Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove file recovery virus.


  • Please log in to reply
9 replies to this topic

#1 Badatcomputers

Badatcomputers

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 03 October 2012 - 12:34 AM

My desktop has been infected with this virus and I can't get rid of it.

I run windows XP. I have tried to remove the virus following this guide http://malwaretips.com/Thread-How-to-remove-File-Recovery-virus but when I get to step five and run the computer in normal mode the virus is still active. I was unable to instal malwarebytes but I managed to unhide the files and run the copy I already had installed. This removed several viruses but did not fix the problem.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 PM

Posted 03 October 2012 - 01:32 AM

Do not run any tools unless instructed

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Badatcomputers

Badatcomputers
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 03 October 2012 - 12:21 PM

TDSSkiller log

09:00:58.0843 0372 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:01:00.0906 0372 ============================================================
09:01:00.0906 0372 Current date / time: 2012/10/03 09:01:00.0906
09:01:00.0906 0372 SystemInfo:
09:01:00.0906 0372
09:01:00.0906 0372 OS Version: 5.1.2600 ServicePack: 3.0
09:01:00.0906 0372 Product type: Workstation
09:01:00.0921 0372 ComputerName: YOUR-XHTR8HVC4P
09:01:00.0953 0372 UserName: Owner
09:01:00.0953 0372 Windows directory: C:\WINDOWS
09:01:00.0953 0372 System windows directory: C:\WINDOWS
09:01:00.0953 0372 Processor architecture: Intel x86
09:01:00.0953 0372 Number of processors: 1
09:01:00.0953 0372 Page size: 0x1000
09:01:00.0953 0372 Boot type: Safe boot with network
09:01:00.0953 0372 ============================================================
09:01:47.0171 0372 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
09:01:47.0437 0372 ============================================================
09:01:47.0437 0372 \Device\Harddisk0\DR0:
09:01:47.0734 0372 MBR partitions:
09:01:47.0734 0372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xB1E0F1
09:01:47.0734 0372 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB1E130, BlocksNum 0x3F671D0
09:01:47.0734 0372 ============================================================
09:01:47.0906 0372 C: <-> \Device\Harddisk0\DR0\Partition2
09:01:47.0953 0372 D: <-> \Device\Harddisk0\DR0\Partition1
09:01:48.0125 0372 ============================================================
09:01:48.0125 0372 Initialize success
09:01:48.0125 0372 ============================================================
09:03:01.0875 0748 ============================================================
09:03:01.0875 0748 Scan started
09:03:01.0875 0748 Mode: Manual; TDLFS;
09:03:01.0875 0748 ============================================================
09:03:03.0890 0748 ================ Scan system memory ========================
09:03:03.0890 0748 System memory - ok
09:03:03.0906 0748 ================ Scan services =============================
09:03:04.0265 0748 Abiosdsk - ok
09:03:04.0296 0748 abp480n5 - ok
09:03:04.0390 0748 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:03:04.0390 0748 ACPI - ok
09:03:04.0468 0748 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:03:04.0468 0748 ACPIEC - ok
09:03:04.0656 0748 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:03:04.0671 0748 AdobeFlashPlayerUpdateSvc - ok
09:03:04.0703 0748 adpu160m - ok
09:03:04.0750 0748 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:03:04.0750 0748 aec - ok
09:03:04.0812 0748 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:03:04.0859 0748 AFD - ok
09:03:04.0906 0748 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
09:03:04.0906 0748 AFS2K - ok
09:03:05.0046 0748 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:03:05.0046 0748 agp440 - ok
09:03:05.0093 0748 Aha154x - ok
09:03:05.0125 0748 aic78u2 - ok
09:03:05.0171 0748 aic78xx - ok
09:03:05.0390 0748 [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:03:05.0500 0748 ALCXWDM - ok
09:03:05.0578 0748 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:03:05.0609 0748 ALG - ok
09:03:05.0656 0748 AliIde - ok
09:03:05.0703 0748 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
09:03:05.0703 0748 AmdK7 - ok
09:03:05.0750 0748 amsint - ok
09:03:05.0812 0748 AppMgmt - ok
09:03:05.0828 0748 asc - ok
09:03:05.0875 0748 asc3350p - ok
09:03:05.0906 0748 asc3550 - ok
09:03:06.0156 0748 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:03:06.0187 0748 aspnet_state - ok
09:03:06.0250 0748 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:03:06.0250 0748 AsyncMac - ok
09:03:06.0312 0748 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:03:06.0343 0748 atapi - ok
09:03:06.0375 0748 Atdisk - ok
09:03:06.0437 0748 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:03:06.0468 0748 Atmarpc - ok
09:03:06.0578 0748 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:03:06.0593 0748 AudioSrv - ok
09:03:06.0687 0748 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:03:06.0687 0748 audstub - ok
09:03:06.0765 0748 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:03:06.0765 0748 Beep - ok
09:03:06.0875 0748 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:03:07.0078 0748 BITS - ok
09:03:07.0390 0748 catchme - ok
09:03:07.0437 0748 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:03:07.0437 0748 cbidf2k - ok
09:03:07.0484 0748 cd20xrnt - ok
09:03:07.0562 0748 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:03:07.0562 0748 Cdaudio - ok
09:03:07.0656 0748 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:03:07.0656 0748 Cdfs - ok
09:03:07.0734 0748 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:03:07.0734 0748 Cdrom - ok
09:03:07.0781 0748 Changer - ok
09:03:07.0859 0748 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:03:07.0859 0748 CiSvc - ok
09:03:07.0906 0748 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:03:07.0921 0748 ClipSrv - ok
09:03:08.0000 0748 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:03:08.0078 0748 clr_optimization_v2.0.50727_32 - ok
09:03:08.0125 0748 CmdIde - ok
09:03:08.0171 0748 COMSysApp - ok
09:03:08.0250 0748 Cpqarray - ok
09:03:08.0343 0748 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:03:08.0343 0748 CryptSvc - ok
09:03:08.0375 0748 dac2w2k - ok
09:03:08.0406 0748 dac960nt - ok
09:03:08.0515 0748 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:03:08.0625 0748 DcomLaunch - ok
09:03:08.0718 0748 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:03:08.0734 0748 Dhcp - ok
09:03:08.0812 0748 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:03:08.0812 0748 Disk - ok
09:03:08.0843 0748 dmadmin - ok
09:03:08.0968 0748 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:03:09.0015 0748 dmboot - ok
09:03:09.0093 0748 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:03:09.0093 0748 dmio - ok
09:03:09.0171 0748 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:03:09.0171 0748 dmload - ok
09:03:09.0218 0748 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:03:09.0234 0748 dmserver - ok
09:03:09.0312 0748 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:03:09.0312 0748 DMusic - ok
09:03:09.0390 0748 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:03:09.0406 0748 Dnscache - ok
09:03:09.0484 0748 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:03:09.0500 0748 Dot3svc - ok
09:03:09.0531 0748 dpti2o - ok
09:03:09.0609 0748 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:03:09.0609 0748 drmkaud - ok
09:03:09.0687 0748 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:03:09.0687 0748 EapHost - ok
09:03:09.0812 0748 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:03:09.0812 0748 ERSvc - ok
09:03:09.0890 0748 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:03:09.0906 0748 Eventlog - ok
09:03:10.0015 0748 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
09:03:10.0031 0748 EventSystem - ok
09:03:10.0125 0748 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:03:10.0125 0748 Fastfat - ok
09:03:10.0234 0748 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:03:10.0312 0748 FastUserSwitchingCompatibility - ok
09:03:10.0390 0748 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
09:03:10.0406 0748 Fax - ok
09:03:10.0468 0748 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:03:10.0468 0748 Fdc - ok
09:03:10.0531 0748 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:03:10.0531 0748 Fips - ok
09:03:10.0578 0748 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:03:10.0578 0748 Flpydisk - ok
09:03:10.0656 0748 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:03:10.0671 0748 FltMgr - ok
09:03:10.0796 0748 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:03:10.0796 0748 FontCache3.0.0.0 - ok
09:03:10.0875 0748 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:03:10.0875 0748 Fs_Rec - ok
09:03:10.0921 0748 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:03:10.0921 0748 Ftdisk - ok
09:03:11.0078 0748 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:03:11.0078 0748 GEARAspiWDM - ok
09:03:11.0156 0748 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:03:11.0156 0748 Gpc - ok
09:03:11.0296 0748 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:03:11.0296 0748 helpsvc - ok
09:03:11.0328 0748 HidServ - ok
09:03:11.0390 0748 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:03:11.0390 0748 HidUsb - ok
09:03:11.0484 0748 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:03:11.0484 0748 hkmsvc - ok
09:03:11.0531 0748 hpn - ok
09:03:11.0609 0748 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:03:11.0625 0748 HTTP - ok
09:03:11.0703 0748 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:03:11.0734 0748 HTTPFilter - ok
09:03:11.0781 0748 i2omgmt - ok
09:03:11.0812 0748 i2omp - ok
09:03:11.0875 0748 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:03:11.0875 0748 i8042prt - ok
09:03:12.0000 0748 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:03:12.0046 0748 ialm - ok
09:03:12.0250 0748 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:03:12.0281 0748 idsvc - ok
09:03:12.0359 0748 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:03:12.0359 0748 Imapi - ok
09:03:12.0453 0748 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:03:12.0453 0748 ImapiService - ok
09:03:12.0531 0748 ini910u - ok
09:03:12.0593 0748 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:03:12.0593 0748 IntelIde - ok
09:03:12.0671 0748 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:03:12.0671 0748 intelppm - ok
09:03:12.0765 0748 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:03:12.0765 0748 ip6fw - ok
09:03:12.0843 0748 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:03:12.0843 0748 IpFilterDriver - ok
09:03:12.0890 0748 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:03:12.0890 0748 IpInIp - ok
09:03:12.0968 0748 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:03:12.0968 0748 IpNat - ok
09:03:13.0031 0748 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:03:13.0031 0748 IPSec - ok
09:03:13.0093 0748 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:03:13.0093 0748 IRENUM - ok
09:03:13.0171 0748 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:03:13.0171 0748 isapnp - ok
09:03:13.0437 0748 [ 11C3EFB4BAC41175D03B1595DB1A4A4F ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:03:13.0453 0748 JavaQuickStarterService - ok
09:03:13.0500 0748 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:03:13.0500 0748 Kbdclass - ok
09:03:13.0578 0748 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:03:13.0578 0748 kbdhid - ok
09:03:13.0671 0748 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:03:13.0671 0748 kmixer - ok
09:03:13.0750 0748 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:03:13.0765 0748 KSecDD - ok
09:03:13.0843 0748 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:03:13.0859 0748 lanmanserver - ok
09:03:13.0890 0748 lbrtfdc - ok
09:03:14.0015 0748 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:03:14.0015 0748 LmHosts - ok
09:03:14.0156 0748 [ FA2ED4A054360F3F873C15420F1F19CC ] ltmodem5 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
09:03:14.0265 0748 ltmodem5 - ok
09:03:14.0343 0748 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
09:03:14.0343 0748 MBAMSwissArmy - ok
09:03:14.0421 0748 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:03:14.0421 0748 mnmdd - ok
09:03:14.0500 0748 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
09:03:14.0500 0748 mnmsrvc - ok
09:03:14.0578 0748 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:03:14.0578 0748 Modem - ok
09:03:14.0609 0748 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:03:14.0609 0748 Mouclass - ok
09:03:14.0687 0748 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:03:14.0703 0748 mouhid - ok
09:03:14.0750 0748 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:03:14.0765 0748 MountMgr - ok
09:03:14.0828 0748 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:03:14.0859 0748 MozillaMaintenance - ok
09:03:15.0031 0748 MpKslaa2a088e - ok
09:03:15.0046 0748 mraid35x - ok
09:03:15.0109 0748 mrtRate - ok
09:03:15.0296 0748 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:03:15.0312 0748 MRxDAV - ok
09:03:15.0390 0748 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
09:03:15.0390 0748 MSDTC - ok
09:03:15.0453 0748 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:03:15.0453 0748 Msfs - ok
09:03:15.0468 0748 MSIServer - ok
09:03:15.0562 0748 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:03:15.0562 0748 MSKSSRV - ok
09:03:15.0609 0748 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:03:15.0609 0748 MSPCLOCK - ok
09:03:15.0640 0748 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:03:15.0640 0748 MSPQM - ok
09:03:15.0703 0748 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:03:15.0703 0748 mssmbios - ok
09:03:15.0765 0748 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:03:15.0781 0748 Mup - ok
09:03:15.0859 0748 [ 63D074073D5FDA93163517C2A8F2BA5A ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
09:03:15.0875 0748 MxlW2k - ok
09:03:15.0984 0748 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:03:16.0015 0748 napagent - ok
09:03:16.0109 0748 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:03:16.0125 0748 NDIS - ok
09:03:16.0203 0748 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:03:16.0218 0748 NdisTapi - ok
09:03:16.0312 0748 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:03:16.0328 0748 Ndisuio - ok
09:03:16.0390 0748 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:03:16.0406 0748 NdisWan - ok
09:03:16.0484 0748 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:03:16.0515 0748 NDProxy - ok
09:03:16.0656 0748 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:03:16.0687 0748 NetBT - ok
09:03:16.0781 0748 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:03:16.0859 0748 NetDDE - ok
09:03:16.0906 0748 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:03:16.0921 0748 NetDDEdsdm - ok
09:03:17.0031 0748 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:03:17.0125 0748 Netman - ok
09:03:17.0234 0748 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:03:17.0265 0748 NetTcpPortSharing - ok
09:03:17.0343 0748 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:03:17.0343 0748 Nla - ok
09:03:17.0468 0748 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:03:17.0484 0748 Npfs - ok
09:03:17.0562 0748 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:03:17.0593 0748 Ntfs - ok
09:03:17.0687 0748 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:03:17.0718 0748 NtmsSvc - ok
09:03:17.0796 0748 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:03:17.0796 0748 Null - ok
09:03:17.0953 0748 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:03:18.0078 0748 nv - ok
09:03:18.0156 0748 [ 26712CF8BE48BC767854927435C0B6A9 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
09:03:18.0156 0748 NVSvc - ok
09:03:18.0234 0748 [ 29291C3A7256337327051CC37E4FC09A ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
09:03:18.0234 0748 nv_agp - ok
09:03:18.0312 0748 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:03:18.0312 0748 NwlnkFlt - ok
09:03:18.0390 0748 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:03:18.0390 0748 NwlnkFwd - ok
09:03:18.0500 0748 [ 7FA2A1A45435DC851790C0FD5F54612B ] omniserv C:\Program Files\Softex\OmniPass\Omniserv.exe
09:03:18.0500 0748 omniserv - ok
09:03:18.0578 0748 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:03:18.0593 0748 Parport - ok
09:03:18.0640 0748 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:03:18.0640 0748 PartMgr - ok
09:03:18.0718 0748 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:03:18.0734 0748 ParVdm - ok
09:03:18.0750 0748 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:03:18.0765 0748 PCI - ok
09:03:18.0796 0748 PCIDump - ok
09:03:18.0843 0748 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\System32\DRIVERS\pciide.sys
09:03:18.0859 0748 PCIIde - ok
09:03:18.0890 0748 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:03:18.0906 0748 Pcmcia - ok
09:03:18.0953 0748 PDCOMP - ok
09:03:18.0984 0748 PDFRAME - ok
09:03:19.0031 0748 PDRELI - ok
09:03:19.0062 0748 PDRFRAME - ok
09:03:19.0109 0748 perc2 - ok
09:03:19.0140 0748 perc2hib - ok
09:03:19.0281 0748 pjmn - ok
09:03:19.0328 0748 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:03:19.0343 0748 PlugPlay - ok
09:03:19.0421 0748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:03:19.0421 0748 PolicyAgent - ok
09:03:19.0500 0748 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:03:19.0500 0748 PptpMiniport - ok
09:03:19.0562 0748 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
09:03:19.0562 0748 Processor - ok
09:03:19.0609 0748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:03:19.0609 0748 ProtectedStorage - ok
09:03:19.0687 0748 [ BFFDB363485501A38F0BCA83AEC810DB ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
09:03:19.0687 0748 Ps2 - ok
09:03:19.0718 0748 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:03:19.0718 0748 PSched - ok
09:03:19.0812 0748 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:03:19.0812 0748 Ptilink - ok
09:03:19.0890 0748 [ 80C824C78DD1CAC1833AE5DCCA02B327 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
09:03:19.0890 0748 PxHelp20 - ok
09:03:19.0937 0748 ql1080 - ok
09:03:19.0968 0748 Ql10wnt - ok
09:03:20.0031 0748 ql12160 - ok
09:03:20.0062 0748 ql1240 - ok
09:03:20.0109 0748 ql1280 - ok
09:03:20.0171 0748 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:03:20.0171 0748 RasAcd - ok
09:03:20.0250 0748 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:03:20.0250 0748 RasAuto - ok
09:03:20.0312 0748 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:03:20.0312 0748 Rasl2tp - ok
09:03:20.0375 0748 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:03:20.0406 0748 RasMan - ok
09:03:20.0468 0748 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:03:20.0468 0748 RasPppoe - ok
09:03:20.0515 0748 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:03:20.0515 0748 Raspti - ok
09:03:20.0609 0748 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:03:20.0609 0748 RDPCDD - ok
09:03:20.0718 0748 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:03:20.0734 0748 RDPWD - ok
09:03:20.0812 0748 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:03:20.0812 0748 RDSessMgr - ok
09:03:20.0875 0748 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:03:20.0875 0748 redbook - ok
09:03:21.0000 0748 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:03:21.0000 0748 RemoteAccess - ok
09:03:21.0156 0748 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:03:21.0171 0748 RpcSs - ok
09:03:21.0234 0748 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
09:03:21.0234 0748 RSVP - ok
09:03:21.0312 0748 [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
09:03:21.0312 0748 rtl8139 - ok
09:03:21.0390 0748 [ 0DBCC071A268E0340A2BA6BDD98BACE4 ] S3Psddr C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
09:03:21.0390 0748 S3Psddr - ok
09:03:21.0468 0748 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:03:21.0484 0748 SamSs - ok
09:03:21.0562 0748 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:03:21.0578 0748 SCardSvr - ok
09:03:21.0640 0748 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:03:21.0656 0748 Schedule - ok
09:03:21.0765 0748 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:03:21.0765 0748 Secdrv - ok
09:03:21.0843 0748 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:03:21.0843 0748 seclogon - ok
09:03:21.0921 0748 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:03:21.0921 0748 SENS - ok
09:03:21.0984 0748 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:03:21.0984 0748 Serenum - ok
09:03:22.0046 0748 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:03:22.0046 0748 Serial - ok
09:03:22.0156 0748 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:03:22.0171 0748 Sfloppy - ok
09:03:22.0265 0748 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:03:22.0296 0748 SharedAccess - ok
09:03:22.0343 0748 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:03:22.0359 0748 ShellHWDetection - ok
09:03:22.0390 0748 Simbad - ok
09:03:22.0500 0748 [ BDFEF5C5D41BA377852389E8F07104EA ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
09:03:22.0531 0748 SiS315 - ok
09:03:22.0609 0748 [ 923D23638C616EECB0D811461161D0B8 ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
09:03:22.0609 0748 SISAGP - ok
09:03:22.0656 0748 [ 7E9E5823AFBB5AF2851ABB1659FF627D ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
09:03:22.0656 0748 SiSkp - ok
09:03:22.0703 0748 Sparrow - ok
09:03:22.0796 0748 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:03:22.0796 0748 splitter - ok
09:03:22.0875 0748 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:03:22.0875 0748 Spooler - ok
09:03:22.0921 0748 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:03:22.0921 0748 sr - ok
09:03:23.0000 0748 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:03:23.0000 0748 srservice - ok
09:03:23.0125 0748 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:03:23.0218 0748 Srv - ok
09:03:23.0328 0748 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:03:23.0328 0748 SSDPSRV - ok
09:03:23.0453 0748 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:03:23.0515 0748 stisvc - ok
09:03:23.0578 0748 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:03:23.0578 0748 swenum - ok
09:03:23.0625 0748 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:03:23.0640 0748 swmidi - ok
09:03:23.0671 0748 SwPrv - ok
09:03:23.0734 0748 symc810 - ok
09:03:23.0765 0748 symc8xx - ok
09:03:23.0984 0748 [ 67C5AF84809468061121FBCBECB19285 ] SymWSC C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
09:03:24.0031 0748 SymWSC - ok
09:03:24.0078 0748 sym_hi - ok
09:03:24.0125 0748 sym_u3 - ok
09:03:24.0234 0748 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:03:24.0234 0748 sysaudio - ok
09:03:24.0328 0748 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:03:24.0328 0748 SysmonLog - ok
09:03:24.0421 0748 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:03:24.0437 0748 TapiSrv - ok
09:03:24.0562 0748 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:03:24.0609 0748 Tcpip - ok
09:03:24.0703 0748 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:03:24.0703 0748 TDPIPE - ok
09:03:24.0750 0748 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:03:24.0750 0748 TDTCP - ok
09:03:24.0812 0748 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:03:24.0812 0748 TermDD - ok
09:03:24.0890 0748 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:03:24.0937 0748 TermService - ok
09:03:25.0031 0748 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:03:25.0031 0748 Themes - ok
09:03:25.0109 0748 TosIde - ok
09:03:25.0171 0748 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:03:25.0171 0748 TrkWks - ok
09:03:25.0265 0748 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:03:25.0281 0748 Udfs - ok
09:03:25.0296 0748 ultra - ok
09:03:25.0406 0748 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:03:25.0437 0748 Update - ok
09:03:25.0515 0748 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:03:25.0515 0748 upnphost - ok
09:03:25.0593 0748 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:03:25.0609 0748 UPS - ok
09:03:25.0718 0748 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:03:25.0734 0748 usbehci - ok
09:03:25.0812 0748 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:03:25.0812 0748 usbhub - ok
09:03:25.0875 0748 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:03:25.0890 0748 usbohci - ok
09:03:25.0953 0748 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:03:25.0953 0748 usbprint - ok
09:03:26.0078 0748 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:03:26.0078 0748 usbscan - ok
09:03:26.0156 0748 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:03:26.0156 0748 USBSTOR - ok
09:03:26.0203 0748 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:03:26.0203 0748 usbuhci - ok
09:03:26.0265 0748 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:03:26.0265 0748 VgaSave - ok
09:03:26.0343 0748 [ 0E3E3FAE3A0A58B8D936A8E841A17D16 ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
09:03:26.0343 0748 viaagp1 - ok
09:03:26.0421 0748 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
09:03:26.0421 0748 ViaIde - ok
09:03:26.0453 0748 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:03:26.0453 0748 VolSnap - ok
09:03:26.0531 0748 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:03:26.0562 0748 VSS - ok
09:03:26.0703 0748 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
09:03:26.0734 0748 W32Time - ok
09:03:26.0828 0748 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:03:26.0828 0748 Wanarp - ok
09:03:26.0859 0748 WDICA - ok
09:03:27.0000 0748 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:03:27.0000 0748 wdmaud - ok
09:03:27.0109 0748 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:03:27.0156 0748 WebClient - ok
09:03:27.0312 0748 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:03:27.0312 0748 winmgmt - ok
09:03:27.0437 0748 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:03:27.0453 0748 WmdmPmSN - ok
09:03:27.0531 0748 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:03:27.0546 0748 WmiApSrv - ok
09:03:27.0593 0748 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:03:27.0609 0748 WpdUsb - ok
09:03:27.0703 0748 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:03:27.0703 0748 WS2IFSL - ok
09:03:27.0796 0748 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:03:27.0875 0748 wscsvc - ok
09:03:27.0953 0748 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:03:28.0015 0748 wuauserv - ok
09:03:28.0093 0748 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:03:28.0093 0748 WudfPf - ok
09:03:28.0156 0748 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:03:28.0156 0748 WudfRd - ok
09:03:28.0218 0748 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:03:28.0234 0748 WudfSvc - ok
09:03:28.0343 0748 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:03:28.0375 0748 WZCSVC - ok
09:03:28.0453 0748 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:03:28.0562 0748 xmlprov - ok
09:03:28.0656 0748 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
09:03:28.0656 0748 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
09:03:28.0703 0748 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
09:03:28.0703 0748 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
09:03:28.0718 0748 ================ Scan global ===============================
09:03:28.0796 0748 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:03:28.0890 0748 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:03:28.0953 0748 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:03:29.0000 0748 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:03:29.0000 0748 [Global] - ok
09:03:29.0031 0748 ================ Scan MBR ==================================
09:03:29.0062 0748 [ B716B775FCBDABF0E2DDFF76F15C6790 ] \Device\Harddisk0\DR0
09:03:29.0109 0748 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
09:03:29.0109 0748 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
09:03:29.0140 0748 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:03:29.0140 0748 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:03:29.0156 0748 ================ Scan VBR ==================================
09:03:29.0171 0748 [ 7455D6FF315A5A6ECA7A193108D1634B ] \Device\Harddisk0\DR0\Partition1
09:03:29.0171 0748 \Device\Harddisk0\DR0\Partition1 - ok
09:03:29.0203 0748 [ FB857FEABA485C1368201034F9A63891 ] \Device\Harddisk0\DR0\Partition2
09:03:29.0218 0748 \Device\Harddisk0\DR0\Partition2 - ok
09:03:29.0234 0748 ============================================================
09:03:29.0234 0748 Scan finished
09:03:29.0234 0748 ============================================================
09:03:29.0296 0740 Detected object count: 2
09:03:29.0296 0740 Actual detected object count: 2
09:05:37.0093 0740 \Device\Harddisk0\DR0\# - copied to quarantine
09:05:37.0093 0740 \Device\Harddisk0\DR0 - copied to quarantine
09:05:37.0250 0740 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
09:05:37.0250 0740 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
09:05:37.0250 0740 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
09:05:37.0250 0740 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
09:05:37.0250 0740 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
09:05:37.0250 0740 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
09:05:37.0281 0740 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
09:05:37.0296 0740 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
09:05:37.0296 0740 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
09:05:37.0359 0740 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:05:37.0453 0740 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:05:37.0453 0740 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:05:37.0468 0740 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:05:37.0484 0740 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
09:05:37.0484 0740 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
09:05:37.0484 0740 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
09:05:37.0515 0740 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
09:05:37.0515 0740 \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
09:05:37.0562 0740 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
09:05:37.0562 0740 \Device\Harddisk0\DR0 - ok
09:05:38.0625 0740 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
09:05:38.0640 0740 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:05:38.0640 0740 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:05:48.0640 0380 Deinitialize success

