Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something killing ProcessExp, Firefox, no access to firewall


  • Please log in to reply
13 replies to this topic

#1 Quex

Quex

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tucson, The Land of AZ
  • Local time:06:15 PM

Posted 09 October 2012 - 12:54 AM

Well, hello there, you gorgeous Bleeping Gentlemen (and ladies). I'm back with new issues. Please have mercy. ;_;

OS is WinXP Service Pack 3, I try to keep the machine stripped down because she's an old mule. Main antivirus is McAfee AntiVirus Plus (not by choice) and I have Mbam installed and updated; try to run it once a week, but it never seems to catch anything at all anymore.

WHAT HAPPENED:

So I'm using a Firefox clone for WinXP called PaleMoon browsing places I've browsed before, safely, doing my normal thing, when all of a sudden I get the "program has encountered an error and needs to close" shtick. So okay, fine.

Close, reopen, and per its Firefox ancestry, the browser has saved my tabs and reopens them. Less than a minute of normal functionality later, error returns. Hmm.

Close, reopen, and this time I've got a choice of what tabs to restore. I only had two open. I try one, try the other, but the problem keeps repeating. Each time, I get 30 seconds to 1 minute of use, then a sudden error.

So I close, reopen, "start new browsing session"... and she still errs up the same way. Doesn't matter what I click or what page I'm on. One time was just the Google search front, another was the local library sign-in page.

Suspecting trouble, I go open Process Explorer... only to get the same error (which I have never had on ProcessExp before): "program has encountered an error and needs to close" send error report, debug yes/no, etc. Once again, it was about 30 seconds after opening the program.

Opened Mbam (which did not error up), updated and ran a quickscan (took less than 30 min), and got absolutely nothing. McAfee also shows nothing. Happened to have Rkill saved on a stick nearby (thanks, Grinler) and decided to give it a run... interestingly, it killed msPMSPSv.exe (PID: 1360) which I don't think I've seen it do before. Also found some unfamiliar things in the Windows Service Integrity check.

(I know I'm not supposed to post logs, but maybe this counts for description.)

Program started at: 10/08/2012 09:13:16 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\System32\MsPMSPSv.exe (PID: 1360) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* BITS [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 10/08/2012 09:17:25 PM
Execution time: 0 hours(s), 4 minute(s), and 9 seconds(s)


Try PaleMoon again, still get the error. Process Explorer, same story. OTHER programs seem to open and operate just fine (notepad, an image editor, etc). Now I'm paranoid, so I disable my wireless card for the time being.

I also have the Symantec TDSS killer on the same stick with Rkill, so I give THAT a shot, too (worked last time). No dice. Didn't find anything.

The TDSS killer restarted the machine, so I give things a try once more. In the course of poking around, I Ctrl-Alt-Del my way into Task Manager and look for anything suspicious. That MsPMSPSv.exe thing is running - I kill it with the Manager and it doesn't come back (visually, anyway). Also happen to click on the Windows Firewall, and strangely, get the message that due to an error, Windows cannot display my firewall settings. I think this MIGHT be because the McAfee firewall has precedence (and the Windows one, then, should be off), but I don't recall ever being unable to even view the settings.

ANYWAY, back to the original problem children. Process Explorer still opens, gives me 30 seconds, then errs up and "needs to close". PaleMoon, however, has now opened and is (thus far) operating normally, although the wireless is still shut off. I turn it on, get online, and... no errors yet!

Which brings me to the present; I once again come running to you fine folks to beg for help. Please. :bowdown:

...

And one final oddity... for months now, when the desktop loads, the Recycle Bin is always in the bottom right corner. Nobody set it that way. During normal use of the machine, when all activity is away from the Desktop, it will suddenly decide to hop to the top left corner and line up with the other icons. WTH is that about? If it's symptomatic, it's an odd symptom... ._.??

Edited by Quex, 09 October 2012 - 12:58 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:15 PM

Posted 09 October 2012 - 07:30 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Quex

Quex
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tucson, The Land of AZ
  • Local time:06:15 PM

Posted 09 October 2012 - 10:30 PM

Righto.

TDSSKiller Log:

