Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What do I do next?


  • Please log in to reply
24 replies to this topic

#1 bob marley

bob marley

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 28 September 2012 - 07:53 PM

I am posting from my laptop because I cannot use the internet on my desktop ever since i Ran TDSSKILLER malware remover. My problems started about two weeks ago, when I tried downloading itunes to my desktop. I downloaded a fake itunes and something else that caused my internet to redirect and my hard drive to fill up to the max. I Ran Malwarebytes and Avira, but they did not fix the problem. I did a search of my problem and found someone on majorgeeks forum who posted the exact same problem that I was having. The tech told him to run the TDSSkiller in his reply. I decided to try it out. The TDSS found several things wrong, so i had it fix it. Ever since I did that, I have not been able to go on the internet from my desktop. It just says that there is and internet connection problem and when I hit diagnose connection problem, it says that Windows has detected a problem with the Winstock provider catalog on this computer. It asks if I would like Windows to reset, if I click yes, it reboots and the problem still exists...no internet. Please help me with what I should do for my next step to try and fix my desktop. Thank You!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 PM

Posted 29 September 2012 - 10:12 AM

The TDSS found several things wrong,


Please post the TDSS killer log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#3 bob marley

bob marley
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 29 September 2012 - 07:26 PM

Thanks Narenxp for helping. It is greatly needed and appreciated!!

22:39:03.0046 1356 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:39:03.0390 1356 ============================================================
22:39:03.0390 1356 Current date / time: 2012/09/27 22:39:03.0390
22:39:03.0390 1356 SystemInfo:
22:39:03.0390 1356
22:39:03.0390 1356 OS Version: 5.1.2600 ServicePack: 3.0
22:39:03.0390 1356 Product type: Workstation
22:39:03.0390 1356 ComputerName: RANDAL
22:39:03.0390 1356 UserName: Administrator
22:39:03.0390 1356 Windows directory: C:\WINDOWS
22:39:03.0390 1356 System windows directory: C:\WINDOWS
22:39:03.0390 1356 Processor architecture: Intel x86
22:39:03.0390 1356 Number of processors: 1
22:39:03.0390 1356 Page size: 0x1000
22:39:03.0390 1356 Boot type: Safe boot with network
22:39:03.0390 1356 ============================================================
22:39:06.0796 1356 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:39:06.0796 1356 ============================================================
22:39:06.0796 1356 \Device\Harddisk0\DR0:
22:39:06.0796 1356 MBR partitions:
22:39:06.0796 1356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A796BD
22:39:06.0796 1356 ============================================================
22:39:06.0890 1356 C: <-> \Device\Harddisk0\DR0\Partition1
22:39:06.0937 1356 ============================================================
22:39:06.0937 1356 Initialize success
22:39:06.0937 1356 ============================================================
22:39:16.0062 1408 ============================================================
22:39:16.0062 1408 Scan started
22:39:16.0062 1408 Mode: Manual;
22:39:16.0062 1408 ============================================================
22:39:17.0375 1408 ================ Scan system memory ========================
22:39:17.0375 1408 System memory - ok
22:39:17.0390 1408 ================ Scan services =============================
22:39:17.0656 1408 Abiosdsk - ok
22:39:17.0781 1408 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
22:39:17.0781 1408 abp480n5 - ok
22:39:17.0875 1408 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
22:39:17.0875 1408 ac97intc - ok
22:39:17.0968 1408 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:39:17.0984 1408 ACPI - ok
22:39:18.0031 1408 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:39:18.0046 1408 ACPIEC - ok
22:39:18.0093 1408 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
22:39:18.0093 1408 adpu160m - ok
22:39:18.0140 1408 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:39:18.0156 1408 aec - ok
22:39:18.0250 1408 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:39:18.0250 1408 AFD - ok
22:39:18.0343 1408 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:39:18.0343 1408 agp440 - ok
22:39:18.0421 1408 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
22:39:18.0421 1408 agpCPQ - ok
22:39:18.0531 1408 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
22:39:18.0531 1408 Aha154x - ok
22:39:18.0609 1408 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
22:39:18.0609 1408 aic78u2 - ok
22:39:18.0671 1408 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
22:39:18.0671 1408 aic78xx - ok
22:39:18.0781 1408 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:39:18.0796 1408 Alerter - ok
22:39:18.0875 1408 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:39:18.0875 1408 ALG - ok
22:39:18.0968 1408 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
22:39:18.0968 1408 AliIde - ok
22:39:19.0000 1408 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
22:39:19.0015 1408 alim1541 - ok
22:39:19.0078 1408 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
22:39:19.0078 1408 amdagp - ok
22:39:19.0140 1408 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
22:39:19.0140 1408 amsint - ok
22:39:19.0328 1408 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:39:19.0328 1408 AntiVirSchedulerService - ok
22:39:19.0437 1408 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:39:19.0437 1408 AntiVirService - ok
22:39:19.0500 1408 AppMgmt - ok
22:39:19.0562 1408 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
22:39:19.0562 1408 asc - ok
22:39:19.0593 1408 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
22:39:19.0609 1408 asc3350p - ok
22:39:19.0687 1408 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
22:39:19.0687 1408 asc3550 - ok
22:39:19.0828 1408 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:39:19.0828 1408 aspnet_state - ok
22:39:19.0890 1408 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:39:19.0890 1408 AsyncMac - ok
22:39:20.0031 1408 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:39:20.0031 1408 atapi - ok
22:39:20.0078 1408 Atdisk - ok
22:39:20.0171 1408 [ 9027AE586EF5F0E6A40175E92917B44C ] ati2mpaa C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys
22:39:20.0218 1408 ati2mpaa - ok
22:39:20.0296 1408 [ 7E49CA74AD10AB761D620DB5B02765CF ] ati2mtaa C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
22:39:20.0328 1408 ati2mtaa - ok
22:39:20.0390 1408 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:39:20.0390 1408 Atmarpc - ok
22:39:20.0484 1408 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:39:20.0484 1408 AudioSrv - ok
22:39:20.0562 1408 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:39:20.0578 1408 audstub - ok
22:39:20.0687 1408 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:39:20.0687 1408 avgntflt - ok
22:39:20.0796 1408 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:39:20.0812 1408 avipbb - ok
22:39:20.0906 1408 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:39:20.0906 1408 avkmgr - ok
22:39:21.0015 1408 [ 35C86DEE8492D04AD9918329C4ECAF8A ] AX88772 C:\WINDOWS\system32\DRIVERS\ax88772.sys
22:39:21.0015 1408 AX88772 - ok
22:39:21.0093 1408 [ 9372CC48814A17E67C28945EB4ACC189 ] basic2 C:\WINDOWS\system32\DRIVERS\basic2.sys
22:39:21.0093 1408 basic2 - ok
22:39:21.0171 1408 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:39:21.0187 1408 Beep - ok
22:39:21.0281 1408 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:39:21.0281 1408 Browser - ok
22:39:21.0343 1408 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
22:39:21.0343 1408 BVRPMPR5 - ok
22:39:21.0421 1408 [ C043CA48F1F5C00FF8272180FBBD15E9 ] bvrp_pci C:\WINDOWS\system32\drivers\bvrp_pci.sys
22:39:21.0421 1408 bvrp_pci - ok
22:39:21.0515 1408 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
22:39:21.0515 1408 cbidf - ok
22:39:21.0578 1408 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:39:21.0578 1408 cbidf2k - ok
22:39:21.0640 1408 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:39:21.0640 1408 CCDECODE - ok
22:39:21.0687 1408 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
22:39:21.0687 1408 cd20xrnt - ok
22:39:21.0750 1408 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:39:21.0750 1408 Cdaudio - ok
22:39:21.0796 1408 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:39:21.0796 1408 Cdfs - ok
22:39:21.0875 1408 [ 837EEF65AF62D4E8A37C41D3879F7274 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
22:39:21.0875 1408 Cdr4_xp - ok
22:39:21.0921 1408 [ 579DA2F9F5401F55DAE2CF8779D61DFC ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
22:39:21.0937 1408 Cdralw2k - ok
22:39:21.0984 1408 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:39:21.0984 1408 Cdrom - ok
22:39:22.0062 1408 [ 5B20A47B0413240CDB93106BD58602A1 ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
22:39:22.0078 1408 cdudf_xp - ok
22:39:22.0125 1408 Changer - ok
22:39:22.0203 1408 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
22:39:22.0203 1408 cisvc - ok
22:39:22.0281 1408 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:39:22.0281 1408 ClipSrv - ok
22:39:22.0390 1408 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:22.0406 1408 clr_optimization_v2.0.50727_32 - ok
22:39:22.0484 1408 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
22:39:22.0484 1408 CmdIde - ok
22:39:22.0562 1408 COMSysApp - ok
22:39:22.0656 1408 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
22:39:22.0656 1408 Cpqarray - ok
22:39:22.0750 1408 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:39:22.0750 1408 CryptSvc - ok
22:39:22.0796 1408 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
22:39:22.0812 1408 dac2w2k - ok
22:39:22.0843 1408 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
22:39:22.0843 1408 dac960nt - ok
22:39:22.0906 1408 DCamUSBCompany - ok
22:39:23.0031 1408 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:39:23.0156 1408 DcomLaunch - ok
22:39:23.0250 1408 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:39:23.0265 1408 Dhcp - ok
22:39:23.0343 1408 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:39:23.0359 1408 Disk - ok
22:39:23.0390 1408 dmadmin - ok
22:39:23.0484 1408 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:39:23.0515 1408 dmboot - ok
22:39:23.0625 1408 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:39:23.0625 1408 dmio - ok
22:39:23.0703 1408 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:39:23.0703 1408 dmload - ok
22:39:23.0765 1408 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:39:23.0781 1408 dmserver - ok
22:39:23.0859 1408 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:39:23.0859 1408 DMusic - ok
22:39:23.0968 1408 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:39:23.0968 1408 Dnscache - ok
22:39:24.0062 1408 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:39:24.0062 1408 Dot3svc - ok
22:39:24.0140 1408 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
22:39:24.0140 1408 dpti2o - ok
22:39:24.0187 1408 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:39:24.0203 1408 drmkaud - ok
22:39:24.0265 1408 [ 3677E155D87DDA2BC53142D7D234D12A ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
22:39:24.0265 1408 dvd_2K - ok
22:39:24.0343 1408 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:39:24.0359 1408 EapHost - ok
22:39:24.0421 1408 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
22:39:24.0437 1408 EL90XBC - ok
22:39:24.0531 1408 [ F9472131367D39435D750F5FA3D23582 ] Eplpdx02 C:\WINDOWS\System32\Drivers\EPLPDX02.SYS
22:39:24.0546 1408 Eplpdx02 - ok
22:39:24.0640 1408 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:39:24.0640 1408 ERSvc - ok
22:39:24.0718 1408 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:39:24.0718 1408 Eventlog - ok
22:39:24.0828 1408 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
22:39:24.0828 1408 EventSystem - ok
22:39:24.0875 1408 [ 9EA76A7F28CD968F8ADC709E479F23B2 ] Fallback C:\WINDOWS\system32\DRIVERS\fallback.sys
22:39:24.0890 1408 Fallback - ok
22:39:24.0968 1408 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:39:24.0968 1408 Fastfat - ok
22:39:25.0062 1408 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:39:25.0078 1408 FastUserSwitchingCompatibility - ok
22:39:25.0125 1408 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:39:25.0125 1408 Fdc - ok
22:39:25.0187 1408 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:39:25.0187 1408 Fips - ok
22:39:25.0296 1408 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:39:25.0296 1408 Flpydisk - ok
22:39:25.0390 1408 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:39:25.0406 1408 FltMgr - ok
22:39:25.0515 1408 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:39:25.0515 1408 FontCache3.0.0.0 - ok
22:39:25.0609 1408 [ B7B262D0431374F3AFD1349E35B368D9 ] Fsks C:\WINDOWS\system32\DRIVERS\fsksnt.sys
22:39:25.0625 1408 Fsks - ok
22:39:25.0671 1408 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:39:25.0671 1408 Fs_Rec - ok
22:39:25.0734 1408 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:39:25.0734 1408 Ftdisk - ok
22:39:25.0796 1408 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:39:25.0812 1408 GEARAspiWDM - ok
22:39:25.0890 1408 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:39:25.0921 1408 Gpc - ok
22:39:26.0046 1408 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:39:26.0046 1408 helpsvc - ok
22:39:26.0093 1408 HidServ - ok
22:39:26.0156 1408 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:39:26.0156 1408 HidUsb - ok
22:39:26.0265 1408 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:39:26.0265 1408 hkmsvc - ok
22:39:26.0343 1408 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
22:39:26.0343 1408 hpn - ok
22:39:26.0406 1408 [ B077B7F8E79779EA967E84A4FC040227 ] hpt3xx C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
22:39:26.0421 1408 hpt3xx - ok
22:39:26.0515 1408 [ 74E379857D4C0DFB56DE2D19B8F4C434 ] hsf_msft C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
22:39:26.0546 1408 hsf_msft - ok
22:39:26.0656 1408 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:39:26.0671 1408 HTTP - ok
22:39:26.0750 1408 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:39:26.0765 1408 HTTPFilter - ok
22:39:26.0843 1408 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
22:39:26.0843 1408 i2omgmt - ok
22:39:26.0921 1408 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
22:39:26.0921 1408 i2omp - ok
22:39:27.0000 1408 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:39:27.0000 1408 i8042prt - ok
22:39:27.0109 1408 [ 937C7E0D5A684AF39430ED27E1E825B8 ] idmc1aud C:\WINDOWS\system32\drivers\idmc1aud.sys
22:39:27.0109 1408 idmc1aud - ok
22:39:27.0171 1408 [ A05E44A7FF85E5B60534658B53E4D8C6 ] IDMC1Blk C:\WINDOWS\system32\DRIVERS\IDMC1Blk.sys
22:39:27.0171 1408 IDMC1Blk - ok
22:39:27.0281 1408 [ 75D4621B1D3602688DB04E62D125FAFC ] IDMC1Vxp C:\WINDOWS\system32\DRIVERS\idmc1vme.sys
22:39:27.0312 1408 IDMC1Vxp - ok
22:39:27.0453 1408 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:39:27.0453 1408 IDriverT - ok
22:39:27.0609 1408 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:39:27.0656 1408 idsvc - ok
22:39:27.0718 1408 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:39:27.0718 1408 Imapi - ok
22:39:27.0812 1408 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:39:27.0812 1408 ImapiService - ok
22:39:27.0921 1408 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
22:39:27.0921 1408 ini910u - ok
22:39:28.0015 1408 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:39:28.0015 1408 IntelIde - ok
22:39:28.0125 1408 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:39:28.0125 1408 ip6fw - ok
22:39:28.0218 1408 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:39:28.0218 1408 IpFilterDriver - ok
22:39:28.0250 1408 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:39:28.0265 1408 IpInIp - ok
22:39:28.0312 1408 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:39:28.0328 1408 IpNat - ok
22:39:28.0359 1408 [ 2C489A3146EBD92CE7E0612E737616D3 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:39:28.0375 1408 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 2C489A3146EBD92CE7E0612E737616D3, Fake md5: 23C74D75E36E7158768DD63D92789A91
22:39:28.0375 1408 IPSec ( Virus.Win32.ZAccess.k ) - infected
22:39:28.0375 1408 IPSec - detected Virus.Win32.ZAccess.k (0)
22:39:28.0453 1408 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:39:28.0453 1408 IRENUM - ok
22:39:28.0546 1408 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:39:28.0546 1408 isapnp - ok
22:39:28.0625 1408 [ A4E3277398C8ABA999483D4C658C9696 ] K56 C:\WINDOWS\system32\DRIVERS\k56nt.sys
22:39:28.0671 1408 K56 - ok
22:39:28.0734 1408 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:39:28.0734 1408 Kbdclass - ok
22:39:28.0796 1408 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:39:28.0812 1408 kmixer - ok
22:39:28.0890 1408 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:39:28.0890 1408 KSecDD - ok
22:39:28.0984 1408 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:39:28.0984 1408 lanmanserver - ok
22:39:29.0078 1408 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:39:29.0093 1408 lanmanworkstation - ok
22:39:29.0140 1408 lbrtfdc - ok
22:39:29.0265 1408 [ 20155A2B80C6C3C6284CB158FF998700 ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
22:39:29.0281 1408 LexBceS - ok
22:39:29.0375 1408 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:39:29.0375 1408 LmHosts - ok
22:39:29.0421 1408 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:39:29.0421 1408 Messenger - ok
22:39:29.0468 1408 [ A54FD7E564C996CFCEE6EE7491F3C318 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
22:39:29.0484 1408 mmc_2K - ok
22:39:29.0578 1408 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:39:29.0578 1408 mnmdd - ok
22:39:29.0671 1408 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
22:39:29.0671 1408 mnmsrvc - ok
22:39:29.0750 1408 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:39:29.0750 1408 Modem - ok
22:39:29.0843 1408 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:39:29.0843 1408 Mouclass - ok
22:39:29.0937 1408 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:39:29.0937 1408 mouhid - ok
22:39:30.0015 1408 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:39:30.0015 1408 MountMgr - ok
22:39:30.0109 1408 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
22:39:30.0109 1408 mraid35x - ok
22:39:30.0203 1408 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:39:30.0218 1408 MRxDAV - ok
22:39:30.0312 1408 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:39:30.0343 1408 MRxSmb - ok
22:39:30.0421 1408 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:39:30.0437 1408 MSDTC - ok
22:39:30.0531 1408 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:39:30.0531 1408 Msfs - ok
22:39:30.0593 1408 [ 877FFD0FB093B80F5ED6BA64D7921881 ] Msikbd2k C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
22:39:30.0593 1408 Msikbd2k - ok
22:39:30.0656 1408 MSIServer - ok
22:39:30.0734 1408 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:39:30.0734 1408 MSKSSRV - ok
22:39:30.0828 1408 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:39:30.0828 1408 MSPCLOCK - ok
22:39:30.0906 1408 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:39:30.0906 1408 MSPQM - ok
22:39:31.0000 1408 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:39:31.0000 1408 mssmbios - ok
22:39:31.0078 1408 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:39:31.0078 1408 MSTEE - ok
22:39:31.0156 1408 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:39:31.0171 1408 Mup - ok
22:39:31.0265 1408 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:39:31.0265 1408 NABTSFEC - ok
22:39:31.0375 1408 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:39:31.0390 1408 napagent - ok
22:39:31.0484 1408 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:39:31.0484 1408 NDIS - ok
22:39:31.0546 1408 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:39:31.0562 1408 NdisIP - ok
22:39:31.0625 1408 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:39:31.0625 1408 NdisTapi - ok
22:39:31.0671 1408 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:39:31.0671 1408 Ndisuio - ok
22:39:31.0750 1408 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:39:31.0750 1408 NdisWan - ok
22:39:31.0843 1408 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:39:31.0843 1408 NDProxy - ok
22:39:31.0906 1408 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:39:31.0906 1408 NetBIOS - ok
22:39:31.0968 1408 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:39:31.0984 1408 NetBT - ok
22:39:32.0062 1408 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:39:32.0093 1408 NetDDE - ok
22:39:32.0140 1408 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:39:32.0156 1408 NetDDEdsdm - ok
22:39:32.0250 1408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:39:32.0250 1408 Netlogon - ok
22:39:32.0312 1408 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:39:32.0328 1408 Netman - ok
22:39:32.0453 1408 [ 7E2F487A2069A4E7158C3A972F48B5E3 ] netrcacm C:\WINDOWS\system32\DRIVERS\netrcacm.sys
22:39:32.0453 1408 netrcacm - ok
22:39:32.0531 1408 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:39:32.0546 1408 NetTcpPortSharing - ok
22:39:32.0593 1408 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:39:32.0609 1408 Nla - ok
22:39:32.0687 1408 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:39:32.0703 1408 Npfs - ok
22:39:32.0781 1408 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:39:32.0812 1408 Ntfs - ok
22:39:32.0875 1408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
22:39:32.0875 1408 NtLmSsp - ok
22:39:33.0015 1408 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:39:33.0031 1408 NtmsSvc - ok
22:39:33.0093 1408 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:39:33.0093 1408 Null - ok
22:39:33.0250 1408 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:39:33.0312 1408 nv - ok
22:39:33.0437 1408 [ 4D31783965B0B7CED7DB3F4EE14CF260 ] nv4 C:\WINDOWS\system32\DRIVERS\nv4.sys
22:39:33.0468 1408 nv4 - ok
22:39:33.0562 1408 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:39:33.0578 1408 NwlnkFlt - ok
22:39:33.0625 1408 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:39:33.0625 1408 NwlnkFwd - ok
22:39:33.0734 1408 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
22:39:33.0734 1408 P3 - ok
22:39:33.0796 1408 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:39:33.0796 1408 Parport - ok
22:39:33.0828 1408 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:39:33.0843 1408 PartMgr - ok
22:39:33.0921 1408 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:39:33.0921 1408 ParVdm - ok
22:39:33.0984 1408 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:39:33.0984 1408 PCI - ok
22:39:34.0015 1408 PCIDump - ok
22:39:34.0093 1408 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\System32\DRIVERS\pciide.sys
22:39:34.0109 1408 PCIIde - ok
22:39:34.0187 1408 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:39:34.0187 1408 Pcmcia - ok
22:39:34.0250 1408 PDCOMP - ok
22:39:34.0296 1408 PDFRAME - ok
22:39:34.0343 1408 PDRELI - ok
22:39:34.0390 1408 PDRFRAME - ok
22:39:34.0437 1408 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
22:39:34.0437 1408 perc2 - ok
22:39:34.0468 1408 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
22:39:34.0484 1408 perc2hib - ok
22:39:34.0640 1408 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:39:34.0640 1408 PlugPlay - ok
22:39:34.0703 1408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:39:34.0703 1408 PolicyAgent - ok
22:39:34.0781 1408 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:39:34.0796 1408 PptpMiniport - ok
22:39:34.0843 1408 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:39:34.0859 1408 Processor - ok
22:39:34.0906 1408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:39:34.0906 1408 ProtectedStorage - ok
22:39:35.0015 1408 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:39:35.0015 1408 PSched - ok
22:39:35.0093 1408 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:39:35.0093 1408 Ptilink - ok
22:39:35.0156 1408 [ DD37E1D9F08EEC0CB0FC84E010F33C3B ] pwd_2K C:\WINDOWS\system32\drivers\pwd_2K.sys
22:39:35.0156 1408 pwd_2K - ok
22:39:35.0250 1408 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
22:39:35.0250 1408 ql1080 - ok
22:39:35.0312 1408 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
22:39:35.0312 1408 Ql10wnt - ok
22:39:35.0375 1408 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
22:39:35.0375 1408 ql12160 - ok
22:39:35.0437 1408 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
22:39:35.0437 1408 ql1240 - ok
22:39:35.0500 1408 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
22:39:35.0515 1408 ql1280 - ok
22:39:35.0578 1408 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:39:35.0578 1408 RasAcd - ok
22:39:35.0671 1408 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:39:35.0687 1408 RasAuto - ok
22:39:35.0750 1408 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:39:35.0765 1408 Rasl2tp - ok
22:39:35.0843 1408 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:39:35.0843 1408 RasMan - ok
22:39:35.0906 1408 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:39:35.0906 1408 RasPppoe - ok
22:39:36.0015 1408 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:39:36.0015 1408 Raspti - ok
22:39:36.0062 1408 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:39:36.0062 1408 Rdbss - ok
22:39:36.0125 1408 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:39:36.0125 1408 RDPCDD - ok
22:39:36.0203 1408 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:39:36.0203 1408 rdpdr - ok
22:39:36.0281 1408 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:39:36.0296 1408 RDPWD - ok
22:39:36.0390 1408 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:39:36.0406 1408 RDSessMgr - ok
22:39:36.0468 1408 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:39:36.0468 1408 redbook - ok
22:39:36.0578 1408 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:39:36.0578 1408 RemoteAccess - ok
22:39:36.0625 1408 RimUsb - ok
22:39:36.0718 1408 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
22:39:36.0718 1408 RimVSerPort - ok
22:39:36.0812 1408 [ 4C35E57300A2DC5932A8E29EFA527C32 ] Rksample C:\WINDOWS\system32\DRIVERS\rksample.sys
22:39:36.0812 1408 Rksample - ok
22:39:36.0875 1408 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
22:39:36.0875 1408 ROOTMODEM - ok
22:39:36.0953 1408 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
22:39:36.0968 1408 RpcLocator - ok
22:39:37.0046 1408 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:39:37.0062 1408 RpcSs - ok
22:39:37.0171 1408 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
22:39:37.0187 1408 RSVP - ok
22:39:37.0234 1408 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:39:37.0234 1408 SamSs - ok
22:39:37.0296 1408 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:39:37.0312 1408 SCardSvr - ok
22:39:37.0390 1408 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:39:37.0406 1408 Schedule - ok
22:39:37.0515 1408 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:39:37.0515 1408 Secdrv - ok
22:39:37.0562 1408 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:39:37.0562 1408 seclogon - ok
22:39:37.0687 1408 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:39:37.0703 1408 SENS - ok
22:39:37.0796 1408 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:39:37.0796 1408 serenum - ok
22:39:37.0859 1408 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:39:37.0859 1408 Serial - ok
22:39:38.0015 1408 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:39:38.0015 1408 Sfloppy - ok
22:39:38.0109 1408 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:39:38.0109 1408 ShellHWDetection - ok
22:39:38.0187 1408 Simbad - ok
22:39:38.0250 1408 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
22:39:38.0265 1408 sisagp - ok
22:39:38.0343 1408 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:39:38.0343 1408 SLIP - ok
22:39:38.0531 1408 [ BD3E236281547C681DFC7C947531B726 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
22:39:38.0546 1408 smwdm - ok
22:39:38.0625 1408 [ 413CFA795CAD19A010889DF0EC060408 ] SoftFax C:\WINDOWS\system32\DRIVERS\faxnt.sys
22:39:38.0656 1408 SoftFax - ok
22:39:38.0734 1408 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
22:39:38.0734 1408 Sparrow - ok
22:39:38.0796 1408 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:39:38.0796 1408 splitter - ok
22:39:38.0890 1408 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:39:38.0906 1408 Spooler - ok
22:39:39.0000 1408 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:39:39.0000 1408 sr - ok
22:39:39.0078 1408 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:39:39.0093 1408 srservice - ok
22:39:39.0187 1408 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:39:39.0218 1408 Srv - ok
22:39:39.0296 1408 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:39:39.0312 1408 SSDPSRV - ok
22:39:39.0406 1408 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:39:39.0406 1408 ssmdrv - ok
22:39:39.0484 1408 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:39:39.0515 1408 stisvc - ok
22:39:39.0593 1408 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:39:39.0593 1408 streamip - ok
22:39:39.0671 1408 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:39:39.0671 1408 swenum - ok
22:39:39.0750 1408 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:39:39.0765 1408 swmidi - ok
22:39:39.0812 1408 SwPrv - ok
22:39:40.0140 1408 [ C1C706751F0499747DA9442C2679A0B7 ] Symantec Core LC C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
22:39:40.0203 1408 Symantec Core LC - ok
22:39:40.0296 1408 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
22:39:40.0296 1408 symc810 - ok
22:39:40.0359 1408 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
22:39:40.0375 1408 symc8xx - ok
22:39:40.0468 1408 [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd C:\WINDOWS\system32\drivers\symlcbrd.sys
22:39:40.0468 1408 symlcbrd - ok
22:39:40.0546 1408 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
22:39:40.0546 1408 sym_hi - ok
22:39:40.0609 1408 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
22:39:40.0609 1408 sym_u3 - ok
22:39:40.0671 1408 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:39:40.0671 1408 sysaudio - ok
22:39:40.0765 1408 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:39:40.0781 1408 SysmonLog - ok
22:39:40.0843 1408 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:39:40.0859 1408 TapiSrv - ok
22:39:40.0968 1408 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:39:41.0015 1408 Tcpip - ok
22:39:41.0093 1408 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:39:41.0093 1408 TDPIPE - ok
22:39:41.0156 1408 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:39:41.0171 1408 TDTCP - ok
22:39:41.0218 1408 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:39:41.0234 1408 TermDD - ok
22:39:41.0343 1408 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:39:41.0359 1408 TermService - ok
22:39:41.0437 1408 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:39:41.0437 1408 Themes - ok
22:39:41.0562 1408 [ E0F10A379239B4FAB319C55A9CD6BC96 ] Tones C:\WINDOWS\system32\DRIVERS\tonesnt.sys
22:39:41.0562 1408 Tones - ok
22:39:41.0625 1408 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
22:39:41.0625 1408 TosIde - ok
22:39:41.0687 1408 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:39:41.0687 1408 TrkWks - ok
22:39:41.0781 1408 [ 3AF8116D049E6F98A6D37913DA989984 ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
22:39:41.0796 1408 UdfReadr_xp - ok
22:39:41.0843 1408 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:39:41.0843 1408 Udfs - ok
22:39:41.0890 1408 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
22:39:41.0906 1408 ultra - ok
22:39:42.0046 1408 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:39:42.0078 1408 Update - ok
22:39:42.0156 1408 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:39:42.0171 1408 upnphost - ok
22:39:42.0234 1408 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:39:42.0234 1408 UPS - ok
22:39:42.0328 1408 USBAAPL - ok
22:39:42.0421 1408 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:39:42.0421 1408 usbaudio - ok
22:39:42.0484 1408 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:39:42.0484 1408 usbccgp - ok
22:39:42.0546 1408 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:39:42.0546 1408 usbhub - ok
22:39:42.0625 1408 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:39:42.0640 1408 usbprint - ok
22:39:42.0703 1408 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:39:42.0703 1408 usbscan - ok
22:39:42.0765 1408 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:39:42.0765 1408 USBSTOR - ok
22:39:42.0812 1408 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:39:42.0812 1408 usbuhci - ok
22:39:42.0890 1408 [ 177B65899D418F8C8F037B20567A99D6 ] V124 C:\WINDOWS\system32\DRIVERS\v124nt.sys
22:39:42.0921 1408 V124 - ok
22:39:42.0984 1408 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:39:42.0984 1408 VgaSave - ok
22:39:43.0062 1408 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
22:39:43.0062 1408 viaagp - ok
22:39:43.0187 1408 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
22:39:43.0187 1408 ViaIde - ok
22:39:43.0265 1408 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:39:43.0265 1408 VolSnap - ok
22:39:43.0312 1408 vsdatant - ok
22:39:43.0421 1408 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:39:43.0437 1408 VSS - ok
22:39:43.0500 1408 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
22:39:43.0515 1408 W32Time - ok
22:39:43.0578 1408 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:39:43.0578 1408 Wanarp - ok
22:39:43.0671 1408 [ 30211ADD92098D4B5CFADBF3DA01E69B ] wandrv C:\WINDOWS\system32\DRIVERS\wandrv.sys
22:39:43.0671 1408 wandrv - ok
22:39:43.0703 1408 WDICA - ok
22:39:43.0765 1408 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:39:43.0765 1408 wdmaud - ok
22:39:43.0843 1408 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:39:43.0843 1408 WebClient - ok
22:39:43.0921 1408 [ A941AA38E3951058E584C4BBDDD56ED9 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:39:43.0968 1408 winachsf - ok
22:39:44.0156 1408 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:39:44.0156 1408 winmgmt - ok
22:39:44.0296 1408 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:39:44.0296 1408 WmdmPmSN - ok
22:39:44.0406 1408 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:39:44.0406 1408 WmiApSrv - ok
22:39:44.0578 1408 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:39:44.0625 1408 WMPNetworkSvc - ok
22:39:44.0703 1408 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:39:44.0703 1408 WS2IFSL - ok
22:39:44.0781 1408 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:39:44.0781 1408 WSTCODEC - ok
22:39:44.0875 1408 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:39:44.0875 1408 WudfPf - ok
22:39:44.0953 1408 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:39:44.0953 1408 WudfRd - ok
22:39:45.0062 1408 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:39:45.0125 1408 WudfSvc - ok
22:39:45.0234 1408 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:39:45.0281 1408 WZCSVC - ok
22:39:45.0359 1408 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:39:45.0375 1408 xmlprov - ok
22:39:45.0500 1408 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:39:45.0562 1408 YahooAUService - ok
22:39:45.0656 1408 ================ Scan global ===============================
22:39:45.0703 1408 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:39:45.0796 1408 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:39:45.0859 1408 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:39:45.0906 1408 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:39:45.0906 1408 [Global] - ok
22:39:45.0921 1408 ================ Scan MBR ==================================
22:39:45.0968 1408 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:39:46.0218 1408 \Device\Harddisk0\DR0 - ok
22:39:46.0250 1408 ================ Scan VBR ==================================
22:39:46.0250 1408 [ 13E2385C734CB1A603584EB0EFA43D5F ] \Device\Harddisk0\DR0\Partition1
22:39:46.0250 1408 \Device\Harddisk0\DR0\Partition1 - ok
22:39:46.0265 1408 ============================================================
22:39:46.0265 1408 Scan finished
22:39:46.0265 1408 ============================================================
22:39:46.0343 1400 Detected object count: 1
22:39:46.0343 1400 Actual detected object count: 1
22:40:31.0484 1400 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
22:40:37.0062 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\@ - copied to quarantine
22:40:37.0109 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\Desktop.ini - copied to quarantine
22:40:37.0171 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\L\00000004.@ - copied to quarantine
22:40:37.0218 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\L\201d3dde - copied to quarantine
22:40:37.0250 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\L\akygdmgo - copied to quarantine
22:40:37.0265 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\U\00000004.@ - copied to quarantine
22:40:37.0296 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\U\00000008.@ - copied to quarantine
22:40:37.0312 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\U\000000cb.@ - copied to quarantine
22:40:37.0328 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\U\80000000.@ - copied to quarantine
22:40:37.0359 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\U\80000032.@ - copied to quarantine
22:40:55.0828 1400 Backup copy found, using it..
22:40:55.0859 1400 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
22:41:03.0468 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\@ - will be deleted on reboot
22:41:03.0515 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\Desktop.ini - will be deleted on reboot
22:41:03.0953 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\U\00000004.@ - will be deleted on reboot
22:41:03.0953 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\U\00000008.@ - will be deleted on reboot
22:41:03.0953 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\U\000000cb.@ - will be deleted on reboot
22:41:03.0953 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\U\80000000.@ - will be deleted on reboot
22:41:03.0953 1400 C:\WINDOWS\$NtUninstallKB53032$\2949406948\U\80000032.@ - will be deleted on reboot
22:41:03.0953 1400 C:\WINDOWS\$NtUninstallKB53032$\76290032 - will be deleted on reboot
22:41:09.0765 1400 IPSec ( Virus.Win32.ZAccess.k ) - User select action: Cure
22:41:45.0750 1352 Deinitialize success