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-03 09:38:57
-----------------------------
09:38:57.953 OS Version: Windows 5.1.2600 Service Pack 3
09:38:57.953 Number of processors: 1 586 0x209
09:38:57.953 ComputerName: YOUR-XHTR8HVC4P UserName: Owner
09:39:08.593 Initialize success
09:39:54.421 AVAST engine defs: 12100301
09:40:34.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:40:34.312 Disk 0 Vendor: WDC_WD400EB-00CPF0 06.04G06 Size: 38166MB BusType: 3
09:40:34.359 Disk 0 MBR read successfully
09:40:34.375 Disk 0 MBR scan
09:40:34.781 Disk 0 unknown MBR code
09:40:34.812 Disk 0 Partition 1 00 0B FAT32 RECOVERY 5692 MB offset 63
09:40:34.890 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 32462 MB offset 11657520
09:40:34.953 Disk 0 scanning sectors +78140160
09:40:35.156 Disk 0 scanning C:\WINDOWS\system32\drivers
09:41:01.921 Service scanning
09:41:41.609 Modules scanning
09:42:02.890 Disk 0 trace - called modules:
09:42:02.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
09:42:04.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b11620]
09:42:04.078 3 CLASSPNP.SYS[f95ccfd7] -> nt!IofCallDriver -> \Device\00000059[0x81afbe40]
09:42:04.140 5 ACPI.sys[f9543620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81b420a8]
09:42:05.187 AVAST engine scan C:\WINDOWS
09:42:23.687 AVAST engine scan C:\WINDOWS\system32
09:47:40.359 AVAST engine scan C:\WINDOWS\system32\drivers
09:48:07.375 AVAST engine scan C:\Documents and Settings\Owner
09:54:04.515 AVAST engine scan C:\Documents and Settings\All Users
09:56:43.656 File: C:\Documents and Settings\All Users\Application Data\VYhEA3ujJKdhDO.exe **INFECTED** Win32:FakeAV-DYG [Trj]
09:57:18.468 Scan finished successfully
09:57:59.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\Downloads\MBR.dat"
09:57:59.375 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\Downloads\aswMBR.txt"


