Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS and multiple PC issues


  • Please log in to reply
16 replies to this topic

#1 dbolton

dbolton

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 09 October 2012 - 08:19 AM

I had a malware attack that I removed in Safe Mode using rkill and MalwareBytes. I also ran a virus scan using McAfee. Upon rebooting I noticed that I also had a TDSS redirect. I used TDSS Killer but it did not find anything so I used FixTDSS and it didn't find anything either. Upon rebooting, I could not get some programs to open, I lost my task bar and the computer would not restart using Task Manager. I finally forced the machine down and rebooted in Safe Mode (Windows XP Pro, btw). I immediately tried to download DDS.com and GMER.zip but the computer was unresponsive when trying to save to desktop. I went to a clean machine and downloaded the programs to a USB drive which I then put into the infected machine. I copied the files to the desktop. When I tried to run DDS.com, the black window comes up but the machine does not scan itself. GMER loaded and scanned but the machine was unresponsive when I tried to save the file. I have nothing to attach, unfortunately and I am not sure what to try next. Help!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:22 PM

Posted 09 October 2012 - 08:23 AM

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 09 October 2012 - 08:26 AM

Should I post here or in a different forum?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:22 PM

Posted 09 October 2012 - 08:28 AM

It seems you already posted here

http://www.bleepingcomputer.com/forums/topic469309.html

Follow the instructions by B-boy/StyLe/

#5 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 09 October 2012 - 08:31 AM

Different computer. Different issue. When it rains, it pours....

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:22 PM

Posted 09 October 2012 - 08:32 AM

ok :)

Follow my instructions and post the logs here

#7 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 09 October 2012 - 10:35 AM

Here are the logs:

