok
13:23:50.0562 1292 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
13:23:50.0562 1292 perc2 - ok
13:23:50.0562 1292 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:23:50.0578 1292 perc2hib - ok
13:23:50.0609 1292 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:23:50.0609 1292 PlugPlay - ok
13:23:50.0625 1292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:23:50.0625 1292 PolicyAgent - ok
13:23:50.0640 1292 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:23:50.0640 1292 PptpMiniport - ok
13:23:50.0656 1292 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:23:50.0656 1292 Processor - ok
13:23:50.0656 1292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:23:50.0656 1292 ProtectedStorage - ok
13:23:50.0671 1292 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:23:50.0671 1292 PSched - ok
13:23:50.0703 1292 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:23:50.0703 1292 Ptilink - ok
13:23:50.0718 1292 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:23:50.0718 1292 PxHelp20 - ok
13:23:50.0734 1292 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:23:50.0734 1292 ql1080 - ok
13:23:50.0750 1292 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:23:50.0750 1292 Ql10wnt - ok
13:23:50.0765 1292 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:23:50.0765 1292 ql12160 - ok
13:23:50.0765 1292 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:23:50.0765 1292 ql1240 - ok
13:23:50.0781 1292 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:23:50.0781 1292 ql1280 - ok
13:23:50.0812 1292 [ 32BCF90B3BAC9CB9B10F3C309A123C7F ] RAMDiskXP C:\WINDOWS\system32\Drivers\RAMDiskXP.sys
13:23:50.0828 1292 RAMDiskXP - ok
13:23:50.0828 1292 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:23:50.0828 1292 RasAcd - ok
13:23:50.0875 1292 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:23:50.0875 1292 RasAuto - ok
13:23:50.0890 1292 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:23:50.0890 1292 Rasl2tp - ok
13:23:50.0937 1292 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:23:50.0953 1292 RasMan - ok
13:23:50.0953 1292 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:23:50.0953 1292 RasPppoe - ok
13:23:50.0953 1292 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:23:50.0953 1292 Raspti - ok
13:23:51.0000 1292 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:23:51.0015 1292 Rdbss - ok
13:23:51.0046 1292 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:23:51.0046 1292 RDPCDD - ok
13:23:51.0062 1292 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:23:51.0078 1292 rdpdr - ok
13:23:51.0109 1292 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:23:51.0109 1292 RDPWD - ok
13:23:51.0125 1292 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:23:51.0140 1292 RDSessMgr - ok
13:23:51.0140 1292 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:23:51.0156 1292 redbook - ok
13:23:51.0171 1292 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:23:51.0171 1292 RemoteAccess - ok
13:23:51.0203 1292 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
13:23:51.0203 1292 RimUsb - ok
13:23:51.0343 1292 [ D2D4D149AB1F6EE7EB0A7AFCE47A66E0 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
13:23:51.0359 1292 RoxMediaDB10 - ok
13:23:51.0359 1292 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:23:51.0375 1292 RpcLocator - ok
13:23:51.0406 1292 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:23:51.0406 1292 RpcSs - ok
13:23:51.0437 1292 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:23:51.0437 1292 RSVP - ok
13:23:51.0453 1292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:23:51.0453 1292 SamSs - ok
13:23:51.0484 1292 [ 3525FDCFC567E807A337C61AFF366BE8 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
13:23:51.0484 1292 SavRoam - ok
13:23:51.0515 1292 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
13:23:51.0531 1292 SAVRT - ok
13:23:51.0531 1292 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
13:23:51.0546 1292 SAVRTPEL - ok
13:23:51.0546 1292 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:23:51.0562 1292 SCardSvr - ok
13:23:51.0578 1292 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:23:51.0578 1292 Schedule - ok
13:23:51.0625 1292 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
13:23:51.0640 1292 SeaPort - ok
13:23:51.0671 1292 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:23:51.0671 1292 Secdrv - ok
13:23:51.0687 1292 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:23:51.0687 1292 seclogon - ok
13:23:51.0703 1292 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:23:51.0703 1292 SENS - ok
13:23:51.0734 1292 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:23:51.0734 1292 serenum - ok
13:23:51.0750 1292 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:23:51.0750 1292 Serial - ok
13:23:51.0781 1292 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:23:51.0781 1292 Sfloppy - ok
13:23:51.0812 1292 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:23:51.0828 1292 SharedAccess - ok
13:23:51.0843 1292 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:23:51.0843 1292 ShellHWDetection - ok
13:23:51.0843 1292 Simbad - ok
13:23:51.0875 1292 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:23:51.0875 1292 sisagp - ok
13:23:51.0890 1292 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:23:51.0890 1292 SLIP - ok
13:23:51.0953 1292 [ 0D411EEA92751C1ECD8453892F41E726 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
13:23:51.0953 1292 SNDSrvc - ok
13:23:52.0000 1292 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:23:52.0000 1292 Sparrow - ok
13:23:52.0062 1292 [ 677B10906838D3BFB1C07AC9087E4BF7 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
13:23:52.0078 1292 SPBBCDrv - ok
13:23:52.0109 1292 [ C830007369E18A54AED23B5BB3AFA2BA ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
13:23:52.0125 1292 SPBBCSvc - ok
13:23:52.0140 1292 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:23:52.0140 1292 splitter - ok
13:23:52.0171 1292 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:23:52.0171 1292 Spooler - ok
13:23:52.0203 1292 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:23:52.0203 1292 sr - ok
13:23:52.0234 1292 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:23:52.0234 1292 srservice - ok
13:23:52.0281 1292 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:23:52.0281 1292 Srv - ok
13:23:52.0296 1292 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:23:52.0296 1292 SSDPSRV - ok
13:23:52.0343 1292 [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
13:23:52.0359 1292 STHDA - ok
13:23:52.0406 1292 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:23:52.0406 1292 stisvc - ok
13:23:52.0453 1292 [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:23:52.0453 1292 stllssvr - ok
13:23:52.0484 1292 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:23:52.0484 1292 streamip - ok
13:23:52.0500 1292 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:23:52.0500 1292 swenum - ok
13:23:52.0531 1292 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:23:52.0531 1292 swmidi - ok
13:23:52.0531 1292 SwPrv - ok
13:23:52.0593 1292 [ 8FDAADF204A4F29214DA1B03342E2735 ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
13:23:52.0625 1292 Symantec AntiVirus - ok
13:23:52.0640 1292 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
13:23:52.0640 1292 symc810 - ok
13:23:52.0640 1292 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:23:52.0640 1292 symc8xx - ok
13:23:52.0656 1292 [ DE6D1102D55926354171AE4E73936725 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