ESET log:
C:\Documents and Settings\All Users\Application Data\VYhEA3ujJKdhDO.exe a variant of Win32/Injector.XGY trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\temp\is754907076\dealcabby.exe Win32/Adware.DealCabby.A application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\temp\is754907076\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\temp\plugtmp-101\plugin-VIScSHgk.pdf JS/Exploit.Pdfka.PJW.Gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8AQG8V18\mozilla-firefox[1].exe a variant of Win32/InstallCore.X application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\DOCUME~1\Owner\LOCALS~1\temp\23631764.nls.vir a variant of Win32/Riern.U trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.10.2012_09.01.00\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.10.2012_09.01.00\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmasco.Y trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.10.2012_09.01.00\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.10.2012_09.01.00\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.10.2012_09.01.00\mbr0000\tdlfs0000\tsk0009.dta probably a variant of Win32/Olmasco.O trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.10.2012_09.01.00\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.AA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.10.2012_09.01.00\mbr0000\tdlfs0000\tsk0011.dta Win32/Olmasco.Q trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.10.2012_09.01.00\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.10.2012_09.01.00\mbr0000\tdlfs0000\tsk0015.dta Win32/Olmasco.AA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.10.2012_09.01.00\mbr0000\tdlfs0000\tsk0016.dta Win64/Olmasco.Z trojan cleaned by deleting - quarantined

Should it be safe to start the computer in normal mode now to see if it's fixed? Also aswMBR did not give me an option to fix anything after the scan. Don't know if that is important or not.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 PM

Posted 03 October 2012 - 01:40 PM

Boot into normal mode

RUN TDSSkiller again and select DELETE

09:05:38.0640 0740 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Post the log


Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 Badatcomputers

Badatcomputers
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 03 October 2012 - 04:54 PM

TDSS did not detect that file the second time I run this, so I could not delete it.