MiniToolBox by Farbar Version: 23-07-2012
Ran by Randy Fisher (administrator) on 29-09-2012 at 19:58:30
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

ASIX AX88772 USB2.0 to Fast Ethernet Adapter = Local Area Connection 6 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Unable to contact IP driver, error code 2,

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/28/2012 02:04:11 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - There is not enough space on the disk.

Error: (09/28/2012 00:53:49 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - There is not enough space on the disk.

Error: (09/27/2012 10:51:10 PM) (Source: Application Error) (User: )
Description: Faulting application teatimer.exe, version 1.6.4.26, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [teatimer.exe!ws!]

Error: (09/27/2012 10:34:00 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - There is not enough space on the disk.

Error: (09/27/2012 10:26:36 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

Error: (09/27/2012 10:26:35 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

Error: (09/27/2012 10:26:35 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

Error: (09/27/2012 10:26:35 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

Error: (09/27/2012 10:26:34 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

Error: (09/27/2012 10:26:33 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.


System errors:
=============
Error: (09/29/2012 07:58:47 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1068

Error: (09/29/2012 07:58:47 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error:
%%2

Error: (09/29/2012 07:58:47 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC driver service failed to start due to the following error:
%%2

Error: (09/29/2012 07:58:47 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1068

Error: (09/29/2012 07:58:47 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error:
%%2

Error: (09/29/2012 07:58:47 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC driver service failed to start due to the following error:
%%2

Error: (09/29/2012 07:58:46 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1068

Error: (09/29/2012 07:58:46 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error:
%%2

Error: (09/29/2012 07:58:46 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC driver service failed to start due to the following error:
%%2

Error: (09/29/2012 07:58:46 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (09/28/2012 02:04:11 AM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: There is not enough space on the disk.

Error: (09/28/2012 00:53:49 AM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: There is not enough space on the disk.

Error: (09/27/2012 10:51:10 PM) (Source: Application Error)(User: )
Description: teatimer.exe1.6.4.26kernel32.dll5.1.2600.578100012afb

Error: (09/27/2012 10:34:00 PM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: There is not enough space on the disk.

Error: (09/27/2012 10:26:36 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThere is not enough space on the disk.

Error: (09/27/2012 10:26:35 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThere is not enough space on the disk.

Error: (09/27/2012 10:26:35 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThere is not enough space on the disk.

Error: (09/27/2012 10:26:35 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThere is not enough space on the disk.

Error: (09/27/2012 10:26:34 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThere is not enough space on the disk.

Error: (09/27/2012 10:26:33 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThere is not enough space on the disk.