13:23:52.0656 1292 SymEvent - ok
13:23:52.0656 1292 [ 6C0A85982F4E0D672B85A2BFB50A24B5 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
13:23:52.0656 1292 SYMREDRV - ok
13:23:52.0703 1292 [ CDDA3BA3F7D5B63FF9F85CB478C11473 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
13:23:52.0703 1292 SYMTDI - ok
13:23:52.0718 1292 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:23:52.0718 1292 sym_hi - ok
13:23:52.0718 1292 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:23:52.0718 1292 sym_u3 - ok
13:23:52.0734 1292 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:23:52.0734 1292 sysaudio - ok
13:23:52.0781 1292 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:23:52.0781 1292 SysmonLog - ok
13:23:52.0796 1292 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:23:52.0796 1292 TapiSrv - ok
13:23:52.0843 1292 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:23:52.0843 1292 Tcpip - ok
13:23:52.0875 1292 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:23:52.0875 1292 TDPIPE - ok
13:23:52.0890 1292 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:23:52.0890 1292 TDTCP - ok
13:23:52.0906 1292 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:23:52.0906 1292 TermDD - ok
13:23:52.0937 1292 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:23:52.0937 1292 TermService - ok
13:23:52.0984 1292 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:23:52.0984 1292 Themes - ok
13:23:53.0031 1292 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
13:23:53.0031 1292 TosIde - ok
13:23:53.0078 1292 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:23:53.0078 1292 TrkWks - ok
13:23:53.0093 1292 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:23:53.0093 1292 Udfs - ok
13:23:53.0156 1292 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
13:23:53.0156 1292 ultra - ok
13:23:53.0203 1292 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:23:53.0203 1292 Update - ok
13:23:53.0218 1292 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:23:53.0218 1292 upnphost - ok
13:23:53.0250 1292 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:23:53.0250 1292 UPS - ok
13:23:53.0296 1292 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:23:53.0296 1292 USBAAPL - ok
13:23:53.0328 1292 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
13:23:53.0328 1292 usbaudio - ok
13:23:53.0375 1292 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:23:53.0375 1292 usbccgp - ok
13:23:53.0390 1292 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:23:53.0390 1292 usbehci - ok
13:23:53.0390 1292 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:23:53.0390 1292 usbhub - ok
13:23:53.0406 1292 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:23:53.0406 1292 usbohci - ok
13:23:53.0421 1292 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:23:53.0421 1292 usbprint - ok
13:23:53.0453 1292 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:23:53.0453 1292 usbscan - ok
13:23:53.0484 1292 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:23:53.0484 1292 USBSTOR - ok
13:23:53.0500 1292 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:23:53.0500 1292 usbuhci - ok
13:23:53.0531 1292 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
13:23:53.0546 1292 usbvideo - ok
13:23:53.0562 1292 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:23:53.0562 1292 VgaSave - ok
13:23:53.0578 1292 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:23:53.0578 1292 viaagp - ok
13:23:53.0593 1292 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
13:23:53.0593 1292 ViaIde - ok
13:23:53.0609 1292 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:23:53.0609 1292 VolSnap - ok
13:23:53.0640 1292 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:23:53.0656 1292 VSS - ok
13:23:53.0687 1292 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
13:23:53.0687 1292 w32time - ok
13:23:53.0703 1292 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:23:53.0703 1292 Wanarp - ok
13:23:53.0734 1292 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
13:23:53.0734 1292 wanatw - ok
13:23:53.0781 1292 [ A1A36682DF22777834E1C37F3C79AEC2 ] WDBtnMgrSvc.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
13:23:53.0781 1292 WDBtnMgrSvc.exe - ok
13:23:53.0796 1292 WDICA - ok
13:23:53.0812 1292 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:23:53.0812 1292 wdmaud - ok
13:23:53.0828 1292 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:23:53.0828 1292 WebClient - ok
13:23:53.0875 1292 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:23:53.0875 1292 winachsf - ok
13:23:53.0953 1292 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:23:53.0953 1292 winmgmt - ok
13:23:54.0015 1292 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:23:54.0046 1292 WinRM - ok
13:23:54.0140 1292 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:23:54.0171 1292 wlidsvc - ok
13:23:54.0187 1292 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:23:54.0187 1292 WmdmPmSN - ok
13:23:54.0218 1292 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:23:54.0218 1292 WmiApSrv - ok
13:23:54.0312 1292 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:23:54.0328 1292 WMPNetworkSvc - ok
13:23:54.0375 1292 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
13:23:54.0375 1292 WpdUsb - ok
13:23:54.0453 1292 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:23:54.0484 1292 WPFFontCache_v0400 - ok
13:23:54.0500 1292 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:23:54.0500 1292 WS2IFSL - ok
13:23:54.0531 1292 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:23:54.0531 1292 wscsvc - ok
13:23:54.0531 1292 WSearch - ok
13:23:54.0562 1292 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:23:54.0562 1292 WSTCODEC - ok
13:23:54.0578 1292 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:23:54.0578 1292 wuauserv - ok
13:23:54.0625 1292 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:23:54.0625 1292 WudfPf - ok
13:23:54.0640 1292 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:23:54.0656 1292 WudfRd - ok
13:23:54.0671 1292 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:23:54.0703 1292 WudfSvc - ok
13:23:54.0734 1292 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:23:54.0734 1292 WZCSVC - ok
13:23:54.0750 1292 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:23:54.0750 1292 xmlprov - ok
13:23:54.0765 1292 yeddef - ok
13:23:54.0765 1292 ================ Scan global ===============================
13:23:54.0812 1292 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:23:54.0843 1292 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:23:54.0859 1292 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:23:54.0859 1292 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:23:54.0859 1292 [Global] - ok
13:23:54.0859 1292 ================ Scan MBR ==================================
13:23:54.0875 1292 [ 587F1BF40479D66675A13B610E5E7F9E ] \Device\Harddisk0\DR0
13:23:54.0937 1292 \Device\Harddisk0\DR0 - ok
13:23:54.0937 1292 ================ Scan VBR ==================================
13:23:54.0937 1292 [ BA0002C32713DF2A9184A3C4E9C76D4F ] \Device\Harddisk0\DR0\Partition1
13:23:54.0937 1292 \Device\Harddisk0\DR0\Partition1 - ok
13:23:54.0937 1292 ============================================================
13:23:54.0937 1292 Scan finished
13:23:54.0937 1292 ============================================================
13:23:54.0953 1812 Detected object count: 0
13:23:54.0953 1812 Actual detected object count: 0
13:25:32.0140 1388 Deinitialize success