TDSS:
09:37:03.0912 0244 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:37:04.0240 0244 ============================================================
09:37:04.0240 0244 Current date / time: 2012/10/09 09:37:04.0240
09:37:04.0240 0244 SystemInfo:
09:37:04.0240 0244
09:37:04.0240 0244 OS Version: 5.1.2600 ServicePack: 3.0
09:37:04.0240 0244 Product type: Workstation
09:37:04.0240 0244 ComputerName: NISBROPC052311
09:37:04.0240 0244 UserName: hadkins
09:37:04.0240 0244 Windows directory: C:\WINDOWS
09:37:04.0240 0244 System windows directory: C:\WINDOWS
09:37:04.0240 0244 Processor architecture: Intel x86
09:37:04.0240 0244 Number of processors: 2
09:37:04.0240 0244 Page size: 0x1000
09:37:04.0240 0244 Boot type: Safe boot with network
09:37:04.0240 0244 ============================================================
09:37:06.0787 0244 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:37:06.0787 0244 Drive \Device\Harddisk1\DR2 - Size: 0x3F28000 (0.06 Gb), SectorSize: 0x200, Cylinders: 0x8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:37:06.0787 0244 ============================================================
09:37:06.0787 0244 \Device\Harddisk0\DR0:
09:37:06.0787 0244 MBR partitions:
09:37:06.0787 0244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
09:37:06.0787 0244 \Device\Harddisk1\DR2:
09:37:06.0787 0244 MBR partitions:
09:37:06.0787 0244 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F920
09:37:06.0787 0244 ============================================================
09:37:06.0818 0244 C: <-> \Device\Harddisk0\DR0\Partition1
09:37:06.0818 0244 ============================================================
09:37:06.0818 0244 Initialize success
09:37:06.0818 0244 ============================================================
09:37:21.0303 1928 ============================================================
09:37:21.0303 1928 Scan started
09:37:21.0303 1928 Mode: Manual; TDLFS;
09:37:21.0303 1928 ============================================================
09:37:22.0225 1928 ================ Scan system memory ========================
09:37:22.0225 1928 System memory - ok
09:37:22.0225 1928 ================ Scan services =============================
09:37:22.0443 1928 Abiosdsk - ok
09:37:22.0443 1928 abp480n5 - ok
09:37:22.0521 1928 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:37:22.0537 1928 ACPI - ok
09:37:22.0600 1928 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:37:22.0600 1928 ACPIEC - ok
09:37:22.0615 1928 adpu160m - ok
09:37:22.0662 1928 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:37:22.0662 1928 aec - ok
09:37:22.0725 1928 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:37:22.0725 1928 AFD - ok
09:37:22.0740 1928 Aha154x - ok
09:37:22.0756 1928 aic78u2 - ok
09:37:22.0787 1928 aic78xx - ok
09:37:22.0865 1928 [ 3F9F42085AB5B6A55498A539C54575AB ] akshasp C:\WINDOWS\system32\DRIVERS\akshasp.sys
09:37:22.0881 1928 akshasp - ok
09:37:22.0959 1928 [ D2B95315CC47F9230006FDBCBA394D8D ] aksusb C:\WINDOWS\system32\DRIVERS\aksusb.sys
09:37:22.0959 1928 aksusb - ok
09:37:23.0021 1928 [ A9355A51698F6901B362EF738B15631D ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
09:37:23.0053 1928 ALCXSENS - ok
09:37:23.0084 1928 [ CD86A348FC4016842DBD5AC7398FB48D ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:37:23.0115 1928 ALCXWDM - ok
09:37:23.0162 1928 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:37:23.0162 1928 Alerter - ok
09:37:23.0178 1928 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:37:23.0193 1928 ALG - ok
09:37:23.0193 1928 AliIde - ok
09:37:23.0225 1928 amsint - ok
09:37:23.0303 1928 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:37:23.0318 1928 AppMgmt - ok
09:37:23.0334 1928 asc - ok
09:37:23.0350 1928 asc3350p - ok
09:37:23.0381 1928 asc3550 - ok
09:37:23.0584 1928 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:37:23.0615 1928 aspnet_state - ok
09:37:23.0646 1928 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:37:23.0646 1928 AsyncMac - ok
09:37:23.0693 1928 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:37:23.0693 1928 atapi - ok
09:37:23.0709 1928 Atdisk - ok
09:37:23.0756 1928 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:37:23.0756 1928 Atmarpc - ok
09:37:23.0787 1928 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:37:23.0803 1928 AudioSrv - ok
09:37:23.0850 1928 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:37:23.0850 1928 audstub - ok
09:37:24.0006 1928 [ 32A5DEFDDC3562BF89D73586F5915B34 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
09:37:24.0021 1928 Autodesk Licensing Service - ok
09:37:24.0100 1928 [ B9543B0C771FEAB7CA095303007A159C ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:37:24.0100 1928 b57w2k - ok
09:37:24.0162 1928 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:37:24.0178 1928 Beep - ok
09:37:24.0240 1928 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:37:24.0521 1928 BITS - ok
09:37:24.0568 1928 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
09:37:24.0568 1928 Browser - ok
09:37:24.0615 1928 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:37:24.0615 1928 cbidf2k - ok
09:37:24.0631 1928 cd20xrnt - ok
09:37:24.0678 1928 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:37:24.0678 1928 Cdaudio - ok
09:37:24.0740 1928 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:37:24.0740 1928 Cdfs - ok
09:37:24.0771 1928 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:37:24.0771 1928 Cdrom - ok
09:37:24.0787 1928 Changer - ok
09:37:24.0818 1928 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:37:24.0834 1928 CiSvc - ok
09:37:24.0865 1928 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:37:24.0865 1928 ClipSrv - ok
09:37:24.0928 1928 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:37:24.0959 1928 clr_optimization_v2.0.50727_32 - ok
09:37:25.0021 1928 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:37:25.0225 1928 clr_optimization_v4.0.30319_32 - ok
09:37:25.0240 1928 CmdIde - ok
09:37:25.0271 1928 COMSysApp - ok
09:37:25.0318 1928 Cpqarray - ok
09:37:25.0381 1928 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:37:25.0381 1928 CryptSvc - ok
09:37:25.0396 1928 dac2w2k - ok
09:37:25.0428 1928 dac960nt - ok
09:37:25.0490 1928 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:37:25.0506 1928 DcomLaunch - ok
09:37:25.0568 1928 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:37:25.0568 1928 Dhcp - ok
09:37:25.0631 1928 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:37:25.0631 1928 Disk - ok
09:37:25.0646 1928 dmadmin - ok
09:37:25.0709 1928 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:37:25.0740 1928 dmboot - ok
09:37:25.0771 1928 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:37:25.0771 1928 dmio - ok
09:37:25.0803 1928 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:37:25.0818 1928 dmload - ok
09:37:25.0850 1928 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:37:25.0850 1928 dmserver - ok
09:37:25.0912 1928 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:37:25.0912 1928 DMusic - ok
09:37:25.0975 1928 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:37:25.0975 1928 Dnscache - ok
09:37:26.0021 1928 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:37:26.0021 1928 Dot3svc - ok
09:37:26.0037 1928 dpti2o - ok
09:37:26.0084 1928 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:37:26.0084 1928 drmkaud - ok
09:37:26.0115 1928 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:37:26.0115 1928 EapHost - ok
09:37:26.0193 1928 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:37:26.0193 1928 ERSvc - ok
09:37:26.0256 1928 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:37:26.0256 1928 Eventlog - ok
09:37:26.0365 1928 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:37:26.0365 1928 EventSystem - ok
09:37:26.0428 1928 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:37:26.0443 1928 Fastfat - ok
09:37:26.0490 1928 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:37:26.0490 1928 FastUserSwitchingCompatibility - ok
09:37:26.0521 1928 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:37:26.0521 1928 Fdc - ok
09:37:26.0553 1928 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:37:26.0553 1928 Fips - ok
09:37:26.0568 1928 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:37:26.0568 1928 Flpydisk - ok
09:37:26.0631 1928 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:37:26.0646 1928 FltMgr - ok
09:37:26.0725 1928 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:37:26.0740 1928 FontCache3.0.0.0 - ok
09:37:26.0756 1928 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:37:26.0756 1928 Fs_Rec - ok
09:37:26.0803 1928 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:37:26.0803 1928 Ftdisk - ok
09:37:26.0865 1928 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:37:26.0865 1928 Gpc - ok
09:37:26.0959 1928 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:37:26.0975 1928 gupdate - ok
09:37:26.0975 1928 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:37:26.0990 1928 gupdatem - ok
09:37:27.0084 1928 [ D95554949082FD29A04D351B58396718 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
09:37:27.0100 1928 Hardlock - ok
09:37:27.0209 1928 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:37:27.0209 1928 helpsvc - ok
09:37:27.0256 1928 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
09:37:27.0256 1928 HidServ - ok
09:37:27.0303 1928 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:37:27.0303 1928 HidUsb - ok
09:37:27.0365 1928 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:37:27.0365 1928 hkmsvc - ok
09:37:27.0381 1928 hpn - ok
09:37:27.0459 1928 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:37:27.0475 1928 HTTP - ok
09:37:27.0521 1928 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:37:27.0537 1928 HTTPFilter - ok
09:37:27.0553 1928 i2omgmt - ok
09:37:27.0584 1928 i2omp - ok
09:37:27.0646 1928 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:37:27.0646 1928 i8042prt - ok
09:37:27.0693 1928 [ CFC89F98C436C6687BD818ABB6A4480B ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:37:27.0693 1928 ialm - ok
09:37:27.0787 1928 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:37:27.0818 1928 idsvc - ok
09:37:27.0865 1928 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:37:27.0865 1928 Imapi - ok
09:37:27.0912 1928 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:37:27.0912 1928 ImapiService - ok
09:37:27.0943 1928 ini910u - ok
09:37:28.0021 1928 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:37:28.0021 1928 IntelIde - ok
09:37:28.0068 1928 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:37:28.0068 1928 intelppm - ok
09:37:28.0115 1928 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:37:28.0115 1928 Ip6Fw - ok
09:37:28.0146 1928 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:37:28.0146 1928 IpFilterDriver - ok
09:37:28.0178 1928 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:37:28.0178 1928 IpInIp - ok
09:37:28.0225 1928 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:37:28.0225 1928 IpNat - ok
09:37:28.0271 1928 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:37:28.0271 1928 IPSec - ok
09:37:28.0318 1928 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:37:28.0318 1928 IRENUM - ok
09:37:28.0396 1928 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:37:28.0396 1928 isapnp - ok
09:37:28.0506 1928 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:37:28.0506 1928 JavaQuickStarterService - ok
09:37:28.0537 1928 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:37:28.0537 1928 Kbdclass - ok
09:37:28.0600 1928 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:37:28.0600 1928 kbdhid - ok
09:37:28.0631 1928 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:37:28.0631 1928 kmixer - ok
09:37:28.0693 1928 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:37:28.0709 1928 KSecDD - ok
09:37:28.0756 1928 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:37:28.0756 1928 lanmanserver - ok
09:37:28.0818 1928 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:37:28.0865 1928 lanmanworkstation - ok
09:37:28.0865 1928 lbrtfdc - ok
09:37:28.0943 1928 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:37:28.0943 1928 LmHosts - ok
09:37:29.0068 1928 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
09:37:29.0084 1928 LMIGuardianSvc - ok
09:37:29.0115 1928 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
09:37:29.0115 1928 LMIInfo - ok
09:37:29.0162 1928 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
09:37:29.0162 1928 LMIMaint - ok
09:37:29.0209 1928 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
09:37:29.0209 1928 lmimirr - ok
09:37:29.0225 1928 LMIRfsClientNP - ok
09:37:29.0287 1928 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
09:37:29.0287 1928 LMIRfsDriver - ok
09:37:29.0412 1928 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
09:37:29.0443 1928 LogMeIn - ok
09:37:29.0553 1928 [ 062D80F13D762F7BC2F38430D60F5048 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
09:37:29.0553 1928 McAfeeFramework - ok
09:37:29.0662 1928 [ 50182E471B44C7A0F63B46E2DEF08B0F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
09:37:29.0662 1928 McShield - ok
09:37:29.0740 1928 [ B15BB3AEF59158B4E1DDA5328C842713 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
09:37:29.0740 1928 McTaskManager - ok
09:37:29.0787 1928 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:37:29.0787 1928 Messenger - ok
09:37:29.0850 1928 [ C0D975D64C1AF8057F2D75B1297A6979 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
09:37:29.0865 1928 mfeapfk - ok
09:37:29.0896 1928 [ C169326049A8A03D5F905B34F5A65F8C ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
09:37:29.0896 1928 mfeavfk - ok
09:37:29.0928 1928 [ 50B0253B2484A306A20D8695C5AE5858 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
09:37:29.0943 1928 mfebopk - ok
09:37:30.0021 1928 [ 188B40866DB2AB8EF262FEBC65291687 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
09:37:30.0053 1928 mfehidk - ok
09:37:30.0084 1928 [ C1B30AF2E18E69BF8CEB39B33F32D3C1 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
09:37:30.0084 1928 mferkdet - ok
09:37:30.0100 1928 [ 97EF4CA122DDDA4781FF557E65DFB262 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
09:37:30.0100 1928 mfetdi2k - ok
09:37:30.0131 1928 [ 49C8E20D178BE981FF28523A942A570F ] mfevtp C:\WINDOWS\system32\mfevtps.exe
09:37:30.0131 1928 mfevtp - ok
09:37:30.0193 1928 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:37:30.0193 1928 mnmdd - ok
09:37:30.0240 1928 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:37:30.0240 1928 mnmsrvc - ok
09:37:30.0271 1928 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:37:30.0271 1928 Modem - ok
09:37:30.0318 1928 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:37:30.0318 1928 Mouclass - ok
09:37:30.0334 1928 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:37:30.0334 1928 mouhid - ok
09:37:30.0365 1928 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:37:30.0365 1928 MountMgr - ok
09:37:30.0381 1928 mraid35x - ok
09:37:30.0428 1928 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:37:30.0428 1928 MRxDAV - ok
09:37:30.0506 1928 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:37:30.0521 1928 MRxSmb - ok
09:37:30.0584 1928 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:37:30.0584 1928 MSDTC - ok
09:37:30.0646 1928 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:37:30.0646 1928 Msfs - ok
09:37:30.0662 1928 MSIServer - ok
09:37:30.0709 1928 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:37:30.0709 1928 MSKSSRV - ok
09:37:30.0725 1928 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:37:30.0725 1928 MSPCLOCK - ok
09:37:30.0771 1928 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:37:30.0771 1928 MSPQM - ok
09:37:30.0818 1928 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:37:30.0818 1928 mssmbios - ok
09:37:30.0865 1928 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:37:30.0881 1928 Mup - ok
09:37:30.0928 1928 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:37:30.0959 1928 napagent - ok
09:37:30.0990 1928 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:37:30.0990 1928 NDIS - ok
09:37:31.0053 1928 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:37:31.0053 1928 NdisTapi - ok
09:37:31.0115 1928 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:37:31.0115 1928 Ndisuio - ok
09:37:31.0131 1928 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:37:31.0146 1928 NdisWan - ok
09:37:31.0209 1928 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:37:31.0209 1928 NDProxy - ok
09:37:31.0225 1928 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:37:31.0225 1928 NetBIOS - ok
09:37:31.0287 1928 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:37:31.0303 1928 NetBT - ok
09:37:31.0350 1928 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:37:31.0350 1928 NetDDE - ok
09:37:31.0365 1928 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:37:31.0381 1928 NetDDEdsdm - ok
09:37:31.0428 1928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:37:31.0428 1928 Netlogon - ok
09:37:31.0490 1928 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:37:31.0506 1928 Netman - ok
09:37:31.0553 1928 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:37:31.0615 1928 NetTcpPortSharing - ok
09:37:31.0678 1928 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:37:31.0693 1928 Nla - ok
09:37:31.0740 1928 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:37:31.0740 1928 Npfs - ok
09:37:31.0818 1928 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:37:31.0834 1928 Ntfs - ok
09:37:31.0881 1928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:37:31.0881 1928 NtLmSsp - ok
09:37:31.0943 1928 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:37:31.0959 1928 NtmsSvc - ok
09:37:31.0990 1928 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:37:31.0990 1928 Null - ok
09:37:32.0287 1928 [ 9F4384AA43548DDD438F7B7825D11699 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:37:32.0568 1928 nv - ok
09:37:32.0646 1928 [ 0C41C4ACFE00D826DB479C40C1D9EDC8 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
09:37:32.0646 1928 NVSvc - ok
09:37:32.0693 1928 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:37:32.0693 1928 NwlnkFlt - ok
09:37:32.0709 1928 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:37:32.0725 1928 NwlnkFwd - ok
09:37:32.0881 1928 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:37:32.0896 1928 odserv - ok
09:37:32.0959 1928 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:37:32.0959 1928 ose - ok
09:37:32.0990 1928 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:37:33.0006 1928 Parport - ok
09:37:33.0068 1928 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:37:33.0068 1928 PartMgr - ok
09:37:33.0115 1928 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:37:33.0115 1928 ParVdm - ok
09:37:33.0131 1928 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:37:33.0146 1928 PCI - ok
09:37:33.0162 1928 PCIDump - ok
09:37:33.0193 1928 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
09:37:33.0209 1928 PCIIde - ok
09:37:33.0225 1928 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:37:33.0240 1928 Pcmcia - ok
09:37:33.0256 1928 PDCOMP - ok
09:37:33.0271 1928 PDFRAME - ok
09:37:33.0303 1928 PDRELI - ok
09:37:33.0318 1928 PDRFRAME - ok
09:37:33.0350 1928 perc2 - ok
09:37:33.0365 1928 perc2hib - ok
09:37:33.0459 1928 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:37:33.0459 1928 PlugPlay - ok
09:37:33.0490 1928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:37:33.0490 1928 PolicyAgent - ok
09:37:33.0553 1928 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:37:33.0553 1928 PptpMiniport - ok
09:37:33.0568 1928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:37:33.0584 1928 ProtectedStorage - ok
09:37:33.0600 1928 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:37:33.0600 1928 PSched - ok
09:37:33.0646 1928 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:37:33.0646 1928 Ptilink - ok
09:37:33.0662 1928 ql1080 - ok
09:37:33.0693 1928 Ql10wnt - ok
09:37:33.0709 1928 ql12160 - ok
09:37:33.0740 1928 ql1240 - ok
09:37:33.0756 1928 ql1280 - ok
09:37:33.0787 1928 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:37:33.0787 1928 RasAcd - ok
09:37:33.0865 1928 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:37:33.0865 1928 RasAuto - ok
09:37:33.0896 1928 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:37:33.0896 1928 Rasl2tp - ok
09:37:33.0959 1928 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:37:33.0975 1928 RasMan - ok
09:37:33.0990 1928 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:37:33.0990 1928 RasPppoe - ok
09:37:34.0006 1928 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:37:34.0021 1928 Raspti - ok
09:37:34.0053 1928 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:37:34.0053 1928 Rdbss - ok
09:37:34.0068 1928 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:37:34.0068 1928 RDPCDD - ok
09:37:34.0115 1928 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:37:34.0131 1928 rdpdr - ok
09:37:34.0193 1928 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:37:34.0193 1928 RDPWD - ok
09:37:34.0225 1928 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:37:34.0240 1928 RDSessMgr - ok
09:37:34.0287 1928 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:37:34.0287 1928 redbook - ok
09:37:34.0350 1928 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:37:34.0350 1928 RemoteAccess - ok
09:37:34.0396 1928 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:37:34.0396 1928 RemoteRegistry - ok
09:37:34.0443 1928 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
09:37:34.0443 1928 RpcLocator - ok
09:37:34.0490 1928 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
09:37:34.0490 1928 RpcSs - ok
09:37:34.0521 1928 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:37:34.0537 1928 RSVP - ok
09:37:34.0584 1928 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:37:34.0584 1928 SamSs - ok
09:37:34.0631 1928 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:37:34.0631 1928 SCardSvr - ok
09:37:34.0678 1928 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:37:34.0709 1928 Schedule - ok
09:37:34.0756 1928 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:37:34.0771 1928 Secdrv - ok
09:37:34.0803 1928 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:37:34.0818 1928 seclogon - ok
09:37:34.0850 1928 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:37:34.0850 1928 SENS - ok
09:37:34.0928 1928 [ A2CC81C30BEF6AC9F27055490EEF6DE3 ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
09:37:34.0928 1928 Sentinel - ok
09:37:34.0975 1928 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:37:34.0975 1928 serenum - ok
09:37:34.0990 1928 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:37:34.0990 1928 Serial - ok
09:37:35.0115 1928 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:37:35.0115 1928 Sfloppy - ok
09:37:35.0162 1928 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:37:35.0162 1928 ShellHWDetection - ok
09:37:35.0178 1928 Simbad - ok
09:37:35.0271 1928 [ CE724FC3EF8468BBAB146CA1793C66DC ] SNTNLUSB C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
09:37:35.0271 1928 SNTNLUSB - ok
09:37:35.0287 1928 Sparrow - ok
09:37:35.0334 1928 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:37:35.0334 1928 splitter - ok
09:37:35.0396 1928 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:37:35.0396 1928 Spooler - ok
09:37:35.0428 1928 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:37:35.0443 1928 sr - ok
09:37:35.0490 1928 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:37:35.0506 1928 srservice - ok
09:37:35.0584 1928 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:37:35.0600 1928 Srv - ok
09:37:35.0646 1928 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:37:35.0662 1928 SSDPSRV - ok
09:37:35.0709 1928 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:37:35.0725 1928 stisvc - ok
09:37:35.0771 1928 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:37:35.0771 1928 swenum - ok
09:37:35.0787 1928 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:37:35.0803 1928 swmidi - ok
09:37:35.0818 1928 SwPrv - ok
09:37:35.0850 1928 symc810 - ok
09:37:35.0865 1928 symc8xx - ok
09:37:35.0896 1928 sym_hi - ok
09:37:35.0912 1928 sym_u3 - ok
09:37:35.0990 1928 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:37:35.0990 1928 sysaudio - ok
09:37:36.0037 1928 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:37:36.0053 1928 SysmonLog - ok
09:37:36.0100 1928 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:37:36.0115 1928 TapiSrv - ok
09:37:36.0193 1928 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:37:36.0209 1928 Tcpip - ok
09:37:36.0256 1928 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:37:36.0256 1928 TDPIPE - ok
09:37:36.0287 1928 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:37:36.0287 1928 TDTCP - ok
09:37:36.0350 1928 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:37:36.0350 1928 TermDD - ok
09:37:36.0412 1928 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:37:36.0428 1928 TermService - ok
09:37:36.0490 1928 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:37:36.0490 1928 Themes - ok
09:37:36.0537 1928 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:37:36.0553 1928 TlntSvr - ok
09:37:36.0553 1928 TosIde - ok
09:37:36.0615 1928 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:37:36.0615 1928 TrkWks - ok
09:37:36.0678 1928 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:37:36.0693 1928 Udfs - ok
09:37:36.0725 1928 ultra - ok
09:37:36.0803 1928 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:37:36.0818 1928 Update - ok
09:37:36.0865 1928 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:37:36.0881 1928 upnphost - ok
09:37:36.0912 1928 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:37:36.0912 1928 UPS - ok
09:37:36.0975 1928 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:37:36.0975 1928 usbccgp - ok
09:37:37.0021 1928 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:37:37.0021 1928 usbehci - ok
09:37:37.0084 1928 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:37:37.0084 1928 usbhub - ok
09:37:37.0131 1928 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:37:37.0131 1928 USBSTOR - ok
09:37:37.0162 1928 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:37:37.0162 1928 usbuhci - ok
09:37:37.0193 1928 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:37:37.0193 1928 VgaSave - ok
09:37:37.0209 1928 ViaIde - ok
09:37:37.0271 1928 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:37:37.0271 1928 VolSnap - ok
09:37:37.0318 1928 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:37:37.0334 1928 VSS - ok
09:37:37.0381 1928 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
09:37:37.0396 1928 W32Time - ok
09:37:37.0459 1928 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:37:37.0475 1928 Wanarp - ok
09:37:37.0490 1928 WDICA - ok
09:37:37.0537 1928 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:37:37.0553 1928 wdmaud - ok
09:37:37.0600 1928 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:37:37.0615 1928 WebClient - ok
09:37:37.0756 1928 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:37:37.0756 1928 winmgmt - ok
09:37:37.0834 1928 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:37:37.0834 1928 WmdmPmSN - ok
09:37:37.0881 1928 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:37:37.0912 1928 Wmi - ok
09:37:37.0959 1928 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:37:37.0975 1928 WmiApSrv - ok
09:37:38.0100 1928 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
09:37:38.0115 1928 WMPNetworkSvc - ok
09:37:38.0209 1928 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:37:38.0256 1928 WPFFontCache_v0400 - ok
09:37:38.0287 1928 WSearch - ok
09:37:38.0365 1928 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:37:38.0381 1928 wuauserv - ok
09:37:38.0412 1928 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:37:38.0412 1928 WudfPf - ok
09:37:38.0443 1928 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:37:38.0443 1928 WudfRd - ok
09:37:38.0553 1928 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:37:38.0553 1928 WudfSvc - ok
09:37:38.0631 1928 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:37:38.0646 1928 WZCSVC - ok
09:37:38.0693 1928 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:37:38.0709 1928 xmlprov - ok
09:37:38.0756 1928 [ 5FF57EEDF48F189859D6E9BF81E297C5 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
09:37:38.0756 1928 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
09:37:38.0803 1928 [ C2EB14D84069443437F1B3B856BCB665 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
09:37:38.0803 1928 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
09:37:38.0803 1928 ================ Scan global ===============================
09:37:38.0881 1928 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:37:38.0943 1928 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:37:38.0990 1928 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:37:39.0006 1928 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:37:39.0006 1928 [Global] - ok
09:37:39.0006 1928 ================ Scan MBR ==================================
09:37:39.0037 1928 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:37:39.0037 1928 Suspicious mbr (Forged): \Device\Harddisk0\DR0
09:37:39.0068 1928 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
09:37:39.0068 1928 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
09:37:39.0100 1928 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:37:39.0100 1928 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:37:39.0115 1928 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR2
09:37:44.0646 1928 \Device\Harddisk1\DR2 - ok
09:37:44.0646 1928 ================ Scan VBR ==================================
09:37:44.0662 1928 [ 1A1AD7B2EF61FE94645063038C5D3AD6 ] \Device\Harddisk0\DR0\Partition1
09:37:44.0662 1928 \Device\Harddisk0\DR0\Partition1 - ok
09:37:44.0693 1928 [ C02170FC918A2764BAB89C0CEC96BDCC ] \Device\Harddisk1\DR2\Partition1
09:37:44.0693 1928 \Device\Harddisk1\DR2\Partition1 - ok
09:37:44.0693 1928 ============================================================
09:37:44.0693 1928 Scan finished
09:37:44.0693 1928 ============================================================
09:37:44.0740 0324 Detected object count: 2
09:37:44.0740 0324 Actual detected object count: 2