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe® Photoshop® Album Starter Edition 3.0 (Version: 3.00.000)
Apple Software Update (Version: 2.1.2.120)
ATI Display Driver
Avira Free Antivirus (Version: 12.0.0.1199)
AX88772 (Version: 1.00.0000)
Conexant HSF V92 56K Data Fax PCI Modem
Dell Picture Studio - Image Expert 2000
DellTouch
Digital Blue™ PC Animation Station
Digital Blue™ PC Digital Movie Creator
DX-Ball 1.09
Easy CD Creator 5 Basic (Version: 5.0.0.0000)
Gradekeeper
Help and Support Customization (Version: 1.00.0000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 2002 (Version: 6.0.0.0000)
Microsoft PowerPoint Viewer 97
Microsoft Streets and Trips 2002 (Version: 9.00.17.0200)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2002 (Version: 10.0.2627.01)
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0 (Version: 06.00.0000)
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
Modem Helper
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
Shockwave
Shockwave Player (Version: 8.5.0.326)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player (Remove Only)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061017.133151)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinZip (Version: 8.1 (4331))
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)
XVID CodecPack
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 255.3 MB
Available physical RAM: 78.99 MB
Total Pagefile: 618.67 MB
Available Pagefile: 335.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.23 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.24 GB) (Free:0.02 GB) NTFS
4 Drive e: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.55 GB) FAT32

========================= Users: ========================================

User accounts for \\RANDAL

Administrator Guest HelpAssistant
Randy Fisher SUPPORT_388945a0 SUPPORT_3f151ab9

========================= Restore Points ==================================


**** End of log ****

Farbar Service Scanner Version: 19-09-2012
Ran by Randy Fisher (administrator) on 29-09-2012 at 20:00:35
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec: "system32\drivers\tsk3.tmp".


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 PM

Posted 29 September 2012 - 08:33 PM

Download

ipsec.reg

Launch it and click YES

Restart the PC and post the new FSS log

Run TDSSkiller again and post the new log

#5 bob marley

bob marley
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 30 September 2012 - 01:05 AM

Farbar Service Scanner Version: 19-09-2012
Ran by Randy Fisher (administrator) on 30-09-2012 at 01:44:37
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(5) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
ATTENTION!=====> IpSec Tag value should be 4.