15:54:38.0078 3348 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:54:40.0093 3348 ============================================================
15:54:40.0093 3348 Current date / time: 2012/10/09 15:54:40.0093
15:54:40.0093 3348 SystemInfo:
15:54:40.0093 3348
15:54:40.0093 3348 OS Version: 5.1.2600 ServicePack: 3.0
15:54:40.0093 3348 Product type: Workstation
15:54:40.0093 3348 ComputerName: D4QMHT31
15:54:40.0093 3348 UserName: Harland Hirtzel
15:54:40.0093 3348 Windows directory: C:\WINDOWS
15:54:40.0093 3348 System windows directory: C:\WINDOWS
15:54:40.0093 3348 Processor architecture: Intel x86
15:54:40.0093 3348 Number of processors: 1
15:54:40.0093 3348 Page size: 0x1000
15:54:40.0093 3348 Boot type: Normal boot
15:54:40.0093 3348 ============================================================
15:54:42.0421 3348 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:54:42.0468 3348 ============================================================
15:54:42.0468 3348 \Device\Harddisk0\DR0:
15:54:42.0468 3348 MBR partitions:
15:54:42.0468 3348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EAFF8
15:54:42.0468 3348 ============================================================
15:54:42.0546 3348 C: <-> \Device\Harddisk0\DR0\Partition1
15:54:42.0609 3348 ============================================================
15:54:42.0609 3348 Initialize success
15:54:42.0609 3348 ============================================================
15:55:12.0437 2664 ============================================================
15:55:12.0500 2664 Scan started
15:55:12.0500 2664 Mode: Manual; TDLFS;
15:55:12.0500 2664 ============================================================
15:55:15.0546 2664 ================ Scan system memory ========================
15:55:15.0562 2664 System memory - ok
15:55:15.0562 2664 ================ Scan services =============================
15:55:19.0750 2664 Abiosdsk - ok
15:55:19.0906 2664 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
15:55:20.0062 2664 abp480n5 - ok
15:55:20.0375 2664 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:55:20.0437 2664 ACPI - ok
15:55:20.0578 2664 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:55:20.0640 2664 ACPIEC - ok
15:55:21.0281 2664 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:55:21.0781 2664 AdobeFlashPlayerUpdateSvc - ok
15:55:21.0984 2664 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
15:55:22.0171 2664 adpu160m - ok
15:55:22.0671 2664 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
15:55:22.0859 2664 aeaudio - ok
15:55:23.0046 2664 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:55:23.0109 2664 aec - ok
15:55:23.0234 2664 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:55:23.0265 2664 AegisP - ok
15:55:23.0671 2664 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:55:23.0765 2664 AFD - ok
15:55:23.0859 2664 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\System32\DRIVERS\agp440.sys
15:55:23.0968 2664 agp440 - ok
15:55:24.0093 2664 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
15:55:24.0140 2664 agpCPQ - ok
15:55:24.0328 2664 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
15:55:24.0421 2664 Aha154x - ok
15:55:24.0484 2664 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
15:55:24.0515 2664 aic78u2 - ok
15:55:24.0546 2664 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
15:55:24.0578 2664 aic78xx - ok
15:55:24.0656 2664 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:55:24.0687 2664 Alerter - ok
15:55:24.0734 2664 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:55:44.0640 2664 ALG - ok
15:55:45.0515 2664 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
15:55:45.0546 2664 AliIde - ok
15:55:45.0656 2664 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
15:55:45.0781 2664 alim1541 - ok
15:55:45.0875 2664 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
15:55:45.0937 2664 amdagp - ok
15:55:46.0156 2664 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
15:55:46.0250 2664 amsint - ok
15:55:46.0812 2664 AOLService - ok
15:55:46.0953 2664 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:55:47.0437 2664 AppMgmt - ok
15:55:47.0687 2664 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
15:55:47.0906 2664 asc - ok
15:55:48.0421 2664 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
15:55:48.0468 2664 asc3350p - ok
15:55:48.0578 2664 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
15:55:48.0609 2664 asc3550 - ok
15:55:50.0156 2664 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:55:51.0000 2664 aspnet_state - ok
15:55:51.0296 2664 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:55:51.0343 2664 AsyncMac - ok
15:55:51.0484 2664 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:55:51.0546 2664 atapi - ok
15:55:51.0562 2664 Atdisk - ok
15:55:51.0828 2664 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:55:51.0875 2664 Atmarpc - ok
15:55:52.0046 2664 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:55:52.0062 2664 AudioSrv - ok
15:55:52.0421 2664 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:55:52.0437 2664 audstub - ok
15:55:52.0578 2664 [ 438179ABE9B7A922A21B8D6369FF52FF ] BCM42RLY C:\WINDOWS\System32\BCM42RLY.SYS
15:55:52.0625 2664 BCM42RLY - ok
15:55:53.0437 2664 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
15:55:54.0546 2664 BCMModem - ok
15:55:55.0640 2664 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:55:55.0750 2664 Beep - ok
15:55:55.0937 2664 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
15:55:56.0140 2664 Browser - ok
15:55:56.0156 2664 catchme - ok
15:55:56.0375 2664 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
15:55:56.0453 2664 cbidf - ok
15:55:56.0671 2664 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:55:56.0671 2664 cbidf2k - ok
15:55:56.0796 2664 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
15:55:56.0859 2664 cd20xrnt - ok
15:55:57.0109 2664 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:55:57.0156 2664 Cdaudio - ok
15:55:57.0265 2664 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:55:57.0328 2664 Cdfs - ok
15:55:57.0468 2664 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:55:57.0484 2664 Cdrom - ok
15:55:57.0640 2664 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys
15:55:57.0687 2664 cfwids - ok
15:55:57.0703 2664 Changer - ok
15:55:57.0812 2664 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:55:57.0812 2664 CiSvc - ok
15:55:58.0015 2664 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:55:58.0031 2664 ClipSrv - ok
15:55:58.0187 2664 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:55:58.0984 2664 clr_optimization_v2.0.50727_32 - ok
15:55:59.0500 2664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:02.0156 2664 clr_optimization_v4.0.30319_32 - ok
15:56:02.0250 2664 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
15:56:02.0312 2664 CmdIde - ok
15:56:02.0312 2664 COMSysApp - ok
15:56:02.0437 2664 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
15:56:02.0468 2664 Cpqarray - ok
15:56:02.0531 2664 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:56:02.0562 2664 CryptSvc - ok
15:56:02.0734 2664 [ B459AE4AFCA570088ADDDBE55EABBC92 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
15:56:02.0765 2664 ctsfm2k - ok
15:56:02.0843 2664 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
15:56:03.0203 2664 dac2w2k - ok
15:56:03.0328 2664 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
15:56:03.0437 2664 dac960nt - ok
15:56:03.0843 2664 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:56:04.0796 2664 DcomLaunch - ok
15:56:04.0843 2664 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:56:04.0843 2664 Dhcp - ok
15:56:04.0859 2664 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:56:04.0875 2664 Disk - ok
15:56:04.0875 2664 dmadmin - ok
15:56:05.0265 2664 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:56:05.0687 2664 dmboot - ok
15:56:05.0750 2664 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:56:05.0812 2664 dmio - ok
15:56:05.0906 2664 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:56:05.0937 2664 dmload - ok
15:56:06.0156 2664 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:56:06.0171 2664 dmserver - ok
15:56:06.0203 2664 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:56:06.0218 2664 DMusic - ok
15:56:06.0281 2664 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:56:06.0296 2664 Dnscache - ok
15:56:06.0421 2664 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:56:06.0609 2664 Dot3svc - ok
15:56:06.0656 2664 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
15:56:06.0671 2664 dpti2o - ok
15:56:06.0734 2664 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:56:06.0750 2664 drmkaud - ok
15:56:06.0812 2664 [ 7F056A52BCBA3102D2D37A4A2646C807 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
15:56:06.0859 2664 drvmcdb - ok
15:56:06.0890 2664 [ D3C1E501ED42E77574B3095309DD4075 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
15:56:06.0937 2664 drvnddm - ok
15:56:07.0453 2664 [ 98B46B331404A951CABAD8B4877E1276 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:56:11.0406 2664 E100B - ok
15:56:11.0468 2664 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:56:11.0484 2664 EapHost - ok
15:56:11.0531 2664 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
15:56:11.0640 2664 EL90XBC - ok
15:56:11.0718 2664 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:56:11.0750 2664 ERSvc - ok
15:56:11.0828 2664 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:56:11.0843 2664 Eventlog - ok
15:56:11.0906 2664 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
15:56:11.0937 2664 EventSystem - ok
15:56:12.0031 2664 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:56:12.0062 2664 Fastfat - ok
15:56:12.0171 2664 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:56:12.0281 2664 FastUserSwitchingCompatibility - ok
15:56:12.0359 2664 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:56:12.0390 2664 Fdc - ok
15:56:12.0406 2664 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:56:12.0437 2664 Fips - ok
15:56:12.0671 2664 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:56:13.0296 2664 FLEXnet Licensing Service - ok
15:56:13.0562 2664 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:56:13.0578 2664 Flpydisk - ok
15:56:13.0750 2664 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:56:13.0843 2664 FltMgr - ok
15:56:14.0093 2664 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:56:14.0343 2664 FontCache3.0.0.0 - ok
15:56:14.0375 2664 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:56:14.0406 2664 Fs_Rec - ok
15:56:14.0515 2664 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:56:14.0640 2664 Ftdisk - ok
15:56:14.0718 2664 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
15:56:14.0734 2664 gameenum - ok
15:56:14.0812 2664 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:56:14.0828 2664 GEARAspiWDM - ok
15:56:15.0046 2664 GoToAssist - ok
15:56:15.0187 2664 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:56:15.0203 2664 Gpc - ok
15:56:15.0296 2664 [ FC80052194D5708254A346568F0E77C0 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS
15:56:15.0312 2664 GTNDIS5 - ok
15:56:15.0500 2664 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:56:15.0515 2664 helpsvc - ok
15:56:15.0625 2664 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:56:15.0718 2664 HidServ - ok
15:56:15.0843 2664 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:56:15.0875 2664 HidUsb - ok
15:56:16.0000 2664 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:56:16.0015 2664 hkmsvc - ok
15:56:16.0046 2664 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
15:56:16.0062 2664 hpn - ok
15:56:17.0031 2664 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:56:17.0687 2664 HPSLPSVC - ok
15:56:17.0765 2664 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:56:17.0796 2664 HPZid412 - ok
15:56:17.0890 2664 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:56:17.0906 2664 HPZipr12 - ok
15:56:18.0078 2664 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:56:18.0171 2664 HPZius12 - ok
15:56:18.0531 2664 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:56:18.0578 2664 HTTP - ok
15:56:18.0640 2664 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:56:18.0656 2664 HTTPFilter - ok
15:56:18.0718 2664 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:56:18.0750 2664 i2omgmt - ok
15:56:18.0796 2664 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
15:56:18.0843 2664 i2omp - ok
15:56:18.0937 2664 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:56:19.0000 2664 i8042prt - ok
15:56:19.0265 2664 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
15:56:19.0484 2664 i81x - ok
15:56:19.0562 2664 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
15:56:19.0578 2664 iAimFP0 - ok
15:56:19.0593 2664 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
15:56:19.0593 2664 iAimFP1 - ok
15:56:19.0656 2664 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
15:56:19.0656 2664 iAimFP2 - ok
15:56:19.0781 2664 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
15:56:19.0859 2664 iAimFP3 - ok
15:56:20.0171 2664 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
15:56:20.0359 2664 iAimFP4 - ok