15:23:22.0687 1396 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:23:25.0062 1396 ============================================================
15:23:25.0062 1396 Current date / time: 2012/10/03 15:23:25.0062
15:23:25.0062 1396 SystemInfo:
15:23:25.0062 1396
15:23:25.0062 1396 OS Version: 5.1.2600 ServicePack: 3.0
15:23:25.0062 1396 Product type: Workstation
15:23:25.0062 1396 ComputerName: YOUR-XHTR8HVC4P
15:23:25.0062 1396 UserName: Owner
15:23:25.0062 1396 Windows directory: C:\WINDOWS
15:23:25.0062 1396 System windows directory: C:\WINDOWS
15:23:25.0062 1396 Processor architecture: Intel x86
15:23:25.0062 1396 Number of processors: 1
15:23:25.0062 1396 Page size: 0x1000
15:23:25.0062 1396 Boot type: Normal boot
15:23:25.0062 1396 ============================================================
15:23:33.0953 1396 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
15:23:34.0203 1396 ============================================================
15:23:34.0203 1396 \Device\Harddisk0\DR0:
15:23:34.0218 1396 MBR partitions:
15:23:34.0218 1396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xB1E0F1
15:23:34.0218 1396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB1E130, BlocksNum 0x3F671D0
15:23:34.0218 1396 ============================================================
15:23:35.0750 1396 C: <-> \Device\Harddisk0\DR0\Partition2
15:23:35.0828 1396 D: <-> \Device\Harddisk0\DR0\Partition1
15:23:36.0343 1396 ============================================================
15:23:36.0343 1396 Initialize success
15:23:36.0343 1396 ============================================================
15:24:08.0437 2300 ============================================================
15:24:08.0437 2300 Scan started
15:24:08.0437 2300 Mode: Manual;
15:24:08.0437 2300 ============================================================
15:24:09.0000 2300 ================ Scan system memory ========================
15:24:09.0000 2300 System memory - ok
15:24:09.0015 2300 ================ Scan services =============================
15:24:09.0843 2300 Abiosdsk - ok
15:24:09.0859 2300 abp480n5 - ok
15:24:09.0937 2300 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:24:09.0984 2300 ACPI - ok
15:24:10.0046 2300 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:24:10.0062 2300 ACPIEC - ok
15:24:10.0218 2300 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:24:10.0218 2300 AdobeFlashPlayerUpdateSvc - ok
15:24:10.0250 2300 adpu160m - ok
15:24:10.0312 2300 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:24:10.0343 2300 aec - ok
15:24:10.0468 2300 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:24:10.0484 2300 AFD - ok
15:24:10.0531 2300 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
15:24:10.0531 2300 AFS2K - ok
15:24:10.0609 2300 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:24:10.0609 2300 agp440 - ok
15:24:10.0625 2300 Aha154x - ok
15:24:10.0640 2300 aic78u2 - ok
15:24:10.0656 2300 aic78xx - ok
15:24:11.0078 2300 [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:24:11.0812 2300 ALCXWDM - ok
15:24:11.0890 2300 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:24:11.0906 2300 ALG - ok
15:24:11.0921 2300 AliIde - ok
15:24:11.0984 2300 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:24:11.0984 2300 AmdK7 - ok
15:24:12.0015 2300 amsint - ok
15:24:12.0062 2300 AppMgmt - ok
15:24:12.0078 2300 asc - ok
15:24:12.0093 2300 asc3350p - ok
15:24:12.0125 2300 asc3550 - ok
15:24:12.0484 2300 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:24:12.0609 2300 aspnet_state - ok
15:24:12.0671 2300 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:24:12.0687 2300 AsyncMac - ok
15:24:12.0734 2300 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:24:12.0781 2300 atapi - ok
15:24:12.0812 2300 Atdisk - ok
15:24:12.0875 2300 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:24:12.0890 2300 Atmarpc - ok
15:24:12.0937 2300 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:24:12.0953 2300 AudioSrv - ok
15:24:13.0015 2300 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:24:13.0015 2300 audstub - ok
15:24:13.0062 2300 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:24:13.0062 2300 Beep - ok
15:24:13.0203 2300 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:24:13.0250 2300 BITS - ok
15:24:13.0906 2300 catchme - ok
15:24:13.0968 2300 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:24:13.0984 2300 cbidf2k - ok
15:24:14.0015 2300 cd20xrnt - ok
15:24:14.0078 2300 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:24:14.0093 2300 Cdaudio - ok
15:24:14.0156 2300 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:24:14.0156 2300 Cdfs - ok
15:24:14.0234 2300 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:24:14.0234 2300 Cdrom - ok
15:24:14.0265 2300 Changer - ok
15:24:14.0328 2300 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:24:14.0343 2300 CiSvc - ok
15:24:14.0421 2300 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:24:14.0421 2300 ClipSrv - ok
15:24:14.0500 2300 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:24:15.0062 2300 clr_optimization_v2.0.50727_32 - ok
15:24:15.0093 2300 CmdIde - ok
15:24:15.0109 2300 COMSysApp - ok
15:24:15.0140 2300 Cpqarray - ok
15:24:15.0218 2300 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:24:15.0250 2300 CryptSvc - ok
15:24:15.0265 2300 dac2w2k - ok
15:24:15.0296 2300 dac960nt - ok
15:24:15.0453 2300 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:24:15.0593 2300 DcomLaunch - ok
15:24:15.0703 2300 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:24:15.0718 2300 Dhcp - ok
15:24:15.0796 2300 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:24:15.0812 2300 Disk - ok
15:24:15.0828 2300 dmadmin - ok
15:24:15.0968 2300 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:24:16.0125 2300 dmboot - ok
15:24:16.0218 2300 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:24:16.0218 2300 dmio - ok
15:24:16.0281 2300 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:24:16.0296 2300 dmload - ok
15:24:16.0343 2300 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:24:16.0390 2300 dmserver - ok
15:24:16.0468 2300 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:24:16.0484 2300 DMusic - ok
15:24:16.0578 2300 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:24:16.0593 2300 Dnscache - ok
15:24:16.0703 2300 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:24:16.0703 2300 Dot3svc - ok
15:24:16.0734 2300 dpti2o - ok
15:24:16.0781 2300 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:24:16.0796 2300 drmkaud - ok
15:24:16.0843 2300 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:24:16.0859 2300 EapHost - ok
15:24:16.0953 2300 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:24:16.0968 2300 ERSvc - ok
15:24:17.0093 2300 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:24:17.0125 2300 Eventlog - ok
15:24:17.0250 2300 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
15:24:17.0281 2300 EventSystem - ok
15:24:17.0359 2300 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:24:17.0375 2300 Fastfat - ok
15:24:17.0500 2300 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:24:17.0515 2300 FastUserSwitchingCompatibility - ok
15:24:17.0687 2300 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
15:24:17.0703 2300 Fax - ok
15:24:17.0750 2300 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:24:17.0750 2300 Fdc - ok
15:24:17.0781 2300 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:24:17.0781 2300 Fips - ok
15:24:17.0843 2300 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:24:17.0859 2300 Flpydisk - ok
15:24:17.0937 2300 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:24:17.0937 2300 FltMgr - ok
15:24:18.0046 2300 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:24:18.0062 2300 FontCache3.0.0.0 - ok
15:24:18.0125 2300 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:24:18.0171 2300 Fs_Rec - ok
15:24:18.0218 2300 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:24:18.0250 2300 Ftdisk - ok
15:24:18.0343 2300 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:24:18.0359 2300 GEARAspiWDM - ok
15:24:18.0421 2300 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:24:18.0437 2300 Gpc - ok
15:24:18.0593 2300 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:24:18.0625 2300 helpsvc - ok
15:24:18.0640 2300 HidServ - ok
15:24:18.0687 2300 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:24:18.0687 2300 HidUsb - ok
15:24:18.0765 2300 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:24:18.0781 2300 hkmsvc - ok
15:24:18.0812 2300 hpn - ok
15:24:18.0890 2300 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:24:18.0921 2300 HTTP - ok
15:24:18.0968 2300 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:24:18.0984 2300 HTTPFilter - ok
15:24:19.0000 2300 i2omgmt - ok
15:24:19.0031 2300 i2omp - ok
15:24:19.0078 2300 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:24:19.0078 2300 i8042prt - ok
15:24:19.0406 2300 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:24:19.0625 2300 ialm - ok
15:24:20.0562 2300 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:24:20.0968 2300 idsvc - ok
15:24:21.0031 2300 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:24:21.0046 2300 Imapi - ok
15:24:21.0125 2300 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:24:21.0156 2300 ImapiService - ok
15:24:21.0171 2300 ini910u - ok
15:24:21.0218 2300 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:24:21.0250 2300 IntelIde - ok
15:24:21.0343 2300 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:24:21.0359 2300 intelppm - ok
15:24:21.0468 2300 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:24:21.0468 2300 ip6fw - ok
15:24:21.0593 2300 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:24:21.0609 2300 IpFilterDriver - ok
15:24:21.0656 2300 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:24:21.0656 2300 IpInIp - ok
15:24:21.0718 2300 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:24:21.0750 2300 IpNat - ok
15:24:21.0812 2300 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:24:21.0843 2300 IPSec - ok
15:24:21.0921 2300 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:24:21.0921 2300 IRENUM - ok
15:24:22.0015 2300 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:24:22.0046 2300 isapnp - ok
15:24:22.0281 2300 [ 11C3EFB4BAC41175D03B1595DB1A4A4F ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
15:24:22.0281 2300 JavaQuickStarterService - ok
15:24:22.0328 2300 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:24:22.0328 2300 Kbdclass - ok
15:24:22.0484 2300 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:24:22.0500 2300 kbdhid - ok
15:24:22.0640 2300 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:24:22.0703 2300 kmixer - ok
15:24:22.0843 2300 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:24:22.0875 2300 KSecDD - ok
15:24:22.0968 2300 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:24:22.0984 2300 lanmanserver - ok
15:24:23.0000 2300 lbrtfdc - ok
15:24:23.0109 2300 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:24:23.0140 2300 LmHosts - ok
15:24:23.0515 2300 [ FA2ED4A054360F3F873C15420F1F19CC ] ltmodem5 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
15:24:23.0562 2300 ltmodem5 - ok
15:24:23.0765 2300 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
15:24:23.0781 2300 MBAMSwissArmy - ok
15:24:23.0921 2300 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:24:23.0937 2300 mnmdd - ok
15:24:24.0062 2300 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
15:24:24.0078 2300 mnmsrvc - ok
15:24:24.0156 2300 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:24:24.0156 2300 Modem - ok
15:24:24.0265 2300 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:24:24.0281 2300 Mouclass - ok
15:24:24.0406 2300 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:24:24.0437 2300 mouhid - ok
15:24:24.0500 2300 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:24:24.0515 2300 MountMgr - ok
15:24:24.0625 2300 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:24:24.0656 2300 MozillaMaintenance - ok
15:24:24.0828 2300 MpKslaa2a088e - ok
15:24:24.0843 2300 mraid35x - ok
15:24:24.0875 2300 mrtRate - ok
15:24:25.0000 2300 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:24:25.0000 2300 MRxDAV - ok
15:24:25.0062 2300 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:24:25.0093 2300 MSDTC - ok
15:24:25.0140 2300 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:24:25.0140 2300 Msfs - ok
15:24:25.0156 2300 MSIServer - ok
15:24:25.0203 2300 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:24:25.0234 2300 MSKSSRV - ok
15:24:25.0281 2300 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:24:25.0312 2300 MSPCLOCK - ok
15:24:25.0531 2300 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:24:25.0531 2300 MSPQM - ok
15:24:25.0625 2300 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:24:25.0656 2300 mssmbios - ok
15:24:25.0750 2300 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:24:25.0781 2300 Mup - ok
15:24:25.0921 2300 [ 63D074073D5FDA93163517C2A8F2BA5A ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
15:24:25.0937 2300 MxlW2k - ok
15:24:26.0078 2300 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:24:26.0125 2300 napagent - ok
15:24:26.0187 2300 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:24:26.0203 2300 NDIS - ok
15:24:26.0265 2300 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:24:26.0328 2300 NdisTapi - ok
15:24:26.0390 2300 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:24:26.0390 2300 Ndisuio - ok
15:24:26.0421 2300 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:24:26.0421 2300 NdisWan - ok
15:24:26.0484 2300 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:24:26.0500 2300 NDProxy - ok
15:24:26.0593 2300 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:24:26.0593 2300 NetBT - ok
15:24:26.0671 2300 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:24:26.0687 2300 NetDDE - ok
15:24:26.0734 2300 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:24:26.0734 2300 NetDDEdsdm - ok
15:24:26.0968 2300 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:24:27.0000 2300 Netman - ok
15:24:27.0078 2300 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:24:27.0093 2300 NetTcpPortSharing - ok
15:24:27.0156 2300 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:24:27.0187 2300 Nla - ok
15:24:27.0250 2300 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:24:27.0265 2300 Npfs - ok
15:24:27.0515 2300 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:24:27.0656 2300 Ntfs - ok
15:24:27.0765 2300 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:24:27.0843 2300 NtmsSvc - ok
15:24:28.0000 2300 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:24:28.0015 2300 Null - ok
15:24:28.0484 2300 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:24:29.0046 2300 nv - ok
15:24:29.0140 2300 [ 26712CF8BE48BC767854927435C0B6A9 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
15:24:29.0171 2300 NVSvc - ok
15:24:29.0265 2300 [ 29291C3A7256337327051CC37E4FC09A ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
15:24:29.0312 2300 nv_agp - ok
15:24:29.0375 2300 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:24:29.0390 2300 NwlnkFlt - ok
15:24:29.0468 2300 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:24:29.0468 2300 NwlnkFwd - ok
15:24:29.0546 2300 [ 7FA2A1A45435DC851790C0FD5F54612B ] omniserv C:\Program Files\Softex\OmniPass\Omniserv.exe
15:24:29.0546 2300 omniserv - ok
15:24:29.0703 2300 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:24:29.0750 2300 Parport - ok
15:24:29.0843 2300 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:24:29.0843 2300 PartMgr - ok
15:24:29.0937 2300 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:24:29.0937 2300 ParVdm - ok
15:24:29.0984 2300 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:24:29.0984 2300 PCI - ok
15:24:30.0046 2300 PCIDump - ok
15:24:30.0125 2300 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\System32\DRIVERS\pciide.sys
15:24:30.0140 2300 PCIIde - ok
15:24:30.0203 2300 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:24:30.0218 2300 Pcmcia - ok
15:24:30.0265 2300 PDCOMP - ok
15:24:30.0281 2300 PDFRAME - ok
15:24:30.0296 2300 PDRELI - ok
15:24:30.0328 2300 PDRFRAME - ok
15:24:30.0343 2300 perc2 - ok
15:24:30.0359 2300 perc2hib - ok
15:24:30.0437 2300 pjmn - ok
15:24:30.0484 2300 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:24:30.0484 2300 PlugPlay - ok
15:24:30.0562 2300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:24:30.0578 2300 PolicyAgent - ok
15:24:30.0625 2300 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:24:30.0671 2300 PptpMiniport - ok
15:24:30.0750 2300 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:24:30.0781 2300 Processor - ok
15:24:30.0812 2300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:24:30.0812 2300 ProtectedStorage - ok
15:24:30.0921 2300 [ BFFDB363485501A38F0BCA83AEC810DB ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
15:24:30.0921 2300 Ps2 - ok
15:24:31.0015 2300 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:24:31.0015 2300 PSched - ok
15:24:31.0140 2300 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:24:31.0140 2300 Ptilink - ok
15:24:31.0203 2300 [ 80C824C78DD1CAC1833AE5DCCA02B327 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
15:24:31.0218 2300 PxHelp20 - ok
15:24:31.0250 2300 ql1080 - ok
15:24:31.0265 2300 Ql10wnt - ok
15:24:31.0296 2300 ql12160 - ok
15:24:31.0312 2300 ql1240 - ok
15:24:31.0343 2300 ql1280 - ok
15:24:31.0437 2300 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:24:31.0437 2300 RasAcd - ok
15:24:31.0500 2300 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:24:31.0515 2300 RasAuto - ok
15:24:31.0609 2300 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:24:31.0609 2300 Rasl2tp - ok
15:24:31.0765 2300 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:24:31.0843 2300 RasMan - ok
15:24:31.0937 2300 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:24:31.0968 2300 RasPppoe - ok
15:24:32.0031 2300 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:24:32.0046 2300 Raspti - ok
15:24:32.0125 2300 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:24:32.0140 2300 RDPCDD - ok
15:24:32.0218 2300 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:24:32.0281 2300 RDPWD - ok
15:24:32.0562 2300 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:24:32.0578 2300 RDSessMgr - ok
15:24:32.0656 2300 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:24:32.0656 2300 redbook - ok
15:24:32.0812 2300 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:24:32.0828 2300 RemoteAccess - ok
15:24:33.0093 2300 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:24:33.0093 2300 RpcSs - ok
15:24:33.0203 2300 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
15:24:33.0218 2300 RSVP - ok
15:24:33.0312 2300 [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
15:24:33.0312 2300 rtl8139 - ok
15:24:33.0640 2300 [ 0DBCC071A268E0340A2BA6BDD98BACE4 ] S3Psddr C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
15:24:33.0734 2300 S3Psddr - ok
15:24:33.0843 2300 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:24:33.0843 2300 SamSs - ok
15:24:33.0968 2300 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:24:34.0000 2300 SCardSvr - ok
15:24:34.0234 2300 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:24:34.0250 2300 Schedule - ok
15:24:34.0328 2300 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:24:34.0328 2300 Secdrv - ok
15:24:34.0390 2300 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:24:34.0390 2300 seclogon - ok
15:24:34.0593 2300 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:24:34.0625 2300 SENS - ok
15:24:34.0718 2300 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:24:34.0734 2300 Serenum - ok
15:24:34.0796 2300 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:24:34.0812 2300 Serial - ok
15:24:34.0906 2300 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:24:34.0937 2300 Sfloppy - ok
15:24:35.0093 2300 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:24:35.0171 2300 SharedAccess - ok
15:24:35.0359 2300 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:24:35.0375 2300 ShellHWDetection - ok
15:24:35.0390 2300 Simbad - ok
15:24:35.0734 2300 [ BDFEF5C5D41BA377852389E8F07104EA ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
15:24:35.0781 2300 SiS315 - ok
15:24:35.0859 2300 [ 923D23638C616EECB0D811461161D0B8 ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
15:24:35.0875 2300 SISAGP - ok
15:24:36.0000 2300 [ 7E9E5823AFBB5AF2851ABB1659FF627D ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
15:24:36.0015 2300 SiSkp - ok
15:24:36.0046 2300 Sparrow - ok
15:24:36.0109 2300 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:24:36.0109 2300 splitter - ok
15:24:36.0187 2300 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:24:36.0203 2300 Spooler - ok
15:24:36.0265 2300 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:24:36.0281 2300 sr - ok
15:24:36.0437 2300 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:24:36.0468 2300 srservice - ok
15:24:36.0734 2300 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:24:36.0750 2300 Srv - ok
15:24:36.0828 2300 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:24:36.0843 2300 SSDPSRV - ok
15:24:36.0937 2300 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:24:37.0000 2300 stisvc - ok
15:24:37.0062 2300 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:24:37.0078 2300 swenum - ok
15:24:37.0140 2300 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:24:37.0140 2300 swmidi - ok
15:24:37.0156 2300 SwPrv - ok
15:24:37.0187 2300 symc810 - ok
15:24:37.0203 2300 symc8xx - ok
15:24:37.0421 2300 [ 67C5AF84809468061121FBCBECB19285 ] SymWSC C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
15:24:37.0468 2300 SymWSC - ok
15:24:37.0484 2300 sym_hi - ok
15:24:37.0515 2300 sym_u3 - ok
15:24:37.0593 2300 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:24:37.0593 2300 sysaudio - ok
15:24:37.0687 2300 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:24:37.0703 2300 SysmonLog - ok
15:24:37.0765 2300 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:24:37.0781 2300 TapiSrv - ok
15:24:37.0906 2300 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:24:37.0953 2300 Tcpip - ok
15:24:38.0046 2300 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:24:38.0062 2300 TDPIPE - ok
15:24:38.0093 2300 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:24:38.0109 2300 TDTCP - ok
15:24:38.0156 2300 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:24:38.0171 2300 TermDD - ok
15:24:38.0265 2300 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:24:38.0281 2300 TermService - ok
15:24:38.0390 2300 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:24:38.0390 2300 Themes - ok
15:24:38.0421 2300 TosIde - ok
15:24:38.0500 2300 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:24:38.0515 2300 TrkWks - ok
15:24:38.0609 2300 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:24:38.0609 2300 Udfs - ok
15:24:38.0640 2300 ultra - ok
15:24:38.0734 2300 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:24:38.0765 2300 Update - ok
15:24:38.0859 2300 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:24:38.0906 2300 upnphost - ok
15:24:38.0937 2300 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:24:38.0953 2300 UPS - ok
15:24:39.0062 2300 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:24:39.0078 2300 usbehci - ok
15:24:39.0125 2300 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:24:39.0140 2300 usbhub - ok
15:24:39.0296 2300 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:24:39.0328 2300 usbohci - ok
15:24:39.0484 2300 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:24:39.0500 2300 usbprint - ok
15:24:39.0578 2300 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:24:39.0593 2300 usbscan - ok
15:24:39.0656 2300 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:24:39.0703 2300 USBSTOR - ok
15:24:39.0750 2300 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:24:39.0765 2300 usbuhci - ok
15:24:39.0921 2300 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:24:39.0937 2300 VgaSave - ok
15:24:40.0078 2300 [ 0E3E3FAE3A0A58B8D936A8E841A17D16 ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
15:24:40.0125 2300 viaagp1 - ok
15:24:40.0187 2300 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
15:24:40.0234 2300 ViaIde - ok
15:24:40.0281 2300 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:24:40.0343 2300 VolSnap - ok
15:24:40.0531 2300 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:24:40.0750 2300 VSS - ok
15:24:40.0812 2300 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:24:40.0890 2300 W32Time - ok
15:24:40.0984 2300 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:24:41.0000 2300 Wanarp - ok
15:24:41.0015 2300 WDICA - ok
15:24:41.0078 2300 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:24:41.0109 2300 wdmaud - ok
15:24:41.0171 2300 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:24:41.0203 2300 WebClient - ok
15:24:41.0421 2300 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:24:41.0453 2300 winmgmt - ok
15:24:41.0562 2300 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:24:41.0593 2300 WmdmPmSN - ok
15:24:41.0656 2300 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:24:41.0671 2300 WmiApSrv - ok
15:24:41.0734 2300 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:24:41.0734 2300 WpdUsb - ok
15:24:41.0796 2300 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:24:41.0828 2300 WS2IFSL - ok
15:24:41.0875 2300 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:24:41.0906 2300 wscsvc - ok
15:24:41.0937 2300 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:24:41.0968 2300 wuauserv - ok
15:24:42.0015 2300 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:24:42.0015 2300 WudfPf - ok
15:24:42.0093 2300 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:24:42.0093 2300 WudfRd - ok
15:24:42.0171 2300 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:24:42.0187 2300 WudfSvc - ok
15:24:42.0296 2300 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:24:42.0500 2300 WZCSVC - ok
15:24:42.0546 2300 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:24:42.0562 2300 xmlprov - ok
15:24:42.0625 2300 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
15:24:42.0625 2300 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
15:24:42.0703 2300 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
15:24:42.0734 2300 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
15:24:42.0734 2300 ================ Scan global ===============================
15:24:42.0812 2300 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:24:42.0906 2300 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:24:42.0953 2300 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:24:42.0984 2300 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:24:43.0000 2300 [Global] - ok
15:24:43.0000 2300 ================ Scan MBR ==================================