**** End of log ****

01:52:12.0750 1436 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
01:52:13.0031 1436 ============================================================
01:52:13.0031 1436 Current date / time: 2012/09/30 01:52:13.0031
01:52:13.0031 1436 SystemInfo:
01:52:13.0031 1436
01:52:13.0031 1436 OS Version: 5.1.2600 ServicePack: 3.0
01:52:13.0031 1436 Product type: Workstation
01:52:13.0031 1436 ComputerName: RANDAL
01:52:13.0031 1436 UserName: Randy Fisher
01:52:13.0031 1436 Windows directory: C:\WINDOWS
01:52:13.0031 1436 System windows directory: C:\WINDOWS
01:52:13.0031 1436 Processor architecture: Intel x86
01:52:13.0031 1436 Number of processors: 1
01:52:13.0031 1436 Page size: 0x1000
01:52:13.0031 1436 Boot type: Normal boot
01:52:13.0031 1436 ============================================================
01:52:24.0125 1436 BG loaded
01:52:27.0500 1436 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:52:27.0531 1436 Drive \Device\Harddisk1\DR3 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:52:27.0546 1436 ============================================================
01:52:27.0546 1436 \Device\Harddisk0\DR0:
01:52:27.0546 1436 MBR partitions:
01:52:27.0546 1436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A796BD
01:52:27.0546 1436 \Device\Harddisk1\DR3:
01:52:27.0562 1436 MBR partitions:
01:52:27.0562 1436 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x74E8C0
01:52:27.0562 1436 ============================================================
01:52:27.0718 1436 C: <-> \Device\Harddisk0\DR0\Partition1
01:52:28.0015 1436 ============================================================
01:52:28.0015 1436 Initialize success
01:52:28.0015 1436 ============================================================
01:52:45.0375 1568 ============================================================
01:52:45.0375 1568 Scan started
01:52:45.0375 1568 Mode: Manual;
01:52:45.0375 1568 ============================================================
01:52:49.0500 1568 ================ Scan system memory ========================
01:52:49.0500 1568 System memory - ok
01:52:49.0515 1568 ================ Scan services =============================
01:52:52.0531 1568 41145335 - ok
01:52:52.0578 1568 Abiosdsk - ok
01:52:52.0781 1568 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
01:52:52.0921 1568 abp480n5 - ok
01:52:53.0140 1568 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
01:52:53.0234 1568 ac97intc - ok
01:52:53.0640 1568 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:52:53.0734 1568 ACPI - ok
01:52:53.0968 1568 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
01:52:54.0109 1568 ACPIEC - ok
01:52:54.0265 1568 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
01:52:54.0437 1568 adpu160m - ok
01:52:54.0500 1568 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
01:52:54.0500 1568 aec - ok
01:52:54.0718 1568 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
01:52:54.0953 1568 AFD - ok
01:52:55.0187 1568 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
01:52:55.0359 1568 agp440 - ok
01:52:55.0546 1568 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
01:52:55.0578 1568 agpCPQ - ok
01:52:55.0796 1568 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
01:52:55.0890 1568 Aha154x - ok
01:52:56.0015 1568 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
01:52:56.0156 1568 aic78u2 - ok
01:52:56.0218 1568 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
01:52:56.0234 1568 aic78xx - ok
01:52:56.0312 1568 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
01:52:56.0453 1568 Alerter - ok
01:52:56.0546 1568 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
01:52:56.0593 1568 ALG - ok
01:52:56.0656 1568 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
01:52:56.0656 1568 AliIde - ok
01:52:56.0765 1568 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
01:52:56.0781 1568 alim1541 - ok
01:52:56.0812 1568 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
01:52:56.0812 1568 amdagp - ok
01:52:56.0843 1568 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
01:52:56.0843 1568 amsint - ok
01:52:57.0265 1568 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
01:52:57.0281 1568 AntiVirSchedulerService - ok
01:52:57.0343 1568 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
01:52:57.0468 1568 AntiVirService - ok
01:52:57.0500 1568 AppMgmt - ok
01:52:57.0562 1568 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
01:52:57.0562 1568 asc - ok
01:52:57.0593 1568 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
01:52:57.0593 1568 asc3350p - ok
01:52:57.0750 1568 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
01:52:57.0984 1568 asc3550 - ok
01:52:58.0375 1568 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:52:58.0671 1568 aspnet_state - ok
01:52:58.0828 1568 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:52:58.0906 1568 AsyncMac - ok
01:52:59.0015 1568 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
01:52:59.0015 1568 atapi - ok
01:52:59.0109 1568 Atdisk - ok
01:52:59.0281 1568 [ 9027AE586EF5F0E6A40175E92917B44C ] ati2mpaa C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys
01:52:59.0312 1568 ati2mpaa - ok
01:52:59.0546 1568 [ 7E49CA74AD10AB761D620DB5B02765CF ] ati2mtaa C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
01:52:59.0578 1568 ati2mtaa - ok
01:52:59.0625 1568 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:52:59.0625 1568 Atmarpc - ok
01:52:59.0781 1568 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
01:52:59.0953 1568 AudioSrv - ok
01:53:00.0046 1568 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
01:53:00.0062 1568 audstub - ok
01:53:00.0187 1568 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
01:53:00.0187 1568 avgntflt - ok
01:53:00.0296 1568 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
01:53:00.0312 1568 avipbb - ok
01:53:00.0453 1568 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
01:53:00.0453 1568 avkmgr - ok
01:53:01.0109 1568 [ 35C86DEE8492D04AD9918329C4ECAF8A ] AX88772 C:\WINDOWS\system32\DRIVERS\ax88772.sys
01:53:01.0156 1568 AX88772 - ok
01:53:01.0296 1568 [ 9372CC48814A17E67C28945EB4ACC189 ] basic2 C:\WINDOWS\system32\DRIVERS\basic2.sys
01:53:01.0328 1568 basic2 - ok
01:53:01.0484 1568 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:53:01.0484 1568 Beep - ok
01:53:01.0593 1568 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
01:53:01.0671 1568 Browser - ok
01:53:01.0828 1568 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
01:53:01.0906 1568 BVRPMPR5 - ok
01:53:02.0015 1568 [ C043CA48F1F5C00FF8272180FBBD15E9 ] bvrp_pci C:\WINDOWS\system32\drivers\bvrp_pci.sys
01:53:02.0031 1568 bvrp_pci - ok
01:53:02.0140 1568 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
01:53:02.0218 1568 cbidf - ok
01:53:02.0265 1568 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
01:53:02.0265 1568 cbidf2k - ok
01:53:02.0406 1568 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:53:02.0421 1568 CCDECODE - ok
01:53:02.0468 1568 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
01:53:02.0500 1568 cd20xrnt - ok
01:53:02.0593 1568 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
01:53:02.0593 1568 Cdaudio - ok
01:53:02.0640 1568 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
01:53:02.0703 1568 Cdfs - ok
01:53:02.0859 1568 [ 837EEF65AF62D4E8A37C41D3879F7274 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
01:53:02.0875 1568 Cdr4_xp - ok
01:53:02.0921 1568 [ 579DA2F9F5401F55DAE2CF8779D61DFC ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
01:53:02.0953 1568 Cdralw2k - ok
01:53:03.0031 1568 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:53:03.0046 1568 Cdrom - ok
01:53:03.0156 1568 [ 5B20A47B0413240CDB93106BD58602A1 ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
01:53:03.0250 1568 cdudf_xp - ok
01:53:03.0281 1568 Changer - ok
01:53:03.0546 1568 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe
01:53:03.0625 1568 cisvc - ok
01:53:03.0765 1568 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
01:53:03.0828 1568 ClipSrv - ok
01:53:03.0921 1568 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:53:04.0265 1568 clr_optimization_v2.0.50727_32 - ok
01:53:04.0328 1568 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
01:53:04.0375 1568 CmdIde - ok
01:53:04.0390 1568 COMSysApp - ok
01:53:04.0500 1568 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
01:53:04.0515 1568 Cpqarray - ok
01:53:04.0640 1568 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
01:53:04.0640 1568 CryptSvc - ok
01:53:04.0687 1568 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
01:53:04.0765 1568 dac2w2k - ok
01:53:05.0062 1568 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
01:53:05.0125 1568 dac960nt - ok
01:53:05.0140 1568 DCamUSBCompany - ok
01:53:05.0406 1568 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:53:05.0906 1568 DcomLaunch - ok
01:53:06.0046 1568 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
01:53:06.0078 1568 Dhcp - ok
01:53:06.0171 1568 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
01:53:06.0171 1568 Disk - ok
01:53:06.0203 1568 dmadmin - ok
01:53:06.0625 1568 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
01:53:07.0000 1568 dmboot - ok
01:53:07.0093 1568 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
01:53:07.0093 1568 dmio - ok
01:53:07.0343 1568 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
01:53:07.0343 1568 dmload - ok
01:53:07.0468 1568 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
01:53:07.0468 1568 dmserver - ok
01:53:07.0531 1568 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
01:53:07.0531 1568 DMusic - ok
01:53:07.0671 1568 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:53:07.0687 1568 Dnscache - ok
01:53:07.0750 1568 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
01:53:07.0765 1568 Dot3svc - ok
01:53:07.0812 1568 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
01:53:07.0859 1568 dpti2o - ok
01:53:07.0906 1568 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
01:53:07.0921 1568 drmkaud - ok
01:53:08.0015 1568 [ 3677E155D87DDA2BC53142D7D234D12A ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
01:53:08.0031 1568 dvd_2K - ok
01:53:08.0109 1568 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
01:53:08.0140 1568 EapHost - ok
01:53:08.0187 1568 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
01:53:08.0203 1568 EL90XBC - ok
01:53:08.0296 1568 [ F9472131367D39435D750F5FA3D23582 ] Eplpdx02 C:\WINDOWS\System32\Drivers\EPLPDX02.SYS
01:53:08.0328 1568 Eplpdx02 - ok
01:53:08.0421 1568 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
01:53:08.0437 1568 ERSvc - ok
01:53:08.0515 1568 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
01:53:08.0546 1568 Eventlog - ok
01:53:08.0640 1568 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
01:53:08.0656 1568 EventSystem - ok
01:53:08.0703 1568 [ 9EA76A7F28CD968F8ADC709E479F23B2 ] Fallback C:\WINDOWS\system32\DRIVERS\fallback.sys
01:53:08.0750 1568 Fallback - ok
01:53:08.0859 1568 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
01:53:08.0859 1568 Fastfat - ok
01:53:08.0953 1568 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
01:53:08.0968 1568 FastUserSwitchingCompatibility - ok
01:53:09.0015 1568 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
01:53:09.0046 1568 Fdc - ok
01:53:09.0078 1568 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
01:53:09.0093 1568 Fips - ok
01:53:09.0156 1568 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:53:09.0156 1568 Flpydisk - ok
01:53:09.0250 1568 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
01:53:09.0265 1568 FltMgr - ok
01:53:09.0484 1568 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:53:09.0687 1568 FontCache3.0.0.0 - ok
01:53:09.0796 1568 [ B7B262D0431374F3AFD1349E35B368D9 ] Fsks C:\WINDOWS\system32\DRIVERS\fsksnt.sys
01:53:09.0796 1568 Fsks - ok
01:53:09.0843 1568 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:53:09.0843 1568 Fs_Rec - ok
01:53:09.0906 1568 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:53:09.0906 1568 Ftdisk - ok
01:53:09.0968 1568 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:53:09.0968 1568 GEARAspiWDM - ok
01:53:10.0062 1568 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:53:10.0062 1568 Gpc - ok
01:53:10.0187 1568 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:53:10.0203 1568 helpsvc - ok
01:53:10.0234 1568 HidServ - ok
01:53:10.0265 1568 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:53:10.0312 1568 HidUsb - ok
01:53:10.0375 1568 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
01:53:10.0406 1568 hkmsvc - ok
01:53:10.0453 1568 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
01:53:10.0484 1568 hpn - ok
01:53:10.0531 1568 [ B077B7F8E79779EA967E84A4FC040227 ] hpt3xx C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
01:53:10.0546 1568 hpt3xx - ok
01:53:10.0734 1568 [ 74E379857D4C0DFB56DE2D19B8F4C434 ] hsf_msft C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
01:53:10.0968 1568 hsf_msft - ok
01:53:11.0109 1568 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
01:53:11.0203 1568 HTTP - ok
01:53:11.0281 1568 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
01:53:11.0312 1568 HTTPFilter - ok
01:53:11.0437 1568 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
01:53:11.0437 1568 i2omgmt - ok
01:53:11.0500 1568 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
01:53:11.0531 1568 i2omp - ok
01:53:11.0593 1568 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:53:11.0625 1568 i8042prt - ok
01:53:11.0718 1568 [ 937C7E0D5A684AF39430ED27E1E825B8 ] idmc1aud C:\WINDOWS\system32\drivers\idmc1aud.sys
01:53:11.0718 1568 idmc1aud - ok
01:53:11.0875 1568 [ A05E44A7FF85E5B60534658B53E4D8C6 ] IDMC1Blk C:\WINDOWS\system32\DRIVERS\IDMC1Blk.sys
01:53:11.0921 1568 IDMC1Blk - ok
01:53:12.0328 1568 [ 75D4621B1D3602688DB04E62D125FAFC ] IDMC1Vxp C:\WINDOWS\system32\DRIVERS\idmc1vme.sys
01:53:12.0546 1568 IDMC1Vxp - ok
01:53:12.0906 1568 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
01:53:13.0046 1568 IDriverT - ok
01:53:13.0484 1568 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:53:14.0015 1568 idsvc - ok
01:53:14.0078 1568 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
01:53:14.0093 1568 Imapi - ok
01:53:14.0171 1568 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
01:53:14.0218 1568 ImapiService - ok
01:53:14.0375 1568 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
01:53:14.0406 1568 ini910u - ok
01:53:14.0531 1568 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
01:53:14.0546 1568 IntelIde - ok
01:53:14.0625 1568 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
01:53:14.0656 1568 ip6fw - ok
01:53:14.0718 1568 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:53:14.0734 1568 IpFilterDriver - ok
01:53:14.0796 1568 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:53:14.0812 1568 IpInIp - ok
01:53:14.0906 1568 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:53:14.0968 1568 IpNat - ok
01:53:15.0015 1568 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:53:15.0078 1568 IPSec - ok
01:53:15.0171 1568 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
01:53:15.0187 1568 IRENUM - ok
01:53:15.0250 1568 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:53:15.0265 1568 isapnp - ok
01:53:15.0359 1568 [ A4E3277398C8ABA999483D4C658C9696 ] K56 C:\WINDOWS\system32\DRIVERS\k56nt.sys
01:53:15.0578 1568 K56 - ok
01:53:15.0640 1568 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:53:15.0656 1568 Kbdclass - ok
01:53:15.0734 1568 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
01:53:15.0765 1568 kmixer - ok
01:53:15.0843 1568 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
01:53:15.0921 1568 KSecDD - ok
01:53:16.0078 1568 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
01:53:16.0125 1568 lanmanserver - ok
01:53:16.0234 1568 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
01:53:16.0296 1568 lanmanworkstation - ok
01:53:16.0328 1568 lbrtfdc - ok
01:53:16.0546 1568 [ 20155A2B80C6C3C6284CB158FF998700 ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
01:53:16.0656 1568 LexBceS - ok
01:53:16.0859 1568 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
01:53:16.0859 1568 LmHosts - ok
01:53:16.0937 1568 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
01:53:17.0015 1568 Messenger - ok
01:53:17.0078 1568 [ A54FD7E564C996CFCEE6EE7491F3C318 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
01:53:17.0140 1568 mmc_2K - ok
01:53:17.0296 1568 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
01:53:17.0343 1568 mnmdd - ok
01:53:17.0531 1568 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
01:53:17.0578 1568 mnmsrvc - ok
01:53:17.0687 1568 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
01:53:17.0687 1568 Modem - ok
01:53:17.0875 1568 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:53:17.0890 1568 Mouclass - ok
01:53:17.0968 1568 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:53:17.0984 1568 mouhid - ok
01:53:18.0046 1568 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
01:53:18.0062 1568 MountMgr - ok
01:53:18.0187 1568 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
01:53:18.0265 1568 mraid35x - ok
01:53:18.0312 1568 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:53:18.0328 1568 MRxDAV - ok
01:53:18.0593 1568 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:53:18.0906 1568 MRxSmb - ok
01:53:19.0046 1568 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
01:53:19.0218 1568 MSDTC - ok
01:53:19.0296 1568 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:53:19.0312 1568 Msfs - ok
01:53:19.0406 1568 [ 877FFD0FB093B80F5ED6BA64D7921881 ] Msikbd2k C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
01:53:19.0406 1568 Msikbd2k - ok
01:53:19.0437 1568 MSIServer - ok
01:53:19.0500 1568 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:53:19.0500 1568 MSKSSRV - ok
01:53:19.0578 1568 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:53:19.0640 1568 MSPCLOCK - ok
01:53:19.0750 1568 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
01:53:19.0781 1568 MSPQM - ok
01:53:19.0859 1568 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:53:19.0875 1568 mssmbios - ok
01:53:19.0921 1568 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
01:53:19.0921 1568 MSTEE - ok
01:53:20.0015 1568 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
01:53:20.0015 1568 Mup - ok
01:53:20.0062 1568 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:53:20.0078 1568 NABTSFEC - ok
01:53:20.0140 1568 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
01:53:20.0234 1568 napagent - ok
01:53:20.0328 1568 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
01:53:20.0328 1568 NDIS - ok
01:53:20.0375 1568 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:53:20.0390 1568 NdisIP - ok
01:53:20.0437 1568 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:53:20.0437 1568 NdisTapi - ok
01:53:20.0656 1568 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:53:20.0671 1568 Ndisuio - ok
01:53:20.0734 1568 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:53:20.0734 1568 NdisWan - ok
01:53:20.0812 1568 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
01:53:20.0937 1568 NDProxy - ok
01:53:21.0000 1568 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
01:53:21.0015 1568 NetBIOS - ok
01:53:21.0078 1568 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:53:21.0078 1568 NetBT - ok
01:53:21.0203 1568 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
01:53:21.0218 1568 NetDDE - ok
01:53:21.0250 1568 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
01:53:21.0250 1568 NetDDEdsdm - ok
01:53:21.0328 1568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
01:53:21.0343 1568 Netlogon - ok
01:53:21.0437 1568 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
01:53:21.0468 1568 Netman - ok
01:53:21.0578 1568 [ 7E2F487A2069A4E7158C3A972F48B5E3 ] netrcacm C:\WINDOWS\system32\DRIVERS\netrcacm.sys
01:53:21.0609 1568 netrcacm - ok
01:53:21.0750 1568 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:53:21.0781 1568 NetTcpPortSharing - ok
01:53:21.0828 1568 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
01:53:21.0890 1568 Nla - ok
01:53:21.0968 1568 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:53:21.0968 1568 Npfs - ok
01:53:22.0046 1568 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
01:53:22.0171 1568 Ntfs - ok
01:53:22.0218 1568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
01:53:22.0218 1568 NtLmSsp - ok
01:53:22.0359 1568 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
01:53:22.0421 1568 NtmsSvc - ok
01:53:22.0453 1568 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
01:53:22.0453 1568 Null - ok
01:53:23.0312 1568 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:53:24.0109 1568 nv - ok
01:53:24.0250 1568 [ 4D31783965B0B7CED7DB3F4EE14CF260 ] nv4 C:\WINDOWS\system32\DRIVERS\nv4.sys
01:53:24.0515 1568 nv4 - ok
01:53:24.0609 1568 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:53:24.0609 1568 NwlnkFlt - ok
01:53:24.0640 1568 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:53:24.0640 1568 NwlnkFwd - ok
01:53:24.0750 1568 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
01:53:24.0750 1568 P3 - ok
01:53:24.0796 1568 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
01:53:24.0796 1568 Parport - ok
01:53:24.0843 1568 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
01:53:24.0843 1568 PartMgr - ok
01:53:24.0921 1568 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
01:53:24.0921 1568 ParVdm - ok
01:53:25.0000 1568 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
01:53:25.0000 1568 PCI - ok
01:53:25.0046 1568 PCIDump - ok
01:53:25.0078 1568 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\System32\DRIVERS\pciide.sys
01:53:25.0093 1568 PCIIde - ok
01:53:25.0140 1568 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
01:53:25.0156 1568 Pcmcia - ok
01:53:25.0187 1568 PDCOMP - ok
01:53:25.0218 1568 PDFRAME - ok
01:53:25.0250 1568 PDRELI - ok
01:53:25.0296 1568 PDRFRAME - ok
01:53:25.0343 1568 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
01:53:25.0343 1568 perc2 - ok
01:53:25.0375 1568 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
01:53:25.0375 1568 perc2hib - ok
01:53:25.0484 1568 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
01:53:25.0484 1568 PlugPlay - ok
01:53:25.0531 1568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
01:53:25.0531 1568 PolicyAgent - ok
01:53:25.0625 1568 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:53:25.0640 1568 PptpMiniport - ok
01:53:25.0687 1568 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
01:53:25.0687 1568 Processor - ok
01:53:25.0734 1568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
01:53:25.0734 1568 ProtectedStorage - ok
01:53:25.0796 1568 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
01:53:25.0796 1568 PSched - ok
01:53:25.0859 1568 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:53:25.0875 1568 Ptilink - ok
01:53:25.0906 1568 [ DD37E1D9F08EEC0CB0FC84E010F33C3B ] pwd_2K C:\WINDOWS\system32\drivers\pwd_2K.sys
01:53:25.0906 1568 pwd_2K - ok
01:53:25.0968 1568 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
01:53:25.0968 1568 ql1080 - ok
01:53:26.0015 1568 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
01:53:26.0015 1568 Ql10wnt - ok
01:53:26.0046 1568 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
01:53:26.0046 1568 ql12160 - ok
01:53:26.0078 1568 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
01:53:26.0078 1568 ql1240 - ok
01:53:26.0125 1568 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
01:53:26.0125 1568 ql1280 - ok
01:53:26.0171 1568 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:53:26.0171 1568 RasAcd - ok
01:53:26.0250 1568 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:53:26.0265 1568 RasAuto - ok
01:53:26.0296 1568 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:53:26.0312 1568 Rasl2tp - ok
01:53:26.0390 1568 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
01:53:26.0390 1568 RasMan - ok
01:53:26.0437 1568 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:53:26.0437 1568 RasPppoe - ok
01:53:26.0500 1568 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
01:53:26.0500 1568 Raspti - ok
01:53:26.0562 1568 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:53:26.0562 1568 Rdbss - ok
01:53:26.0578 1568 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:53:26.0593 1568 RDPCDD - ok
01:53:26.0656 1568 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:53:26.0656 1568 rdpdr - ok
01:53:26.0734 1568 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
01:53:26.0750 1568 RDPWD - ok
01:53:26.0828 1568 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
01:53:26.0828 1568 RDSessMgr - ok
01:53:26.0906 1568 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
01:53:26.0906 1568 redbook - ok
01:53:26.0984 1568 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:53:27.0000 1568 RemoteAccess - ok
01:53:27.0031 1568 RimUsb - ok
01:53:27.0109 1568 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
01:53:27.0109 1568 RimVSerPort - ok
01:53:27.0140 1568 [ 4C35E57300A2DC5932A8E29EFA527C32 ] Rksample C:\WINDOWS\system32\DRIVERS\rksample.sys
01:53:27.0140 1568 Rksample - ok
01:53:27.0218 1568 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
01:53:27.0218 1568 ROOTMODEM - ok
01:53:27.0312 1568 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
01:53:27.0312 1568 RpcLocator - ok
01:53:27.0375 1568 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
01:53:27.0375 1568 RpcSs - ok
01:53:27.0453 1568 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
01:53:27.0468 1568 RSVP - ok
01:53:27.0500 1568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
01:53:27.0500 1568 SamSs - ok
01:53:27.0562 1568 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
01:53:27.0593 1568 SCardSvr - ok
01:53:27.0703 1568 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:53:27.0734 1568 Schedule - ok
01:53:27.0828 1568 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:53:27.0828 1568 Secdrv - ok
01:53:27.0875 1568 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
01:53:27.0890 1568 seclogon - ok
01:53:27.0921 1568 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
01:53:27.0937 1568 SENS - ok
01:53:28.0000 1568 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
01:53:28.0000 1568 serenum - ok
01:53:28.0046 1568 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
01:53:28.0046 1568 Serial - ok
01:53:28.0187 1568 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
01:53:28.0187 1568 Sfloppy - ok
01:53:28.0250 1568 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:53:28.0250 1568 ShellHWDetection - ok
01:53:28.0281 1568 Simbad - ok
01:53:28.0375 1568 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
01:53:28.0390 1568 sisagp - ok
01:53:28.0437 1568 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:53:28.0453 1568 SLIP - ok
01:53:28.0593 1568 [ BD3E236281547C681DFC7C947531B726 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
01:53:28.0640 1568 smwdm - ok
01:53:28.0687 1568 [ 413CFA795CAD19A010889DF0EC060408 ] SoftFax C:\WINDOWS\system32\DRIVERS\faxnt.sys
01:53:28.0718 1568 SoftFax - ok
01:53:28.0765 1568 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
01:53:28.0781 1568 Sparrow - ok
01:53:28.0828 1568 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
01:53:28.0828 1568 splitter - ok
01:53:28.0906 1568 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
01:53:28.0906 1568 Spooler - ok
01:53:28.0984 1568 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
01:53:28.0984 1568 sr - ok
01:53:29.0046 1568 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
01:53:29.0062 1568 srservice - ok
01:53:29.0156 1568 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:53:29.0187 1568 Srv - ok
01:53:29.0234 1568 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:53:29.0234 1568 SSDPSRV - ok
01:53:29.0312 1568 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