15:56:20.0500 2664 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
15:56:20.0562 2664 iAimTV0 - ok
15:56:20.0640 2664 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
15:56:20.0718 2664 iAimTV1 - ok
15:56:20.0718 2664 iAimTV2 - ok
15:56:20.0781 2664 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
15:56:20.0859 2664 iAimTV3 - ok
15:56:21.0015 2664 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
15:56:21.0140 2664 iAimTV4 - ok
15:56:21.0640 2664 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:56:22.0062 2664 IDriverT - ok
15:56:23.0046 2664 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:56:24.0421 2664 idsvc - ok
15:56:24.0500 2664 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:56:24.0531 2664 Imapi - ok
15:56:24.0734 2664 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:56:24.0796 2664 ImapiService - ok
15:56:25.0046 2664 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
15:56:25.0187 2664 ini910u - ok
15:56:25.0281 2664 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\System32\DRIVERS\intelide.sys
15:56:25.0437 2664 IntelIde - ok
15:56:25.0484 2664 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:56:25.0500 2664 intelppm - ok
15:56:25.0546 2664 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:56:25.0546 2664 ip6fw - ok
15:56:25.0656 2664 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:56:25.0703 2664 IpFilterDriver - ok
15:56:25.0765 2664 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:56:25.0812 2664 IpInIp - ok
15:56:26.0046 2664 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:56:26.0125 2664 IpNat - ok
15:56:26.0718 2664 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:56:27.0390 2664 iPod Service - ok
15:56:27.0421 2664 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:56:27.0437 2664 IPSec - ok
15:56:27.0484 2664 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:56:27.0546 2664 IRENUM - ok
15:56:27.0578 2664 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:56:27.0593 2664 isapnp - ok
15:56:28.0015 2664 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:56:28.0093 2664 JavaQuickStarterService - ok
15:56:28.0187 2664 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:56:28.0265 2664 Kbdclass - ok
15:56:28.0359 2664 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:56:28.0421 2664 kbdhid - ok
15:56:28.0609 2664 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:56:28.0687 2664 kmixer - ok
15:56:28.0765 2664 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:56:28.0843 2664 KSecDD - ok
15:56:28.0921 2664 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:56:29.0031 2664 lanmanserver - ok
15:56:29.0250 2664 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:56:29.0343 2664 lanmanworkstation - ok
15:56:29.0343 2664 lbrtfdc - ok
15:56:29.0406 2664 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:56:29.0437 2664 LmHosts - ok
15:56:29.0734 2664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:56:29.0812 2664 McAfee SiteAdvisor Service - ok
15:56:30.0109 2664 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
15:56:30.0437 2664 McComponentHostService - ok
15:56:30.0468 2664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:56:30.0468 2664 McMPFSvc - ok
15:56:30.0484 2664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:56:30.0484 2664 mcmscsvc - ok
15:56:30.0500 2664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:56:30.0500 2664 McNaiAnn - ok
15:56:30.0515 2664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:56:30.0515 2664 McNASvc - ok
15:56:30.0828 2664 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
15:56:31.0093 2664 McODS - ok
15:56:31.0265 2664 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:56:31.0265 2664 McProxy - ok
15:56:31.0515 2664 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:56:31.0640 2664 McShield - ok
15:56:31.0875 2664 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:56:31.0890 2664 MDM - ok
15:56:31.0968 2664 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:56:32.0000 2664 Messenger - ok
15:56:32.0078 2664 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
15:56:32.0078 2664 mfeapfk - ok
15:56:32.0187 2664 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
15:56:32.0234 2664 mfeavfk - ok
15:56:32.0250 2664 mfeavfk01 - ok
15:56:32.0312 2664 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
15:56:32.0312 2664 mfebopk - ok
15:56:32.0406 2664 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:56:32.0734 2664 mfefire - ok
15:56:32.0906 2664 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys
15:56:33.0000 2664 mfefirek - ok
15:56:33.0218 2664 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
15:56:33.0281 2664 mfehidk - ok
15:56:33.0375 2664 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys
15:56:33.0500 2664 mfendisk - ok
15:56:33.0515 2664 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys
15:56:33.0515 2664 mfendiskmp - ok
15:56:33.0640 2664 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
15:56:33.0640 2664 mferkdet - ok
15:56:33.0671 2664 [ 070D3FAF2EAC417C59D8674A8752F7A6 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
15:56:33.0703 2664 mfetdi2k - ok
15:56:33.0812 2664 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
15:56:33.0843 2664 mfevtp - ok
15:56:33.0921 2664 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:56:33.0921 2664 mnmdd - ok
15:56:34.0031 2664 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
15:56:34.0062 2664 mnmsrvc - ok
15:56:34.0156 2664 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:56:34.0171 2664 Modem - ok
15:56:34.0250 2664 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:56:34.0265 2664 MODEMCSA - ok
15:56:34.0281 2664 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:56:34.0281 2664 Mouclass - ok
15:56:34.0343 2664 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:56:34.0375 2664 mouhid - ok
15:56:34.0390 2664 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:56:34.0406 2664 MountMgr - ok
15:56:34.0453 2664 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
15:56:34.0484 2664 mraid35x - ok
15:56:34.0562 2664 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:56:34.0578 2664 MRxDAV - ok
15:56:34.0765 2664 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:56:34.0937 2664 MRxSmb - ok
15:56:35.0062 2664 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:56:35.0140 2664 MSDTC - ok
15:56:35.0187 2664 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:56:35.0218 2664 Msfs - ok
15:56:35.0218 2664 MSIServer - ok
15:56:35.0296 2664 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:56:35.0312 2664 MSKSSRV - ok
15:56:35.0359 2664 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:56:35.0390 2664 MSPCLOCK - ok
15:56:35.0453 2664 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:56:35.0500 2664 MSPQM - ok
15:56:35.0578 2664 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:56:35.0578 2664 mssmbios - ok
15:56:35.0640 2664 MSSQL$MICROSOFTBCM - ok
15:56:35.0781 2664 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
15:56:35.0953 2664 MSSQLServerADHelper - ok
15:56:36.0171 2664 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:56:36.0187 2664 Mup - ok
15:56:36.0281 2664 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:56:36.0609 2664 napagent - ok
15:56:36.0718 2664 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:56:36.0765 2664 NDIS - ok
15:56:36.0859 2664 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:56:36.0875 2664 NdisTapi - ok
15:56:36.0890 2664 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:56:36.0890 2664 Ndisuio - ok
15:56:36.0906 2664 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:56:36.0937 2664 NdisWan - ok
15:56:37.0093 2664 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:56:37.0093 2664 NDProxy - ok
15:56:37.0171 2664 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
15:56:37.0203 2664 Net Driver HPZ12 - ok
15:56:37.0250 2664 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:56:37.0281 2664 NetBIOS - ok
15:56:37.0312 2664 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:56:37.0328 2664 NetBT - ok
15:56:37.0375 2664 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:56:37.0390 2664 NetDDE - ok
15:56:37.0390 2664 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:56:37.0406 2664 NetDDEdsdm - ok
15:56:37.0453 2664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:56:37.0453 2664 Netlogon - ok
15:56:37.0468 2664 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:56:37.0468 2664 Netman - ok
15:56:37.0921 2664 [ 737351F39FEF765234037770ABDD72BD ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe
15:56:38.0375 2664 NetSvc - ok
15:56:38.0843 2664 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:56:39.0109 2664 NetTcpPortSharing - ok
15:56:39.0296 2664 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:56:39.0546 2664 Nla - ok
15:56:39.0718 2664 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:56:39.0734 2664 Npfs - ok
15:56:40.0296 2664 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:56:40.0671 2664 Ntfs - ok
15:56:40.0687 2664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
15:56:40.0687 2664 NtLmSsp - ok
15:56:41.0000 2664 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:56:41.0031 2664 NtmsSvc - ok
15:56:41.0062 2664 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:56:41.0062 2664 Null - ok
15:56:41.0140 2664 [ AFFE74E291B4620E863B269824E73159 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:56:47.0812 2664 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: AFFE74E291B4620E863B269824E73159, Fake md5: 9F4384AA43548DDD438F7B7825D11699
15:56:47.0859 2664 nv ( ForgedFile.Multi.Generic ) - warning
15:56:47.0859 2664 nv - detected ForgedFile.Multi.Generic (1)
15:56:48.0078 2664 [ 0C41C4ACFE00D826DB479C40C1D9EDC8 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
15:56:48.0156 2664 NVSvc - ok
15:56:48.0328 2664 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:56:48.0484 2664 NwlnkFlt - ok
15:56:48.0546 2664 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:56:48.0578 2664 NwlnkFwd - ok
15:56:48.0687 2664 [ 53D5F1278D9EDB21689BBBCECC09108D ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
15:56:48.0703 2664 omci - ok
15:56:48.0828 2664 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:56:49.0046 2664 ose - ok
15:56:49.0328 2664 [ C720C25B2D0C93DC425155F5B6A707F3 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
15:56:49.0562 2664 ossrv - ok
15:56:50.0375 2664 [ F051107FF80F132882E71E3A5D302EC1 ] P16X C:\WINDOWS\system32\drivers\P16X.sys
15:56:51.0656 2664 P16X - ok
15:56:52.0390 2664 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
15:56:52.0406 2664 P3 - ok
15:56:52.0468 2664 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:56:52.0515 2664 Parport - ok
15:56:52.0625 2664 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:56:52.0671 2664 PartMgr - ok
15:56:52.0765 2664 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:56:52.0796 2664 ParVdm - ok
15:56:52.0843 2664 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:56:52.0937 2664 PCI - ok
15:56:52.0953 2664 PCIDump - ok
15:56:53.0109 2664 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:56:53.0187 2664 PCIIde - ok
15:56:53.0281 2664 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:56:53.0437 2664 Pcmcia - ok
15:56:53.0453 2664 PDCOMP - ok
15:56:53.0468 2664 PDFRAME - ok
15:56:53.0468 2664 PDRELI - ok
15:56:53.0484 2664 PDRFRAME - ok
15:56:53.0531 2664 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
15:56:53.0546 2664 perc2 - ok
15:56:53.0593 2664 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
15:56:53.0593 2664 perc2hib - ok
15:56:53.0671 2664 [ C8A2D6FF660AC601B7BB9A9B16A5C25E ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
15:56:53.0718 2664 PfModNT - ok
15:56:53.0859 2664 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:56:53.0890 2664 PlugPlay - ok
15:56:54.0062 2664 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
15:56:54.0156 2664 Pml Driver HPZ12 - ok
15:56:54.0187 2664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:56:54.0203 2664 PolicyAgent - ok
15:56:54.0312 2664 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:56:54.0328 2664 PptpMiniport - ok
15:56:54.0421 2664 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:56:54.0437 2664 Processor - ok
15:56:54.0468 2664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:56:54.0468 2664 ProtectedStorage - ok
15:56:54.0531 2664 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:56:54.0593 2664 PSched - ok
15:56:54.0703 2664 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:56:54.0718 2664 Ptilink - ok
15:56:54.0812 2664 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
15:56:54.0828 2664 ql1080 - ok
15:56:54.0859 2664 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
15:56:54.0890 2664 Ql10wnt - ok
15:56:55.0062 2664 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
15:56:55.0406 2664 ql12160 - ok
15:56:55.0453 2664 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
15:56:55.0500 2664 ql1240 - ok
15:56:55.0562 2664 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
15:56:55.0578 2664 ql1280 - ok
15:56:55.0609 2664 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:56:55.0625 2664 RasAcd - ok