15:24:43.0046 2300 [ B716B775FCBDABF0E2DDFF76F15C6790 ] \Device\Harddisk0\DR0
15:24:44.0265 2300 \Device\Harddisk0\DR0 - ok
15:24:44.0265 2300 ================ Scan VBR ==================================
15:24:44.0375 2300 [ 7455D6FF315A5A6ECA7A193108D1634B ] \Device\Harddisk0\DR0\Partition1
15:24:44.0421 2300 \Device\Harddisk0\DR0\Partition1 - ok
15:24:44.0453 2300 [ FB857FEABA485C1368201034F9A63891 ] \Device\Harddisk0\DR0\Partition2
15:24:44.0500 2300 \Device\Harddisk0\DR0\Partition2 - ok
15:24:44.0500 2300 ============================================================
15:24:44.0500 2300 Scan finished
15:24:44.0500 2300 ============================================================
15:24:44.0546 2292 Detected object count: 0
15:24:44.0546 2292 Actual detected object count: 0
15:24:59.0296 2364 ============================================================
15:24:59.0296 2364 Scan started
15:24:59.0296 2364 Mode: Manual; TDLFS;
15:24:59.0296 2364 ============================================================
15:25:00.0250 2364 ================ Scan system memory ========================
15:25:00.0265 2364 System memory - ok
15:25:00.0265 2364 ================ Scan services =============================
15:25:04.0781 2364 Abiosdsk - ok
15:25:04.0812 2364 abp480n5 - ok
15:25:05.0187 2364 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:25:05.0218 2364 ACPI - ok
15:25:05.0796 2364 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:25:05.0843 2364 ACPIEC - ok
15:25:06.0515 2364 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:25:06.0625 2364 AdobeFlashPlayerUpdateSvc - ok
15:25:06.0640 2364 adpu160m - ok
15:25:06.0921 2364 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:25:06.0953 2364 aec - ok
15:25:07.0437 2364 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:25:07.0484 2364 AFD - ok
15:25:07.0531 2364 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
15:25:07.0546 2364 AFS2K - ok
15:25:07.0703 2364 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:25:07.0718 2364 agp440 - ok
15:25:07.0750 2364 Aha154x - ok
15:25:07.0750 2364 aic78u2 - ok
15:25:07.0765 2364 aic78xx - ok
15:25:09.0687 2364 [ 8D6C30E515717248E0E52B85FD7AC466 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:25:10.0984 2364 ALCXWDM - ok
15:25:11.0265 2364 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:25:11.0296 2364 ALG - ok
15:25:11.0312 2364 AliIde - ok
15:25:11.0437 2364 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
15:25:11.0468 2364 AmdK7 - ok
15:25:11.0484 2364 amsint - ok
15:25:11.0515 2364 AppMgmt - ok
15:25:11.0531 2364 asc - ok
15:25:11.0562 2364 asc3350p - ok
15:25:11.0578 2364 asc3550 - ok
15:25:11.0890 2364 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:25:11.0937 2364 aspnet_state - ok
15:25:12.0031 2364 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:25:12.0031 2364 AsyncMac - ok
15:25:12.0093 2364 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:25:12.0125 2364 atapi - ok
15:25:12.0140 2364 Atdisk - ok
15:25:12.0171 2364 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:25:12.0203 2364 Atmarpc - ok
15:25:12.0265 2364 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:25:12.0296 2364 AudioSrv - ok
15:25:12.0375 2364 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:25:12.0406 2364 audstub - ok
15:25:12.0484 2364 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:25:12.0515 2364 Beep - ok
15:25:12.0875 2364 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:25:12.0984 2364 BITS - ok
15:25:14.0921 2364 catchme - ok
15:25:15.0515 2364 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:25:15.0531 2364 cbidf2k - ok
15:25:15.0546 2364 cd20xrnt - ok
15:25:15.0703 2364 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:25:15.0703 2364 Cdaudio - ok
15:25:16.0062 2364 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:25:16.0093 2364 Cdfs - ok
15:25:16.0343 2364 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:25:16.0359 2364 Cdrom - ok
15:25:16.0375 2364 Changer - ok
15:25:16.0515 2364 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:25:16.0531 2364 CiSvc - ok
15:25:16.0937 2364 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:25:16.0953 2364 ClipSrv - ok
15:25:17.0109 2364 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:25:17.0187 2364 clr_optimization_v2.0.50727_32 - ok
15:25:17.0203 2364 CmdIde - ok
15:25:17.0234 2364 COMSysApp - ok
15:25:17.0265 2364 Cpqarray - ok
15:25:17.0484 2364 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:25:17.0500 2364 CryptSvc - ok
15:25:17.0515 2364 dac2w2k - ok
15:25:17.0531 2364 dac960nt - ok
15:25:17.0984 2364 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:25:18.0375 2364 DcomLaunch - ok
15:25:18.0562 2364 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:25:18.0578 2364 Dhcp - ok
15:25:18.0750 2364 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:25:18.0750 2364 Disk - ok
15:25:18.0765 2364 dmadmin - ok
15:25:19.0281 2364 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:25:19.0359 2364 dmboot - ok
15:25:19.0421 2364 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:25:19.0453 2364 dmio - ok
15:25:19.0562 2364 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:25:19.0578 2364 dmload - ok
15:25:19.0640 2364 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:25:19.0656 2364 dmserver - ok
15:25:19.0718 2364 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:25:19.0718 2364 DMusic - ok
15:25:19.0781 2364 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:25:19.0796 2364 Dnscache - ok
15:25:19.0953 2364 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:25:19.0984 2364 Dot3svc - ok
15:25:20.0000 2364 dpti2o - ok
15:25:20.0031 2364 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:25:20.0031 2364 drmkaud - ok
15:25:20.0203 2364 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:25:20.0218 2364 EapHost - ok
15:25:20.0703 2364 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:25:20.0718 2364 ERSvc - ok
15:25:20.0812 2364 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:25:20.0859 2364 Eventlog - ok
15:25:21.0109 2364 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
15:25:21.0125 2364 EventSystem - ok
15:25:21.0234 2364 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:25:21.0312 2364 Fastfat - ok
15:25:21.0406 2364 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:25:21.0421 2364 FastUserSwitchingCompatibility - ok
15:25:21.0609 2364 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
15:25:21.0625 2364 Fax - ok
15:25:21.0687 2364 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:25:21.0687 2364 Fdc - ok
15:25:21.0750 2364 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:25:21.0765 2364 Fips - ok
15:25:21.0843 2364 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:25:21.0859 2364 Flpydisk - ok
15:25:21.0937 2364 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:25:21.0953 2364 FltMgr - ok
15:25:22.0140 2364 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:25:22.0140 2364 FontCache3.0.0.0 - ok
15:25:22.0218 2364 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:25:22.0234 2364 Fs_Rec - ok
15:25:22.0296 2364 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:25:22.0312 2364 Ftdisk - ok
15:25:22.0390 2364 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:25:22.0406 2364 GEARAspiWDM - ok
15:25:22.0484 2364 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:25:22.0500 2364 Gpc - ok
15:25:22.0656 2364 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:25:22.0671 2364 helpsvc - ok
15:25:22.0687 2364 HidServ - ok
15:25:22.0718 2364 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:25:22.0718 2364 HidUsb - ok
15:25:22.0765 2364 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:25:22.0796 2364 hkmsvc - ok
15:25:22.0812 2364 hpn - ok
15:25:22.0953 2364 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:25:22.0984 2364 HTTP - ok
15:25:23.0062 2364 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:25:23.0062 2364 HTTPFilter - ok
15:25:23.0078 2364 i2omgmt - ok
15:25:23.0093 2364 i2omp - ok
15:25:23.0140 2364 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:25:23.0156 2364 i8042prt - ok
15:25:23.0468 2364 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:25:23.0515 2364 ialm - ok
15:25:23.0953 2364 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:25:24.0140 2364 idsvc - ok
15:25:24.0203 2364 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:25:24.0203 2364 Imapi - ok
15:25:24.0281 2364 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:25:24.0296 2364 ImapiService - ok
15:25:24.0312 2364 ini910u - ok
15:25:24.0359 2364 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:25:24.0359 2364 IntelIde - ok
15:25:24.0421 2364 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:25:24.0421 2364 intelppm - ok
15:25:24.0453 2364 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:25:24.0453 2364 ip6fw - ok
15:25:24.0500 2364 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:25:24.0500 2364 IpFilterDriver - ok
15:25:24.0546 2364 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:25:24.0546 2364 IpInIp - ok
15:25:24.0593 2364 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:25:24.0593 2364 IpNat - ok
15:25:24.0656 2364 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:25:24.0656 2364 IPSec - ok
15:25:24.0703 2364 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:25:24.0718 2364 IRENUM - ok
15:25:24.0765 2364 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:25:24.0765 2364 isapnp - ok
15:25:24.0968 2364 [ 11C3EFB4BAC41175D03B1595DB1A4A4F ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
15:25:24.0968 2364 JavaQuickStarterService - ok
15:25:25.0000 2364 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:25:25.0000 2364 Kbdclass - ok
15:25:25.0078 2364 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:25:25.0078 2364 kbdhid - ok
15:25:25.0156 2364 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:25:25.0156 2364 kmixer - ok
15:25:25.0234 2364 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:25:25.0234 2364 KSecDD - ok
15:25:25.0312 2364 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:25:25.0312 2364 lanmanserver - ok
15:25:25.0343 2364 lbrtfdc - ok
15:25:25.0421 2364 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:25:25.0421 2364 LmHosts - ok
15:25:25.0531 2364 [ FA2ED4A054360F3F873C15420F1F19CC ] ltmodem5 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
15:25:25.0562 2364 ltmodem5 - ok
15:25:25.0625 2364 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
15:25:25.0625 2364 MBAMSwissArmy - ok
15:25:25.0687 2364 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:25:25.0703 2364 mnmdd - ok
15:25:25.0765 2364 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
15:25:25.0765 2364 mnmsrvc - ok
15:25:25.0859 2364 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:25:25.0859 2364 Modem - ok
15:25:25.0875 2364 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:25:25.0890 2364 Mouclass - ok
15:25:25.0984 2364 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:25:25.0984 2364 mouhid - ok
15:25:26.0015 2364 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:25:26.0015 2364 MountMgr - ok
15:25:26.0093 2364 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:25:26.0093 2364 MozillaMaintenance - ok
15:25:26.0203 2364 MpKslaa2a088e - ok
15:25:26.0218 2364 mraid35x - ok
15:25:26.0234 2364 mrtRate - ok
15:25:26.0281 2364 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:25:26.0281 2364 MRxDAV - ok
15:25:26.0343 2364 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:25:26.0343 2364 MSDTC - ok
15:25:26.0421 2364 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:25:26.0421 2364 Msfs - ok
15:25:26.0437 2364 MSIServer - ok
15:25:26.0484 2364 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:25:26.0484 2364 MSKSSRV - ok
15:25:26.0515 2364 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:25:26.0515 2364 MSPCLOCK - ok
15:25:26.0531 2364 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:25:26.0531 2364 MSPQM - ok
15:25:26.0578 2364 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:25:26.0578 2364 mssmbios - ok
15:25:26.0625 2364 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:25:26.0625 2364 Mup - ok
15:25:26.0671 2364 [ 63D074073D5FDA93163517C2A8F2BA5A ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
15:25:26.0687 2364 MxlW2k - ok
15:25:26.0750 2364 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:25:26.0765 2364 napagent - ok
15:25:26.0859 2364 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:25:26.0875 2364 NDIS - ok
15:25:26.0937 2364 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:25:26.0937 2364 NdisTapi - ok
15:25:26.0968 2364 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:25:26.0968 2364 Ndisuio - ok
15:25:27.0000 2364 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:25:27.0000 2364 NdisWan - ok
15:25:27.0062 2364 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:25:27.0078 2364 NDProxy - ok
15:25:27.0109 2364 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:25:27.0125 2364 NetBT - ok
15:25:27.0187 2364 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:25:27.0187 2364 NetDDE - ok
15:25:27.0203 2364 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:25:27.0218 2364 NetDDEdsdm - ok
15:25:27.0281 2364 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:25:27.0281 2364 Netman - ok
15:25:27.0343 2364 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:25:27.0343 2364 NetTcpPortSharing - ok
15:25:27.0406 2364 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:25:27.0421 2364 Nla - ok
15:25:27.0484 2364 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:25:27.0484 2364 Npfs - ok
15:25:27.0531 2364 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:25:27.0546 2364 Ntfs - ok
15:25:27.0625 2364 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:25:27.0656 2364 NtmsSvc - ok
15:25:27.0734 2364 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:25:27.0734 2364 Null - ok
15:25:27.0906 2364 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:25:27.0984 2364 nv - ok
15:25:28.0031 2364 [ 26712CF8BE48BC767854927435C0B6A9 ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
15:25:28.0031 2364 NVSvc - ok
15:25:28.0093 2364 [ 29291C3A7256337327051CC37E4FC09A ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
15:25:28.0093 2364 nv_agp - ok
15:25:28.0140 2364 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:25:28.0140 2364 NwlnkFlt - ok
15:25:28.0156 2364 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:25:28.0171 2364 NwlnkFwd - ok
15:25:28.0890 2364 [ 7FA2A1A45435DC851790C0FD5F54612B ] omniserv C:\Program Files\Softex\OmniPass\Omniserv.exe
15:25:28.0890 2364 omniserv - ok
15:25:28.0968 2364 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:25:28.0968 2364 Parport - ok
15:25:29.0000 2364 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:25:29.0000 2364 PartMgr - ok
15:25:29.0015 2364 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:25:29.0015 2364 ParVdm - ok
15:25:29.0046 2364 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:25:29.0046 2364 PCI - ok
15:25:29.0062 2364 PCIDump - ok
15:25:29.0125 2364 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\System32\DRIVERS\pciide.sys
15:25:29.0125 2364 PCIIde - ok
15:25:29.0156 2364 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:25:29.0171 2364 Pcmcia - ok
15:25:29.0187 2364 PDCOMP - ok
15:25:29.0203 2364 PDFRAME - ok
15:25:29.0234 2364 PDRELI - ok
15:25:29.0250 2364 PDRFRAME - ok
15:25:29.0265 2364 perc2 - ok
15:25:29.0281 2364 perc2hib - ok
15:25:29.0343 2364 pjmn - ok
15:25:29.0406 2364 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:25:29.0421 2364 PlugPlay - ok
15:25:29.0484 2364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:25:29.0484 2364 PolicyAgent - ok
15:25:29.0500 2364 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:25:29.0515 2364 PptpMiniport - ok
15:25:29.0531 2364 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:25:29.0531 2364 Processor - ok
15:25:29.0546 2364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:25:29.0562 2364 ProtectedStorage - ok
15:25:29.0625 2364 [ BFFDB363485501A38F0BCA83AEC810DB ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
15:25:29.0625 2364 Ps2 - ok
15:25:29.0640 2364 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:25:29.0640 2364 PSched - ok
15:25:29.0703 2364 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:25:29.0703 2364 Ptilink - ok
15:25:29.0765 2364 [ 80C824C78DD1CAC1833AE5DCCA02B327 ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
15:25:29.0765 2364 PxHelp20 - ok
15:25:29.0796 2364 ql1080 - ok
15:25:29.0812 2364 Ql10wnt - ok
15:25:29.0828 2364 ql12160 - ok
15:25:29.0859 2364 ql1240 - ok
15:25:29.0875 2364 ql1280 - ok
15:25:29.0921 2364 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:25:29.0921 2364 RasAcd - ok
15:25:29.0984 2364 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:25:30.0000 2364 RasAuto - ok
15:25:30.0046 2364 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:25:30.0046 2364 Rasl2tp - ok
15:25:30.0125 2364 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:25:30.0125 2364 RasMan - ok
15:25:30.0156 2364 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:25:30.0156 2364 RasPppoe - ok
15:25:30.0187 2364 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:25:30.0187 2364 Raspti - ok
15:25:30.0250 2364 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:25:30.0265 2364 RDPCDD - ok
15:25:30.0328 2364 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:25:30.0343 2364 RDPWD - ok
15:25:30.0406 2364 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:25:30.0406 2364 RDSessMgr - ok
15:25:30.0468 2364 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:25:30.0468 2364 redbook - ok
15:25:30.0531 2364 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:25:30.0531 2364 RemoteAccess - ok
15:25:30.0609 2364 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:25:30.0609 2364 RpcSs - ok
15:25:30.0687 2364 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
15:25:30.0687 2364 RSVP - ok
15:25:30.0734 2364 [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
15:25:30.0734 2364 rtl8139 - ok
15:25:30.0843 2364 [ 0DBCC071A268E0340A2BA6BDD98BACE4 ] S3Psddr C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
15:25:30.0843 2364 S3Psddr - ok
15:25:30.0890 2364 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:25:30.0890 2364 SamSs - ok
15:25:30.0968 2364 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:25:30.0968 2364 SCardSvr - ok
15:25:31.0046 2364 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:25:31.0046 2364 Schedule - ok
15:25:31.0109 2364 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:25:31.0109 2364 Secdrv - ok
15:25:31.0156 2364 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:25:31.0156 2364 seclogon - ok
15:25:31.0187 2364 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:25:31.0203 2364 SENS - ok
15:25:31.0218 2364 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:25:31.0218 2364 Serenum - ok
15:25:31.0265 2364 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:25:31.0265 2364 Serial - ok
15:25:31.0359 2364 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:25:31.0359 2364 Sfloppy - ok
15:25:31.0453 2364 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:25:31.0484 2364 SharedAccess - ok
15:25:31.0531 2364 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:25:31.0531 2364 ShellHWDetection - ok
15:25:31.0562 2364 Simbad - ok
15:25:31.0640 2364 [ BDFEF5C5D41BA377852389E8F07104EA ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
15:25:31.0671 2364 SiS315 - ok
15:25:31.0718 2364 [ 923D23638C616EECB0D811461161D0B8 ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
15:25:31.0718 2364 SISAGP - ok
15:25:31.0750 2364 [ 7E9E5823AFBB5AF2851ABB1659FF627D ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
15:25:31.0750 2364 SiSkp - ok
15:25:31.0781 2364 Sparrow - ok
15:25:31.0843 2364 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:25:31.0859 2364 splitter - ok
15:25:31.0906 2364 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:25:31.0921 2364 Spooler - ok
15:25:31.0921 2364 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:25:31.0937 2364 sr - ok
15:25:32.0000 2364 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:25:32.0000 2364 srservice - ok
15:25:32.0093 2364 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:25:32.0125 2364 Srv - ok
15:25:32.0187 2364 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:25:32.0187 2364 SSDPSRV - ok
15:25:32.0281 2364 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:25:32.0343 2364 stisvc - ok
15:25:32.0406 2364 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:25:32.0406 2364 swenum - ok
15:25:32.0453 2364 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:25:32.0453 2364 swmidi - ok
15:25:32.0468 2364 SwPrv - ok
15:25:32.0500 2364 symc810 - ok
15:25:32.0515 2364 symc8xx - ok
15:25:32.0687 2364 [ 67C5AF84809468061121FBCBECB19285 ] SymWSC C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
15:25:32.0718 2364 SymWSC - ok
15:25:32.0734 2364 sym_hi - ok
15:25:32.0765 2364 sym_u3 - ok
15:25:32.0859 2364 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:25:32.0859 2364 sysaudio - ok
15:25:32.0906 2364 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:25:32.0921 2364 SysmonLog - ok
15:25:32.0984 2364 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:25:33.0000 2364 TapiSrv - ok
15:25:33.0093 2364 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:25:33.0125 2364 Tcpip - ok
15:25:33.0203 2364 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:25:33.0203 2364 TDPIPE - ok
15:25:33.0234 2364 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:25:33.0234 2364 TDTCP - ok
15:25:33.0296 2364 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:25:33.0296 2364 TermDD - ok
15:25:33.0375 2364 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:25:33.0421 2364 TermService - ok
15:25:33.0453 2364 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:25:33.0453 2364 Themes - ok
15:25:33.0484 2364 TosIde - ok
15:25:33.0515 2364 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:25:33.0515 2364 TrkWks - ok
15:25:33.0578 2364 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:25:33.0593 2364 Udfs - ok
15:25:33.0609 2364 ultra - ok
15:25:33.0703 2364 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:25:33.0734 2364 Update - ok
15:25:33.0796 2364 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:25:33.0812 2364 upnphost - ok
15:25:33.0843 2364 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:25:33.0843 2364 UPS - ok
15:25:33.0906 2364 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:25:33.0906 2364 usbehci - ok
15:25:33.0968 2364 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:25:33.0968 2364 usbhub - ok
15:25:34.0031 2364 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:25:34.0031 2364 usbohci - ok
15:25:34.0078 2364 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:25:34.0078 2364 usbprint - ok
15:25:34.0140 2364 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:25:34.0140 2364 usbscan - ok
15:25:34.0171 2364 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:25:34.0171 2364 USBSTOR - ok
15:25:34.0203 2364 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:25:34.0203 2364 usbuhci - ok
15:25:34.0234 2364 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:25:34.0250 2364 VgaSave - ok
15:25:34.0312 2364 [ 0E3E3FAE3A0A58B8D936A8E841A17D16 ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
15:25:34.0328 2364 viaagp1 - ok
15:25:34.0375 2364 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
15:25:34.0375 2364 ViaIde - ok
15:25:34.0406 2364 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:25:34.0421 2364 VolSnap - ok
15:25:34.0484 2364 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:25:34.0500 2364 VSS - ok
15:25:34.0562 2364 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:25:34.0562 2364 W32Time - ok
15:25:34.0640 2364 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:25:34.0640 2364 Wanarp - ok
15:25:34.0656 2364 WDICA - ok
15:25:34.0687 2364 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:25:34.0687 2364 wdmaud - ok
15:25:34.0718 2364 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:25:34.0734 2364 WebClient - ok
15:25:34.0859 2364 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:25:34.0875 2364 winmgmt - ok
15:25:34.0937 2364 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:25:34.0937 2364 WmdmPmSN - ok
15:25:34.0984 2364 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:25:34.0984 2364 WmiApSrv - ok
15:25:35.0015 2364 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:25:35.0015 2364 WpdUsb - ok
15:25:35.0062 2364 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:25:35.0062 2364 WS2IFSL - ok
15:25:35.0140 2364 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:25:35.0140 2364 wscsvc - ok
15:25:35.0171 2364 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:25:35.0171 2364 wuauserv - ok
15:25:35.0234 2364 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:25:35.0234 2364 WudfPf - ok
15:25:35.0281 2364 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:25:35.0281 2364 WudfRd - ok
15:25:35.0343 2364 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:25:35.0343 2364 WudfSvc - ok
15:25:35.0437 2364 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:25:35.0468 2364 WZCSVC - ok
15:25:35.0546 2364 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:25:35.0546 2364 xmlprov - ok
15:25:35.0609 2364 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
15:25:35.0609 2364 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
15:25:35.0640 2364 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
15:25:35.0640 2364 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
15:25:35.0656 2364 ================ Scan global ===============================
15:25:35.0718 2364 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:25:35.0812 2364 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:25:35.0875 2364 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:25:35.0906 2364 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:25:35.0921 2364 [Global] - ok
15:25:35.0921 2364 ================ Scan MBR ==================================
15:25:35.0968 2364 [ B716B775FCBDABF0E2DDFF76F15C6790 ] \Device\Harddisk0\DR0
15:25:36.0328 2364 \Device\Harddisk0\DR0 - ok
15:25:36.0343 2364 ================ Scan VBR ==================================
15:25:36.0343 2364 [ 7455D6FF315A5A6ECA7A193108D1634B ] \Device\Harddisk0\DR0\Partition1
15:25:36.0343 2364 \Device\Harddisk0\DR0\Partition1 - ok
15:25:36.0359 2364 [ FB857FEABA485C1368201034F9A63891 ] \Device\Harddisk0\DR0\Partition2
15:25:36.0375 2364 \Device\Harddisk0\DR0\Partition2 - ok
15:25:36.0375 2364 ============================================================
15:25:36.0375 2364 Scan finished
15:25:36.0375 2364 ============================================================
15:25:36.0406 2356 Detected object count: 0
15:25:36.0406 2356 Actual detected object count: 0
15:25:51.0984 0356 Deinitialize success