Next is aswMBR:
swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-09 09:42:39
-----------------------------
09:42:39.091 OS Version: Windows 5.1.2600 Service Pack 3
09:42:39.091 Number of processors: 2 586 0x401
09:42:39.091 ComputerName: NISBROPC052311 UserName: hadkins
09:42:39.435 Initialize success
09:46:27.560 AVAST engine defs: 12100900
09:47:20.701 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:47:20.716 Disk 0 Vendor: WDC_WD800BB-22JHA0 05.01C05 Size: 76319MB BusType: 3
09:47:20.748 Disk 0 MBR read successfully
09:47:20.763 Disk 0 MBR scan
09:47:20.841 Disk 0 Windows XP default MBR code
09:47:20.857 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
09:47:20.873 Disk 0 scanning sectors +156280320
09:47:20.966 Disk 0 scanning C:\WINDOWS\system32\drivers
09:47:35.154 Service scanning
09:47:59.857 Modules scanning
09:48:06.951 Disk 0 trace - called modules:
09:48:07.013 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
09:48:07.029 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ba9ab8]
09:48:07.045 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000063[0x89baa9e8]
09:48:07.107 5 ACPI.sys[f7580620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89b96940]
09:48:07.482 AVAST engine scan C:\WINDOWS
09:48:18.748 AVAST engine scan C:\WINDOWS\system32
09:52:00.670 AVAST engine scan C:\WINDOWS\system32\drivers
09:52:19.560 AVAST engine scan C:\Documents and Settings\hadkins
09:56:12.732 AVAST engine scan C:\Documents and Settings\All Users
09:57:12.841 Scan finished successfully
10:25:06.357 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
10:25:06.388 The log file has been saved successfully to "E:\aswMBR.txt"

And finally ESET:
C:\Documents and Settings\hadkins\Application Data\scifp.dll a variant of Win32/Medfos.DY trojan cleaned by deleting - quarantined
C:\Documents and Settings\hadkins\Desktop\DownloadManagerSetup.exe a variant of Win32/InstallCore.AW application cleaned by deleting - quarantined
C:\Documents and Settings\hadkins\Local Settings\Temp\ICReinstall\cnet2_dwg2imgsetup_exe[2].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\hadkins\Local Settings\Temp\ICReinstall\cnet2_ImagePrinter_2_0_1_zip[1].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\hadkins\Local Settings\Temp\is1598539481\setup.exe multiple threats cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.10.2012_09.37.04\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.10.2012_09.37.04\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.10.2012_09.37.04\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.OX trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.10.2012_09.37.04\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.10.2012_09.37.04\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.10.2012_09.37.04\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:22 PM

Posted 09 October 2012 - 10:52 AM

09:37:39.0068 1928 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
09:37:39.0100 1928 \Device\Harddisk0\DR0 ( TDSS File System ) - warning


Run TDSSkiller again and select

Rootkit.Boot.Pihar.c -CURE
TDSS File System -DELETE

Post the new TDSSkiller log

Edited by narenxp, 09 October 2012 - 10:52 AM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:22 PM

Posted 09 October 2012 - 10:55 AM

After posting TDSSkiller log,continue with these instructions

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#10 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 09 October 2012 - 11:11 AM

Here is the new TDSSKiller log:

11:55:08.0326 0356 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:55:08.0716 0356 ============================================================
11:55:08.0716 0356 Current date / time: 2012/10/09 11:55:08.0716
11:55:08.0716 0356 SystemInfo:
11:55:08.0716 0356
11:55:08.0716 0356 OS Version: 5.1.2600 ServicePack: 3.0
11:55:08.0716 0356 Product type: Workstation
11:55:08.0716 0356 ComputerName: NISBROPC052311
11:55:08.0716 0356 UserName: hadkins
11:55:08.0716 0356 Windows directory: C:\WINDOWS
11:55:08.0716 0356 System windows directory: C:\WINDOWS
11:55:08.0716 0356 Processor architecture: Intel x86
11:55:08.0716 0356 Number of processors: 2
11:55:08.0716 0356 Page size: 0x1000
11:55:08.0716 0356 Boot type: Safe boot with network
11:55:08.0716 0356 ============================================================
11:55:09.0904 0356 BG loaded
11:55:10.0279 0356 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:55:10.0326 0356 Drive \Device\Harddisk1\DR6 - Size: 0x3F28000 (0.06 Gb), SectorSize: 0x200, Cylinders: 0x8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:55:10.0326 0356 ============================================================
11:55:10.0326 0356 \Device\Harddisk0\DR0:
11:55:10.0326 0356 MBR partitions:
11:55:10.0326 0356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
11:55:10.0326 0356 \Device\Harddisk1\DR6:
11:55:10.0326 0356 MBR partitions:
11:55:10.0326 0356 \Device\Harddisk1\DR6\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F920
11:55:10.0326 0356 ============================================================
11:55:10.0341 0356 C: <-> \Device\Harddisk0\DR0\Partition1
11:55:10.0341 0356 ============================================================
11:55:10.0341 0356 Initialize success
11:55:10.0341 0356 ============================================================
11:55:22.0123 1644 ============================================================
11:55:22.0123 1644 Scan started
11:55:22.0123 1644 Mode: Manual;
11:55:22.0123 1644 ============================================================
11:55:23.0732 1644 ================ Scan system memory ========================
11:55:23.0748 1644 System memory - ok
11:55:23.0748 1644 ================ Scan services =============================
11:55:23.0935 1644 Abiosdsk - ok
11:55:23.0951 1644 abp480n5 - ok
11:55:24.0029 1644 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:55:24.0029 1644 ACPI - ok
11:55:24.0076 1644 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:55:24.0076 1644 ACPIEC - ok
11:55:24.0091 1644 adpu160m - ok
11:55:24.0138 1644 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:55:24.0138 1644 aec - ok
11:55:24.0201 1644 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:55:24.0201 1644 AFD - ok
11:55:24.0216 1644 Aha154x - ok
11:55:24.0248 1644 aic78u2 - ok
11:55:24.0263 1644 aic78xx - ok
11:55:24.0341 1644 [ 3F9F42085AB5B6A55498A539C54575AB ] akshasp C:\WINDOWS\system32\DRIVERS\akshasp.sys
11:55:24.0341 1644 akshasp - ok
11:55:24.0420 1644 [ D2B95315CC47F9230006FDBCBA394D8D ] aksusb C:\WINDOWS\system32\DRIVERS\aksusb.sys
11:55:24.0420 1644 aksusb - ok
11:55:24.0482 1644 [ A9355A51698F6901B362EF738B15631D ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
11:55:24.0482 1644 ALCXSENS - ok
11:55:24.0560 1644 [ CD86A348FC4016842DBD5AC7398FB48D ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:55:24.0576 1644 ALCXWDM - ok
11:55:24.0623 1644 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:55:24.0623 1644 Alerter - ok
11:55:24.0654 1644 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:55:24.0654 1644 ALG - ok
11:55:24.0670 1644 AliIde - ok
11:55:24.0685 1644 amsint - ok
11:55:24.0732 1644 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:55:24.0748 1644 AppMgmt - ok
11:55:24.0763 1644 asc - ok
11:55:24.0779 1644 asc3350p - ok
11:55:24.0810 1644 asc3550 - ok
11:55:24.0982 1644 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:55:24.0982 1644 aspnet_state - ok
11:55:25.0013 1644 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:55:25.0013 1644 AsyncMac - ok
11:55:25.0060 1644 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:55:25.0060 1644 atapi - ok
11:55:25.0076 1644 Atdisk - ok
11:55:25.0123 1644 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:55:25.0138 1644 Atmarpc - ok
11:55:25.0170 1644 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:55:25.0170 1644 AudioSrv - ok
11:55:25.0232 1644 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:55:25.0232 1644 audstub - ok
11:55:25.0388 1644 [ 32A5DEFDDC3562BF89D73586F5915B34 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
11:55:25.0388 1644 Autodesk Licensing Service - ok
11:55:25.0451 1644 [ B9543B0C771FEAB7CA095303007A159C ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:55:25.0451 1644 b57w2k - ok
11:55:25.0513 1644 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:55:25.0513 1644 Beep - ok
11:55:25.0576 1644 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:55:25.0607 1644 BITS - ok
11:55:25.0654 1644 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:55:25.0654 1644 Browser - ok
11:55:25.0701 1644 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:55:25.0701 1644 cbidf2k - ok
11:55:25.0716 1644 cd20xrnt - ok
11:55:25.0763 1644 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:55:25.0763 1644 Cdaudio - ok
11:55:25.0826 1644 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:55:25.0826 1644 Cdfs - ok
11:55:25.0841 1644 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:55:25.0841 1644 Cdrom - ok
11:55:25.0857 1644 Changer - ok
11:55:25.0904 1644 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:55:25.0904 1644 CiSvc - ok
11:55:25.0951 1644 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:55:25.0951 1644 ClipSrv - ok
11:55:26.0013 1644 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:55:26.0013 1644 clr_optimization_v2.0.50727_32 - ok
11:55:26.0076 1644 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:55:26.0076 1644 clr_optimization_v4.0.30319_32 - ok
11:55:26.0091 1644 CmdIde - ok
11:55:26.0107 1644 COMSysApp - ok
11:55:26.0154 1644 Cpqarray - ok
11:55:26.0232 1644 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:55:26.0232 1644 CryptSvc - ok
11:55:26.0248 1644 dac2w2k - ok
11:55:26.0279 1644 dac960nt - ok
11:55:26.0357 1644 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:55:26.0373 1644 DcomLaunch - ok
11:55:26.0435 1644 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:55:26.0435 1644 Dhcp - ok
11:55:26.0498 1644 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:55:26.0498 1644 Disk - ok
11:55:26.0529 1644 dmadmin - ok
11:55:26.0591 1644 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:55:26.0623 1644 dmboot - ok
11:55:26.0654 1644 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:55:26.0654 1644 dmio - ok
11:55:26.0701 1644 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:55:26.0701 1644 dmload - ok
11:55:26.0732 1644 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:55:26.0732 1644 dmserver - ok
11:55:26.0795 1644 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:55:26.0795 1644 DMusic - ok
11:55:26.0857 1644 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:55:26.0857 1644 Dnscache - ok
11:55:26.0904 1644 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:55:26.0904 1644 Dot3svc - ok
11:55:26.0920 1644 dpti2o - ok
11:55:26.0966 1644 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:55:26.0966 1644 drmkaud - ok
11:55:27.0013 1644 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:55:27.0013 1644 EapHost - ok
11:55:27.0060 1644 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:55:27.0060 1644 ERSvc - ok
11:55:27.0123 1644 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:55:27.0123 1644 Eventlog - ok
11:55:27.0201 1644 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:55:27.0201 1644 EventSystem - ok
11:55:27.0263 1644 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:55:27.0263 1644 Fastfat - ok
11:55:27.0326 1644 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:55:27.0326 1644 FastUserSwitchingCompatibility - ok
11:55:27.0357 1644 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:55:27.0357 1644 Fdc - ok
11:55:27.0373 1644 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:55:27.0388 1644 Fips - ok
11:55:27.0404 1644 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:55:27.0404 1644 Flpydisk - ok
11:55:27.0466 1644 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:55:27.0466 1644 FltMgr - ok
11:55:27.0560 1644 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:55:27.0560 1644 FontCache3.0.0.0 - ok
11:55:27.0576 1644 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:55:27.0576 1644 Fs_Rec - ok
11:55:27.0623 1644 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:55:27.0623 1644 Ftdisk - ok
11:55:27.0685 1644 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:55:27.0685 1644 Gpc - ok
11:55:27.0779 1644 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:55:27.0779 1644 gupdate - ok
11:55:27.0810 1644 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:55:27.0810 1644 gupdatem - ok
11:55:27.0904 1644 [ D95554949082FD29A04D351B58396718 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
11:55:27.0935 1644 Hardlock - ok
11:55:28.0029 1644 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:55:28.0029 1644 helpsvc - ok
11:55:28.0076 1644 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:55:28.0076 1644 HidServ - ok
11:55:28.0123 1644 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:55:28.0123 1644 HidUsb - ok
11:55:28.0170 1644 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:55:28.0170 1644 hkmsvc - ok
11:55:28.0185 1644 hpn - ok
11:55:28.0248 1644 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:55:28.0263 1644 HTTP - ok
11:55:28.0310 1644 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:55:28.0310 1644 HTTPFilter - ok
11:55:28.0326 1644 i2omgmt - ok
11:55:28.0357 1644 i2omp - ok
11:55:28.0404 1644 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:55:28.0404 1644 i8042prt - ok
11:55:28.0451 1644 [ CFC89F98C436C6687BD818ABB6A4480B ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:55:28.0451 1644 ialm - ok
11:55:28.0529 1644 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:55:28.0545 1644 idsvc - ok
11:55:28.0591 1644 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:55:28.0591 1644 Imapi - ok
11:55:28.0638 1644 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:55:28.0654 1644 ImapiService - ok
11:55:28.0670 1644 ini910u - ok
11:55:28.0748 1644 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:55:28.0748 1644 IntelIde - ok
11:55:28.0795 1644 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:55:28.0795 1644 intelppm - ok
11:55:28.0841 1644 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:55:28.0841 1644 Ip6Fw - ok
11:55:28.0873 1644 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:55:28.0873 1644 IpFilterDriver - ok
11:55:28.0904 1644 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:55:28.0904 1644 IpInIp - ok
11:55:28.0935 1644 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:55:28.0935 1644 IpNat - ok
11:55:28.0982 1644 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:55:28.0982 1644 IPSec - ok
11:55:29.0029 1644 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:55:29.0029 1644 IRENUM - ok
11:55:29.0076 1644 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:55:29.0076 1644 isapnp - ok
11:55:29.0185 1644 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:55:29.0185 1644 JavaQuickStarterService - ok
11:55:29.0216 1644 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:55:29.0216 1644 Kbdclass - ok
11:55:29.0279 1644 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:55:29.0279 1644 kbdhid - ok
11:55:29.0295 1644 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:55:29.0295 1644 kmixer - ok
11:55:29.0357 1644 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:55:29.0357 1644 KSecDD - ok
11:55:29.0420 1644 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:55:29.0420 1644 lanmanserver - ok
11:55:29.0482 1644 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:55:29.0498 1644 lanmanworkstation - ok
11:55:29.0498 1644 lbrtfdc - ok
11:55:29.0591 1644 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:55:29.0591 1644 LmHosts - ok
11:55:29.0701 1644 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
11:55:29.0716 1644 LMIGuardianSvc - ok
11:55:29.0732 1644 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
11:55:29.0732 1644 LMIInfo - ok
11:55:29.0763 1644 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
11:55:29.0779 1644 LMIMaint - ok
11:55:29.0826 1644 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
11:55:29.0826 1644 lmimirr - ok
11:55:29.0841 1644 LMIRfsClientNP - ok
11:55:29.0904 1644 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
11:55:29.0904 1644 LMIRfsDriver - ok
11:55:29.0966 1644 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
11:55:29.0998 1644 LogMeIn - ok
11:55:30.0107 1644 [ 062D80F13D762F7BC2F38430D60F5048 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
11:55:30.0107 1644 McAfeeFramework - ok
11:55:30.0216 1644 [ 50182E471B44C7A0F63B46E2DEF08B0F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
11:55:30.0216 1644 McShield - ok
11:55:30.0279 1644 [ B15BB3AEF59158B4E1DDA5328C842713 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
11:55:30.0295 1644 McTaskManager - ok
11:55:30.0341 1644 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:55:30.0357 1644 Messenger - ok
11:55:30.0404 1644 [ C0D975D64C1AF8057F2D75B1297A6979 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
11:55:30.0404 1644 mfeapfk - ok
11:55:30.0451 1644 [ C169326049A8A03D5F905B34F5A65F8C ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
11:55:30.0451 1644 mfeavfk - ok
11:55:30.0482 1644 [ 50B0253B2484A306A20D8695C5AE5858 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
11:55:30.0482 1644 mfebopk - ok
11:55:30.0560 1644 [ 188B40866DB2AB8EF262FEBC65291687 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
11:55:30.0560 1644 mfehidk - ok
11:55:30.0591 1644 [ C1B30AF2E18E69BF8CEB39B33F32D3C1 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
11:55:30.0591 1644 mferkdet - ok
11:55:30.0623 1644 [ 97EF4CA122DDDA4781FF557E65DFB262 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
11:55:30.0623 1644 mfetdi2k - ok
11:55:30.0654 1644 [ 49C8E20D178BE981FF28523A942A570F ] mfevtp C:\WINDOWS\system32\mfevtps.exe
11:55:30.0654 1644 mfevtp - ok
11:55:30.0701 1644 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:55:30.0716 1644 mnmdd - ok
11:55:30.0748 1644 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:55:30.0748 1644 mnmsrvc - ok
11:55:30.0795 1644 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:55:30.0795 1644 Modem - ok
11:55:30.0826 1644 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:55:30.0826 1644 Mouclass - ok
11:55:30.0857 1644 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:55:30.0857 1644 mouhid - ok