15:56:55.0703 2664 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:56:55.0859 2664 RasAuto - ok
15:56:55.0875 2664 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:56:55.0890 2664 Rasl2tp - ok
15:56:56.0015 2664 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:56:56.0046 2664 RasMan - ok
15:56:56.0062 2664 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:56:56.0078 2664 RasPppoe - ok
15:56:56.0125 2664 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:56:56.0140 2664 Raspti - ok
15:56:56.0187 2664 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:56:56.0343 2664 Rdbss - ok
15:56:56.0390 2664 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:56:56.0421 2664 RDPCDD - ok
15:56:56.0484 2664 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:56:56.0515 2664 rdpdr - ok
15:56:56.0578 2664 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:56:56.0578 2664 RDPWD - ok
15:56:56.0703 2664 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:56:56.0734 2664 RDSessMgr - ok
15:56:56.0812 2664 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:56:56.0843 2664 redbook - ok
15:56:57.0031 2664 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:56:57.0109 2664 RemoteAccess - ok
15:56:57.0187 2664 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:56:57.0187 2664 RemoteRegistry - ok
15:56:57.0312 2664 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
15:56:57.0359 2664 Revoflt - ok
15:56:57.0406 2664 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
15:56:57.0468 2664 RpcLocator - ok
15:56:57.0640 2664 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:56:57.0781 2664 RpcSs - ok
15:56:57.0890 2664 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
15:56:57.0937 2664 RSVP - ok
15:56:58.0031 2664 [ 7436BFD3A542CF6FF55097200031B293 ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
15:56:58.0109 2664 RT73 - ok
15:56:58.0140 2664 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:56:58.0140 2664 SamSs - ok
15:56:58.0203 2664 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:56:58.0203 2664 SCardSvr - ok
15:56:58.0312 2664 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:56:58.0343 2664 Schedule - ok
15:56:58.0390 2664 [ 8EDD7B9E4A4B4C16E2DAB9188CAA861B ] SDDMI2 C:\WINDOWS\system32\DDMI2.sys
15:56:58.0421 2664 SDDMI2 - ok
15:56:58.0484 2664 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:56:58.0515 2664 Secdrv - ok
15:56:58.0562 2664 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:56:58.0578 2664 seclogon - ok
15:56:58.0625 2664 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:56:58.0625 2664 SENS - ok
15:56:58.0671 2664 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:56:58.0671 2664 serenum - ok
15:56:58.0703 2664 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:56:58.0718 2664 Serial - ok
15:56:58.0875 2664 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:56:58.0875 2664 Sfloppy - ok
15:56:58.0890 2664 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:56:58.0906 2664 ShellHWDetection - ok
15:56:58.0906 2664 Simbad - ok
15:56:59.0000 2664 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
15:56:59.0000 2664 sisagp - ok
15:56:59.0046 2664 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:56:59.0078 2664 SkypeUpdate - ok
15:56:59.0281 2664 [ 39F9595D2F6F7EB93F45A466789A6F49 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
15:56:59.0734 2664 smwdm - ok
15:56:59.0843 2664 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:56:59.0984 2664 SONYPVU1 - ok
15:57:00.0046 2664 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
15:57:00.0062 2664 Sparrow - ok
15:57:00.0250 2664 [ DC7F26E519331D074E6D3D8A90595364 ] spkrmon C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
15:57:00.0390 2664 spkrmon - ok
15:57:00.0468 2664 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:57:00.0468 2664 splitter - ok
15:57:00.0546 2664 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:57:00.0578 2664 Spooler - ok
15:57:00.0593 2664 SQLAgent$MICROSOFTBCM - ok
15:57:00.0609 2664 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:57:00.0906 2664 sr - ok
15:57:01.0062 2664 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:57:01.0187 2664 srservice - ok
15:57:01.0343 2664 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:57:01.0375 2664 Srv - ok
15:57:01.0453 2664 [ 328E8BB94EC58480F60458FB4B8437A7 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
15:57:01.0484 2664 sscdbhk5 - ok
15:57:01.0562 2664 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:57:01.0593 2664 SSDPSRV - ok
15:57:01.0625 2664 [ 7EC8B427CEE5C0CDAC066320B93F1355 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
15:57:01.0640 2664 ssrtln - ok
15:57:01.0750 2664 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
15:57:01.0781 2664 StillCam - ok
15:57:01.0890 2664 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:57:02.0125 2664 stisvc - ok
15:57:02.0203 2664 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:57:02.0296 2664 swenum - ok
15:57:02.0390 2664 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:57:02.0390 2664 swmidi - ok
15:57:02.0406 2664 SwPrv - ok
15:57:02.0453 2664 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
15:57:02.0484 2664 symc810 - ok
15:57:02.0578 2664 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
15:57:02.0593 2664 symc8xx - ok
15:57:02.0640 2664 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
15:57:02.0656 2664 sym_hi - ok
15:57:02.0687 2664 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
15:57:02.0718 2664 sym_u3 - ok
15:57:02.0750 2664 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:57:02.0765 2664 sysaudio - ok
15:57:02.0843 2664 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:57:03.0015 2664 SysmonLog - ok
15:57:03.0109 2664 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:57:03.0140 2664 TapiSrv - ok
15:57:03.0203 2664 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:57:03.0265 2664 Tcpip - ok
15:57:03.0312 2664 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:57:03.0312 2664 TDPIPE - ok
15:57:03.0328 2664 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:57:03.0359 2664 TDTCP - ok
15:57:03.0406 2664 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:57:03.0437 2664 TermDD - ok
15:57:03.0656 2664 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:57:03.0859 2664 TermService - ok
15:57:04.0015 2664 [ C229BF90443BE8D3BD2B65D7F3AC0F35 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
15:57:04.0125 2664 tfsnboio - ok
15:57:04.0187 2664 [ 79EE9FCD7728E54AB8FBC30962F0416F ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
15:57:04.0187 2664 tfsncofs - ok
15:57:04.0234 2664 [ 9EFB37E7DE17D783A059B653F7E8AFAD ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
15:57:04.0796 2664 tfsndrct - ok
15:57:04.0828 2664 [ 130254995EBEDCB34D62E8D78EC9DBD0 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
15:57:04.0843 2664 tfsndres - ok
15:57:04.0875 2664 [ 9B40E1E4AEED849812A2E43A388A7E77 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
15:57:04.0921 2664 tfsnifs - ok
15:57:04.0937 2664 [ 818047AD850B312705AA17CA96B9427D ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
15:57:04.0953 2664 tfsnopio - ok
15:57:05.0015 2664 [ 4603E813BCC6DD465CD8D2AFD37FA90D ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
15:57:05.0031 2664 tfsnpool - ok
15:57:05.0062 2664 [ 6FC2CD904A9A55ACFDFC780A611A75ED ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
15:57:05.0078 2664 tfsnudf - ok
15:57:05.0093 2664 [ D4AFA4D00F8DB3FD1C15B3FE49C3A96C ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
15:57:05.0093 2664 tfsnudfa - ok
15:57:05.0109 2664 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:57:05.0109 2664 Themes - ok
15:57:05.0187 2664 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
15:57:05.0281 2664 TlntSvr - ok
15:57:05.0406 2664 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
15:57:05.0484 2664 TosIde - ok
15:57:05.0562 2664 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:57:05.0593 2664 TrkWks - ok
15:57:05.0625 2664 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:57:05.0656 2664 Udfs - ok
15:57:05.0687 2664 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
15:57:05.0734 2664 ultra - ok
15:57:05.0875 2664 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:57:06.0218 2664 Update - ok
15:57:06.0375 2664 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:57:06.0406 2664 upnphost - ok
15:57:06.0484 2664 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:57:06.0578 2664 UPS - ok
15:57:06.0687 2664 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
15:57:06.0828 2664 USBAAPL - ok
15:57:06.0890 2664 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:57:06.0906 2664 usbccgp - ok
15:57:06.0937 2664 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:57:06.0984 2664 usbehci - ok
15:57:07.0078 2664 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:57:07.0109 2664 usbhub - ok
15:57:07.0187 2664 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:57:07.0343 2664 usbprint - ok
15:57:07.0484 2664 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:57:07.0687 2664 usbscan - ok
15:57:07.0734 2664 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:57:07.0812 2664 USBSTOR - ok
15:57:07.0859 2664 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:57:07.0875 2664 usbuhci - ok
15:57:08.0031 2664 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:57:08.0140 2664 VgaSave - ok
15:57:08.0203 2664 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
15:57:08.0265 2664 viaagp - ok
15:57:08.0328 2664 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
15:57:08.0359 2664 ViaIde - ok
15:57:08.0390 2664 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:57:08.0406 2664 VolSnap - ok
15:57:08.0593 2664 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:57:08.0859 2664 VSS - ok
15:57:09.0031 2664 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
15:57:09.0093 2664 w32time - ok
15:57:09.0171 2664 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:57:09.0187 2664 Wanarp - ok
15:57:09.0203 2664 wanatw - ok
15:57:09.0218 2664 WDICA - ok
15:57:09.0515 2664 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:57:09.0578 2664 wdmaud - ok
15:57:09.0625 2664 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:57:09.0625 2664 WebClient - ok
15:57:09.0875 2664 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:57:10.0437 2664 winmgmt - ok
15:57:10.0703 2664 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\System32\MsPMSPSv.exe
15:57:10.0781 2664 WMDM PMSP Service - ok
15:57:10.0875 2664 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:57:10.0921 2664 WmdmPmSN - ok
15:57:11.0390 2664 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:57:11.0703 2664 Wmi - ok
15:57:11.0781 2664 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:57:11.0859 2664 WmiApSrv - ok
15:57:13.0796 2664 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:57:14.0875 2664 WMPNetworkSvc - ok
15:57:15.0187 2664 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:57:15.0343 2664 WpdUsb - ok
15:57:17.0078 2664 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:57:18.0421 2664 WPFFontCache_v0400 - ok
15:57:18.0531 2664 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:57:18.0546 2664 WS2IFSL - ok
15:57:19.0312 2664 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:57:19.0515 2664 WudfPf - ok
15:57:19.0812 2664 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:57:20.0062 2664 WudfRd - ok
15:57:20.0578 2664 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:57:21.0093 2664 WudfSvc - ok
15:57:21.0468 2664 [ CCFDECD6060EA8EB0F8466782A97FF21 ] WUSB54GCSVC C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
15:57:21.0546 2664 WUSB54GCSVC - ok
15:57:22.0093 2664 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:57:22.0531 2664 WZCSVC - ok
15:57:22.0765 2664 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:57:22.0875 2664 xmlprov - ok
15:57:23.0015 2664 ================ Scan global ===============================
15:57:23.0296 2664 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:57:23.0515 2664 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:57:23.0750 2664 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:57:23.0796 2664 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:57:23.0828 2664 [Global] - ok
15:57:23.0828 2664 ================ Scan MBR ==================================
15:57:23.0890 2664 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:57:30.0500 2664 \Device\Harddisk0\DR0 - ok
15:57:30.0500 2664 ================ Scan VBR ==================================
15:57:30.0531 2664 [ FDB25C51E7918A4881B511487C93ACFE ] \Device\Harddisk0\DR0\Partition1
15:57:30.0562 2664 \Device\Harddisk0\DR0\Partition1 - ok
15:57:30.0562 2664 ============================================================
15:57:30.0562 2664 Scan finished
15:57:30.0562 2664 ============================================================
15:57:30.0687 2792 Detected object count: 1
15:57:30.0687 2792 Actual detected object count: 1
16:32:20.0953 2792 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - copied to quarantine
16:32:21.0265 2792 nv ( ForgedFile.Multi.Generic ) - User select action: Quarantine
16:33:12.0281 0484 Deinitialize success



aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-09 16:34:05
-----------------------------
16:34:05.796 OS Version: Windows 5.1.2600 Service Pack 3
16:34:05.796 Number of processors: 1 586 0x209
16:34:05.796 ComputerName: D4QMHT31 UserName:
16:34:10.406 Initialize success
16:51:02.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:51:02.984 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
16:51:03.015 Disk 0 MBR read successfully
16:51:03.015 Disk 0 MBR scan
16:51:03.015 Disk 0 Windows XP default MBR code
16:51:03.062 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
16:51:03.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76245 MB offset 80325
16:51:03.140 Disk 0 scanning sectors +156232125
16:51:03.218 Disk 0 scanning C:\WINDOWS\system32\drivers
16:51:23.906 Service scanning
16:52:00.078 Modules scanning
16:52:41.781 Disk 0 trace - called modules:
16:52:41.812 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:52:41.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83fccab8]
16:52:42.312 3 CLASSPNP.SYS[f8676fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83f78b00]
16:52:42.312 Scan finished successfully
16:53:14.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Harland Hirtzel\My Documents\Downloads\Fixing bleep\MBR.dat"
16:53:14.218 The log file has been saved successfully to "C:\Documents and Settings\Harland Hirtzel\My Documents\Downloads\Fixing bleep\aswMBR.txt"