01:53:29.0312 1568 ssmdrv - ok
01:53:29.0437 1568 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
01:53:29.0578 1568 stisvc - ok
01:53:29.0640 1568 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:53:29.0640 1568 streamip - ok
01:53:29.0703 1568 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
01:53:29.0703 1568 swenum - ok
01:53:29.0734 1568 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
01:53:29.0734 1568 swmidi - ok
01:53:29.0765 1568 SwPrv - ok
01:53:30.0218 1568 [ C1C706751F0499747DA9442C2679A0B7 ] Symantec Core LC C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
01:53:30.0625 1568 Symantec Core LC - ok
01:53:30.0671 1568 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
01:53:30.0687 1568 symc810 - ok
01:53:30.0734 1568 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
01:53:30.0734 1568 symc8xx - ok
01:53:30.0796 1568 [ B226F8A4D780ACDF76145B58BB791D5B ] symlcbrd C:\WINDOWS\system32\drivers\symlcbrd.sys
01:53:30.0812 1568 symlcbrd - ok
01:53:30.0859 1568 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
01:53:30.0875 1568 sym_hi - ok
01:53:30.0921 1568 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
01:53:30.0937 1568 sym_u3 - ok
01:53:30.0968 1568 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
01:53:31.0000 1568 sysaudio - ok
01:53:31.0078 1568 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
01:53:31.0093 1568 SysmonLog - ok
01:53:31.0140 1568 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:53:31.0156 1568 TapiSrv - ok
01:53:31.0265 1568 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:53:31.0390 1568 Tcpip - ok
01:53:31.0453 1568 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
01:53:31.0468 1568 TDPIPE - ok
01:53:31.0515 1568 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
01:53:31.0515 1568 TDTCP - ok
01:53:31.0562 1568 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
01:53:31.0562 1568 TermDD - ok
01:53:31.0734 1568 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
01:53:31.0843 1568 TermService - ok
01:53:31.0875 1568 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
01:53:31.0890 1568 Themes - ok
01:53:31.0984 1568 [ E0F10A379239B4FAB319C55A9CD6BC96 ] Tones C:\WINDOWS\system32\DRIVERS\tonesnt.sys
01:53:31.0984 1568 Tones - ok
01:53:32.0031 1568 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
01:53:32.0031 1568 TosIde - ok
01:53:32.0093 1568 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
01:53:32.0125 1568 TrkWks - ok
01:53:32.0218 1568 [ 3AF8116D049E6F98A6D37913DA989984 ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
01:53:32.0281 1568 UdfReadr_xp - ok
01:53:32.0312 1568 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
01:53:32.0312 1568 Udfs - ok
01:53:32.0359 1568 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
01:53:32.0359 1568 ultra - ok
01:53:32.0453 1568 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
01:53:32.0468 1568 Update - ok
01:53:32.0531 1568 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
01:53:32.0531 1568 upnphost - ok
01:53:32.0687 1568 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
01:53:32.0718 1568 UPS - ok
01:53:32.0765 1568 USBAAPL - ok
01:53:32.0859 1568 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
01:53:32.0875 1568 usbaudio - ok
01:53:32.0921 1568 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:53:32.0937 1568 usbccgp - ok
01:53:33.0000 1568 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:53:33.0015 1568 usbhub - ok
01:53:33.0078 1568 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:53:33.0093 1568 usbprint - ok
01:53:33.0156 1568 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:53:33.0187 1568 usbscan - ok
01:53:33.0281 1568 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:53:33.0296 1568 USBSTOR - ok
01:53:33.0343 1568 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:53:33.0359 1568 usbuhci - ok
01:53:33.0562 1568 [ 177B65899D418F8C8F037B20567A99D6 ] V124 C:\WINDOWS\system32\DRIVERS\v124nt.sys
01:53:33.0921 1568 V124 - ok
01:53:33.0984 1568 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
01:53:34.0015 1568 VgaSave - ok
01:53:34.0109 1568 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
01:53:34.0125 1568 viaagp - ok
01:53:34.0171 1568 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
01:53:34.0171 1568 ViaIde - ok
01:53:34.0296 1568 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
01:53:34.0328 1568 VolSnap - ok
01:53:34.0359 1568 vsdatant - ok
01:53:34.0546 1568 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
01:53:34.0781 1568 VSS - ok
01:53:34.0968 1568 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
01:53:35.0109 1568 W32Time - ok
01:53:35.0171 1568 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:53:35.0203 1568 Wanarp - ok
01:53:35.0296 1568 [ 30211ADD92098D4B5CFADBF3DA01E69B ] wandrv C:\WINDOWS\system32\DRIVERS\wandrv.sys
01:53:35.0312 1568 wandrv - ok
01:53:35.0343 1568 WDICA - ok
01:53:35.0406 1568 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
01:53:35.0437 1568 wdmaud - ok
01:53:35.0515 1568 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
01:53:35.0546 1568 WebClient - ok
01:53:35.0796 1568 [ A941AA38E3951058E584C4BBDDD56ED9 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
01:53:36.0140 1568 winachsf - ok
01:53:36.0375 1568 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:53:36.0421 1568 winmgmt - ok
01:53:36.0546 1568 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
01:53:36.0562 1568 WmdmPmSN - ok
01:53:36.0656 1568 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
01:53:36.0671 1568 WmiApSrv - ok
01:53:37.0078 1568 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
01:53:37.0515 1568 WMPNetworkSvc - ok
01:53:37.0546 1568 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:53:37.0562 1568 WS2IFSL - ok
01:53:37.0656 1568 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:53:37.0656 1568 WSTCODEC - ok
01:53:37.0734 1568 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:53:37.0750 1568 WudfPf - ok
01:53:37.0812 1568 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:53:37.0828 1568 WudfRd - ok
01:53:37.0890 1568 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
01:53:37.0937 1568 WudfSvc - ok
01:53:38.0125 1568 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
01:53:38.0406 1568 WZCSVC - ok
01:53:38.0531 1568 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
01:53:38.0546 1568 xmlprov - ok
01:53:38.0796 1568 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:53:39.0093 1568 YahooAUService - ok
01:53:39.0171 1568 ================ Scan global ===============================
01:53:39.0296 1568 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
01:53:39.0437 1568 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
01:53:39.0578 1568 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
01:53:39.0625 1568 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
01:53:39.0640 1568 [Global] - ok
01:53:39.0656 1568 ================ Scan MBR ==================================
01:53:39.0687 1568 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
01:53:40.0796 1568 \Device\Harddisk0\DR0 - ok
01:53:40.0859 1568 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
01:53:46.0875 1568 \Device\Harddisk1\DR3 - ok
01:53:46.0890 1568 ================ Scan VBR ==================================
01:53:46.0921 1568 [ 13E2385C734CB1A603584EB0EFA43D5F ] \Device\Harddisk0\DR0\Partition1
01:53:46.0937 1568 \Device\Harddisk0\DR0\Partition1 - ok
01:53:46.0953 1568 [ 0E90E536A16E075C08D89AD254FA0110 ] \Device\Harddisk1\DR3\Partition1
01:53:46.0968 1568 \Device\Harddisk1\DR3\Partition1 - ok
01:53:46.0968 1568 ================ Scan active images ========================
01:53:46.0984 1568 [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys
01:53:46.0984 1568 C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys - ok
01:53:47.0015 1568 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\SYSTEM32\DRIVERS\videoprt.sys
01:53:47.0015 1568 C:\WINDOWS\SYSTEM32\DRIVERS\videoprt.sys - ok
01:53:47.0031 1568 [ 7E49CA74AD10AB761D620DB5B02765CF ] C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys
01:53:47.0031 1568 C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys - ok
01:53:47.0062 1568 [ 9372CC48814A17E67C28945EB4ACC189 ] C:\WINDOWS\SYSTEM32\DRIVERS\basic2.sys
01:53:47.0062 1568 C:\WINDOWS\SYSTEM32\DRIVERS\basic2.sys - ok
01:53:47.0078 1568 [ F270A6CEEEBBAAF8D5633BDA2CA01A60 ] C:\WINDOWS\SYSTEM32\DRIVERS\soar.sys
01:53:47.0078 1568 C:\WINDOWS\SYSTEM32\DRIVERS\soar.sys - ok
01:53:47.0109 1568 [ 76C432D458995DCBF17F7AED9766F9E6 ] C:\WINDOWS\SYSTEM32\DRIVERS\amosnt.sys
01:53:47.0109 1568 C:\WINDOWS\SYSTEM32\DRIVERS\amosnt.sys - ok
01:53:47.0125 1568 [ 4C35E57300A2DC5932A8E29EFA527C32 ] C:\WINDOWS\SYSTEM32\DRIVERS\rksample.sys
01:53:47.0125 1568 C:\WINDOWS\SYSTEM32\DRIVERS\rksample.sys - ok
01:53:47.0156 1568 [ A941AA38E3951058E584C4BBDDD56ED9 ] C:\WINDOWS\SYSTEM32\DRIVERS\hsf_cnxt.sys
01:53:47.0156 1568 C:\WINDOWS\SYSTEM32\DRIVERS\hsf_cnxt.sys - ok
01:53:47.0187 1568 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\SYSTEM32\DRIVERS\modem.sys
01:53:47.0187 1568 C:\WINDOWS\SYSTEM32\DRIVERS\modem.sys - ok
01:53:47.0203 1568 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt.sys
01:53:47.0203 1568 C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt.sys - ok
01:53:47.0218 1568 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\SYSTEM32\DRIVERS\mouclass.sys
01:53:47.0218 1568 C:\WINDOWS\SYSTEM32\DRIVERS\mouclass.sys - ok
01:53:47.0250 1568 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\SYSTEM32\DRIVERS\fdc.sys
01:53:47.0250 1568 C:\WINDOWS\SYSTEM32\DRIVERS\fdc.sys - ok
01:53:47.0281 1568 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\SYSTEM32\DRIVERS\kbdclass.sys
01:53:47.0281 1568 C:\WINDOWS\SYSTEM32\DRIVERS\kbdclass.sys - ok
01:53:47.0296 1568 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\SYSTEM32\DRIVERS\serenum.sys
01:53:47.0296 1568 C:\WINDOWS\SYSTEM32\DRIVERS\serenum.sys - ok
01:53:47.0328 1568 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys
01:53:47.0328 1568 C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys - ok
01:53:47.0359 1568 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\SYSTEM32\DRIVERS\parport.sys
01:53:47.0359 1568 C:\WINDOWS\SYSTEM32\DRIVERS\parport.sys - ok
01:53:47.0375 1568 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\SYSTEM32\DRIVERS\imapi.sys
01:53:47.0375 1568 C:\WINDOWS\SYSTEM32\DRIVERS\imapi.sys - ok
01:53:47.0390 1568 [ 837EEF65AF62D4E8A37C41D3879F7274 ] C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
01:53:47.0390 1568 C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys - ok
01:53:47.0421 1568 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys
01:53:47.0421 1568 C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys - ok
01:53:47.0453 1568 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\SYSTEM32\DRIVERS\ks.sys
01:53:47.0453 1568 C:\WINDOWS\SYSTEM32\DRIVERS\ks.sys - ok
01:53:47.0484 1568 [ 579DA2F9F5401F55DAE2CF8779D61DFC ] C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
01:53:47.0484 1568 C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys - ok
01:53:47.0515 1568 [ F2F431D1573EE632975C524418655B84 ] C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
01:53:47.0515 1568 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys - ok
01:53:47.0531 1568 [ DD37E1D9F08EEC0CB0FC84E010F33C3B ] C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys
01:53:47.0531 1568 C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys - ok
01:53:47.0562 1568 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
01:53:47.0562 1568 C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys - ok
01:53:47.0593 1568 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\SYSTEM32\DRIVERS\usbport.sys
01:53:47.0593 1568 C:\WINDOWS\SYSTEM32\DRIVERS\usbport.sys - ok
01:53:47.0625 1568 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys
01:53:47.0625 1568 C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys - ok
01:53:47.0640 1568 [ BBD0545D7BFB62165815FBD0CB75E28C ] C:\WINDOWS\SYSTEM32\DRIVERS\sensupgd.sys
01:53:47.0656 1568 C:\WINDOWS\SYSTEM32\DRIVERS\sensupgd.sys - ok
01:53:47.0656 1568 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys
01:53:47.0656 1568 C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys - ok
01:53:47.0687 1568 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys
01:53:47.0687 1568 C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys - ok
01:53:47.0718 1568 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
01:53:47.0718 1568 C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS - ok
01:53:47.0750 1568 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\SYSTEM32\DRIVERS\rasl2tp.sys
01:53:47.0750 1568 C:\WINDOWS\SYSTEM32\DRIVERS\rasl2tp.sys - ok
01:53:47.0781 1568 [ BD3E236281547C681DFC7C947531B726 ] C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys
01:53:47.0781 1568 C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys - ok
01:53:47.0796 1568 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\SYSTEM32\DRIVERS\ndistapi.sys
01:53:47.0796 1568 C:\WINDOWS\SYSTEM32\DRIVERS\ndistapi.sys - ok
01:53:47.0828 1568 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\SYSTEM32\DRIVERS\ndiswan.sys
01:53:47.0828 1568 C:\WINDOWS\SYSTEM32\DRIVERS\ndiswan.sys - ok
01:53:47.0859 1568 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\SYSTEM32\DRIVERS\raspppoe.sys
01:53:47.0859 1568 C:\WINDOWS\SYSTEM32\DRIVERS\raspppoe.sys - ok
01:53:47.0890 1568 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\SYSTEM32\DRIVERS\tdi.sys
01:53:47.0890 1568 C:\WINDOWS\SYSTEM32\DRIVERS\tdi.sys - ok
01:53:47.0906 1568 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys
01:53:47.0906 1568 C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys - ok
01:53:47.0921 1568 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\SYSTEM32\DRIVERS\psched.sys
01:53:47.0921 1568 C:\WINDOWS\SYSTEM32\DRIVERS\psched.sys - ok
01:53:47.0953 1568 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\SYSTEM32\DRIVERS\msgpc.sys
01:53:47.0953 1568 C:\WINDOWS\SYSTEM32\DRIVERS\msgpc.sys - ok
01:53:47.0968 1568 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
01:53:47.0968 1568 C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS - ok
01:53:48.0000 1568 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
01:53:48.0000 1568 C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS - ok
01:53:48.0031 1568 [ 88155247177638048422893737429D9E ] C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
01:53:48.0031 1568 C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys - ok
01:53:48.0062 1568 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys
01:53:48.0062 1568 C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys - ok
01:53:48.0093 1568 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\SYSTEM32\DRIVERS\update.sys
01:53:48.0093 1568 C:\WINDOWS\SYSTEM32\DRIVERS\update.sys - ok
01:53:48.0109 1568 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys
01:53:48.0109 1568 C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys - ok
01:53:48.0140 1568 [ A54FD7E564C996CFCEE6EE7491F3C318 ] C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys
01:53:48.0140 1568 C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys - ok
01:53:48.0156 1568 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\SYSTEM32\DRIVERS\ndproxy.sys
01:53:48.0156 1568 C:\WINDOWS\SYSTEM32\DRIVERS\ndproxy.sys - ok
01:53:48.0187 1568 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\SYSTEM32\DRIVERS\flpydisk.sys
01:53:48.0187 1568 C:\WINDOWS\SYSTEM32\DRIVERS\flpydisk.sys - ok
01:53:48.0203 1568 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\SYSTEM32\DRIVERS\USBD.SYS
01:53:48.0203 1568 C:\WINDOWS\SYSTEM32\DRIVERS\USBD.SYS - ok
01:53:48.0234 1568 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys
01:53:48.0234 1568 C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys - ok
01:53:48.0265 1568 [ 9368670BD426EBEA5E8B18A62416EC28 ] C:\WINDOWS\SYSTEM32\DRIVERS\i2omgmt.sys
01:53:48.0265 1568 C:\WINDOWS\SYSTEM32\DRIVERS\i2omgmt.sys - ok
01:53:48.0281 1568 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\SYSTEM32\DRIVERS\sfloppy.sys
01:53:48.0281 1568 C:\WINDOWS\SYSTEM32\DRIVERS\sfloppy.sys - ok
01:53:48.0312 1568 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\SYSTEM32\DRIVERS\CDAUDIO.SYS
01:53:48.0312 1568 C:\WINDOWS\SYSTEM32\DRIVERS\CDAUDIO.SYS - ok
01:53:48.0343 1568 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS
01:53:48.0343 1568 C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS - ok
01:53:48.0359 1568 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS
01:53:48.0375 1568 C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS - ok
01:53:48.0390 1568 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS
01:53:48.0390 1568 C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS - ok
01:53:48.0406 1568 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\SYSTEM32\DRIVERS\vga.sys
01:53:48.0406 1568 C:\WINDOWS\SYSTEM32\DRIVERS\vga.sys - ok
01:53:48.0437 1568 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS
01:53:48.0437 1568 C:\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS - ok
01:53:48.0468 1568 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
01:53:48.0468 1568 C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS - ok
01:53:48.0484 1568 [ 5B20A47B0413240CDB93106BD58602A1 ] C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys
01:53:48.0484 1568 C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys - ok
01:53:48.0515 1568 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\SYSTEM32\DRIVERS\msfs.sys
01:53:48.0515 1568 C:\WINDOWS\SYSTEM32\DRIVERS\msfs.sys - ok
01:53:48.0546 1568 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\SYSTEM32\DRIVERS\npfs.sys
01:53:48.0546 1568 C:\WINDOWS\SYSTEM32\DRIVERS\npfs.sys - ok
01:53:48.0562 1568 [ 3AF8116D049E6F98A6D37913DA989984 ] C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys
01:53:48.0562 1568 C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys - ok
01:53:48.0593 1568 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
01:53:48.0593 1568 C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS - ok
01:53:48.0625 1568 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
01:53:48.0625 1568 C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys - ok
01:53:48.0640 1568 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys
01:53:48.0640 1568 C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys - ok
01:53:48.0656 1568 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys
01:53:48.0656 1568 C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys - ok
01:53:48.0687 1568 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
01:53:48.0687 1568 C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys - ok
01:53:48.0718 1568 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS
01:53:48.0718 1568 C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS - ok
01:53:48.0734 1568 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\SYSTEM32\DRIVERS\netbios.sys
01:53:48.0734 1568 C:\WINDOWS\SYSTEM32\DRIVERS\netbios.sys - ok
01:53:48.0765 1568 [ C90018BAFDC7098619A4A95B046B30F3 ] C:\WINDOWS\SYSTEM32\DRIVERS\p3.sys
01:53:48.0765 1568 C:\WINDOWS\SYSTEM32\DRIVERS\p3.sys - ok
01:53:48.0796 1568 [ A36EE93698802CD899F98BFD553D8185 ] C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys
01:53:48.0796 1568 C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys - ok
01:53:48.0812 1568 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys
01:53:48.0812 1568 C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys - ok
01:53:48.0843 1568 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
01:53:48.0843 1568 C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys - ok
01:53:48.0875 1568 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\SYSTEM32\DRIVERS\fips.sys
01:53:48.0875 1568 C:\WINDOWS\SYSTEM32\DRIVERS\fips.sys - ok
01:53:48.0890 1568 [ 53E56450DA16A1A7F0D002F511113F67 ] C:\WINDOWS\SYSTEM32\DRIVERS\avkmgr.sys
01:53:48.0890 1568 C:\WINDOWS\SYSTEM32\DRIVERS\avkmgr.sys - ok
01:53:48.0906 1568 [ 7D967A682D4694DF7FA57D63A2DB01FE ] C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys
01:53:48.0906 1568 C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys - ok
01:53:48.0937 1568 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\SYSTEM32\ntdll.dll
01:53:48.0937 1568 C:\WINDOWS\SYSTEM32\ntdll.dll - ok
01:53:48.0968 1568 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\SYSTEM32\smss.exe
01:53:48.0968 1568 C:\WINDOWS\SYSTEM32\smss.exe - ok
01:53:49.0000 1568 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\SYSTEM32\autochk.exe
01:53:49.0000 1568 C:\WINDOWS\SYSTEM32\autochk.exe - ok
01:53:49.0015 1568 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys
01:53:49.0015 1568 C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys - ok
01:53:49.0046 1568 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\SYSTEM32\sfcfiles.dll
01:53:49.0046 1568 C:\WINDOWS\SYSTEM32\sfcfiles.dll - ok
01:53:49.0078 1568 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\SYSTEM32\DRIVERS\cdfs.sys
01:53:49.0078 1568 C:\WINDOWS\SYSTEM32\DRIVERS\cdfs.sys - ok
01:53:49.0093 1568 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\SYSTEM32\DRIVERS\hidparse.sys
01:53:49.0109 1568 C:\WINDOWS\SYSTEM32\DRIVERS\hidparse.sys - ok
01:53:49.0125 1568 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\SYSTEM32\DRIVERS\hidclass.sys
01:53:49.0125 1568 C:\WINDOWS\SYSTEM32\DRIVERS\hidclass.sys - ok
01:53:49.0156 1568 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
01:53:49.0156 1568 C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys - ok
01:53:49.0171 1568 [ 35C86DEE8492D04AD9918329C4ECAF8A ] C:\WINDOWS\SYSTEM32\DRIVERS\ax88772.sys
01:53:49.0171 1568 C:\WINDOWS\SYSTEM32\DRIVERS\ax88772.sys - ok
01:53:49.0187 1568 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
01:53:49.0187 1568 C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys - ok
01:53:49.0250 1568 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS
01:53:49.0250 1568 C:\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS - ok
01:53:49.0296 1568 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
01:53:49.0296 1568 C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys - ok
01:53:49.0343 1568 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\SYSTEM32\DRIVERS\DXAPI.SYS
01:53:49.0343 1568 C:\WINDOWS\SYSTEM32\DRIVERS\DXAPI.SYS - ok
01:53:49.0421 1568 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\SYSTEM32\watchdog.sys
01:53:49.0421 1568 C:\WINDOWS\SYSTEM32\watchdog.sys - ok
01:53:49.0453 1568 [ D6F934A361D7F0BE8271673988D4E7FD ] C:\WINDOWS\SYSTEM32\win32k.sys
01:53:49.0453 1568 C:\WINDOWS\SYSTEM32\win32k.sys - ok
01:53:49.0531 1568 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\SYSTEM32\csrsrv.dll
01:53:49.0531 1568 C:\WINDOWS\SYSTEM32\csrsrv.dll - ok
01:53:49.0593 1568 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\SYSTEM32\csrss.exe
01:53:49.0593 1568 C:\WINDOWS\SYSTEM32\csrss.exe - ok
01:53:49.0625 1568 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\SYSTEM32\basesrv.dll
01:53:49.0625 1568 C:\WINDOWS\SYSTEM32\basesrv.dll - ok
01:53:49.0656 1568 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\SYSTEM32\winsrv.dll
01:53:49.0656 1568 C:\WINDOWS\SYSTEM32\winsrv.dll - ok
01:53:49.0671 1568 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\SYSTEM32\gdi32.dll
01:53:49.0671 1568 C:\WINDOWS\SYSTEM32\gdi32.dll - ok
01:53:49.0703 1568 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\SYSTEM32\kernel32.dll
01:53:49.0703 1568 C:\WINDOWS\SYSTEM32\kernel32.dll - ok
01:53:49.0734 1568 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\SYSTEM32\user32.dll
01:53:49.0734 1568 C:\WINDOWS\SYSTEM32\user32.dll - ok
01:53:49.0781 1568 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\SYSTEM32\DRIVERS\dxg.sys
01:53:49.0781 1568 C:\WINDOWS\SYSTEM32\DRIVERS\dxg.sys - ok
01:53:49.0812 1568 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\SYSTEM32\DRIVERS\DXGTHK.SYS
01:53:49.0812 1568 C:\WINDOWS\SYSTEM32\DRIVERS\DXGTHK.SYS - ok
01:53:49.0875 1568 [ 9653E537DBBE66E2B777BBB5A400BD87 ] C:\WINDOWS\SYSTEM32\ati2dvaa.dll
01:53:49.0875 1568 C:\WINDOWS\SYSTEM32\ati2dvaa.dll - ok
01:53:49.0906 1568 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\SYSTEM32\VGA.DLL
01:53:49.0906 1568 C:\WINDOWS\SYSTEM32\VGA.DLL - ok
01:53:49.0937 1568 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\SYSTEM32\winlogon.exe
01:53:49.0937 1568 C:\WINDOWS\SYSTEM32\winlogon.exe - ok
01:53:49.0984 1568 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\SYSTEM32\advapi32.dll
01:53:49.0984 1568 C:\WINDOWS\SYSTEM32\advapi32.dll - ok
01:53:50.0031 1568 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\SYSTEM32\rpcrt4.dll
01:53:50.0031 1568 C:\WINDOWS\SYSTEM32\rpcrt4.dll - ok
01:53:50.0093 1568 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\SYSTEM32\secur32.dll
01:53:50.0093 1568 C:\WINDOWS\SYSTEM32\secur32.dll - ok
01:53:50.0156 1568 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\SYSTEM32\authz.dll
01:53:50.0156 1568 C:\WINDOWS\SYSTEM32\authz.dll - ok
01:53:50.0203 1568 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\SYSTEM32\msvcrt.dll
01:53:50.0203 1568 C:\WINDOWS\SYSTEM32\msvcrt.dll - ok
01:53:50.0234 1568 [ 64416C6E07606720C1ECE6DD374BDFFD ] C:\WINDOWS\SYSTEM32\crypt32.dll
01:53:50.0234 1568 C:\WINDOWS\SYSTEM32\crypt32.dll - ok
01:53:50.0265 1568 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\SYSTEM32\msasn1.dll
01:53:50.0265 1568 C:\WINDOWS\SYSTEM32\msasn1.dll - ok
01:53:50.0312 1568 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\SYSTEM32\nddeapi.dll
01:53:50.0312 1568 C:\WINDOWS\SYSTEM32\nddeapi.dll - ok
01:53:50.0359 1568 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\SYSTEM32\profmap.dll
01:53:50.0359 1568 C:\WINDOWS\SYSTEM32\profmap.dll - ok
01:53:50.0390 1568 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\SYSTEM32\netapi32.dll
01:53:50.0390 1568 C:\WINDOWS\SYSTEM32\netapi32.dll - ok
01:53:50.0421 1568 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\SYSTEM32\userenv.dll
01:53:50.0421 1568 C:\WINDOWS\SYSTEM32\userenv.dll - ok
01:53:50.0453 1568 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\SYSTEM32\psapi.dll
01:53:50.0453 1568 C:\WINDOWS\SYSTEM32\psapi.dll - ok
01:53:50.0468 1568 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\SYSTEM32\regapi.dll
01:53:50.0468 1568 C:\WINDOWS\SYSTEM32\regapi.dll - ok
01:53:50.0500 1568 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\SYSTEM32\setupapi.dll
01:53:50.0500 1568 C:\WINDOWS\SYSTEM32\setupapi.dll - ok
01:53:50.0515 1568 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\SYSTEM32\version.dll
01:53:50.0515 1568 C:\WINDOWS\SYSTEM32\version.dll - ok
01:53:50.0546 1568 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\SYSTEM32\winsta.dll
01:53:50.0546 1568 C:\WINDOWS\SYSTEM32\winsta.dll - ok
01:53:50.0593 1568 [ 95F5C420E9BDD4C3569602911420A774 ] C:\WINDOWS\SYSTEM32\wintrust.dll
01:53:50.0593 1568 C:\WINDOWS\SYSTEM32\wintrust.dll - ok
01:53:50.0609 1568 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\SYSTEM32\imagehlp.dll
01:53:50.0609 1568 C:\WINDOWS\SYSTEM32\imagehlp.dll - ok
01:53:50.0640 1568 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\SYSTEM32\ws2_32.dll
01:53:50.0640 1568 C:\WINDOWS\SYSTEM32\ws2_32.dll - ok
01:53:50.0671 1568 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\SYSTEM32\imm32.dll
01:53:50.0671 1568 C:\WINDOWS\SYSTEM32\imm32.dll - ok
01:53:50.0703 1568 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\SYSTEM32\ws2help.dll
01:53:50.0703 1568 C:\WINDOWS\SYSTEM32\ws2help.dll - ok
01:53:50.0718 1568 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\SYSTEM32\KBDUS.DLL
01:53:50.0718 1568 C:\WINDOWS\SYSTEM32\KBDUS.DLL - ok
01:53:50.0734 1568 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\SYSTEM32\msgina.dll
01:53:50.0734 1568 C:\WINDOWS\SYSTEM32\msgina.dll - ok