11:55:30.0873 1644 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:55:30.0888 1644 MountMgr - ok
11:55:30.0888 1644 mraid35x - ok
11:55:30.0951 1644 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:55:30.0966 1644 MRxDAV - ok
11:55:31.0029 1644 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:55:31.0045 1644 MRxSmb - ok
11:55:31.0107 1644 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:55:31.0107 1644 MSDTC - ok
11:55:31.0170 1644 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:55:31.0170 1644 Msfs - ok
11:55:31.0185 1644 MSIServer - ok
11:55:31.0232 1644 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:55:31.0232 1644 MSKSSRV - ok
11:55:31.0248 1644 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:55:31.0248 1644 MSPCLOCK - ok
11:55:31.0279 1644 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:55:31.0279 1644 MSPQM - ok
11:55:31.0326 1644 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:55:31.0326 1644 mssmbios - ok
11:55:31.0373 1644 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:55:31.0373 1644 Mup - ok
11:55:31.0435 1644 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:55:31.0451 1644 napagent - ok
11:55:31.0498 1644 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:55:31.0498 1644 NDIS - ok
11:55:31.0560 1644 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:55:31.0560 1644 NdisTapi - ok
11:55:31.0623 1644 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:55:31.0623 1644 Ndisuio - ok
11:55:31.0654 1644 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:55:31.0654 1644 NdisWan - ok
11:55:31.0716 1644 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:55:31.0716 1644 NDProxy - ok
11:55:31.0732 1644 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:55:31.0748 1644 NetBIOS - ok
11:55:31.0795 1644 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:55:31.0795 1644 NetBT - ok
11:55:31.0857 1644 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:55:31.0857 1644 NetDDE - ok
11:55:31.0873 1644 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:55:31.0888 1644 NetDDEdsdm - ok
11:55:31.0935 1644 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:55:31.0935 1644 Netlogon - ok
11:55:31.0998 1644 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:55:31.0998 1644 Netman - ok
11:55:32.0045 1644 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:55:32.0045 1644 NetTcpPortSharing - ok
11:55:32.0107 1644 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:55:32.0123 1644 Nla - ok
11:55:32.0138 1644 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:55:32.0138 1644 Npfs - ok
11:55:32.0216 1644 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:55:32.0248 1644 Ntfs - ok
11:55:32.0263 1644 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:55:32.0263 1644 NtLmSsp - ok
11:55:32.0341 1644 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:55:32.0357 1644 NtmsSvc - ok
11:55:32.0388 1644 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:55:32.0388 1644 Null - ok
11:55:32.0670 1644 [ 9F4384AA43548DDD438F7B7825D11699 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:55:32.0716 1644 nv - ok
11:55:32.0763 1644 [ 0C41C4ACFE00D826DB479C40C1D9EDC8 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
11:55:32.0763 1644 NVSvc - ok
11:55:32.0810 1644 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:55:32.0810 1644 NwlnkFlt - ok
11:55:32.0826 1644 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:55:32.0826 1644 NwlnkFwd - ok
11:55:32.0966 1644 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:55:32.0982 1644 odserv - ok
11:55:33.0013 1644 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:55:33.0013 1644 ose - ok
11:55:33.0060 1644 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:55:33.0060 1644 Parport - ok
11:55:33.0123 1644 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:55:33.0123 1644 PartMgr - ok
11:55:33.0185 1644 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:55:33.0185 1644 ParVdm - ok
11:55:33.0201 1644 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:55:33.0201 1644 PCI - ok
11:55:33.0216 1644 PCIDump - ok
11:55:33.0263 1644 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
11:55:33.0263 1644 PCIIde - ok
11:55:33.0295 1644 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:55:33.0295 1644 Pcmcia - ok
11:55:33.0310 1644 PDCOMP - ok
11:55:33.0341 1644 PDFRAME - ok
11:55:33.0357 1644 PDRELI - ok
11:55:33.0388 1644 PDRFRAME - ok
11:55:33.0404 1644 perc2 - ok
11:55:33.0435 1644 perc2hib - ok
11:55:33.0529 1644 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:55:33.0529 1644 PlugPlay - ok
11:55:33.0545 1644 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:55:33.0560 1644 PolicyAgent - ok
11:55:33.0623 1644 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:55:33.0623 1644 PptpMiniport - ok
11:55:33.0638 1644 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:55:33.0638 1644 ProtectedStorage - ok
11:55:33.0654 1644 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:55:33.0670 1644 PSched - ok
11:55:33.0732 1644 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:55:33.0732 1644 Ptilink - ok
11:55:33.0748 1644 ql1080 - ok
11:55:33.0763 1644 Ql10wnt - ok
11:55:33.0795 1644 ql12160 - ok
11:55:33.0810 1644 ql1240 - ok
11:55:33.0841 1644 ql1280 - ok
11:55:33.0888 1644 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:55:33.0888 1644 RasAcd - ok
11:55:33.0951 1644 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:55:33.0951 1644 RasAuto - ok
11:55:33.0982 1644 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:55:33.0982 1644 Rasl2tp - ok
11:55:34.0045 1644 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:55:34.0045 1644 RasMan - ok
11:55:34.0076 1644 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:55:34.0076 1644 RasPppoe - ok
11:55:34.0091 1644 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:55:34.0091 1644 Raspti - ok
11:55:34.0123 1644 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:55:34.0123 1644 Rdbss - ok
11:55:34.0154 1644 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:55:34.0154 1644 RDPCDD - ok
11:55:34.0185 1644 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:55:34.0185 1644 rdpdr - ok
11:55:34.0248 1644 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:55:34.0248 1644 RDPWD - ok
11:55:34.0295 1644 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:55:34.0295 1644 RDSessMgr - ok
11:55:34.0341 1644 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:55:34.0357 1644 redbook - ok
11:55:34.0404 1644 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:55:34.0404 1644 RemoteAccess - ok
11:55:34.0451 1644 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:55:34.0451 1644 RemoteRegistry - ok
11:55:34.0466 1644 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:55:34.0466 1644 RpcLocator - ok
11:55:34.0513 1644 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:55:34.0529 1644 RpcSs - ok
11:55:34.0576 1644 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:55:34.0576 1644 RSVP - ok
11:55:34.0607 1644 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:55:34.0607 1644 SamSs - ok
11:55:34.0623 1644 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:55:34.0638 1644 SCardSvr - ok
11:55:34.0701 1644 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:55:34.0716 1644 Schedule - ok
11:55:34.0763 1644 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:55:34.0763 1644 Secdrv - ok
11:55:34.0810 1644 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:55:34.0810 1644 seclogon - ok
11:55:34.0857 1644 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:55:34.0857 1644 SENS - ok
11:55:34.0904 1644 [ A2CC81C30BEF6AC9F27055490EEF6DE3 ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
11:55:34.0904 1644 Sentinel - ok
11:55:34.0920 1644 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:55:34.0920 1644 serenum - ok
11:55:34.0951 1644 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:55:34.0951 1644 Serial - ok
11:55:35.0060 1644 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:55:35.0060 1644 Sfloppy - ok
11:55:35.0107 1644 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:55:35.0107 1644 ShellHWDetection - ok
11:55:35.0123 1644 Simbad - ok
11:55:35.0216 1644 [ CE724FC3EF8468BBAB146CA1793C66DC ] SNTNLUSB C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
11:55:35.0216 1644 SNTNLUSB - ok
11:55:35.0232 1644 Sparrow - ok
11:55:35.0263 1644 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:55:35.0279 1644 splitter - ok
11:55:35.0326 1644 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:55:35.0326 1644 Spooler - ok
11:55:35.0357 1644 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:55:35.0357 1644 sr - ok
11:55:35.0420 1644 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:55:35.0435 1644 srservice - ok
11:55:35.0498 1644 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:55:35.0513 1644 Srv - ok
11:55:35.0576 1644 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:55:35.0591 1644 SSDPSRV - ok
11:55:35.0638 1644 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:55:35.0654 1644 stisvc - ok
11:55:35.0716 1644 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:55:35.0716 1644 swenum - ok
11:55:35.0732 1644 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:55:35.0732 1644 swmidi - ok
11:55:35.0748 1644 SwPrv - ok
11:55:35.0779 1644 symc810 - ok
11:55:35.0810 1644 symc8xx - ok
11:55:35.0826 1644 sym_hi - ok
11:55:35.0857 1644 sym_u3 - ok
11:55:35.0904 1644 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:55:35.0904 1644 sysaudio - ok
11:55:35.0951 1644 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:55:35.0966 1644 SysmonLog - ok
11:55:36.0013 1644 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:55:36.0029 1644 TapiSrv - ok
11:55:36.0091 1644 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:55:36.0107 1644 Tcpip - ok
11:55:36.0154 1644 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:55:36.0154 1644 TDPIPE - ok
11:55:36.0185 1644 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:55:36.0185 1644 TDTCP - ok
11:55:36.0216 1644 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:55:36.0216 1644 TermDD - ok
11:55:36.0295 1644 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:55:36.0310 1644 TermService - ok
11:55:36.0326 1644 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:55:36.0326 1644 Themes - ok
11:55:36.0388 1644 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:55:36.0388 1644 TlntSvr - ok
11:55:36.0404 1644 TosIde - ok
11:55:36.0466 1644 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:55:36.0466 1644 TrkWks - ok
11:55:36.0529 1644 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:55:36.0529 1644 Udfs - ok
11:55:36.0576 1644 ultra - ok
11:55:36.0638 1644 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:55:36.0654 1644 Update - ok
11:55:36.0701 1644 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:55:36.0716 1644 upnphost - ok
11:55:36.0748 1644 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:55:36.0748 1644 UPS - ok
11:55:36.0795 1644 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:55:36.0795 1644 usbccgp - ok
11:55:36.0841 1644 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:55:36.0841 1644 usbehci - ok
11:55:36.0904 1644 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:55:36.0904 1644 usbhub - ok
11:55:36.0966 1644 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:55:36.0966 1644 USBSTOR - ok
11:55:36.0998 1644 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:55:36.0998 1644 usbuhci - ok
11:55:37.0029 1644 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:55:37.0029 1644 VgaSave - ok
11:55:37.0045 1644 ViaIde - ok
11:55:37.0107 1644 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:55:37.0123 1644 VolSnap - ok
11:55:37.0170 1644 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:55:37.0185 1644 VSS - ok
11:55:37.0232 1644 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:55:37.0232 1644 W32Time - ok
11:55:37.0263 1644 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:55:37.0263 1644 Wanarp - ok
11:55:37.0279 1644 WDICA - ok
11:55:37.0310 1644 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:55:37.0326 1644 wdmaud - ok
11:55:37.0373 1644 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:55:37.0388 1644 WebClient - ok
11:55:37.0498 1644 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:55:37.0498 1644 winmgmt - ok
11:55:37.0591 1644 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:55:37.0591 1644 WmdmPmSN - ok
11:55:37.0654 1644 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:55:37.0685 1644 Wmi - ok
11:55:37.0732 1644 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:55:37.0732 1644 WmiApSrv - ok
11:55:37.0857 1644 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:55:37.0888 1644 WMPNetworkSvc - ok
11:55:37.0982 1644 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:55:37.0998 1644 WPFFontCache_v0400 - ok
11:55:38.0029 1644 WSearch - ok
11:55:38.0091 1644 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:55:38.0107 1644 wuauserv - ok
11:55:38.0138 1644 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:55:38.0138 1644 WudfPf - ok
11:55:38.0170 1644 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:55:38.0170 1644 WudfRd - ok
11:55:38.0201 1644 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:55:38.0201 1644 WudfSvc - ok
11:55:38.0279 1644 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:55:38.0295 1644 WZCSVC - ok
11:55:38.0341 1644 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:55:38.0357 1644 xmlprov - ok
11:55:38.0388 1644 [ 5FF57EEDF48F189859D6E9BF81E297C5 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
11:55:38.0388 1644 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
11:55:38.0420 1644 [ C2EB14D84069443437F1B3B856BCB665 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
11:55:38.0420 1644 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
11:55:38.0435 1644 ================ Scan global ===============================
11:55:38.0466 1644 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:55:38.0529 1644 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:55:38.0560 1644 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:55:38.0576 1644 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:55:38.0576 1644 [Global] - ok
11:55:38.0576 1644 ================ Scan MBR ==================================
11:55:38.0607 1644 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:55:38.0795 1644 \Device\Harddisk0\DR0 - ok
11:55:38.0810 1644 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR6
11:55:44.0357 1644 \Device\Harddisk1\DR6 - ok
11:55:44.0357 1644 ================ Scan VBR ==================================
11:55:44.0373 1644 [ 1A1AD7B2EF61FE94645063038C5D3AD6 ] \Device\Harddisk0\DR0\Partition1
11:55:44.0373 1644 \Device\Harddisk0\DR0\Partition1 - ok
11:55:44.0388 1644 [ C02170FC918A2764BAB89C0CEC96BDCC ] \Device\Harddisk1\DR6\Partition1