And ESET scanned 117662 files and didn't find anything. Didn't make any log.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:15 PM

Posted 09 October 2012 - 10:33 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 Quex

Quex
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tucson, The Land of AZ
  • Local time:06:15 PM

Posted 10 October 2012 - 08:43 PM

Yessir. Here we go:
MBAM Log

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.10.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Harland Hirtzel :: D4QMHT31 [administrator]

10/9/2012 10:58:16 PM
mbam-log-2012-10-09 (22-58-16).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333882
Time elapsed: 3 hour(s), 39 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Harland Hirtzel (administrator) on 10-10-2012 at 07:08:40
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [D4QMHT31]. Some commands may not be available.
The specified module could not be found.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 13"

set address name="Wireless Network Connection 13" source=dhcp
set address name="Wireless Network Connection 13" gateway=0.0.0.0 gwmetric=
set dns name="Wireless Network Connection 13" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 13" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : D4QMHT31 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : hsd1.az.comcast.net.Ethernet adapter Wireless Network Connection 13: Connection-specific DNS Suffix . : hsd1.az.comcast.net. Description . . . . . . . . . . . : Compact Wireless-G USB Adapter #6 Physical Address. . . . . . . . . : 00-14-BF-7D-72-FC Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 75.75.75.75 75.75.76.76 Lease Obtained. . . . . . . . . . : Wednesday, October 10, 2012 3:52:31 AM Lease Expires . . . . . . . . . . : Thursday, October 11, 2012 3:52:31 AMServer: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.224.101, 74.125.224.102, 74.125.224.100, 74.125.224.104
74.125.224.110, 74.125.224.103, 74.125.224.96, 74.125.224.99, 74.125.224.97
74.125.224.98, 74.125.224.105

Pinging google.com [74.125.224.66] with 32 bytes of data:Reply from 74.125.224.66: bytes=32 time=35ms TTL=54Reply from 74.125.224.66: bytes=32 time=34ms TTL=54Ping statistics for 74.125.224.66: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 34ms, Maximum = 35ms, Average = 34msServer: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.138.253.109, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=798ms TTL=48Reply from 98.139.183.24: bytes=32 time=744ms TTL=48Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 744ms, Maximum = 798ms, Average = 771msServer: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 14 bf 7d 72 fc ...... Compact Wireless-G USB Adapter #6 - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 25
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 25
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 25
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/09/2012 03:52:15 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (10/09/2012 03:24:39 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (10/09/2012 03:24:24 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (10/08/2012 11:36:52 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (10/08/2012 09:57:47 PM) (Source: Application Error) (User: )
Description: Faulting application procexp.exe, version 15.22.0.0, faulting module procexp.exe, version 15.22.0.0, fault address 0x000a590b.
Processing media-specific event for [procexp.exe!ws!]

Error: (10/08/2012 09:37:05 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (10/08/2012 09:22:34 PM) (Source: Application Hang) (User: )
Description: Hanging application snurf.exe, version 1.0.15.15641, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/08/2012 09:18:35 PM) (Source: Application Error) (User: )
Description: Faulting application procexp.exe, version 15.22.0.0, faulting module procexp.exe, version 15.22.0.0, fault address 0x000a590b.
Processing media-specific event for [procexp.exe!ws!]

Error: (10/08/2012 09:12:33 PM) (Source: Application Error) (User: )
Description: Faulting application procexp.exe, version 15.22.0.0, faulting module procexp.exe, version 15.22.0.0, fault address 0x000a590b.
Processing media-specific event for [procexp.exe!ws!]

Error: (10/08/2012 09:02:43 PM) (Source: Application Error) (User: )
Description: Faulting application palemoon.exe, version 1.9.2.4532, faulting module npswf32_11_4_402_265.dll, version 11.4.402.265, fault address 0x004c4dce.
Processing media-specific event for [palemoon.exe!ws!]


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (10/09/2012 03:52:15 PM) (Source: WinMgmt)(User: )
Description:

Error: (10/09/2012 03:24:39 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (10/09/2012 03:24:24 PM) (Source: WinMgmt)(User: )
Description:

Error: (10/08/2012 11:36:52 PM) (Source: WinMgmt)(User: )
Description:

Error: (10/08/2012 09:57:47 PM) (Source: Application Error)(User: )
Description: procexp.exe15.22.0.0procexp.exe15.22.0.0000a590b

Error: (10/08/2012 09:37:05 PM) (Source: WinMgmt)(User: )
Description:

Error: (10/08/2012 09:22:34 PM) (Source: Application Hang)(User: )
Description: snurf.exe1.0.15.15641hungapp0.0.0.000000000

Error: (10/08/2012 09:18:35 PM) (Source: Application Error)(User: )
Description: procexp.exe15.22.0.0procexp.exe15.22.0.0000a590b

Error: (10/08/2012 09:12:33 PM) (Source: Application Error)(User: )
Description: procexp.exe15.22.0.0procexp.exe15.22.0.0000a590b

Error: (10/08/2012 09:02:43 PM) (Source: Application Error)(User: )
Description: palemoon.exe1.9.2.4532npswf32_11_4_402_265.dll11.4.402.265004c4dce


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
32 Bit HP CIO Components Installer (Version: 6.1.2)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Illustrator 10 (Version: 10)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe SVG Viewer 3.0 (Version: 3.0)
Any Video Converter 3.4.2
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Banctec Service Agreement (Version: 1.00.00)
Banctec Service Agreement (Version: 1.00.0005)
BCM V.92 56K Modem
calibre (Version: 0.8.47)
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.1
Canon MX850 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (Version: 3.22)
Compact Wireless-G USB Adapter
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.1)
Critical Update for Windows Media Player 11 (KB959772)
DAO (Version: 3.50)
Dell Networking Guide (Version: 1.00.0001)
Dell ResourceCD
DS21Patch (Version: 1.00.0000)
DVDSentry (Version: 1.00.0000)
DVDStyler v1.7.4 DVD designer and burner
Exact Audio Copy 0.99pb5 (Version: 0.99pb5)
FLAC 1.2.1b (remove only) (Version: 1.2.1b)
Garmin Lifetime Updater (Version: 2.1.7)
Google Update Helper (Version: 1.3.21.53)
Help and Support Customization (Version: 1.00.0000)
HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6 (Version: 14.0)
ImgBurn (Version: 2.5.6.0)
Intel® PRO Network Adapters and Drivers
Intel® PROSet (Version: 6.05.2001)
iTunes (Version: 10.5.0.142)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Jasc Paint Shop Pro 9 (Version: 9.00.0000)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
McAfee AntiVirus Plus (Version: 11.0.678)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee Virtual Technician (Version: 6.5.0.2101)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 140.0.215.000)
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
oggcodecs 0.71.0946 (Version: 0.71.0946)
Pale Moon (3.6.32) (Version: 3.6.32 (en-US))
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000)
QuickTime (Version: 7.72.80.56)
Revo Uninstaller Pro 2.5.7 (Version: 2.5.7)
Scan (Version: 140.0.80.000)
Skype™ 5.8 (Version: 5.8.158)
Sonic DLA (Version: 4.50)
Sound Blaster Live!
SoundMAX (Version: 5.12.01.3650)
Toolbox (Version: 140.0.428.000)
TurboTax 2011
TurboTax 2011 waziper (Version: 011.000.1607)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 511 MB
Available physical RAM: 213.31 MB
Total Pagefile: 1248.16 MB
Available Pagefile: 694.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.93 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.46 GB) (Free:15.53 GB) NTFS

========================= Users: ========================================

User accounts for \\D4QMHT31

Administrator ASPNET FCAdministrator
Guest Harland Hirtzel HelpAssistant
SUPPORT_388945a0 SUPPORT_3f151ab9

========================= Restore Points ==================================

Could not list Restore Points.

**** End of log ****



Farbar

Farbar Service Scanner Version: 07-10-2012
Ran by Harland Hirtzel (administrator) on 10-10-2012 at 07:13:02
Running from "C:\Documents and Settings\Harland Hirtzel\My Documents\Downloads\Fixing bleep"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(6) IPSec(4) mfetdi2k(12) NetBT(5) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000C0000000B0000000A0000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****


Adware Cleaner


# AdwCleaner v2.004 - Logfile created 10/10/2012 at 07:14:58
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Harland Hirtzel - D4QMHT31
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Harland Hirtzel\My Documents\Downloads\Fixing bleep\adwrare.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Harland Hirtzel\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\Headlight
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [2697 octets] - [10/10/2012 07:14:58]

########## EOF - C:\AdwCleaner[S1].txt - [2757 octets] ##########


JunkRemTool

Junkware Removal Tool (JRT) by Thisisu
Version: 1.3.8 (10.09.2012)
OS: Microsoft Windows XP x86
Ran by Harland Hirtzel on Wed 10/10/2012 at 7:36:16.31
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files:

Successfully deleted: [FILE] C:\Program Files\coupons\Coupons.ico
Successfully deleted: [FILE] C:\Program Files\coupons\CouponsDotCom.url
Successfully deleted: [FILE] C:\Program Files\coupons\uninstall.exe



*** Folders:

Successfully deleted: [FOLDER] "C:\Program Files\coupons"



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Wed 10/10/2012 at 7:53:51.39
End of Report



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:15 PM

Posted 10 October 2012 - 08:45 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 Quex