01:53:50.0765 1568 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\SYSTEM32\comctl32.dll
01:53:50.0765 1568 C:\WINDOWS\SYSTEM32\comctl32.dll - ok
01:53:50.0796 1568 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\SYSTEM32\odbc32.dll
01:53:50.0796 1568 C:\WINDOWS\SYSTEM32\odbc32.dll - ok
01:53:50.0890 1568 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\SYSTEM32\comdlg32.dll
01:53:50.0890 1568 C:\WINDOWS\SYSTEM32\comdlg32.dll - ok
01:53:51.0109 1568 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\SYSTEM32\shell32.dll
01:53:51.0109 1568 C:\WINDOWS\SYSTEM32\shell32.dll - ok
01:53:51.0296 1568 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\SYSTEM32\shlwapi.dll
01:53:51.0296 1568 C:\WINDOWS\SYSTEM32\shlwapi.dll - ok
01:53:51.0390 1568 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\SYSTEM32\sxs.dll
01:53:51.0390 1568 C:\WINDOWS\SYSTEM32\sxs.dll - ok
01:53:51.0453 1568 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
01:53:51.0453 1568 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
01:53:51.0484 1568 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\SYSTEM32\odbcint.dll
01:53:51.0484 1568 C:\WINDOWS\SYSTEM32\odbcint.dll - ok
01:53:51.0515 1568 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\SYSTEM32\shsvcs.dll
01:53:51.0515 1568 C:\WINDOWS\SYSTEM32\shsvcs.dll - ok
01:53:51.0593 1568 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\SYSTEM32\sfc.dll
01:53:51.0593 1568 C:\WINDOWS\SYSTEM32\sfc.dll - ok
01:53:51.0671 1568 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\SYSTEM32\ole32.dll
01:53:51.0671 1568 C:\WINDOWS\SYSTEM32\ole32.dll - ok
01:53:51.0718 1568 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\SYSTEM32\sfc_os.dll
01:53:51.0718 1568 C:\WINDOWS\SYSTEM32\sfc_os.dll - ok
01:53:51.0750 1568 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\SYSTEM32\apphelp.dll
01:53:51.0750 1568 C:\WINDOWS\SYSTEM32\apphelp.dll - ok
01:53:51.0781 1568 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\SYSTEM32\lsass.exe
01:53:51.0781 1568 C:\WINDOWS\SYSTEM32\lsass.exe - ok
01:53:51.0812 1568 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\SYSTEM32\services.exe
01:53:51.0812 1568 C:\WINDOWS\SYSTEM32\services.exe - ok
01:53:51.0890 1568 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\SYSTEM32\lsasrv.dll
01:53:51.0890 1568 C:\WINDOWS\SYSTEM32\lsasrv.dll - ok
01:53:51.0921 1568 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\SYSTEM32\ncobjapi.dll
01:53:51.0921 1568 C:\WINDOWS\SYSTEM32\ncobjapi.dll - ok
01:53:51.0968 1568 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\SYSTEM32\msvcp60.dll
01:53:51.0968 1568 C:\WINDOWS\SYSTEM32\msvcp60.dll - ok
01:53:51.0984 1568 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\SYSTEM32\scesrv.dll
01:53:51.0984 1568 C:\WINDOWS\SYSTEM32\scesrv.dll - ok
01:53:52.0015 1568 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\SYSTEM32\mpr.dll
01:53:52.0015 1568 C:\WINDOWS\SYSTEM32\mpr.dll - ok
01:53:52.0046 1568 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\SYSTEM32\umpnpmgr.dll
01:53:52.0046 1568 C:\WINDOWS\SYSTEM32\umpnpmgr.dll - ok
01:53:52.0140 1568 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\SYSTEM32\ntdsapi.dll
01:53:52.0140 1568 C:\WINDOWS\SYSTEM32\ntdsapi.dll - ok
01:53:52.0171 1568 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\SYSTEM32\shimeng.dll
01:53:52.0171 1568 C:\WINDOWS\SYSTEM32\shimeng.dll - ok
01:53:52.0187 1568 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\SYSTEM32\dnsapi.dll
01:53:52.0187 1568 C:\WINDOWS\SYSTEM32\dnsapi.dll - ok
01:53:52.0218 1568 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
01:53:52.0218 1568 C:\WINDOWS\AppPatch\acadproc.dll - ok
01:53:52.0265 1568 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\SYSTEM32\wldap32.dll
01:53:52.0265 1568 C:\WINDOWS\SYSTEM32\wldap32.dll - ok
01:53:52.0296 1568 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\SYSTEM32\samlib.dll
01:53:52.0296 1568 C:\WINDOWS\SYSTEM32\samlib.dll - ok
01:53:52.0359 1568 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\SYSTEM32\samsrv.dll
01:53:52.0359 1568 C:\WINDOWS\SYSTEM32\samsrv.dll - ok
01:53:52.0406 1568 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\SYSTEM32\cryptdll.dll
01:53:52.0406 1568 C:\WINDOWS\SYSTEM32\cryptdll.dll - ok
01:53:52.0421 1568 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
01:53:52.0421 1568 C:\WINDOWS\AppPatch\acgenral.dll - ok
01:53:52.0500 1568 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\SYSTEM32\winmm.dll
01:53:52.0500 1568 C:\WINDOWS\SYSTEM32\winmm.dll - ok
01:53:52.0593 1568 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\SYSTEM32\oleaut32.dll
01:53:52.0593 1568 C:\WINDOWS\SYSTEM32\oleaut32.dll - ok
01:53:52.0640 1568 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\SYSTEM32\msacm32.dll
01:53:52.0640 1568 C:\WINDOWS\SYSTEM32\msacm32.dll - ok
01:53:52.0671 1568 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\SYSTEM32\uxtheme.dll
01:53:52.0671 1568 C:\WINDOWS\SYSTEM32\uxtheme.dll - ok
01:53:52.0687 1568 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\SYSTEM32\msapsspc.dll
01:53:52.0687 1568 C:\WINDOWS\SYSTEM32\msapsspc.dll - ok
01:53:52.0703 1568 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\SYSTEM32\msvcrt40.dll
01:53:52.0703 1568 C:\WINDOWS\SYSTEM32\msvcrt40.dll - ok
01:53:52.0734 1568 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\SYSTEM32\schannel.dll
01:53:52.0734 1568 C:\WINDOWS\SYSTEM32\schannel.dll - ok
01:53:52.0765 1568 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\SYSTEM32\digest.dll
01:53:52.0765 1568 C:\WINDOWS\SYSTEM32\digest.dll - ok
01:53:52.0781 1568 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\SYSTEM32\msnsspc.dll
01:53:52.0781 1568 C:\WINDOWS\SYSTEM32\msnsspc.dll - ok
01:53:52.0812 1568 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\SYSTEM32\msctfime.ime
01:53:52.0812 1568 C:\WINDOWS\SYSTEM32\msctfime.ime - ok
01:53:52.0843 1568 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\SYSTEM32\msprivs.dll
01:53:52.0843 1568 C:\WINDOWS\SYSTEM32\msprivs.dll - ok
01:53:52.0875 1568 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\SYSTEM32\atmfd.dll
01:53:52.0875 1568 C:\WINDOWS\SYSTEM32\atmfd.dll - ok
01:53:52.0937 1568 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\SYSTEM32\kerberos.dll
01:53:52.0937 1568 C:\WINDOWS\SYSTEM32\kerberos.dll - ok
01:53:52.0984 1568 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\SYSTEM32\msv1_0.dll
01:53:52.0984 1568 C:\WINDOWS\SYSTEM32\msv1_0.dll - ok
01:53:53.0109 1568 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\SYSTEM32\iphlpapi.dll
01:53:53.0109 1568 C:\WINDOWS\SYSTEM32\iphlpapi.dll - ok
01:53:53.0171 1568 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\SYSTEM32\netlogon.dll
01:53:53.0171 1568 C:\WINDOWS\SYSTEM32\netlogon.dll - ok
01:53:53.0250 1568 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\SYSTEM32\w32time.dll
01:53:53.0250 1568 C:\WINDOWS\SYSTEM32\w32time.dll - ok
01:53:53.0328 1568 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\SYSTEM32\rsaenh.dll
01:53:53.0328 1568 C:\WINDOWS\SYSTEM32\rsaenh.dll - ok
01:53:53.0437 1568 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\SYSTEM32\wdigest.dll
01:53:53.0437 1568 C:\WINDOWS\SYSTEM32\wdigest.dll - ok
01:53:53.0468 1568 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\SYSTEM32\winscard.dll
01:53:53.0468 1568 C:\WINDOWS\SYSTEM32\winscard.dll - ok
01:53:53.0515 1568 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\SYSTEM32\wtsapi32.dll
01:53:53.0515 1568 C:\WINDOWS\SYSTEM32\wtsapi32.dll - ok
01:53:53.0531 1568 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\SYSTEM32\scecli.dll
01:53:53.0531 1568 C:\WINDOWS\SYSTEM32\scecli.dll - ok
01:53:53.0578 1568 [ D5541F0AFB767E85FC412FC609D96A74 ] C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys
01:53:53.0578 1568 C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys - ok
01:53:53.0609 1568 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\SYSTEM32\svchost.exe
01:53:53.0609 1568 C:\WINDOWS\SYSTEM32\svchost.exe - ok
01:53:53.0625 1568 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\SYSTEM32\ntmarta.dll
01:53:53.0625 1568 C:\WINDOWS\SYSTEM32\ntmarta.dll - ok
01:53:53.0656 1568 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\SYSTEM32\rpcss.dll
01:53:53.0656 1568 C:\WINDOWS\SYSTEM32\rpcss.dll - ok
01:53:53.0718 1568 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\SYSTEM32\xpsp2res.dll
01:53:53.0718 1568 C:\WINDOWS\SYSTEM32\xpsp2res.dll - ok
01:53:53.0765 1568 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\SYSTEM32\eventlog.dll
01:53:53.0765 1568 C:\WINDOWS\SYSTEM32\eventlog.dll - ok
01:53:53.0781 1568 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\SYSTEM32\mswsock.dll
01:53:53.0781 1568 C:\WINDOWS\SYSTEM32\mswsock.dll - ok
01:53:53.0875 1568 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\SYSTEM32\hnetcfg.dll
01:53:53.0875 1568 C:\WINDOWS\SYSTEM32\hnetcfg.dll - ok
01:53:54.0000 1568 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\SYSTEM32\wshtcpip.dll
01:53:54.0000 1568 C:\WINDOWS\SYSTEM32\wshtcpip.dll - ok
01:53:54.0031 1568 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\SYSTEM32\rasadhlp.dll
01:53:54.0031 1568 C:\WINDOWS\SYSTEM32\rasadhlp.dll - ok
01:53:54.0078 1568 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\SYSTEM32\winrnr.dll
01:53:54.0078 1568 C:\WINDOWS\SYSTEM32\winrnr.dll - ok
01:53:54.0109 1568 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys
01:53:54.0109 1568 C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys - ok
01:53:54.0234 1568 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\SYSTEM32\logonui.exe
01:53:54.0234 1568 C:\WINDOWS\SYSTEM32\logonui.exe - ok
01:53:54.0265 1568 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\SYSTEM32\cscdll.dll
01:53:54.0265 1568 C:\WINDOWS\SYSTEM32\cscdll.dll - ok
01:53:54.0328 1568 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\SYSTEM32\dimsntfy.dll
01:53:54.0328 1568 C:\WINDOWS\SYSTEM32\dimsntfy.dll - ok
01:53:54.0406 1568 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\SYSTEM32\wlnotify.dll
01:53:54.0406 1568 C:\WINDOWS\SYSTEM32\wlnotify.dll - ok
01:53:54.0421 1568 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\SYSTEM32\duser.dll
01:53:54.0421 1568 C:\WINDOWS\SYSTEM32\duser.dll - ok
01:53:54.0453 1568 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\SYSTEM32\winspool.drv
01:53:54.0453 1568 C:\WINDOWS\SYSTEM32\winspool.drv - ok
01:53:54.0468 1568 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\SYSTEM32\msimg32.dll
01:53:54.0468 1568 C:\WINDOWS\SYSTEM32\msimg32.dll - ok
01:53:54.0500 1568 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\SYSTEM32\oleacc.dll
01:53:54.0500 1568 C:\WINDOWS\SYSTEM32\oleacc.dll - ok
01:53:54.0515 1568 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\SYSTEM32\lmhsvc.dll
01:53:54.0515 1568 C:\WINDOWS\SYSTEM32\lmhsvc.dll - ok
01:53:54.0531 1568 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\SYSTEM32\wzcsvc.dll
01:53:54.0531 1568 C:\WINDOWS\SYSTEM32\wzcsvc.dll - ok
01:53:54.0562 1568 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\SYSTEM32\rtutils.dll
01:53:54.0562 1568 C:\WINDOWS\SYSTEM32\rtutils.dll - ok
01:53:54.0578 1568 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\SYSTEM32\wmi.dll
01:53:54.0578 1568 C:\WINDOWS\SYSTEM32\wmi.dll - ok
01:53:54.0593 1568 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\SYSTEM32\dhcpcsvc.dll
01:53:54.0593 1568 C:\WINDOWS\SYSTEM32\dhcpcsvc.dll - ok
01:53:54.0609 1568 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\SYSTEM32\atl.dll
01:53:54.0609 1568 C:\WINDOWS\SYSTEM32\atl.dll - ok
01:53:54.0640 1568 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\SYSTEM32\eapolqec.dll
01:53:54.0640 1568 C:\WINDOWS\SYSTEM32\eapolqec.dll - ok
01:53:54.0656 1568 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\SYSTEM32\qutil.dll
01:53:54.0656 1568 C:\WINDOWS\SYSTEM32\qutil.dll - ok
01:53:54.0671 1568 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\SYSTEM32\clbcatq.dll
01:53:54.0671 1568 C:\WINDOWS\SYSTEM32\clbcatq.dll - ok
01:53:54.0703 1568 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\SYSTEM32\dot3api.dll
01:53:54.0703 1568 C:\WINDOWS\SYSTEM32\dot3api.dll - ok
01:53:54.0718 1568 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\SYSTEM32\esent.dll
01:53:54.0718 1568 C:\WINDOWS\SYSTEM32\esent.dll - ok
01:53:54.0734 1568 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\SYSTEM32\comres.dll
01:53:54.0734 1568 C:\WINDOWS\SYSTEM32\comres.dll - ok
01:53:54.0765 1568 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\SYSTEM32\shgina.dll
01:53:54.0765 1568 C:\WINDOWS\SYSTEM32\shgina.dll - ok
01:53:54.0781 1568 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\SYSTEM32\rastls.dll
01:53:54.0781 1568 C:\WINDOWS\SYSTEM32\rastls.dll - ok
01:53:54.0812 1568 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\SYSTEM32\cryptui.dll
01:53:54.0812 1568 C:\WINDOWS\SYSTEM32\cryptui.dll - ok
01:53:54.0828 1568 [ C4300CB4D20B1159DC77E01E8A2525EC ] C:\WINDOWS\SYSTEM32\wininet.dll
01:53:54.0828 1568 C:\WINDOWS\SYSTEM32\wininet.dll - ok
01:53:54.0843 1568 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\SYSTEM32\normaliz.dll
01:53:54.0843 1568 C:\WINDOWS\SYSTEM32\normaliz.dll - ok
01:53:54.0859 1568 [ C9335D5B07E6A930BD561D35C431A0AF ] C:\WINDOWS\SYSTEM32\urlmon.dll
01:53:54.0859 1568 C:\WINDOWS\SYSTEM32\urlmon.dll - ok
01:53:54.0875 1568 [ 46485AE6433AF77F237C792D3DA11F48 ] C:\WINDOWS\SYSTEM32\iertutil.dll
01:53:54.0875 1568 C:\WINDOWS\SYSTEM32\iertutil.dll - ok
01:53:54.0921 1568 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\SYSTEM32\activeds.dll
01:53:54.0921 1568 C:\WINDOWS\SYSTEM32\activeds.dll - ok
01:53:54.0953 1568 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\SYSTEM32\mprapi.dll
01:53:54.0953 1568 C:\WINDOWS\SYSTEM32\mprapi.dll - ok
01:53:54.0984 1568 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\SYSTEM32\adsldpc.dll
01:53:54.0984 1568 C:\WINDOWS\SYSTEM32\adsldpc.dll - ok
01:53:55.0000 1568 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\SYSTEM32\rasapi32.dll
01:53:55.0000 1568 C:\WINDOWS\SYSTEM32\rasapi32.dll - ok
01:53:55.0031 1568 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\SYSTEM32\rasman.dll
01:53:55.0031 1568 C:\WINDOWS\SYSTEM32\rasman.dll - ok
01:53:55.0046 1568 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\SYSTEM32\tapi32.dll
01:53:55.0046 1568 C:\WINDOWS\SYSTEM32\tapi32.dll - ok
01:53:55.0078 1568 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\SYSTEM32\riched20.dll
01:53:55.0078 1568 C:\WINDOWS\SYSTEM32\riched20.dll - ok
01:53:55.0093 1568 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\SYSTEM32\raschap.dll
01:53:55.0093 1568 C:\WINDOWS\SYSTEM32\raschap.dll - ok
01:53:55.0109 1568 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\SYSTEM32\cscui.dll
01:53:55.0109 1568 C:\WINDOWS\SYSTEM32\cscui.dll - ok
01:53:55.0140 1568 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\SYSTEM32\powrprof.dll
01:53:55.0140 1568 C:\WINDOWS\SYSTEM32\powrprof.dll - ok
01:53:55.0156 1568 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\SYSTEM32\dpcdll.dll
01:53:55.0156 1568 C:\WINDOWS\SYSTEM32\dpcdll.dll - ok
01:53:55.0187 1568 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\SYSTEM32\netman.dll
01:53:55.0187 1568 C:\WINDOWS\SYSTEM32\netman.dll - ok
01:53:55.0218 1568 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\SYSTEM32\netshell.dll
01:53:55.0218 1568 C:\WINDOWS\SYSTEM32\netshell.dll - ok
01:53:55.0234 1568 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\SYSTEM32\userinit.exe
01:53:55.0234 1568 C:\WINDOWS\SYSTEM32\userinit.exe - ok
01:53:55.0265 1568 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\SYSTEM32\credui.dll
01:53:55.0265 1568 C:\WINDOWS\SYSTEM32\credui.dll - ok
01:53:55.0296 1568 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\SYSTEM32\dot3dlg.dll
01:53:55.0296 1568 C:\WINDOWS\SYSTEM32\dot3dlg.dll - ok
01:53:55.0312 1568 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\SYSTEM32\onex.dll
01:53:55.0312 1568 C:\WINDOWS\SYSTEM32\onex.dll - ok
01:53:55.0328 1568 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\SYSTEM32\eappcfg.dll
01:53:55.0328 1568 C:\WINDOWS\SYSTEM32\eappcfg.dll - ok
01:53:55.0359 1568 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\SYSTEM32\eappprxy.dll
01:53:55.0359 1568 C:\WINDOWS\SYSTEM32\eappprxy.dll - ok
01:53:55.0375 1568 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\SYSTEM32\wzcsapi.dll
01:53:55.0375 1568 C:\WINDOWS\SYSTEM32\wzcsapi.dll - ok
01:53:55.0406 1568 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
01:53:55.0406 1568 C:\WINDOWS\explorer.exe - ok
01:53:55.0453 1568 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\SYSTEM32\schedsvc.dll
01:53:55.0453 1568 C:\WINDOWS\SYSTEM32\schedsvc.dll - ok
01:53:55.0468 1568 [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\SYSTEM32\DRIVERS\fastfat.sys
01:53:55.0468 1568 C:\WINDOWS\SYSTEM32\DRIVERS\fastfat.sys - ok
01:53:55.0546 1568 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\SYSTEM32\browseui.dll
01:53:55.0546 1568 C:\WINDOWS\SYSTEM32\browseui.dll - ok
01:53:55.0562 1568 [ 20155A2B80C6C3C6284CB158FF998700 ] C:\WINDOWS\SYSTEM32\LEXBCES.EXE
01:53:55.0562 1568 C:\WINDOWS\SYSTEM32\LEXBCES.EXE - ok
01:53:55.0578 1568 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\SYSTEM32\msidle.dll
01:53:55.0578 1568 C:\WINDOWS\SYSTEM32\msidle.dll - ok
01:53:55.0609 1568 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\SYSTEM32\shdocvw.dll
01:53:55.0609 1568 C:\WINDOWS\SYSTEM32\shdocvw.dll - ok
01:53:55.0781 1568 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\SYSTEM32\spoolsv.exe
01:53:55.0781 1568 C:\WINDOWS\SYSTEM32\spoolsv.exe - ok
01:53:55.0875 1568 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\SYSTEM32\audiosrv.dll
01:53:55.0875 1568 C:\WINDOWS\SYSTEM32\audiosrv.dll - ok
01:53:56.0000 1568 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\SYSTEM32\desk.cpl
01:53:56.0000 1568 C:\WINDOWS\SYSTEM32\desk.cpl - ok
01:53:56.0093 1568 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\SYSTEM32\themeui.dll
01:53:56.0093 1568 C:\WINDOWS\SYSTEM32\themeui.dll - ok
01:53:56.0125 1568 [ 0A1CC583E8147004E4AD4625D7FBF88C ] C:\Program Files\Avira\AntiVir Desktop\sched.exe
01:53:56.0125 1568 C:\Program Files\Avira\AntiVir Desktop\sched.exe - ok
01:53:56.0156 1568 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\SYSTEM32\msvcp100.dll
01:53:56.0156 1568 C:\WINDOWS\SYSTEM32\msvcp100.dll - ok
01:53:56.0203 1568 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\SYSTEM32\msvcr100.dll
01:53:56.0203 1568 C:\WINDOWS\SYSTEM32\msvcr100.dll - ok
01:53:56.0328 1568 [ 3EF34FFAB47A2ECF4CE395EDB6D15334 ] C:\Program Files\Avira\AntiVir Desktop\grdcore.dll
01:53:56.0328 1568 C:\Program Files\Avira\AntiVir Desktop\grdcore.dll - ok
01:53:56.0375 1568 [ 6EBF590F58CB13F34E4BD702CC1286B3 ] C:\Program Files\Avira\AntiVir Desktop\scewxmlw.dll
01:53:56.0375 1568 C:\Program Files\Avira\AntiVir Desktop\scewxmlw.dll - ok
01:53:56.0453 1568 [ 13B7445DAAD8EA6774D65FD9DEF5D199 ] C:\Program Files\Avira\AntiVir Desktop\cfglib.dll
01:53:56.0453 1568 C:\Program Files\Avira\AntiVir Desktop\cfglib.dll - ok
01:53:56.0531 1568 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\SYSTEM32\wkssvc.dll
01:53:56.0531 1568 C:\WINDOWS\SYSTEM32\wkssvc.dll - ok
01:53:56.0656 1568 [ 80126BC6148CAD0FDB4EFF948232DC34 ] C:\Program Files\Avira\AntiVir Desktop\gpipc.dll
01:53:56.0656 1568 C:\Program Files\Avira\AntiVir Desktop\gpipc.dll - ok
01:53:56.0671 1568 [ 0D99E1210ECBC560E53FD759CFA4EAB5 ] C:\Program Files\Avira\AntiVir Desktop\gpgen.dll
01:53:56.0671 1568 C:\Program Files\Avira\AntiVir Desktop\gpgen.dll - ok
01:53:56.0718 1568 [ C48E0D43530060CAD4A0B231B10EB5BA ] C:\Program Files\Avira\AntiVir Desktop\gpschd.dll
01:53:56.0718 1568 C:\Program Files\Avira\AntiVir Desktop\gpschd.dll - ok
01:53:56.0796 1568 [ 434D3AFF60EE877A2D1CADE7016AF4C3 ] C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll
01:53:56.0796 1568 C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll - ok
01:53:56.0859 1568 [ 453A81F0537D7619BDC677E9A733C3FA ] C:\Program Files\Avira\AntiVir Desktop\schedr.dll
01:53:56.0859 1568 C:\Program Files\Avira\AntiVir Desktop\schedr.dll - ok
01:53:56.0906 1568 [ 503FE48BC3B68F40018520AEAE3BEAC1 ] C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
01:53:56.0906 1568 C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll - ok
01:53:56.0921 1568 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\SYSTEM32\DRIVERS\mrxdav.sys
01:53:56.0921 1568 C:\WINDOWS\SYSTEM32\DRIVERS\mrxdav.sys - ok
01:53:56.0937 1568 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\SYSTEM32\webclnt.dll
01:53:56.0937 1568 C:\WINDOWS\SYSTEM32\webclnt.dll - ok
01:53:56.0968 1568 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\SYSTEM32\wdmaud.drv
01:53:56.0968 1568 C:\WINDOWS\SYSTEM32\wdmaud.drv - ok
01:53:56.0984 1568 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys
01:53:56.0984 1568 C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys - ok
01:53:57.0015 1568 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys
01:53:57.0015 1568 C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys - ok
01:53:57.0031 1568 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
01:53:57.0031 1568 C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys - ok
01:53:57.0046 1568 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys
01:53:57.0046 1568 C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys - ok
01:53:57.0078 1568 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys
01:53:57.0078 1568 C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys - ok
01:53:57.0093 1568 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\SYSTEM32\actxprxy.dll
01:53:57.0093 1568 C:\WINDOWS\SYSTEM32\actxprxy.dll - ok
01:53:57.0125 1568 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
01:53:57.0125 1568 C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys - ok
01:53:57.0140 1568 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys
01:53:57.0140 1568 C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys - ok
01:53:57.0156 1568 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys
01:53:57.0156 1568 C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys - ok
01:53:57.0171 1568 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\SYSTEM32\MSACM32.DRV
01:53:57.0171 1568 C:\WINDOWS\SYSTEM32\MSACM32.DRV - ok
01:53:57.0203 1568 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\SYSTEM32\midimap.dll
01:53:57.0203 1568 C:\WINDOWS\SYSTEM32\midimap.dll - ok
01:53:57.0218 1568 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\SYSTEM32\cmd.exe
01:53:57.0218 1568 C:\WINDOWS\SYSTEM32\cmd.exe - ok
01:53:57.0234 1568 [ CE5BC065C74C0A49486664CF71E0CA0A ] C:\WINDOWS\SYSTEM32\ieframe.dll
01:53:57.0234 1568 C:\WINDOWS\SYSTEM32\ieframe.dll - ok
01:53:57.0265 1568 [ 9ED9F21D73F9D71E30EAB71835E656EB ] C:\DOCUME~1\RANDYF~1\LOCALS~1\Temp\1EA2F74D-19B1-41C2-8C8F-2D6273E0765E.exe
01:53:57.0265 1568 C:\DOCUME~1\RANDYF~1\LOCALS~1\Temp\1EA2F74D-19B1-41C2-8C8F-2D6273E0765E.exe - ok
01:53:57.0296 1568 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\SYSTEM32\winhttp.dll
01:53:57.0296 1568 C:\WINDOWS\SYSTEM32\winhttp.dll - ok
01:53:57.0312 1568 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\SYSTEM32\linkinfo.dll
01:53:57.0312 1568 C:\WINDOWS\SYSTEM32\linkinfo.dll - ok
01:53:57.0328 1568 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\SYSTEM32\ntshrui.dll
01:53:57.0328 1568 C:\WINDOWS\SYSTEM32\ntshrui.dll - ok
01:53:57.0359 1568 [ 72A0DF237F9118F18AD136E99266E816 ] C:\Program Files\Microsoft Office\Office10\MSOHEV.DLL
01:53:57.0359 1568 C:\Program Files\Microsoft Office\Office10\MSOHEV.DLL - ok
01:53:57.0390 1568 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\SYSTEM32\es.dll
01:53:57.0390 1568 C:\WINDOWS\SYSTEM32\es.dll - ok
01:53:57.0437 1568 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\SYSTEM32\spoolss.dll
01:53:58.0437 1568 C:\WINDOWS\SYSTEM32\spoolss.dll - ok
01:53:58.0437 1568 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\SYSTEM32\DRIVERS\33965906.sys
01:53:58.0437 1568 C:\WINDOWS\SYSTEM32\DRIVERS\33965906.sys - ok
01:53:58.0515 1568 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\SYSTEM32\localspl.dll
01:53:58.0515 1568 C:\WINDOWS\SYSTEM32\localspl.dll - ok
01:53:58.0578 1568 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\SYSTEM32\cnbjmon.dll
01:53:58.0578 1568 C:\WINDOWS\SYSTEM32\cnbjmon.dll - ok
01:53:58.0656 1568 [ E20CE4EF5A30AC6F60ABA4C66320E44F ] C:\WINDOWS\SYSTEM32\EPLPMX02.DLL
01:53:58.0656 1568 C:\WINDOWS\SYSTEM32\EPLPMX02.DLL - ok
01:53:58.0687 1568 [ 35062CC42845666804AFA2C17FB7FCDE ] C:\WINDOWS\SYSTEM32\EPLPLX02.DLL
01:53:58.0781 1568 C:\WINDOWS\SYSTEM32\EPLPLX02.DLL - ok
01:53:58.0796 1568 [ 9F35CE19E1A3BF02B76C121A62E0B2E7 ] C:\WINDOWS\SYSTEM32\EPLPSE02.DLL
01:53:58.0796 1568 C:\WINDOWS\SYSTEM32\EPLPSE02.DLL - ok
01:53:58.0812 1568 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\SYSTEM32\pjlmon.dll
01:53:58.0812 1568 C:\WINDOWS\SYSTEM32\pjlmon.dll - ok
01:53:58.0843 1568 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\SYSTEM32\tcpmon.dll
01:53:58.0843 1568 C:\WINDOWS\SYSTEM32\tcpmon.dll - ok
01:53:58.0859 1568 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\SYSTEM32\msi.dll
01:53:58.0859 1568 C:\WINDOWS\SYSTEM32\msi.dll - ok
01:53:58.0890 1568 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\SYSTEM32\usbmon.dll
01:53:58.0890 1568 C:\WINDOWS\SYSTEM32\usbmon.dll - ok
01:53:58.0906 1568 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
01:53:58.0906 1568 C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll - ok
01:53:58.0921 1568 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\SYSTEM32\win32spl.dll
01:53:58.0921 1568 C:\WINDOWS\SYSTEM32\win32spl.dll - ok
01:53:58.0937 1568 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\SYSTEM32\netrap.dll
01:53:58.0937 1568 C:\WINDOWS\SYSTEM32\netrap.dll - ok
01:53:58.0953 1568 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\SYSTEM32\inetpp.dll
01:53:58.0953 1568 C:\WINDOWS\SYSTEM32\inetpp.dll - ok
01:53:58.0984 1568 [ 5AC34C17115D3818DC9C9F5B2D909858 ] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
01:53:58.0984 1568 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe - ok
01:53:59.0000 1568 [ EF944079FD29D024D4E2319423347844 ] C:\WINDOWS\DellMMKb.exe
01:53:59.0000 1568 C:\WINDOWS\DellMMKb.exe - ok
01:53:59.0046 1568 [ F1781DABA192A05B11D38F936466F7A9 ] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
01:53:59.0046 1568 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe - ok
01:53:59.0062 1568 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\SYSTEM32\webcheck.dll
01:53:59.0062 1568 C:\WINDOWS\SYSTEM32\webcheck.dll - ok
01:53:59.0093 1568 [ A49EBF8C263E6AC28AFDF849DE5BD4B8 ] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Cdudflib.dll
01:53:59.0093 1568 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Cdudflib.dll - ok
01:53:59.0109 1568 [ 65C2853493C45388FE9F5933D109B23F ] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Udfrwlib.dll
01:53:59.0109 1568 C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Udfrwlib.dll - ok
01:53:59.0125 1568 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\SYSTEM32\mlang.dll
01:53:59.0125 1568 C:\WINDOWS\SYSTEM32\mlang.dll - ok
01:53:59.0156 1568 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\SYSTEM32\shfolder.dll
01:53:59.0156 1568 C:\WINDOWS\SYSTEM32\shfolder.dll - ok
01:53:59.0171 1568 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\SYSTEM32\oledlg.dll
01:53:59.0171 1568 C:\WINDOWS\SYSTEM32\oledlg.dll - ok
01:53:59.0218 1568 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\SYSTEM32\olepro32.dll
01:53:59.0218 1568 C:\WINDOWS\SYSTEM32\olepro32.dll - ok
01:53:59.0234 1568 ============================================================
01:53:59.0234 1568 Scan finished
01:53:59.0234 1568 ============================================================
01:53:59.0890 1560 Detected object count: 0
01:53:59.0890 1560 Actual detected object count: 0