I messed up with malwarebytes. It detected a threat that it needed to reboot to remove causing me to lose the log file that wasn't automatically saved.

mini toolbox:
MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 03-10-2012 at 17:12:01
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : your-xhtr8hvc4p

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-40-2B-70-15-3A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.10

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Wednesday, October 03, 2012 5:00:40 PM

Lease Expires . . . . . . . . . . : Wednesday, October 03, 2012 6:00:40 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.228.65, 74.125.228.66, 74.125.228.67, 74.125.228.68
74.125.228.69, 74.125.228.70, 74.125.228.71, 74.125.228.72, 74.125.228.73
74.125.228.78, 74.125.228.64



Pinging google.com [74.125.228.68] with 32 bytes of data:



Reply from 74.125.228.68: bytes=32 time=33ms TTL=51

Reply from 74.125.228.68: bytes=32 time=32ms TTL=51



Ping statistics for 74.125.228.68:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 32ms, Maximum = 33ms, Average = 32ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=223ms TTL=49

Reply from 98.138.253.109: bytes=32 time=90ms TTL=47



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 90ms, Maximum = 223ms, Average = 156ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 2b 70 15 3a ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.10 192.168.0.10 20
192.168.0.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.10 192.168.0.10 20
224.0.0.0 240.0.0.0 192.168.0.10 192.168.0.10 20
255.255.255.255 255.255.255.255 192.168.0.10 192.168.0.10 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 SpSubLSP.dll [File Not found] ()
Catalog9 02 SpSubLSP.dll [File Not found] ()
Catalog9 03 SpSubLSP.dll [File Not found] ()
Catalog9 04 SpSubLSP.dll [File Not found] ()
Catalog9 05 SpSubLSP.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 SpSubLSP.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/25/2012 06:13:23 PM) (Source: Application Hang) (User: )
Description: Fault bucket 17889248.

Error: (09/25/2012 06:02:16 PM) (Source: Application Hang) (User: )
Description: Hanging application WksWP.exe, version 7.2.620.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/22/2012 09:32:37 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 15.0.1.4631, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/30/2012 09:07:38 PM) (Source: Application Error) (User: )
Description: Fault bucket 167797019.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (08/30/2012 09:06:42 PM) (Source: Application Error) (User: )
Description: Faulting application acrord32.exe, version 7.0.0.0, faulting module ewh32.api, version 7.0.0.1333, fault address 0x00002c63.
Processing media-specific event for [acrord32.exe!ws!]

Error: (07/27/2012 06:55:22 PM) (Source: Application Hang) (User: )
Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/27/2012 06:55:22 PM) (Source: Application Hang) (User: )
Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/30/2012 05:14:23 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 1.9.2.3888, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/21/2012 09:00:59 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.3888, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/20/2012 00:59:44 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 1.9.2.3888, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (10/03/2012 05:01:06 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (10/03/2012 05:00:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
agp440
nv_agp
SISAGP
viaagp1

Error: (10/03/2012 05:00:54 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (10/03/2012 05:00:54 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (10/03/2012 03:33:21 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/03/2012 03:33:21 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/03/2012 03:33:21 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/03/2012 03:33:21 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/03/2012 03:33:21 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/03/2012 03:33:21 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (09/25/2012 06:13:23 PM) (Source: Application Hang)(User: )
Description: 17889248

Error: (09/25/2012 06:02:16 PM) (Source: Application Hang)(User: )
Description: WksWP.exe7.2.620.0hungapp0.0.0.000000000

Error: (09/22/2012 09:32:37 PM) (Source: Application Hang)(User: )
Description: firefox.exe15.0.1.4631hungapp0.0.0.000000000

Error: (08/30/2012 09:07:38 PM) (Source: Application Error)(User: )
Description: 167797019

Error: (08/30/2012 09:06:42 PM) (Source: Application Error)(User: )
Description: acrord32.exe7.0.0.0ewh32.api7.0.0.133300002c63

Error: (07/27/2012 06:55:22 PM) (Source: Application Hang)(User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (07/27/2012 06:55:22 PM) (Source: Application Hang)(User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (05/30/2012 05:14:23 PM) (Source: Application Hang)(User: )
Description: firefox.exe1.9.2.3888hungapp0.0.0.000000000

Error: (05/21/2012 09:00:59 PM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.3888ntdll.dll5.1.2600.60550000100b

Error: (05/20/2012 00:59:44 PM) (Source: Application Error)(User: )
Description: plugin-container.exe1.9.2.3888ntdll.dll5.1.2600.60550000100b