Results of ESET Online Scanner:

C:\Documents and Settings\ariana\Desktop\RK_Quarantine\rrFVDO2lL6I0X9.exe.vir a variant of Win32/Kryptik.ALQD trojan cleaned by deleting - quarantined
C:\Documents and Settings\artan\Local Settings\Application Data\Mozilla\Firefox\Profiles\0vxl97es.default\Cache\0\37\35C52d01 HTML/Hoax.FastDownload.C.Gen application deleted - quarantined
C:\Documents and Settings\artan\Local Settings\Application Data\Mozilla\Firefox\Profiles\0vxl97es.default\Cache\E\89\2F21Bd01 HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\artan\Local Settings\Application Data\Mozilla\Firefox\Profiles\0vxl97es.default\Cache\E\EB\70152d01 HTML/ScrInject.B.Gen virus deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP977\A0262556.exe a variant of Win32/Kryptik.ALQD trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP945\A0236740.exe Win32/OpenCandy application cleaned by deleting - quarantined

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:37 AM

Posted 13 September 2012 - 09:00 PM

Ok, this looks good,,,
A couple things
is your Firewall on now?

Update Java
On the download page use this one
Windows x86 Offline 29.73 MB ..... jre-7u7-windows-i586.exe


Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586.exe (or jre-7u7-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Edited by boopme, 13 September 2012 - 09:01 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users