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 PM

Posted 30 September 2012 - 03:58 AM

PLEASE create a restore point before trying this

Please copy the entire contents of the codebox below into Notepad:


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]





Open a notepad ,copy the script,save it as

Filename:winsock.reg
save as type:All files


Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to Network Connections
Right click on your normal connection icon, and choose Properties
Click the Install button
Choose Protocol then click Add
Click Have disk
In the drop down box, type in: C:\WINDOWS\INF and click OK
In the next dialog, click Internet Protocol (TCP/IP) then click OK
Click Close to leave the properties box

After that, restart your computer and see if you can browse now.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#7 bob marley

bob marley
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 30 September 2012 - 11:20 AM

I cannot create a restore point, because my hard drive doesn't have at least 200MB of space available. This was originally caused by the malware. I've deleted every program that I thought I could live without, but it just filled back up. I'm not sure what my hard drive is filled with. Do you have any suggestions for cleaning up my disk? I've already tried the disk clean-up and defrag tools too. Do you still want me to go forth with your last set of instructions?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 PM

Posted 30 September 2012 - 11:30 AM

Skip creating restore point

#9 bob marley

bob marley
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 30 September 2012 - 12:41 PM

Yes! Internet is back.



Farbar Service Scanner Version: 19-09-2012
Ran by Randy Fisher (administrator) on 30-09-2012 at 13:36:58
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(5) NetBT(5) PSched(7) Tcpip(3)
0x080000000500000004000000010000000200000003000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 PM

Posted 30 September 2012 - 12:55 PM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.



Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

#11 bob marley

bob marley
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 30 September 2012 - 02:13 PM

I tried to download and run the aswMBR and got the following message: E:\aswMBR.exe is not a valid Win32 app.
I tried to download and run the ESET online scanner it stopped updating and Unexpected error 3 was at the top.
I tried to download and run the Malwarebytes and got the following message: Setup files are corrupted Please obtain a new copy.

So i Stopped there. What should I do next?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 PM

Posted 30 September 2012 - 09:39 PM

Boot into safemode with networking.

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.

Now try to run the tools

#13 bob marley

bob marley
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 01 October 2012 - 07:29 PM

Here are all the logs you requested. The one thing I did not do is run the *FIX* on aswMBR, cause it said it would make some major changes and you didnt't tell me to fix it.

-Thanks Again for your help!!!

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/01/2012 12:45:25 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\batfile\shell\edit\command "@" was changed.
It was reset to "%1" %*!

* HKLM\batfile\shell\print\command "@" was changed.
It was reset to "%1" %*!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* BITS [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/01/2012 12:46:46 AM
Execution time: 0 hours(s), 1 minute(s), and 20 seconds(s)


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-01 01:54:19
-----------------------------
01:54:19.500 OS Version: Windows 5.1.2600 Service Pack 3
01:54:19.500 Number of processors: 1 586 0x102
01:54:19.500 ComputerName: RANDAL UserName:
01:54:21.796 Initialize success
01:58:26.203 AVAST engine defs: 12093001
01:58:54.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
01:58:54.843 Disk 0 Vendor: ST340016A 3.10 Size: 38166MB BusType: 3
01:58:54.906 Disk 0 MBR read successfully
01:58:54.906 Disk 0 MBR scan
01:58:57.531 Disk 0 Windows XP default MBR code
01:58:57.546 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
01:58:59.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38130 MB offset 64260
01:59:00.578 Disk 0 scanning sectors +78156225
01:59:01.500 Disk 0 scanning C:\WINDOWS\system32\drivers
02:00:07.578 Service scanning
02:01:38.671 Modules scanning
02:02:07.015 Disk 0 trace - called modules:
02:02:07.046 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
02:02:07.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x827d15e0]
02:02:07.187 3 CLASSPNP.SYS[f99f2fd7] -> nt!IofCallDriver -> \Device\0000005f[0x827d6180]
02:02:07.203 5 ACPI.sys[f9969620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x827d3d98]
02:02:08.984 AVAST engine scan C:\WINDOWS
02:02:41.500 AVAST engine scan C:\WINDOWS\system32
02:11:10.968 AVAST engine scan C:\WINDOWS\system32\drivers
02:12:05.062 AVAST engine scan C:\Documents and Settings\Randy Fisher
02:18:28.000 AVAST engine scan C:\Documents and Settings\All Users
02:20:06.093 Scan finished successfully
02:20:07.421 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
02:20:07.484 The log file has been saved successfully to "E:\aswMBR.txt"


C:\TDSSKiller_Quarantine\27.09.2012_22.39.03\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_22.39.03\rtkt0000\zafs0000\tsk0001.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_22.39.03\rtkt0000\zafs0000\tsk0005.dta Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_22.39.03\rtkt0000\zafs0000\tsk0006.dta Win32/Sirefef.FG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_22.39.03\rtkt0000\zafs0000\tsk0007.dta Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_22.39.03\rtkt0000\zafs0000\tsk0008.dta a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_22.39.03\rtkt0000\zafs0000\tsk0009.dta a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.01.06

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Randy Fisher :: RANDAL [administrator]

Protection: Enabled

10/1/2012 2:49:46 PM
mbam-log-2012-10-01 (14-49-46).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231042
Time elapsed: 28 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



MiniToolBox by Farbar Version: 23-07-2012
Ran by Randy Fisher (administrator) on 01-10-2012 at 15:35:21
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

ASIX AX88772 USB2.0 to Fast Ethernet Adapter = Local Area Connection 6 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 6"

set address name="Local Area Connection 6" source=dhcp
set dns name="Local Area Connection 6" source=dhcp register=PRIMARY
set wins name="Local Area Connection 6" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Randal

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection 6:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : ASIX AX88772 USB2.0 to Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-50-B6-06-81-9F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Monday, October 01, 2012 1:39:40 PM

Lease Expires . . . . . . . . . . : Tuesday, October 02, 2012 1:39:40 PM

Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.225.64, 74.125.225.65, 74.125.225.66, 74.125.225.67
74.125.225.68, 74.125.225.69, 74.125.225.70, 74.125.225.71, 74.125.225.72
74.125.225.73, 74.125.225.78



Pinging google.com [74.125.225.36] with 32 bytes of data:



Reply from 74.125.225.36: bytes=32 time=38ms TTL=53

Reply from 74.125.225.36: bytes=32 time=30ms TTL=53



Ping statistics for 74.125.225.36:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 38ms, Average = 34ms

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=97ms TTL=46

Reply from 98.138.253.109: bytes=32 time=101ms TTL=47



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 97ms, Maximum = 101ms, Average = 99ms

Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 50 b6 06 81 9f ...... ASIX AX88772 USB2.0 to Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 20
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 20
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 20
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/01/2012 03:22:08 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.140, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/01/2012 02:22:11 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/01/2012 00:38:31 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - There is not enough space on the disk.