Quex
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tucson, The Land of AZ
  • Local time:06:15 PM

Posted 12 October 2012 - 06:09 PM

Okay, here's round three:

Services Repair Tool has been run
, followed by

FarbarSS

Farbar Service Scanner Version: 07-10-2012
Ran by Harland Hirtzel (administrator) on 12-10-2012 at 07:17:20
Running from "C:\Documents and Settings\Harland Hirtzel\My Documents\Downloads\Fixing bleep"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(6) IPSec(4) mfetdi2k(12) NetBT(5) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000C0000000B0000000A0000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****


...and then
RKILL

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/12/2012 07:18:11 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\System32\MsPMSPSv.exe (PID: 1864) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/12/2012 07:19:30 AM
Execution time: 0 hours(s), 1 minute(s), and 18 seconds(s)


...and lastly,
AUTORUNS

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "mcui_exe" "McAfee Security Center" "McAfee, Inc." "c:\program files\mcafee.com\agent\mcagent.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "application/x-mfe-ipt" "McAfee MSC IE plugin DLL" "McAfee, Inc." "c:\program files\mcafee\msc\mcsniepl.dll"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "dssrequest" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
+ "sacore" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
+ "ViewpointPhotosExt" "" "" "File not found: C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatShellExt.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 111.75 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
+ "RUShellExt" "Revo Uninstaller Pro Extension" "VS Revo Group" "c:\program files\vs revo group\revo uninstaller pro\ruext.dll"
+ "ViewpointPhotosExt" "" "" "File not found: C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatShellExt.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "DriveLetterAccess" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfswshx.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\scriptsn.20120629215553.dll"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "McAfee SiteAdvisor Toolbar" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "" "File not found: C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe"
+ "HPSLPSVC" "Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpslpsvc32.dll"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe"
+ "McAfee SiteAdvisor Service" "McAfee SiteAdvisor Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files\mcafee security scan\2.0.181\mcchsvc.exe"
+ "McMPFSvc" "Helps protect your computer from intrusion and let's you manage your computer's trusted programs." "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "mcmscsvc" "McAfee Services" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNaiAnn" "McAfee VirusScan Announcer" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNASvc" "Allows McAfee applications to communicate securely on the local network." "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McODS" "McAfee Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcods.exe"
+ "McProxy" "McAfee Proxy Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McShield" "McAfee OnAccess Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mcshield.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "mfefire" "Provides firewall services to McAfee products" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mfefire.exe"
+ "mfevtp" "Provides validation trust protection services" "McAfee, Inc." "c:\windows\system32\mfevtps.exe"
+ "MSSQL$MICROSOFTBCM" "SQL Server Windows NT" "Microsoft Corporation" "c:\program files\microsoft sql server\mssql$microsoftbcm\binn\sqlservr.exe"
+ "MSSQLServerADHelper" "Microsoft SQL Server Active Directory Helper Service" "Microsoft Corporation" "c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "NetSvc" "NetSvc Module" "Intel® Corporation" "c:\program files\intel\ncs\sync\netsvc.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "spkrmon" "SoundMAX SpeakerMonitor service" "" "c:\program files\analog devices\soundmax\spkrmon.exe"
+ "SQLAgent$MICROSOFTBCM" "Microsoft SQL Server Agent" "Microsoft Corporation" "c:\program files\microsoft sql server\mssql$microsoftbcm\binn\sqlagent.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "WUSB54GCSVC" "WLService" "GEMTEKS" "c:\program files\compact wireless-g usb adapter wireless network monitor\wlservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aeaudio" "Andrea Audio Stub Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys"
+ "AegisP" "AEGIS Protocol (IEEE 802.1x) v3.4.3.0" "Meetinghouse Data Communications" "c:\windows\system32\drivers\aegisp.sys"
+ "BCM42RLY" "Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver" "Broadcom Corporation" "c:\windows\system32\bcm42rly.sys"
+ "BCMModem" "Modem Device Driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmsm.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "cfwids" "McAfee Personal Firewall IDS Plugin" "McAfee, Inc." "c:\windows\system32\drivers\cfwids.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "ctsfm2k" "SoundFont® Manager (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctsfm2k.sys"
+ "drvmcdb" "Device Driver" "Sonic Solutions" "c:\windows\system32\drivers\drvmcdb.sys"
+ "drvnddm" "Device Driver Manager" "Sonic Solutions" "c:\windows\system32\drivers\drvnddm.sys"
+ "E100B" "Intel® PRO/100 Adapter NDIS 5.1 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "EL90XBC" "3Com EtherLink PCI Driver" "3Com Corporation" "c:\windows\system32\drivers\el90xbc5.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "GTNDIS5" "PCAUSA NDIS 5.0 Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\windows\system32\gtndis5.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "i81x" "Miniport Driver for Intel Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\i81xnt5.sys"
+ "iAimFP0" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wadv01nt.sys"
+ "iAimFP1" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wadv02nt.sys"
+ "iAimFP2" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wadv05nt.sys"
+ "iAimFP3" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wsiintxx.sys"
+ "iAimFP4" "Local Flat Panel Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wvchntxx.sys"
+ "iAimTV0" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\watv01nt.sys"
+ "iAimTV1" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\watv02nt.sys"
+ "iAimTV2" "" "" "File not found: System32\DRIVERS\wATV03nt.sys"
+ "iAimTV3" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\watv04nt.sys"
+ "iAimTV4" "Digital Display Minidriver for Intel® Graphics Driver" "Intel® Corporation" "c:\windows\system32\drivers\wch7xxnt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mfeapfk" "Access Protection Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeapfk.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfeavfk01" "" "" "File not found: C:\WINDOWS\System32\Drivers\mfeavfk01.sys"
+ "mfebopk" "Buffer Overflow Protection Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfebopk.sys"
+ "mfefirek" "McAfee Core Firewall Engine Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfefirek.sys"
+ "mfehidk" "McAfee Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mfendisk" "McAfee NDIS Intermediate Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfendisk.sys"
+ "mfendiskmp" "McAfee NDIS Intermediate Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfendisk.sys"
+ "mferkdet" "McAfee Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdet.sys"
+ "mfetdi2k" "Anti-Virus Mini-Firewall Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfetdi2k.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.19 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "omci" "OMCI Device Driver" "Dell Computer Corporation" "c:\windows\system32\drivers\omci.sys"
+ "ossrv" "Creative OS Services Driver (WDM)" "Creative Technology Ltd." "c:\windows\system32\drivers\ctoss2k.sys"
+ "P16X" "WDM Audio Miniport" "Creative Technology Ltd." "c:\windows\system32\drivers\p16x.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "PfModNT" "PCI/ISA Device Info. Service" "Creative Technology Ltd." "c:\windows\system32\drivers\pfmodnt.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Revoflt" "Revo Uninstaller Filter driver" "VS Revo Group" "c:\windows\system32\drivers\revoflt.sys"
+ "RT73" "Ralink 802.11 USB Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\rt73.sys"
+ "SDDMI2" "DDMI Service" "Gteko Ltd." "c:\windows\system32\ddmi2.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "SONYPVU1" "Sony USB Lower Filter driver" "Sony Corporation" "c:\windows\system32\drivers\sonypvu1.sys"
+ "sscdbhk5" "Shared Driver Component" "Sonic Solutions" "c:\windows\system32\drivers\sscdbhk5.sys"
+ "ssrtln" "Shared Driver Component" "Sonic Solutions" "c:\windows\system32\drivers\ssrtln.sys"
+ "tfsnboio" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnboio.sys"
+ "tfsncofs" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsncofs.sys"
+ "tfsndrct" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsndrct.sys"
+ "tfsndres" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsndres.sys"
+ "tfsnifs" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnifs.sys"
+ "tfsnopio" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnopio.sys"
+ "tfsnpool" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnpool.sys"
+ "tfsnudf" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnudf.sys"
+ "tfsnudfa" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnudfa.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "wanatw" "" "" "File not found: System32\DRIVERS\wanatw4.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ctmp3" "MP3 CODEC for MSACM" "Creative Technology Ltd." "c:\windows\system32\ctmp3.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "PVTimeScale Plugin" "AMSDSPVT" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\amsdspvt.dll"
+ "PVTimeScale Plugin" "AMSDSPVT" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\amsdspvt.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3 Source Filter" "Creative AC3 Source Filter" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\ac3filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Creative EAX Dream" "Creative EAX Dream" "Creative Technology Ltd" "c:\program files\creative\sharedll\audplug\ctdream.ax"
+ "DirectShow Tap" "Sonic DirectShow Tap Filter" "Sonic Solutions" "c:\program files\common files\sonic shared\directshowtap.ax"
+ "FieldSwitch" "Field Switch" "Sonic Solutions" "c:\program files\common files\sonic shared\fieldswitch.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MainConcept (Sonic) DV Video Decoder" "DirectShow DV Video Encoder and Decoder" "MainConcept AG (Sonic)" "c:\program files\common files\sonic shared\sonicmcdsdv.ax"
+ "MainConcept (Sonic) DV Video Encoder" "DirectShow DV Video Encoder and Decoder" "MainConcept AG (Sonic)" "c:\program files\common files\sonic shared\sonicmcdsdv.ax"
+ "MainConcept (Sonic) MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG (Sonic)" "c:\program files\common files\sonic shared\sonicmceampeg.ax"
+ "MainConcept (Sonic) MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG (Sonic)" "c:\program files\common files\sonic shared\sonicmcesmpeg.ax"
+ "MainConcept (Sonic) MPEG Video Encoder" "MPEG Video Encoder" "MainConcept AG (Sonic)" "c:\program files\common files\sonic shared\sonicmcevmpeg.ax"
+ "MainConcept (Sonic) Sample Buffer Filter" "Sample Buffer Filter" "MainConcept AG" "c:\program files\common files\sonic shared\sonicmcsamplebuffer.ax"
+ "MP3 Source Filter" "Creative MP3 Source Filter" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\ctmp3sft.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "NewSoft Audio Encoder Filter" "Auido Encoder Filter" "NewSoft " "c:\program files\common files\newsoft\nsm2aenc.ax"
+ "NewSoft DeInterlace" "" "Newsoft" "c:\program files\common files\newsoft\nsdeinterlace.ax"
+ "NewSoft MPEG Video Decoder Filter" "NewSoft MPEG Video Decoder Filter" "NewSoft Corporation" "c:\program files\common files\newsoft\nsm2vdec.ax"
+ "NewSoft MPEG Video Encoder Filter" "MPEG Video Encoder Filter" "NewSoft " "c:\program files\common files\newsoft\nsm2venc.ax"
+ "Noise Reduction" "Sample" "MyCompanyName" "c:\program files\creative\sharedll\audplug\dsnoiser.ax"
+ "NVF Filter" "Nomad Voice File Source Filter" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\ctnvfflt.dll"
+ "PVTimeScale Plugin" "AMSDSPVT" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\amsdspvt.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "RTStreamSink" "RTStream Sink Filter" "Sonic Solutions" "c:\program files\common files\sonic shared\rtstreamsink.ax"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic Audio Offset Filter" "" "" "c:\program files\common files\sonic shared\offset.ax"
+ "Sonic Audio SRC" "AudioSRC" "Sonic Solutions" "c:\program files\common files\sonic shared\dsaudiosrc.ax"
+ "Sonic Cinemaster MPEG Splitter" "Sonic MPEG Splitter" "" "c:\program files\common files\sonic shared\sonicmpegsplitter.dll"
+ "Sonic DV Scene Detector" "DVSceneDetector" "Sonic Solutions" "c:\program files\common files\sonic shared\dvscenedetector.ax"
+ "Sonic DVD LPCM Converter" "DVDLPCMConverter" "Sonic Solutions" "c:\program files\common files\sonic shared\dvdlpcmconverter.ax"
+ "Sonic File Writer" "" "" "c:\program files\common files\sonic shared\sonicfilewriter.ax"
+ "Sonic MPEG Audio Decoder" "SonicMPEGAudio" "Sonic Solutions" "c:\program files\common files\sonic shared\sonicmpegaudio.dll"
+ "Sonic MPEG Video Decoder" "SonicMPEGVideo" "Sonic Solutions" "c:\program files\common files\sonic shared\sonicmpegvideo.dll"
+ "Sonic Rainbow Fix" "SonicRainbowFix" "Sonic Solutions" "c:\program files\common files\sonic shared\sonicrainbowfix.ax"
+ "Sonic RT Stream Source" "RT Stream File Source Filter" "Sonic Solutions" "c:\program files\common files\sonic shared\rtstreamsourcefilter.ax"
+ "Sonic Scaler" "Sonic Scaler" "MyCompanyName" "c:\program files\common files\sonic shared\sonicdsscaler.ax"
+ "Sonic SP Video Renderer" "Sonic SP Video Renderer" "Microsoft Corporation" "c:\program files\common files\sonic shared\sonicvideorenderer.ax"
+ "Sonic Video Performance Monitor" "VidPerfMonitor" "Sonic Solutions" "c:\program files\common files\sonic shared\vidperfmonitor.ax"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMS Filter" "Creative Windows Media Source Filter" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\ctwmsflt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\WINDOWS\SYSTEM32\acaptuser32.dll" "3D Capture" "Adobe Systems, Inc." "c:\windows\system32\acaptuser32.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "GoToAssist" "" "" "File not found: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port Monitor" "Adobe PDF Port Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll"
+ "Canon BJ Language Monitor MX850 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm98.dll"
+ "Canon BJNP Port" "Canon IJ Network 32bit comm Module" "CANON INC." "c:\windows\system32\cnmnppm.dll"
+ "Canon MP FAX Language Monitor MX850 series" "MP FAX Language Monitor DLL" "Canon Inc." "c:\windows\system32\cncf2lf.dll"
+ "hpf3l70v.dll" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l70v.dll"