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader 7.0 (Version: 7.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
AIM 7
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bounce from Hewlett-Packard Desktops (remove only)
Cannonballs from Hewlett-Packard Desktops (remove only)
Coupon Printer for Windows (Version: 5.0.0.1)
Coupons.com Toolbar (Version: 6.2.7.3)
CreativeProjects (Version: 5.30.0.136)
Director (Version: 5.30.0.131)
Download Updater (AOL LLC)
Easy Internet Sign-up (Version: FE UI-2.1.0.847)
ESET Online Scanner v3
Excavation from Hewlett-Packard Desktops (remove only)
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
GemMaster 3 from Hewlett-Packard Desktops (remove only)
Honeycombs from Hewlett-Packard Desktops (remove only)
HP Deskjet Preloaded Printer Drivers (Version: 8.3.3.0)
HP Instant Support
HP Organize
HP Photo & Imaging 3.0 (Version: 3.0)
HP Photo and Imaging 2.0 - Photosmart Cameras (Version: 2.0.0000)
HP Software Update (Version: 1.0.16.20030613)
HP Unload DLL Patch (Version: 1.00.0000)
HPImageZone (Version: 1.03.00)
hpmdtab (Version: 2.0.464.1592)
HpSdpAppCoreApp (Version: 2.00.0000)
HPSystemDiagnostics (Version: 1.4.0.0)
InstantShare (Version: 3.0.0.10)
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
KBD
LiveReg (Symantec Corporation) (Version: 2.2.5.1678)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mars Rover from Hewlett-Packard Desktops (remove only)
Memories Disc Creator 2.0 (Version: 2.0.464.1592)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Money 2003 (Version: 11.0.50)
Microsoft Money 2003 System Pack (Version: 11.0.80)
Microsoft Plus! Digital Media Edition (Version: 1.00.00.2301)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft Works 7.0 (Version: 07.02.0620)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MUSICMATCH® Jukebox
Norton WMI Update (Version: 2005.1.2.20)
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPass
Orbital from Hewlett-Packard Desktops (remove only)
Oregon Trail® 5
Otto from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
Philips Songbird (Version: 5.6.2119 (2119))
PhotoGallery (Version: 5.30.0.136)
Photosmart 140,240,7200,7600,7700,7900 Series (Version: 2.0)
Polar Bowler from Hewlett-Packard Desktops (remove only)
PrintScreen (Version: 5.30.0.131)
PS2
PSShortcutsP (Version: 1.00.0000)
Python 2.2 combined Win32 extensions
Python 2.2.1 (Version: 2.2.1)
QFolder (Version: 1.00.0000)
Quake Live Mozilla Plugin (Version: 1.0.433)
Quicken 2003 New User Edition (Version: 12.00.0000)
QuickProjects (Version: 5.30.0.131)
RealOne Player
RecordNow! (Version: 6.0.0)
S3Display
S3Gamma2
S3Info2
S3Overlay
SkinsHP1 (Version: 5.30.0.131)
SkinsHP2 (Version: 5.30.0.136)
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager (Version: 2.80)
SpamSubtract
STX from Hewlett-Packard Desktops (remove only)
System Requirements Lab CYRI (Version: 4.4.21.0)
toolkit
TrayApp (Version: 5.30.0.131)
Tribes 2 (Version: 1.0.0.0)
Unload (Version: 3.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Updates from HP
Virtual Warfare from Hewlett-Packard Desktops (remove only)
WebFldrs XP (Version: 9.50.6513)
Weblink
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Yahoo! Detect
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 246.98 MB
Available physical RAM: 153.93 MB
Total Pagefile: 605.89 MB
Available Pagefile: 440.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.3 MB

========================= Partitions: =====================================

2 Drive c: (HP_PAVILION) (Fixed) (Total:31.7 GB) (Free:13.84 GB) NTFS
3 Drive d: (HP_RECOVERY) (Fixed) (Total:5.55 GB) (Free:0.96 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0
SUPPORT_fddfa904

========================= Restore Points ==================================

26-07-2012 20:25:02 System Checkpoint
27-07-2012 20:34:31 System Checkpoint
29-07-2012 04:48:13 System Checkpoint
30-07-2012 05:10:55 System Checkpoint
31-07-2012 05:42:53 System Checkpoint
01-08-2012 06:35:04 System Checkpoint
02-08-2012 06:57:57 System Checkpoint
03-08-2012 07:04:36 System Checkpoint
04-08-2012 08:04:38 System Checkpoint
05-08-2012 08:07:27 System Checkpoint
06-08-2012 09:04:39 System Checkpoint
07-08-2012 10:02:32 System Checkpoint
08-08-2012 10:04:38 System Checkpoint
09-08-2012 11:04:38 System Checkpoint
10-08-2012 12:04:39 System Checkpoint
11-08-2012 13:02:21 System Checkpoint
12-08-2012 13:04:43 System Checkpoint
13-08-2012 14:04:42 System Checkpoint
14-08-2012 15:04:43 System Checkpoint
15-08-2012 16:04:44 System Checkpoint
16-08-2012 10:00:37 Software Distribution Service 3.0
17-08-2012 10:31:35 System Checkpoint
18-08-2012 11:31:35 System Checkpoint
19-08-2012 12:31:37 System Checkpoint
20-08-2012 13:25:48 System Checkpoint
21-08-2012 14:25:47 System Checkpoint
22-08-2012 15:25:49 System Checkpoint
23-08-2012 16:25:50 System Checkpoint
24-08-2012 18:18:33 System Checkpoint
25-08-2012 18:25:53 System Checkpoint
26-08-2012 19:25:51 System Checkpoint
27-08-2012 19:41:55 System Checkpoint
28-08-2012 22:03:15 System Checkpoint
29-08-2012 23:01:32 System Checkpoint
31-08-2012 01:48:03 System Checkpoint
01-09-2012 04:19:24 System Checkpoint
02-09-2012 04:35:56 System Checkpoint
03-09-2012 05:35:57 System Checkpoint
04-09-2012 05:37:49 System Checkpoint
05-09-2012 06:35:58 System Checkpoint
06-09-2012 07:47:40 System Checkpoint
07-09-2012 08:35:54 System Checkpoint
08-09-2012 09:35:55 System Checkpoint
09-09-2012 10:35:56 System Checkpoint
10-09-2012 11:35:57 System Checkpoint
11-09-2012 12:35:56 System Checkpoint
12-09-2012 10:00:27 Software Distribution Service 3.0
13-09-2012 10:35:58 System Checkpoint
14-09-2012 11:35:56 System Checkpoint
15-09-2012 12:35:55 System Checkpoint
16-09-2012 13:35:56 System Checkpoint
17-09-2012 14:35:57 System Checkpoint
18-09-2012 15:35:56 System Checkpoint
19-09-2012 16:02:37 System Checkpoint
20-09-2012 16:35:58 System Checkpoint
21-09-2012 17:36:59 System Checkpoint
22-09-2012 10:00:24 Software Distribution Service 3.0
23-09-2012 10:23:57 System Checkpoint
24-09-2012 10:31:10 System Checkpoint
25-09-2012 11:23:58 System Checkpoint
26-09-2012 12:23:58 System Checkpoint
27-09-2012 13:23:57 System Checkpoint
28-09-2012 14:23:54 System Checkpoint
29-09-2012 15:23:55 System Checkpoint
30-09-2012 16:36:55 System Checkpoint
01-10-2012 17:23:56 System Checkpoint

**** End of log ****

FSS:
Farbar Service Scanner Version: 19-09-2012
Ran by Owner (administrator) on 03-10-2012 at 17:16:17
Running from "C:\Documents and Settings\Owner\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

adware cleaner:

# AdwCleaner v2.003 - Logfile created 10/03/2012 at 17:17:52
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - YOUR-XHTR8HVC4P
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mdpezard.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mdpezard.default\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mdpezard.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mdpezard.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mdpezard.default\CT2187784
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mdpezard.default\CT2559647
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mdpezard.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mdpezard.default\extensions\{e4878b45-e2c0-4307-b6e8-734922f92f5b}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mdpezard.default\extensions\engine@conduit.com
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Coupons.com
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Coupons.com

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Coupons.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKCU\Software\Toolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BBE2E106-A20C-4869-9547-93983E16FC26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Coupons.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27784FE2-A797-4785-B871-A20AAA71C785}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBB4745-DEB5-4D67-8417-B2BDD3BEE178}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupons.com Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37153479-1976-43C3-A1EE-557513977B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BBE2E106-A20C-4869-9547-93983E16FC26}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupons.com Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37153479-1976-43C3-A1EE-557513977B64}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{37153479-1976-43C3-A1EE-557513977B64}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mdpezard.default\prefs.js

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mdpezard.default\user.js ... Deleted !

Deleted : user_pref("CT2187784..clientLogIsEnabled", false);
Deleted : user_pref("CT2187784..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2187784..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2187784.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2187784.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2187784.CTID", "CT2187784");
Deleted : user_pref("CT2187784.CurrentServerDate", "4-10-2012");
Deleted : user_pref("CT2187784.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2187784.DialogsGetterLastCheckTime", "Mon Oct 01 2012 18:02:52 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2187784.DownloadReferralCookieData", "");
Deleted : user_pref("CT2187784.EMailNotifierPollDate", "Sat Feb 06 2010 11:37:34 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2187784.FeedLastCount128987252150032182", 20);
Deleted : user_pref("CT2187784.FeedPollDate128987252151281369", "Sat Feb 06 2010 11:37:34 GMT-0500 (Eastern St[...]
Deleted : user_pref("CT2187784.FeedTTL128987252151281369", 40);
Deleted : user_pref("CT2187784.FirstServerDate", "6-2-2010");
Deleted : user_pref("CT2187784.FirstTime", true);
Deleted : user_pref("CT2187784.FirstTimeFF3", true);
Deleted : user_pref("CT2187784.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2187784.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2187784.HasUserGlobalKeys", true);
Deleted : user_pref("CT2187784.Initialize", true);
Deleted : user_pref("CT2187784.InitializeCommonPrefs", true);
Deleted : user_pref("CT2187784.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2187784.InstallationType", "Unknown");
Deleted : user_pref("CT2187784.InstalledDate", "Sat Feb 06 2010 11:37:13 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2187784.IsGrouping", false);
Deleted : user_pref("CT2187784.IsMulticommunity", false);
Deleted : user_pref("CT2187784.IsOpenThankYouPage", true);
Deleted : user_pref("CT2187784.IsOpenUninstallPage", true);
Deleted : user_pref("CT2187784.LanguagePackLastCheckTime", "Tue Oct 02 2012 19:45:43 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2187784.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2187784.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2187784.LastLogin_2.5.6.0", "Sat Feb 06 2010 11:37:39 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2187784.LastLogin_3.14.1.0", "Tue Aug 21 2012 19:03:02 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2187784.LastLogin_3.15.1.0", "Wed Oct 03 2012 17:06:57 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2187784.LatestVersion", "3.15.1.0");
Deleted : user_pref("CT2187784.Locale", "en-us");
Deleted : user_pref("CT2187784.LoginCache", 4);
Deleted : user_pref("CT2187784.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2187784.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2187784.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2187784.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2187784.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2187784.SearchEngine", "Search||hxxp://search.rr.com/search?qs=UCM_SEARCH_TERM&clientId[...]
Deleted : user_pref("CT2187784.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2187784.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT218[...]
Deleted : user_pref("CT2187784.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2187784.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2187784.SearchInNewTabLastCheckTime", "Tue Oct 02 2012 19:45:40 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2187784.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2187784.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2187784.ServiceMapLastCheckTime", "Tue Oct 02 2012 19:45:42 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2187784.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2187784.SettingsLastCheckTime", "Wed Oct 03 2012 17:06:55 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2187784.SettingsLastUpdate", "1349287948");
Deleted : user_pref("CT2187784.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2187784.ThirdPartyComponentsLastCheck", "Sat Feb 06 2010 11:37:10 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT2187784.ThirdPartyComponentsLastUpdate", "1265315132");
Deleted : user_pref("CT2187784.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2187784");
Deleted : user_pref("CT2187784.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2187784.UserID", "UN70513980497353913");
Deleted : user_pref("CT2187784.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2187784.alertChannelId", "586406");
Deleted : user_pref("CT2187784.clientLogIsEnabled", true);
Deleted : user_pref("CT2187784.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2187784.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2187784.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2187784.initDone", true);
Deleted : user_pref("CT2187784.myStuffEnabled", true);
Deleted : user_pref("CT2187784.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2187784.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2187784.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2187784.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2187784.revertSettingsEnabled", false);
Deleted : user_pref("CT2187784.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2187784.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2187784.testingCtid", "");
Deleted : user_pref("CT2187784.toolbarAppMetaDataLastCheckTime", "Tue Oct 02 2012 19:45:43 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2187784.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2559647..clientLogIsEnabled", false);
Deleted : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2559647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2559647.AppTrackingLastCheckTime", "Tue Aug 21 2012 13:01:54 GMT-0400 (Eastern Daylight[...]
Deleted : user_pref("CT2559647.CTID", "CT2559647");
Deleted : user_pref("CT2559647.CurrentServerDate", "4-10-2012");
Deleted : user_pref("CT2559647.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2559647.DialogsGetterLastCheckTime", "Mon Oct 01 2012 18:02:49 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2559647.DownloadReferralCookieData", "");
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Wed Feb 08 2012 15:44:52 GMT-050[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Wed Feb 08 2012 15:44:52 GMT-050[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Wed Feb 08 2012 15:44:52 GMT-050[...]
Deleted : user_pref("CT2559647.FirstServerDate", "1-7-2011");
Deleted : user_pref("CT2559647.FirstTime", true);
Deleted : user_pref("CT2559647.FirstTimeFF3", true);
Deleted : user_pref("CT2559647.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2559647.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2559647.HasUserGlobalKeys", true);
Deleted : user_pref("CT2559647.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2559647.HomepageBeforeUnload", "hxxp://m.www.yahoo.com/");
Deleted : user_pref("CT2559647.Initialize", true);
Deleted : user_pref("CT2559647.InitializeCommonPrefs", true);
Deleted : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2559647.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2559647.InstalledDate", "Fri Jul 01 2011 14:51:36 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2559647.IsAlertDBUpdated", true);
Deleted : user_pref("CT2559647.IsGrouping", false);
Deleted : user_pref("CT2559647.IsMulticommunity", false);
Deleted : user_pref("CT2559647.IsOpenThankYouPage", false);
Deleted : user_pref("CT2559647.IsOpenUninstallPage", false);
Deleted : user_pref("CT2559647.LanguagePackLastCheckTime", "Tue Oct 02 2012 19:45:45 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2559647.LastLogin_3.14.1.0", "Tue Aug 21 2012 19:03:01 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.15.1.0", "Wed Oct 03 2012 17:06:54 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2559647.LastLogin_3.3.3.2", "Mon Jul 16 2012 00:57:47 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2559647.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2559647.Locale", "en");
Deleted : user_pref("CT2559647.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2559647.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2559647.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2559647.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2559647.SearchBoxWidth", 150);
Deleted : user_pref("CT2559647.SearchEngineBeforeUnload", "Wikipedia (en)");
Deleted : user_pref("CT2559647.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Deleted : user_pref("CT2559647.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Tue Oct 02 2012 19:45:43 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2559647.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2559647.SearchProtectorEnabled", false);
Deleted : user_pref("CT2559647.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2559647.ServiceMapLastCheckTime", "Tue Oct 02 2012 19:45:42 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2559647.SettingsLastCheckTime", "Wed Oct 03 2012 15:29:13 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2559647.SettingsLastUpdate", "1348502557");
Deleted : user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Mon Sep 17 2012 19:34:26 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647");
Deleted : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2559647.UserID", "UN84795160800470555");
Deleted : user_pref("CT2559647.ValidationData_Search", 2);
Deleted : user_pref("CT2559647.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2559647.alertChannelId", "952537");
Deleted : user_pref("CT2559647.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT2559647.backendstorage.facebook_user_locale", "656E");
Deleted : user_pref("CT2559647.components.129404755877931833", true);
Deleted : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Wed Sep 26 2012 12:10:08 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2559647.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2559647.initDone", true);
Deleted : user_pref("CT2559647.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2559647.myStuffEnabled", true);
Deleted : user_pref("CT2559647.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129732450647667807,100[...]
Deleted : user_pref("CT2559647.revertSettingsEnabled", false);
Deleted : user_pref("CT2559647.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2559647.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2559647.testingCtid", "");
Deleted : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Tue Oct 02 2012 19:45:45 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Fri Sep 21 2012 15:25:30 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2559647.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2559647");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2187784/CT2187784[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/586406/582268/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/952537/948310/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2187784", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.2.5[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2187784",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2559647&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4e9[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Owner\\Application[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2187784,ConduitEngine,CT2559647");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2187784,CT2559647");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 25 2012 18:13:51 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 27 2012 00:40:08 GMT-0400 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 27 2012 00:40:05 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{31518430-2bc6-4fb6-a963-07aabff04646}");
Deleted : user_pref("CommunityToolbar.globalUserId", "321991d2-9b0c-4d7f-80ac-f6133c586a68");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2559647");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Oct 02 2012 06:29:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Oct 02 2012 19:45:58 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Oct 02 2012 19:45:46 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "0ea4b823-555b-421a-8df4-e2fdbc1748c6");
Deleted : user_pref("CommunityToolbar.twitter.user_74542861.LastCheckTime", "Sat Feb 06 2010 11:37:13 GMT-0500[...]
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Aug 15 2011 00:19:21 GMT-0400 (Eastern Dayl[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Aug 15 2011 00:19:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "02/05/2011 20");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Feb 05 2011 12:28:26 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Aug 15 2011 00:19:19 GMT-0400 (Eastern Day[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Feb 05 2011 15:28:26 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Aug 15 2011 00:19:18 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Aug 15 2011 00:19:19 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("ConduitEngine.UserID", "UN73311928844781285");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Aug 15 2011 00:19:19 GMT-0400 (Easte[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Aug 15 2011 00:19:18 GMT-0400 (East[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("browser.search.defaultthis.engineName", "Coupons.com Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&Sea[...]
Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [29462 octets] - [03/10/2012 17:17:52]