Error: (09/28/2012 02:04:11 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - There is not enough space on the disk.

Error: (09/28/2012 00:53:49 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - There is not enough space on the disk.

Error: (09/27/2012 10:51:10 PM) (Source: Application Error) (User: )
Description: Faulting application teatimer.exe, version 1.6.4.26, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [teatimer.exe!ws!]

Error: (09/27/2012 10:34:00 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.


DETAIL - There is not enough space on the disk.

Error: (09/27/2012 10:26:36 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

Error: (09/27/2012 10:26:35 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.

Error: (09/27/2012 10:26:35 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.


System errors:
=============
Error: (10/01/2012 01:43:28 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdudf_xp

Error: (10/01/2012 01:41:16 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/01/2012 01:39:53 AM) (Source: 0) (User: )
Description:

Error: (10/01/2012 01:38:44 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/01/2012 01:38:16 AM) (Source: DCOM) (User: RANDAL)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/01/2012 01:37:43 AM) (Source: DCOM) (User: RANDAL)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/01/2012 01:37:25 AM) (Source: DCOM) (User: RANDAL)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/01/2012 01:37:25 AM) (Source: DCOM) (User: RANDAL)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/01/2012 00:47:30 AM) (Source: DCOM) (User: RANDAL)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/01/2012 00:44:40 AM) (Source: DCOM) (User: RANDAL)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (10/01/2012 03:22:08 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.140hungapp0.0.0.000000000

Error: (10/01/2012 02:22:11 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (10/01/2012 00:38:31 AM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: There is not enough space on the disk.

Error: (09/28/2012 02:04:11 AM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: There is not enough space on the disk.

Error: (09/28/2012 00:53:49 AM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: There is not enough space on the disk.

Error: (09/27/2012 10:51:10 PM) (Source: Application Error)(User: )
Description: teatimer.exe1.6.4.26kernel32.dll5.1.2600.578100012afb

Error: (09/27/2012 10:34:00 PM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: There is not enough space on the disk.

Error: (09/27/2012 10:26:36 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThere is not enough space on the disk.

Error: (09/27/2012 10:26:35 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThere is not enough space on the disk.

Error: (09/27/2012 10:26:35 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThere is not enough space on the disk.


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe® Photoshop® Album Starter Edition 3.0 (Version: 3.00.000)
Apple Software Update (Version: 2.1.2.120)
ATI Display Driver
Avira Free Antivirus (Version: 12.0.0.1199)
AX88772 (Version: 1.00.0000)
Conexant HSF V92 56K Data Fax PCI Modem
Dell Picture Studio - Image Expert 2000
DellTouch
Digital Blue™ PC Animation Station
Digital Blue™ PC Digital Movie Creator
DX-Ball 1.09
Easy CD Creator 5 Basic (Version: 5.0.0.0000)
ESET Online Scanner v3
Gradekeeper
Help and Support Customization (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo 2002 (Version: 6.0.0.0000)
Microsoft PowerPoint Viewer 97
Microsoft Streets and Trips 2002 (Version: 9.00.17.0200)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2002 (Version: 10.0.2627.01)
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0 (Version: 06.00.0000)
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
Modem Helper
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
Shockwave
Shockwave Player (Version: 8.5.0.326)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player (Remove Only)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061017.133151)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinZip (Version: 8.1 (4331))
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)
XVID CodecPack
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 89%
Total physical RAM: 255.3 MB
Available physical RAM: 27.65 MB
Total Pagefile: 1002.67 MB
Available Pagefile: 233.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.23 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.24 GB) (Free:7.14 GB) NTFS
4 Drive e: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.52 GB) FAT32

========================= Users: ========================================

User accounts for \\RANDAL

Administrator Guest HelpAssistant
Randy Fisher SUPPORT_388945a0 SUPPORT_3f151ab9

========================= Restore Points ==================================

01-10-2012 06:39:11 System Checkpoint

**** End of log ****


Farbar Service Scanner Version: 19-09-2012
Ran by Randy Fisher (administrator) on 01-10-2012 at 15:38:03
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(5) NetBT(5) PSched(7) Tcpip(3)
0x080000000500000004000000010000000200000003000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

# AdwCleaner v2.003 - Logfile created 10/01/2012 at 15:46:06
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Randy Fisher - RANDAL
# Boot Mode : Normal
# Running from : E:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Randy Fisher\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Randy Fisher\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NavHelper
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveNow
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Documents and Settings\Randy Fisher\Application Data\Mozilla\Firefox\Profiles\6c5ml3mr.default\prefs.js

Deleted : user_pref("extensions.crossriderapp3491.adsOldValue", -1);

*************************

AdwCleaner[S1].txt - [2863 octets] - [01/10/2012 15:46:06]

########## EOF - C:\AdwCleaner[S1].txt - [2923 octets] ##########

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.0 (10.01.2012)
OS: Microsoft Windows XP x86
Ran by Randy Fisher on Mon 10/01/2012 at 16:21:26.50
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



*** Files: 0 Detections



*** Folders: 0 Detections



Removed the following from [PREFS.JS] :



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Mon 10/01/2012 at 16:21:26.84
End of Report


Farbar Service Scanner Version: 19-09-2012
Ran by Randy Fisher (administrator) on 01-10-2012 at 20:25:28
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(5) NetBT(5) PSched(7) Tcpip(3)
0x080000000500000004000000010000000200000003000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 PM

Posted 01 October 2012 - 09:53 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#15 bob marley

bob marley
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 02 October 2012 - 07:34 PM

Farbar Service Scanner Version: 19-09-2012
Ran by Randy Fisher (administrator) on 02-10-2012 at 19:49:55
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(5) NetBT(5) PSched(7) Tcpip(3)
0x080000000500000004000000010000000200000003000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/02/2012 07:55:45 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\LEXBCES.EXE (PID: 1520) [WD-HEUR]
* C:\WINDOWS\DELLMMKB.EXE (PID: 584) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/02/2012 07:57:38 PM
Execution time: 0 hours(s), 1 minute(s), and 52 seconds(s)

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AdaptecDirectCD" "DirectCD Application" "Roxio" "c:\program files\adaptec\easy cd creator 5\directcd\directcd.exe"
+ "Adobe Photo Downloader" "Adobe Photoshop Album Starter Edition 3.0 component" "Adobe Systems Incorporated" "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
+ "avgnt" "Avira System Tray Tool" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avgnt.exe"
+ "DellTouch" "Netropa™ Hot Key" "Netropa Corp." "c:\windows\dellmmkb.exe"
+ "Microsoft Works Update Detection" "Microsoft® Works Update Detection" "Microsoft® Corporation" "c:\program files\common files\microsoft shared\works shared\wkufind.exe"
+ "PrinTray" "" "" "File not found: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Camio Viewer 2000.lnk" "Camio Viewer" "Sierra Imaging" "c:\program files\sierra imaging\image expert 2000\ixapplet.exe"
+ "Microsoft Office.lnk" "Microsoft Office XP component" "Microsoft Corporation" "c:\program files\microsoft office\office10\osa.exe"
+ "Microsoft Works Calendar Reminders.lnk" "Microsoft® Works Calendar Reminder Service" "Microsoft® Corporation" "c:\program files\common files\microsoft shared\works shared\wkcalrem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ISUSPM" "Macrovision Software Manager" "Macrovision Corporation" "c:\program files\common files\installshield\updateservice\isuspm.exe"
+ "SpybotSD TeaTimer" "System settings protector" "Safer Networking Limited" "c:\program files\spybot - search & destroy\teatimer.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "cdo" "Microsoft SharePoint Portal Server Object Model" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web folders\pkmcdo.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: http://us.i1.yimg.com/us.yimg.com/i/ww/m6v4.gif"
+ "1" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
+ "Yahoo! Mail" "YMMAPI Module" "Yahoo! Inc." "c:\program files\yahoo!\common\ymmapi2005010104.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "e:\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "e:\malwarebytes' anti-malware\mbamext.dll"
+ "Shell Extension for Malware scanning" "Avira Shell Extension Library" "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\shlext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn3\yt.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files\yahoo!\companion\installs\cpn3\ytsingleinstance.dll"
+ "Yahoo! IE Services Button" "Yahoo! IE Services" "Yahoo! Inc." "c:\program files\yahoo!\common\yiesrvc.dll"
+ "Yahooo Search Protection" "Yahoo! Search Protection" "Yahoo! Inc." "c:\program files\yahoo!\search protection\ysp.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn3\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AntiVirSchedulerService" "Service to schedule Avira Free Antivirus jobs and updates." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\sched.exe"
+ "AntiVirService" "Offers permanent protection against viruses and malware with the Avira search engine." "Avira Operations GmbH & Co. KG" "c:\program files\avira\antivir desktop\avguard.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "LexBceS" "LexBce Service" "Lexmark International, Inc." "c:\windows\system32\lexbces.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "e:\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "e:\malwarebytes' anti-malware\mbamservice.exe"
+ "Symantec Core LC" "Symantec Core LC" "Symantec Corporation" "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "41145335" "" "" "File not found: system32\drivers\39734094.sys"
+ "ac97intc" "Intel® Integrated Controller Hub Audio Driver" "Intel Corporation" "c:\windows\system32\drivers\ac97intc.sys"
+ "ati2mpaa" "ATI RAGE 128 Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mpaa.sys"
+ "ati2mtaa" "ATI RAGE 128 Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtaa.sys"
+ "avgntflt" "Avira mini-filter driver" "Avira GmbH" "c:\windows\system32\drivers\avgntflt.sys"
+ "avipbb" "Avira Security Enhancement Driver" "Avira GmbH" "c:\windows\system32\drivers\avipbb.sys"
+ "avkmgr" "Avira Manager Driver" "Avira GmbH" "c:\windows\system32\drivers\avkmgr.sys"
+ "AX88772" "ASIX AX88772 Network Driver" "ASIX Electronics Corp." "c:\windows\system32\drivers\ax88772.sys"
+ "basic2" "NTRksample driver" "Conexant Systems" "c:\windows\system32\drivers\basic2.sys"
+ "bvrp_pci" "" "" "c:\windows\system32\drivers\bvrp_pci.sys"
+ "BVRPMPR5" "BVRP NDIS 5.0 MPR Protocol Driver" "Avanquest Software" "c:\windows\system32\drivers\bvrpmpr5.sys"
+ "Cdr4_xp" "CDR4 CD and DVD Place Holder Driver (see PxHelp)" "Sonic Solutions" "c:\windows\system32\drivers\cdr4_xp.sys"
+ "Cdralw2k" "CDRAL Place Holder Driver (see PxHelp)" "Sonic Solutions" "c:\windows\system32\drivers\cdralw2k.sys"
+ "cdudf_xp" "CD-UDF NT Filesystem Driver" "Roxio" "c:\windows\system32\drivers\cdudf_xp.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "DCamUSBCompany" "" "" "File not found: System32\DRIVERS\p35u.sys"
+ "dvd_2K" "DVD-RAM AddOn Driver" "Roxio" "c:\windows\system32\drivers\dvd_2k.sys"
+ "EL90XBC" "3Com EtherLink PCI Driver" "3Com Corporation" "c:\windows\system32\drivers\el90xbc5.sys"
+ "Eplpdx02" "LPT I/O driver for EPSON PRINTER" "MK Systems CO., LTD." "c:\windows\system32\drivers\eplpdx02.sys"
+ "Fallback" "Fallback driver" "Conexant Systems" "c:\windows\system32\drivers\fallback.sys"
+ "Fsks" "FSKsNT driver" "Conexant Systems" "c:\windows\system32\drivers\fsksnt.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hsf_msft" "WinACHSF driver" "Conexant" "c:\windows\system32\drivers\hsf_msft.sys"
+ "idmc1aud" "Intel DMC USBAUDIO Filter Driver" "Intel Corporation" "c:\windows\system32\drivers\idmc1aud.sys"
+ "IDMC1Blk" "DMC WDM Bulk Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\idmc1blk.sys"
+ "IDMC1Vxp" "" "Intel Corporation" "c:\windows\system32\drivers\idmc1vme.sys"
+ "K56" "K56NT driver" "Conexant Systems" "c:\windows\system32\drivers\k56nt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "MBAMSwissArmy" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbamswissarmy.sys"
+ "mmc_2K" "CD-R/RW AddOn MMC Driver (W2K)" "Roxio" "c:\windows\system32\drivers\mmc_2k.sys"
+ "Msikbd2k" "Multimedia Keyboard Driver for Windows 2000" "Netropa Corporation" "c:\windows\system32\drivers\msikbd2k.sys"
+ "netrcacm" "RCA USB Digital Cable Modem Driver" "Thomson Multimedia" "c:\windows\system32\drivers\netrcacm.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "nv4" "NVIDIA Compatible Windows XP Miniport Driver, Version 12.40.20 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "pwd_2K" "Win2000 Framework for Packet Write Driver" "Roxio" "c:\windows\system32\drivers\pwd_2k.sys"
+ "RimUsb" "" "" "File not found: System32\Drivers\RimUsb.sys"
+ "RimVSerPort" "RIM Virtual Serial Driver" "Research in Motion Ltd" "c:\windows\system32\drivers\rimserial.sys"
+ "Rksample" "Rksample WDM driver" "Conexant Systems" "c:\windows\system32\drivers\rksample.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "SoftFax" "FaxNT driver" "Conexant Systems" "c:\windows\system32\drivers\faxnt.sys"
+ "ssmdrv" "Avira Snapshot Driver" "Avira GmbH" "c:\windows\system32\drivers\ssmdrv.sys"
+ "symlcbrd" "Symantec Core Component" "Symantec Corporation" "c:\windows\system32\drivers\symlcbrd.sys"
+ "Tones" "TonesNT driver" "Conexant Systems" "c:\windows\system32\drivers\tonesnt.sys"
+ "UdfReadr_xp" "CD-UDF NT Filesystem Reader Driver" "Roxio" "c:\windows\system32\drivers\udfreadr_xp.sys"
+ "USBAAPL" "" "" "File not found: System32\Drivers\usbaapl.sys"
+ "V124" "V124NT driver" "Conexant Systems" "c:\windows\system32\drivers\v124nt.sys"
+ "vsdatant" "" "" "File not found: C:\WINDOWS\System32\vsdatant.sys"
+ "wandrv" "WAN NDIS Miniport Driver" "America Online, Inc." "c:\windows\system32\drivers\wandrv.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "WinACHSF driver" "Conexant Systems" "c:\windows\system32\drivers\hsf_cnxt.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX Video for Windows Codec" "DivXNetworks, Inc." "c:\windows\system32\divx.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Ligos Indeo® Video 5.11" "Ligos Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.ixvp" "" "" "File not found: videoplus.dll"
+ "VIDC.JPGL" "" "" "File not found: jpgl.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Intel® Play™ Sample Rate Converter" "Intel® Play™ Sample Rate Convert Filter" "Intel® Corporation" "c:\windows\system32\ipsmplrt.ax"
+ "Intel® Play™ Sample Rate Converter" "Intel® Play™ Sample Rate Convert Filter" "Intel® Corporation" "c:\windows\system32\ipsmplrt.ax"
+ "Voxware MetaSound Audio Decoder" "Voxware MetaSound Audio Decoder" "Voxware, Inc." "c:\windows\system32\voxmsdec.ax"
+ "Voxware MetaSound Audio Decoder" "Voxware MetaSound Audio Decoder" "Voxware, Inc." "c:\windows\system32\voxmsdec.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AVer" "" "" "File not found: C:\WINDOWS\System32\P35UTWN.AX"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DivX Decoder Filter" "DivX ™ Decoder Filter" "DivXNetworks, Inc." "c:\windows\system32\divxdec.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Image Effects" "Image Scaling Filter" "Intel® Corporation" "c:\windows\system32\ipsimage.ax"
+ "ImageBuilder Wave Dest" "Intel® Play™ Digital Movie Creator™" "Image Buider Software" "c:\windows\system32\dmwavedest.ax"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® Video 5.11 Compression Filter" "Ligos Indeo® Video 5.11" "Ligos Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® Video 5.11 Decompression Filter" "Ligos Indeo® Video 5.11" "Ligos Corporation" "c:\windows\system32\ir50_32.dll"
+ "Intel® Play™ AV Synch Filter" "AVSynch" "Intel Corporation" "c:\windows\system32\avsynch.ax"
+ "Intel® Play™ Download Optimization" "Intel® Play™ Download Optimization Filter" "Intel Corporation" "c:\windows\system32\dopt.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "STL Disco Lite" "DiscoLite" "Intel® Corporation" "c:\windows\system32\discolite.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "stera" "" "" "File not found: stera"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "EPSON Printer Port" "Eplpmx02 Epson Printer Monitor for Windows2000" "MK Systems CO.,LTD." "c:\windows\system32\eplpmx02.dll"
+ "Lexmark Network Port" "" "" "File not found: LEXLMPM.DLL"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users