11:55:44.0404 1644 \Device\Harddisk1\DR6\Partition1 - ok
11:55:44.0404 1644 ============================================================
11:55:44.0404 1644 Scan finished
11:55:44.0404 1644 ============================================================
11:55:44.0451 0240 Detected object count: 0
11:55:44.0451 0240 Actual detected object count: 0
11:55:59.0670 1920 ============================================================
11:55:59.0670 1920 Scan started
11:55:59.0670 1920 Mode: Manual; TDLFS;
11:55:59.0670 1920 ============================================================
11:56:00.0201 1920 ================ Scan system memory ========================
11:56:00.0201 1920 System memory - ok
11:56:00.0201 1920 ================ Scan services =============================
11:56:00.0388 1920 Abiosdsk - ok
11:56:00.0404 1920 abp480n5 - ok
11:56:00.0466 1920 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:56:00.0466 1920 ACPI - ok
11:56:00.0513 1920 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:56:00.0513 1920 ACPIEC - ok
11:56:00.0529 1920 adpu160m - ok
11:56:00.0576 1920 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:56:00.0591 1920 aec - ok
11:56:00.0638 1920 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:56:00.0654 1920 AFD - ok
11:56:00.0654 1920 Aha154x - ok
11:56:00.0685 1920 aic78u2 - ok
11:56:00.0716 1920 aic78xx - ok
11:56:00.0779 1920 [ 3F9F42085AB5B6A55498A539C54575AB ] akshasp C:\WINDOWS\system32\DRIVERS\akshasp.sys
11:56:00.0779 1920 akshasp - ok
11:56:00.0826 1920 [ D2B95315CC47F9230006FDBCBA394D8D ] aksusb C:\WINDOWS\system32\DRIVERS\aksusb.sys
11:56:00.0826 1920 aksusb - ok
11:56:00.0873 1920 [ A9355A51698F6901B362EF738B15631D ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
11:56:00.0888 1920 ALCXSENS - ok
11:56:00.0966 1920 [ CD86A348FC4016842DBD5AC7398FB48D ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:56:00.0966 1920 ALCXWDM - ok
11:56:01.0013 1920 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:56:01.0013 1920 Alerter - ok
11:56:01.0045 1920 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:56:01.0045 1920 ALG - ok
11:56:01.0060 1920 AliIde - ok
11:56:01.0076 1920 amsint - ok
11:56:01.0138 1920 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:56:01.0138 1920 AppMgmt - ok
11:56:01.0154 1920 asc - ok
11:56:01.0170 1920 asc3350p - ok
11:56:01.0201 1920 asc3550 - ok
11:56:01.0357 1920 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:56:01.0373 1920 aspnet_state - ok
11:56:01.0404 1920 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:56:01.0404 1920 AsyncMac - ok
11:56:01.0451 1920 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:56:01.0451 1920 atapi - ok
11:56:01.0466 1920 Atdisk - ok
11:56:01.0513 1920 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:56:01.0513 1920 Atmarpc - ok
11:56:01.0545 1920 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:56:01.0560 1920 AudioSrv - ok
11:56:01.0607 1920 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:56:01.0607 1920 audstub - ok
11:56:01.0763 1920 [ 32A5DEFDDC3562BF89D73586F5915B34 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
11:56:01.0763 1920 Autodesk Licensing Service - ok
11:56:01.0826 1920 [ B9543B0C771FEAB7CA095303007A159C ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:56:01.0826 1920 b57w2k - ok
11:56:01.0888 1920 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:56:01.0888 1920 Beep - ok
11:56:01.0966 1920 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:56:01.0966 1920 BITS - ok
11:56:02.0029 1920 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:56:02.0029 1920 Browser - ok
11:56:02.0060 1920 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:56:02.0060 1920 cbidf2k - ok
11:56:02.0076 1920 cd20xrnt - ok
11:56:02.0123 1920 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:56:02.0123 1920 Cdaudio - ok
11:56:02.0185 1920 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:56:02.0185 1920 Cdfs - ok
11:56:02.0216 1920 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:56:02.0216 1920 Cdrom - ok
11:56:02.0232 1920 Changer - ok
11:56:02.0279 1920 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:56:02.0279 1920 CiSvc - ok
11:56:02.0326 1920 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:56:02.0326 1920 ClipSrv - ok
11:56:02.0388 1920 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:56:02.0388 1920 clr_optimization_v2.0.50727_32 - ok
11:56:02.0435 1920 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:56:02.0435 1920 clr_optimization_v4.0.30319_32 - ok
11:56:02.0451 1920 CmdIde - ok
11:56:02.0482 1920 COMSysApp - ok
11:56:02.0529 1920 Cpqarray - ok
11:56:02.0591 1920 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:56:02.0591 1920 CryptSvc - ok
11:56:02.0607 1920 dac2w2k - ok
11:56:02.0623 1920 dac960nt - ok
11:56:02.0685 1920 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:56:02.0685 1920 DcomLaunch - ok
11:56:02.0748 1920 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:56:02.0748 1920 Dhcp - ok
11:56:02.0810 1920 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:56:02.0810 1920 Disk - ok
11:56:02.0826 1920 dmadmin - ok
11:56:02.0888 1920 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:56:02.0888 1920 dmboot - ok
11:56:02.0920 1920 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:56:02.0920 1920 dmio - ok
11:56:02.0966 1920 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:56:02.0966 1920 dmload - ok
11:56:02.0998 1920 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:56:02.0998 1920 dmserver - ok
11:56:03.0060 1920 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:56:03.0060 1920 DMusic - ok
11:56:03.0123 1920 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:56:03.0123 1920 Dnscache - ok
11:56:03.0170 1920 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:56:03.0170 1920 Dot3svc - ok
11:56:03.0185 1920 dpti2o - ok
11:56:03.0232 1920 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:56:03.0232 1920 drmkaud - ok
11:56:03.0279 1920 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:56:03.0279 1920 EapHost - ok
11:56:03.0326 1920 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:56:03.0326 1920 ERSvc - ok
11:56:03.0388 1920 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:56:03.0388 1920 Eventlog - ok
11:56:03.0466 1920 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:56:03.0466 1920 EventSystem - ok
11:56:03.0513 1920 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:56:03.0513 1920 Fastfat - ok
11:56:03.0576 1920 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:56:03.0576 1920 FastUserSwitchingCompatibility - ok
11:56:03.0607 1920 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:56:03.0607 1920 Fdc - ok
11:56:03.0623 1920 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:56:03.0623 1920 Fips - ok
11:56:03.0654 1920 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:56:03.0654 1920 Flpydisk - ok
11:56:03.0716 1920 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:56:03.0716 1920 FltMgr - ok
11:56:03.0795 1920 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:56:03.0810 1920 FontCache3.0.0.0 - ok
11:56:03.0810 1920 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:56:03.0826 1920 Fs_Rec - ok
11:56:03.0841 1920 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:56:03.0857 1920 Ftdisk - ok
11:56:03.0904 1920 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:56:03.0904 1920 Gpc - ok
11:56:03.0998 1920 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:03.0998 1920 gupdate - ok
11:56:04.0029 1920 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:04.0029 1920 gupdatem - ok
11:56:04.0107 1920 [ D95554949082FD29A04D351B58396718 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
11:56:04.0107 1920 Hardlock - ok
11:56:04.0216 1920 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:56:04.0216 1920 helpsvc - ok
11:56:04.0248 1920 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:56:04.0263 1920 HidServ - ok
11:56:04.0295 1920 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:56:04.0295 1920 HidUsb - ok
11:56:04.0357 1920 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:56:04.0357 1920 hkmsvc - ok
11:56:04.0373 1920 hpn - ok
11:56:04.0435 1920 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:56:04.0435 1920 HTTP - ok
11:56:04.0498 1920 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:56:04.0498 1920 HTTPFilter - ok
11:56:04.0513 1920 i2omgmt - ok
11:56:04.0545 1920 i2omp - ok
11:56:04.0591 1920 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:56:04.0591 1920 i8042prt - ok
11:56:04.0638 1920 [ CFC89F98C436C6687BD818ABB6A4480B ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:56:04.0638 1920 ialm - ok
11:56:04.0716 1920 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:56:04.0716 1920 idsvc - ok
11:56:04.0748 1920 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:56:04.0763 1920 Imapi - ok
11:56:04.0810 1920 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:56:04.0810 1920 ImapiService - ok
11:56:04.0826 1920 ini910u - ok
11:56:04.0904 1920 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:56:04.0904 1920 IntelIde - ok
11:56:04.0966 1920 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:56:04.0966 1920 intelppm - ok
11:56:05.0013 1920 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:56:05.0013 1920 Ip6Fw - ok
11:56:05.0045 1920 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:56:05.0045 1920 IpFilterDriver - ok
11:56:05.0060 1920 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:56:05.0060 1920 IpInIp - ok
11:56:05.0076 1920 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:56:05.0091 1920 IpNat - ok
11:56:05.0123 1920 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:56:05.0138 1920 IPSec - ok
11:56:05.0185 1920 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:56:05.0185 1920 IRENUM - ok
11:56:05.0232 1920 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:56:05.0232 1920 isapnp - ok
11:56:05.0341 1920 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:56:05.0341 1920 JavaQuickStarterService - ok
11:56:05.0357 1920 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:56:05.0373 1920 Kbdclass - ok
11:56:05.0435 1920 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:56:05.0435 1920 kbdhid - ok
11:56:05.0466 1920 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:56:05.0466 1920 kmixer - ok
11:56:05.0529 1920 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:56:05.0529 1920 KSecDD - ok
11:56:05.0576 1920 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:56:05.0591 1920 lanmanserver - ok
11:56:05.0654 1920 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:56:05.0654 1920 lanmanworkstation - ok
11:56:05.0670 1920 lbrtfdc - ok
11:56:05.0763 1920 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:56:05.0763 1920 LmHosts - ok
11:56:05.0873 1920 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
11:56:05.0873 1920 LMIGuardianSvc - ok
11:56:05.0888 1920 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
11:56:05.0888 1920 LMIInfo - ok
11:56:05.0904 1920 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
11:56:05.0920 1920 LMIMaint - ok
11:56:05.0982 1920 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys
11:56:05.0982 1920 lmimirr - ok
11:56:05.0982 1920 LMIRfsClientNP - ok
11:56:06.0029 1920 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
11:56:06.0029 1920 LMIRfsDriver - ok
11:56:06.0060 1920 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
11:56:06.0060 1920 LogMeIn - ok
11:56:06.0170 1920 [ 062D80F13D762F7BC2F38430D60F5048 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
11:56:06.0170 1920 McAfeeFramework - ok
11:56:06.0279 1920 [ 50182E471B44C7A0F63B46E2DEF08B0F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
11:56:06.0279 1920 McShield - ok
11:56:06.0341 1920 [ B15BB3AEF59158B4E1DDA5328C842713 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
11:56:06.0357 1920 McTaskManager - ok
11:56:06.0388 1920 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:56:06.0404 1920 Messenger - ok
11:56:06.0435 1920 [ C0D975D64C1AF8057F2D75B1297A6979 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
11:56:06.0435 1920 mfeapfk - ok
11:56:06.0466 1920 [ C169326049A8A03D5F905B34F5A65F8C ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
11:56:06.0466 1920 mfeavfk - ok
11:56:06.0513 1920 [ 50B0253B2484A306A20D8695C5AE5858 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
11:56:06.0513 1920 mfebopk - ok
11:56:06.0576 1920 [ 188B40866DB2AB8EF262FEBC65291687 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
11:56:06.0576 1920 mfehidk - ok
11:56:06.0607 1920 [ C1B30AF2E18E69BF8CEB39B33F32D3C1 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
11:56:06.0607 1920 mferkdet - ok
11:56:06.0638 1920 [ 97EF4CA122DDDA4781FF557E65DFB262 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys
11:56:06.0638 1920 mfetdi2k - ok
11:56:06.0654 1920 [ 49C8E20D178BE981FF28523A942A570F ] mfevtp C:\WINDOWS\system32\mfevtps.exe
11:56:06.0670 1920 mfevtp - ok
11:56:06.0732 1920 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:56:06.0732 1920 mnmdd - ok
11:56:06.0779 1920 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:56:06.0779 1920 mnmsrvc - ok
11:56:06.0810 1920 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:56:06.0810 1920 Modem - ok
11:56:06.0857 1920 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:56:06.0857 1920 Mouclass - ok
11:56:06.0873 1920 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:56:06.0873 1920 mouhid - ok
11:56:06.0935 1920 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:56:06.0935 1920 MountMgr - ok
11:56:06.0951 1920 mraid35x - ok
11:56:06.0982 1920 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:56:06.0982 1920 MRxDAV - ok
11:56:07.0060 1920 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:56:07.0060 1920 MRxSmb - ok
11:56:07.0107 1920 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:56:07.0107 1920 MSDTC - ok
11:56:07.0138 1920 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:56:07.0154 1920 Msfs - ok
11:56:07.0170 1920 MSIServer - ok
11:56:07.0201 1920 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:56:07.0201 1920 MSKSSRV - ok
11:56:07.0216 1920 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:56:07.0232 1920 MSPCLOCK - ok
11:56:07.0263 1920 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:56:07.0263 1920 MSPQM - ok
11:56:07.0310 1920 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:56:07.0310 1920 mssmbios - ok
11:56:07.0373 1920 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:56:07.0373 1920 Mup - ok
11:56:07.0435 1920 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:56:07.0435 1920 napagent - ok
11:56:07.0482 1920 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:56:07.0482 1920 NDIS - ok
11:56:07.0529 1920 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:56:07.0529 1920 NdisTapi - ok
11:56:07.0591 1920 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:56:07.0591 1920 Ndisuio - ok