Please note the Windows firewall is turned off in favor of the McAfee one, on purpose.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:15 PM

Posted 12 October 2012 - 06:11 PM

Any current issues?

#9 Quex

Quex
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tucson, The Land of AZ
  • Local time:06:15 PM

Posted 16 October 2012 - 11:35 PM

Well, sorta. Still getting occasional repetitive "error and needs to close" situations on ProcessExp, but not on PaleMoon anymore. Most recently had one similar bout with Microsoft Word 2003, went away after a reboot. I will try to download a fresh copy of Process Exp and see if there's any change.

Also, what is that MsPMSPSv.exe thing? Can I get rid of that somehow?

ALSO also, McAfee is now catching and blocking repeated attempts to connect to what it calls a "dangerous" ISP... starts with 72.something. Doesn't matter where I'm browsing, happens about once an hour. I'll write down the number next time.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:15 PM

Posted 17 October 2012 - 12:11 AM

Also, what is that MsPMSPSv.exe thing? Can I get rid of that somehow?


http://www.bleepingcomputer.com/startups/MsPMSPSv.exe-17690.html

Press Windows+R key and type

services.msc and click ok

Right click on WMDM PMSP Service-properties-Disable it

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#11 Quex

Quex
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tucson, The Land of AZ
  • Local time:06:15 PM

Posted 22 October 2012 - 10:41 PM

Also, what is that MsPMSPSv.exe thing? Can I get rid of that somehow?


http://www.bleepingcomputer.com/startups/MsPMSPSv.exe-17690.html

Press Windows+R key and type

services.msc and click ok

Right click on WMDM PMSP Service-properties-Disable it


Wow, that's a fun list.... is there any resource I can use to determine what all of those do and which ones I can shut off? :D

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:15 PM

Posted 22 October 2012 - 11:32 PM

It is better not to touch them if you dont have any issues :thumbup2:

safe surfing

#13 Quex

Quex
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tucson, The Land of AZ
  • Local time:06:15 PM

Posted 25 October 2012 - 09:41 PM

It is better not to touch them if you dont have any issues :thumbup2:

safe surfing


I am kinda having issues, though... machine is still slow and chokes up alot. There's an svchost.exe that regularly pulls 100k+ right after the desktop appears after startup, and sometimes it persists for hours. Can't figure out how to keep it from coming up except for manually killing it via the manager every time. Doesn't seem to be critical to run the machine. Is that something I could disable via this list, or somewhere else...?

I really appreciate all the help, by the way -- I know I don't say that enough, but I sure do feel it.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:15 PM

Posted 25 October 2012 - 09:44 PM

Download

Process explorer

Extract and launch it

Right click on SVCHOST.EXE that has high cpu usage and click on services tab

Post the list of services here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users