########## EOF - C:\AdwCleaner[S1].txt - [29523 octets] ##########

Junkware removeal:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.3 (10.03.2012)
OS: Microsoft Windows XP x86
Ran by Owner on Wed 10/03/2012 at 17:38:21.76
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired

Removed the following from [PREFS.JS] :

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{e4878b45-e2c0-4307-b6e8-734922f92f5b}:3.14.1.0,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,engine@conduit.com:3.2.5.2,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25,{37153479-1976-43c3-a1ee-557513977b64}:3.14.1.0,{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9");


*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Wed 10/03/2012 at 17:38:23.89
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 PM

Posted 03 October 2012 - 05:10 PM

malwarebytes log?


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 Badatcomputers

Badatcomputers
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 03 October 2012 - 08:27 PM

First time I ran the scan for malwarebytes it made me restart to remove the virus it found and it didn't save the log so I lost it. Here is a log for a second scan just now.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-XHTR8HVC4P [administrator]

10/3/2012 7:23:12 PM
mbam-log-2012-10-03 (19-23-12).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299713
Time elapsed: 1 hour(s), 2 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

rkill log

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/03/2012 08:59:51 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\windows\system\hpsysdrv.exe (PID: 368) [WD-HEUR]
* C:\WINDOWS\System32\hphmon05.exe (PID: 288) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

* Alerter [Missing Service]
* Browser [Missing Service]
* lanmanworkstation [Missing Service]
* Messenger [Missing Service]
* Netlogon [Missing Service]
* NtLmSsp [Missing Service]
* RpcLocator [Missing Service]
* NetBIOS [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 10/03/2012 09:01:38 PM
Execution time: 0 hours(s), 1 minute(s), and 47 seconds(s)


autorun log:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AlcxMonitor" "Realtek Audio - Event Monitor" "Realtek Semiconductor Corp." "c:\windows\alcxmntr.exe"
+ "AutoTKit" "" "" "c:\hp\bin\autotkit.exe"
+ "CamMonitor" "HpqCmon MFC Application" "" "c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HP Software Update" "hpwuSchd" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd.exe"
+ "HPHmon05" "HPHmon05" "Hewlett-Packard" "c:\windows\system32\hphmon05.exe"
+ "HPHUPD05" "HPHupd05" "Hewlett-Packard" "c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe"
+ "hpsysdrv" "hpsysdrv" "Hewlett-Packard Company" "c:\windows\system\hpsysdrv.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "KBD" "KBD EXE" "Hewlett-Packard Company" "c:\hp\kbd\kbd.exe"
+ "mmtask" "TODO: <File description>" "TODO: <Company name>" "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 44.03 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "Philips Device Listener" "" "" "c:\program files\philips\philips songbird resources\autolauncher\philipsdevicelistener.exe"
+ "PS2" "PS2 EXE" "Hewlett-Packard Company" "c:\windows\system32\ps2.exe"
+ "Recguard" "Recguard MFC Application" "" "c:\windows\sminst\recguard.exe"
+ "StorageGuard" "Sonic Update Manager" "Sonic Solutions" "c:\program files\common files\sonic\update manager\sgtray.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files\common files\real\update_ob\realsched.exe"
"C:\Documents and Settings\Owner\Start Menu\Programs\Startup" "" "" ""
+ "spamsubtract.lnk" "SpamSubtract" "interMute, Inc." "c:\program files\intermute\spamsubtract\spamsubtract.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Aim" "AOL Instant Messenger" "AOL Inc." "c:\program files\aim\aim.exe"
+ "BackupNotify" " " " " "c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe"
+ "MoneyAgent" "Microsoft Money Express" "Microsoft Corporation" "c:\program files\microsoft money\system\mnyexpr.exe"
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
+ "NVIEW" "NVIDIA nView Desktop and Window Manager 44.03 " "NVIDIA Corporation" "c:\windows\system32\nview.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "OPShellE" "OPShellE Module" "Softex Incorporated" "c:\program files\softex\omnipass\opshelle.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "OPShellE" "OPShellE Module" "Softex Incorporated" "c:\program files\softex\omnipass\opshelle.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
+ "AcroIEHlprObj Class" "Adobe Acrobat IE Helper Version 7.0 for ActiveX" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll"
+ "{243B17DE-77C7-46BF-B94B-0B5F309A0E64}" "MoneySide Controls" "Microsoft Corporation" "c:\program files\microsoft money\system\mnyside.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "HP View" "hp view toolbar" "Hewlett-Packard Company" "c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll"
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "MoneySide" "MoneySide Controls" "Microsoft Corporation" "c:\program files\microsoft money\system\mnyside.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
X "Symantec NetDetect.job" "Symantec NetDetect" "Symantec Corporation" "c:\program files\symantec\liveupdate\ndetect.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "NVSvc" "NVIDIA Driver Helper Service, Version 44.03" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "omniserv" "" "" "c:\program files\softex\omnipass\omniserv.exe"
+ "SymWSC" "Symantec WMI Service" "Symantec Corporation" "c:\program files\common files\symantec shared\security center\symwsc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AFS2K" "Audio File System" "Oak Technology Inc." "c:\windows\system32\drivers\afs2k.sys"
+ "ALCXWDM" "Realtek AC'97 Audio Driver (WDM)" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\alcxwdm.sys"
+ "catchme" "" "" "File not found: C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "GEARAspiWDM" "CD/DVD Class Filter Driver" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "ltmodem5" "LT Windows Modem" "LT" "c:\windows\system32\drivers\ltmdmnt.sys"
+ "MpKslaa2a088e" "" "" "File not found: c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F7B7F20-E6A1-40AD-850A-9E8920692D2F}\MpKslaa2a088e.sys"
+ "mrtRate" "" "" "File not found: C:\WINDOWS\System32\Drivers\mrtRate.sys"
+ "MxlW2k" "MusicMatch Access Layer KMD" "MusicMatch, Inc." "c:\windows\system32\drivers\mxlw2k.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "nv_agp" "NVIDIA nForce AGP Filter" "NVIDIA Corporation" "c:\windows\system32\drivers\nv_agp.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "pjmn" "" "" "File not found: System32\drivers\lxoyqba.sys"
+ "Ps2" "PS2 SYS" "Hewlett-Packard Company" "c:\windows\system32\drivers\ps2.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "rtl8139" "Realtek RTL8139/810x Family NDIS 5.1 Drv" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\r8139n51.sys"
+ "S3Psddr" "S3 ProSavage(DDR) & Twister Miniport Driver" "S3 Graphics, Inc." "c:\windows\system32\drivers\s3gnbm.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiS315" "SiS Compatible Super VGA Driver" "Silicon Integrated Systems Corporation" "c:\windows\system32\drivers\sisgrp.sys"
+ "SISAGP" "SiS AGPv3.5 Filter" "Silicon Integrated Systems Corporation" "c:\windows\system32\drivers\sisagpx.sys"
+ "SiSkp" "SiS VGA Driver Manager" "Silicon Integrated Systems Corporation" "c:\windows\system32\drivers\srvkp.sys"
+ "viaagp1" "VIA NT AGP Filter" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaagp1.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "{6080A529-897E-4629-A488-ABA0C29B635E}" "Intel Graphics Platform (SoftBIOS) Driver for Windows 2000® & Windows XP™" "Intel Corporation" "c:\windows\system32\drivers\ialmsbw.sys"
+ "{D31A0762-0CEB-444e-ACFF-B049A1F6FE91}" "Intel Graphics Chipset (KCH) Driver for Windows 2000® & Windows XP™" "Intel Corporation" "c:\windows\system32\drivers\ialmkchw.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.LEAD" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\windows\system32\lcodccmp.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "HPOD RunTimeline Filter" "HPODRunTimelineFilter module " "Hewlett-Packard Company" "c:\program files\common files\hp\memories disc\2.0\hpodruntimelinefilter.dll"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LEAD MCMP/MJPEG Codec" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\program files\common files\hp\memories disc\2.0\leadtools\lcodccmp.dll"
+ "LEAD MCMP/MJPEG Decoder" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\program files\common files\hp\memories disc\2.0\leadtools\lcodccmp.dll"
+ "LEAD Still Image Reader" "LEAD Multimedia Processor Filter" "LEAD Technologies, Inc." "c:\program files\common files\hp\memories disc\2.0\leadtools\ltstlimgrd.dll"
+ "LEAD Video Color Filter" "LEAD Multimedia Processor Filter" "LEAD Technologies, Inc." "c:\program files\common files\hp\memories disc\2.0\leadtools\lmvclr.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Photo Story Source Filter" "Plus! Photo Story PSSourceFilter" "Microsoft Corporation" "c:\program files\microsoft plus! digital media edition\photostory\pssourcefilter.dll"
+ "RealPlayer Audio Filter" "DirectShow Playback Support" "RealNetworks, Inc." "c:\program files\real\realone player\rpplugins\rpds3260.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WAV Dest" "Plus! Photo Story WavDest" "Microsoft Corporation" "c:\program files\microsoft plus! digital media edition\photostory\wavdest.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Xing® VideoCD Navigator" "DirectShow Playback Support" "RealNetworks, Inc." "c:\program files\real\realone player\rpplugins\rpds3260.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxsrvc Module" "Intel Corporation" "c:\windows\system32\igfxsrvc.dll"
+ "OPXPGina" "" "" "c:\program files\softex\omnipass\opxpgina.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "000000000001" "SpamSubtract Layered Service Provider" "interMute, Inc." "c:\windows\system32\spsublsp.dll"
+ "000000000002" "SpamSubtract Layered Service Provider" "interMute, Inc." "c:\windows\system32\spsublsp.dll"
+ "000000000003" "SpamSubtract Layered Service Provider" "interMute, Inc." "c:\windows\system32\spsublsp.dll"
+ "000000000004" "SpamSubtract Layered Service Provider" "interMute, Inc." "c:\windows\system32\spsublsp.dll"
+ "000000000005" "SpamSubtract Layered Service Provider" "interMute, Inc." "c:\windows\system32\spsublsp.dll"
+ "000000000011" "SpamSubtract Layered Service Provider" "interMute, Inc." "c:\windows\system32\spsublsp.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 PM

Posted 03 October 2012 - 08:34 PM

Download

http://download.bleepingcomputer.com/win-services/xp/Alerter.reg
http://download.bleepingcomputer.com/win-services/xp/Browser.reg
http://download.bleepingcomputer.com/win-services/xp/lanmanworkstation.reg
http://download.bleepingcomputer.com/win-services/xp/Messenger.reg
http://download.bleepingcomputer.com/win-services/xp/Netlogon.reg
http://download.bleepingcomputer.com/win-services/xp/NtLmSsp.reg
http://download.bleepingcomputer.com/win-services/xp/RpcLocator.reg
http://download.bleepingcomputer.com/win-services/xp/NetBIOS.reg

Launch them,click YES to the prompt

Download UNHIDE from here

http://www.bleepingcomputer.com/download/unhide/

Run it and this should restore hidden files

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 Badatcomputers

Badatcomputers
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 03 October 2012 - 10:31 PM

Thank you for the help.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 PM

Posted 04 October 2012 - 05:22 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users