11:56:07.0623 1920 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:56:07.0623 1920 NdisWan - ok
11:56:07.0685 1920 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:56:07.0685 1920 NDProxy - ok
11:56:07.0701 1920 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:56:07.0701 1920 NetBIOS - ok
11:56:07.0763 1920 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:56:07.0763 1920 NetBT - ok
11:56:07.0810 1920 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:56:07.0826 1920 NetDDE - ok
11:56:07.0841 1920 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:56:07.0841 1920 NetDDEdsdm - ok
11:56:07.0888 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:56:07.0888 1920 Netlogon - ok
11:56:07.0951 1920 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:56:07.0951 1920 Netman - ok
11:56:08.0013 1920 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:56:08.0013 1920 NetTcpPortSharing - ok
11:56:08.0076 1920 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:56:08.0076 1920 Nla - ok
11:56:08.0107 1920 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:56:08.0107 1920 Npfs - ok
11:56:08.0170 1920 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:56:08.0185 1920 Ntfs - ok
11:56:08.0201 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:56:08.0201 1920 NtLmSsp - ok
11:56:08.0263 1920 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:56:08.0263 1920 NtmsSvc - ok
11:56:08.0310 1920 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:56:08.0310 1920 Null - ok
11:56:08.0560 1920 [ 9F4384AA43548DDD438F7B7825D11699 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:56:08.0623 1920 nv - ok
11:56:08.0638 1920 [ 0C41C4ACFE00D826DB479C40C1D9EDC8 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
11:56:08.0654 1920 NVSvc - ok
11:56:08.0701 1920 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:56:08.0701 1920 NwlnkFlt - ok
11:56:08.0716 1920 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:56:08.0716 1920 NwlnkFwd - ok
11:56:08.0857 1920 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:56:08.0857 1920 odserv - ok
11:56:08.0888 1920 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:56:08.0888 1920 ose - ok
11:56:08.0951 1920 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:56:08.0951 1920 Parport - ok
11:56:08.0998 1920 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:56:08.0998 1920 PartMgr - ok
11:56:09.0045 1920 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:56:09.0060 1920 ParVdm - ok
11:56:09.0076 1920 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:56:09.0076 1920 PCI - ok
11:56:09.0091 1920 PCIDump - ok
11:56:09.0138 1920 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
11:56:09.0138 1920 PCIIde - ok
11:56:09.0170 1920 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:56:09.0170 1920 Pcmcia - ok
11:56:09.0185 1920 PDCOMP - ok
11:56:09.0216 1920 PDFRAME - ok
11:56:09.0232 1920 PDRELI - ok
11:56:09.0263 1920 PDRFRAME - ok
11:56:09.0279 1920 perc2 - ok
11:56:09.0310 1920 perc2hib - ok
11:56:09.0404 1920 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:56:09.0404 1920 PlugPlay - ok
11:56:09.0435 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:56:09.0435 1920 PolicyAgent - ok
11:56:09.0498 1920 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:56:09.0498 1920 PptpMiniport - ok
11:56:09.0513 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:56:09.0529 1920 ProtectedStorage - ok
11:56:09.0545 1920 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:56:09.0545 1920 PSched - ok
11:56:09.0607 1920 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:56:09.0607 1920 Ptilink - ok
11:56:09.0623 1920 ql1080 - ok
11:56:09.0654 1920 Ql10wnt - ok
11:56:09.0670 1920 ql12160 - ok
11:56:09.0701 1920 ql1240 - ok
11:56:09.0716 1920 ql1280 - ok
11:56:09.0748 1920 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:56:09.0748 1920 RasAcd - ok
11:56:09.0826 1920 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:56:09.0826 1920 RasAuto - ok
11:56:09.0841 1920 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:56:09.0857 1920 Rasl2tp - ok
11:56:09.0920 1920 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:56:09.0920 1920 RasMan - ok
11:56:09.0966 1920 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:56:09.0966 1920 RasPppoe - ok
11:56:09.0982 1920 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:56:09.0998 1920 Raspti - ok
11:56:10.0060 1920 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:56:10.0060 1920 Rdbss - ok
11:56:10.0076 1920 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:56:10.0076 1920 RDPCDD - ok
11:56:10.0123 1920 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:56:10.0123 1920 rdpdr - ok
11:56:10.0170 1920 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:56:10.0185 1920 RDPWD - ok
11:56:10.0216 1920 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:56:10.0216 1920 RDSessMgr - ok
11:56:10.0263 1920 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:56:10.0263 1920 redbook - ok
11:56:10.0310 1920 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:56:10.0310 1920 RemoteAccess - ok
11:56:10.0357 1920 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:56:10.0357 1920 RemoteRegistry - ok
11:56:10.0373 1920 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:56:10.0388 1920 RpcLocator - ok
11:56:10.0420 1920 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:56:10.0435 1920 RpcSs - ok
11:56:10.0482 1920 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:56:10.0482 1920 RSVP - ok
11:56:10.0529 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:56:10.0529 1920 SamSs - ok
11:56:10.0545 1920 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:56:10.0545 1920 SCardSvr - ok
11:56:10.0623 1920 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:56:10.0623 1920 Schedule - ok
11:56:10.0670 1920 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:56:10.0670 1920 Secdrv - ok
11:56:10.0716 1920 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:56:10.0716 1920 seclogon - ok
11:56:10.0748 1920 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:56:10.0763 1920 SENS - ok
11:56:10.0810 1920 [ A2CC81C30BEF6AC9F27055490EEF6DE3 ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
11:56:10.0810 1920 Sentinel - ok
11:56:10.0826 1920 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:56:10.0826 1920 serenum - ok
11:56:10.0888 1920 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:56:10.0888 1920 Serial - ok
11:56:10.0998 1920 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:56:10.0998 1920 Sfloppy - ok
11:56:11.0045 1920 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:56:11.0045 1920 ShellHWDetection - ok
11:56:11.0060 1920 Simbad - ok
11:56:11.0154 1920 [ CE724FC3EF8468BBAB146CA1793C66DC ] SNTNLUSB C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
11:56:11.0154 1920 SNTNLUSB - ok
11:56:11.0170 1920 Sparrow - ok
11:56:11.0201 1920 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:56:11.0201 1920 splitter - ok
11:56:11.0263 1920 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:56:11.0263 1920 Spooler - ok
11:56:11.0310 1920 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:56:11.0310 1920 sr - ok
11:56:11.0373 1920 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:56:11.0373 1920 srservice - ok
11:56:11.0451 1920 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:56:11.0451 1920 Srv - ok
11:56:11.0513 1920 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:56:11.0529 1920 SSDPSRV - ok
11:56:11.0576 1920 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:56:11.0576 1920 stisvc - ok
11:56:11.0623 1920 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:56:11.0623 1920 swenum - ok
11:56:11.0654 1920 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:56:11.0654 1920 swmidi - ok
11:56:11.0670 1920 SwPrv - ok
11:56:11.0701 1920 symc810 - ok
11:56:11.0732 1920 symc8xx - ok
11:56:11.0748 1920 sym_hi - ok
11:56:11.0779 1920 sym_u3 - ok
11:56:11.0841 1920 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:56:11.0841 1920 sysaudio - ok
11:56:11.0888 1920 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:56:11.0904 1920 SysmonLog - ok
11:56:11.0966 1920 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:56:11.0966 1920 TapiSrv - ok
11:56:12.0045 1920 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:56:12.0045 1920 Tcpip - ok
11:56:12.0091 1920 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:56:12.0091 1920 TDPIPE - ok
11:56:12.0107 1920 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:56:12.0107 1920 TDTCP - ok
11:56:12.0154 1920 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:56:12.0154 1920 TermDD - ok
11:56:12.0216 1920 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:56:12.0216 1920 TermService - ok
11:56:12.0248 1920 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:56:12.0248 1920 Themes - ok
11:56:12.0295 1920 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:56:12.0295 1920 TlntSvr - ok
11:56:12.0310 1920 TosIde - ok
11:56:12.0373 1920 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:56:12.0373 1920 TrkWks - ok
11:56:12.0451 1920 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:56:12.0451 1920 Udfs - ok
11:56:12.0482 1920 ultra - ok
11:56:12.0560 1920 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:56:12.0560 1920 Update - ok
11:56:12.0623 1920 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:56:12.0623 1920 upnphost - ok
11:56:12.0654 1920 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:56:12.0654 1920 UPS - ok
11:56:12.0685 1920 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:56:12.0701 1920 usbccgp - ok
11:56:12.0732 1920 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:56:12.0732 1920 usbehci - ok
11:56:12.0795 1920 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:56:12.0795 1920 usbhub - ok
11:56:12.0841 1920 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:56:12.0841 1920 USBSTOR - ok
11:56:12.0888 1920 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:56:12.0888 1920 usbuhci - ok
11:56:12.0904 1920 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:56:12.0904 1920 VgaSave - ok
11:56:12.0920 1920 ViaIde - ok
11:56:12.0998 1920 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:56:12.0998 1920 VolSnap - ok
11:56:13.0060 1920 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:56:13.0060 1920 VSS - ok
11:56:13.0107 1920 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:56:13.0107 1920 W32Time - ok
11:56:13.0170 1920 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:56:13.0170 1920 Wanarp - ok
11:56:13.0185 1920 WDICA - ok
11:56:13.0232 1920 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:56:13.0232 1920 wdmaud - ok
11:56:13.0295 1920 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:56:13.0295 1920 WebClient - ok
11:56:13.0420 1920 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:56:13.0420 1920 winmgmt - ok
11:56:13.0513 1920 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:56:13.0513 1920 WmdmPmSN - ok
11:56:13.0560 1920 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:56:13.0576 1920 Wmi - ok
11:56:13.0623 1920 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:56:13.0623 1920 WmiApSrv - ok
11:56:13.0716 1920 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:56:13.0716 1920 WMPNetworkSvc - ok
11:56:13.0810 1920 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:56:13.0810 1920 WPFFontCache_v0400 - ok
11:56:13.0841 1920 WSearch - ok
11:56:13.0904 1920 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:56:13.0920 1920 wuauserv - ok
11:56:13.0966 1920 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:56:13.0966 1920 WudfPf - ok
11:56:13.0998 1920 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:56:13.0998 1920 WudfRd - ok
11:56:14.0029 1920 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:56:14.0029 1920 WudfSvc - ok
11:56:14.0091 1920 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:56:14.0107 1920 WZCSVC - ok
11:56:14.0154 1920 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:56:14.0154 1920 xmlprov - ok
11:56:14.0201 1920 [ 5FF57EEDF48F189859D6E9BF81E297C5 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
11:56:14.0201 1920 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
11:56:14.0232 1920 [ C2EB14D84069443437F1B3B856BCB665 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
11:56:14.0232 1920 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
11:56:14.0232 1920 ================ Scan global ===============================
11:56:14.0279 1920 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:56:14.0326 1920 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:56:14.0357 1920 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:56:14.0373 1920 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:56:14.0373 1920 [Global] - ok
11:56:14.0373 1920 ================ Scan MBR ==================================
11:56:14.0404 1920 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:56:14.0638 1920 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:56:14.0638 1920 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:56:14.0654 1920 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR6
11:56:20.0373 1920 \Device\Harddisk1\DR6 - ok
11:56:20.0373 1920 ================ Scan VBR ==================================
11:56:20.0388 1920 [ 1A1AD7B2EF61FE94645063038C5D3AD6 ] \Device\Harddisk0\DR0\Partition1
11:56:20.0388 1920 \Device\Harddisk0\DR0\Partition1 - ok
11:56:20.0404 1920 [ C02170FC918A2764BAB89C0CEC96BDCC ] \Device\Harddisk1\DR6\Partition1
11:56:20.0420 1920 \Device\Harddisk1\DR6\Partition1 - ok
11:56:20.0420 1920 ============================================================
11:56:20.0420 1920 Scan finished
11:56:20.0420 1920 ============================================================
11:56:20.0451 1396 Detected object count: 1
11:56:20.0451 1396 Actual detected object count: 1
11:57:22.0482 1396 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:57:22.0498 1396 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:57:22.0498 1396 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:57:22.0545 1396 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:57:22.0545 1396 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:57:22.0545 1396 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:57:22.0545 1396 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:57:22.0607 1396 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:57:22.0623 1396 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:57:22.0654 1396 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:57:22.0654 1396 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:57:22.0654 1396 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:57:22.0654 1396 \Device\Harddisk0\DR0\TDLFS - deleted
11:57:22.0654 1396 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
11:58:15.0388 1112 Deinitialize success


Also, the link for adware cleaner caused me to get a pop up warning me that the download was unsafe.

I am moving on to the MalwareBytes scan....

#11 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 09 October 2012 - 01:05 PM

I ran all of the scans in Safe Mode. Here are the logs:

MBAM:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.09.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
hadkins :: NISBROPC052311 [administrator]

10/9/2012 12:14:36 PM
mbam-log-2012-10-09 (12-14-36).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 470531
Time elapsed: 42 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\TDSSKiller_Quarantine\09.10.2012_11.55.08\tdlfs0000\tsk0003.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

(end)


Minitool box:
MiniToolBox by Farbar Version: 23-07-2012
Ran by hadkins (administrator) on 09-10-2012 at 13:07:09
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
172.16.2.15 n3500


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : nisbropc052311

Primary Dns Suffix . . . . . . . : nisbetbrower.internal

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : nisbetbrower.internal

nisbetbrower.internal



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : nisbetbrower.internal

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-01-6C-38-08-96

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 172.16.2.104

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.16.2.1

DHCP Server . . . . . . . . . . . : 172.16.2.6

DNS Servers . . . . . . . . . . . : 172.16.2.3

172.16.2.6

Primary WINS Server . . . . . . . : 172.16.2.3

Secondary WINS Server . . . . . . : 172.16.2.6

Lease Obtained. . . . . . . . . . : Tuesday, October 09, 2012 1:02:42 PM

Lease Expires . . . . . . . . . . : Wednesday, October 17, 2012 1:02:42 PM

Server: nlbdc01.nisbetbrower.internal
Address: 172.16.2.3

Name: google.com
Addresses: 74.125.225.40, 74.125.225.41, 74.125.225.46, 74.125.225.32
74.125.225.33, 74.125.225.34, 74.125.225.35, 74.125.225.36, 74.125.225.37
74.125.225.38, 74.125.225.39



Pinging google.com [74.125.225.40] with 32 bytes of data:



Reply from 74.125.225.40: bytes=32 time=19ms TTL=53

Reply from 74.125.225.40: bytes=32 time=14ms TTL=53



Ping statistics for 74.125.225.40:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 19ms, Average = 16ms

Server: nlbdc01.nisbetbrower.internal
Address: 172.16.2.3

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=112ms TTL=47

Reply from 98.138.253.109: bytes=32 time=87ms TTL=44



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 112ms, Average = 99ms

Server: nlbdc01.nisbetbrower.internal
Address: 172.16.2.3

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 01 6c 38 08 96 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.2.1 172.16.2.104 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.2.0 255.255.255.0 172.16.2.104 172.16.2.104 20
172.16.2.104 255.255.255.255 127.0.0.1 127.0.0.1 20
172.16.255.255 255.255.255.255 172.16.2.104 172.16.2.104 20
224.0.0.0 240.0.0.0 172.16.2.104 172.16.2.104 20
255.255.255.255 255.255.255.255 172.16.2.104 172.16.2.104 1
Default Gateway: 172.16.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 U:\Windows\System32\mswsock.dll [File Not found] ()
Catalog5 02 U:\Windows\System32\winrnr.dll [File Not found] ()
Catalog5 03 U:\Windows\System32\mswsock.dll [File Not found] ()
Catalog9 01 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 02 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 03 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 04 U:\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 05 U:\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 06 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 07 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 08 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 09 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 10 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 11 U:\Windows\system32\mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/09/2012 07:13:56 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (10/09/2012 07:13:56 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (10/08/2012 02:51:32 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2520 (0x9d8)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.3.0.464 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Documents and Settings\hadkins\Desktop\TDSSKiller.exe
by C:\WINDOWS\Explorer.EXE
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (10/08/2012 02:48:54 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2948 (0xb84)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.3.0.464 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Documents and Settings\hadkins\Desktop\dds.com
by C:\WINDOWS\system32\SearchProtocolHost.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (10/08/2012 11:17:44 AM) (Source: McLogEvent) (User: NISBET)NISBET
Description: The scan found detections. Scan engine version 5400.1158 DAT version 6856.

Error: (10/04/2012 04:50:37 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0xfc662912.
Processing media-specific event for [svchost.exe!ws!]

Error: (10/03/2012 03:46:15 PM) (Source: Windows Search Service) (User: )
Description: The entry <OTFS://{S-1-5-21-1318808811-623969416-5522801-1561}/S/MANUFACTURING/NORTHWOOD PROGRAM FILES/IP_172.16.2.205> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/03/2012 10:32:06 AM) (Source: Windows Search Service) (User: )
Description: The entry <OTFS://{S-1-5-21-1318808811-623969416-5522801-1561}/S/MANUFACTURING/HILARY ADKINS/FIN/2012/(ST) PROP PLUS ROTH 1630160.DWG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/02/2012 10:17:31 AM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: The file C:\System Volume Information\_restore{3DC570A0-5AC9-431B-A5A9-7665D04FB727}\RP461\A0079079.dll contains the Medfos.f Trojan. Undetermined clean error, deleted successfully. Detected using Scan engine version 5400.1158 DAT version 6851.0000.

Error: (10/02/2012 09:46:19 AM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: The file C:\Documents and Settings\hadkins\Application Data\rsqof.dll contains the Medfos.f Trojan. Undetermined clean error, deleted successfully. Detected using Scan engine version 5400.1158 DAT version 6851.0000.


System errors:
=============
Error: (10/09/2012 01:04:22 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/09/2012 01:04:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm

Error: (10/09/2012 01:03:11 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/09/2012 01:00:51 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (10/09/2012 00:59:40 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/09/2012 00:12:27 PM) (Source: DCOM) (User: NISBET)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/09/2012 09:43:16 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/09/2012 09:43:16 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
PCIIde

Error: (10/09/2012 09:42:09 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/09/2012 09:40:27 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (04/16/2012 05:37:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 105 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

20-20 Design Version 9.0 (Version: 9.0.0)
20-20 Version 8.1 (Version: 8.1.0.3029)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Akamai NetSession Interface Service
Alphacam 2012 R1 (Version: 11.0.1.166)
Alphacam 2012 R1 (Version: 2012.10)
Alphacam Add-Ins - Park Ind. (Version: 1.0)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
AutoCAD DWG to Image Converter v6.9.3
AutoCAD LT 2007 - English (Version: 17.0.54.110)
Autodesk DWF Viewer (Version: 6.5)
Citrix XenApp Plugin for Hosted Apps (Version: 11.0.150.5357)
Client Activator 2.0 - English (3)
Client Activator 2.0 - English (All)
CutePDF Writer 2.8
DWG TrueView 2012 (Version: 18.2.51.0)
ESET Online Scanner v3
Foxit Reader (Version: 5.4.3.920)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
GoToMeeting 4.8.0.723 (Version: 4.8.0.723)
ImagePrinter 2.0.1 (Version: 2.0.1)
ImgViewer (Version: 4.91)
Intel® Extreme Graphics 2 Driver
Java™ 6 Update 29 (Version: 6.0.290)
LogMeIn (Version: 4.1.1868)
LogMeIn (Version: 4.1.2504)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
McAfee Agent (Version: 4.5.0.1810)
McAfee VirusScan Enterprise (Version: 8.8.00000)
Merillat 20-20 Catalogs
MerillatOrderForm (Version: 1.00.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NVIDIA Drivers
PI Tools (Version: 3.0.7)
Prodim Proliner
QuickTime (Version: 7.69.80.9)
Sentinel Protection Installer 7.5.0 (Version: 7.5.0)
Sentinel System Driver Installer 7.5.1 (Version: 7.5.1)
SetupAPC1033English (Version: 1.0.0)
SetupAPCCore (Version: 1.0.0)
SetupATL (Version: 1.0.0)
SetupMFC (Version: 1.0.0)
SolidLink 2012 R1 (Version: 2012.10)
System Requirements Lab
TeamViewer 5 (Version: 5.1.9220 )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Vector 9.06.054
Visual Basic for Applications ® Core - English (Version: 6.4.99.69)
Visual Basic for Applications ® Core - English (Version: 6.5.10.32)
Visual Basic for Applications ® Core (Version: 6.4.99.69)
Visual Basic for Applications ® Core (Version: 6.5.10.32)
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 2039.48 MB
Available physical RAM: 1696.72 MB
Total Pagefile: 3935.73 MB
Available Pagefile: 3794.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.3 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.52 GB) (Free:45.23 GB) NTFS
4 Drive e: () (Removable) (Total:0.06 GB) (Free:0.02 GB) FAT
6 Drive s: (DATA) (Network) (Total:119.99 GB) (Free:14.09 GB) NTFS
7 Drive t: (DATA) (Network) (Total:119.99 GB) (Free:14.09 GB) NTFS
8 Drive u: (Data) (Network) (Total:119.99 GB) (Free:50.54 GB) NTFS
9 Drive v: (DATA) (Network) (Total:56.31 GB) (Free:9.76 GB) NTFS
10 Drive w: (DATA) (Network) (Total:119.99 GB) (Free:14.09 GB) NTFS
11 Drive y: (DATA) (Network) (Total:119.99 GB) (Free:14.09 GB) NTFS

========================= Users: ========================================

User accounts for \\NISBROPC052311

Administrator ASPNET Guest
HelpAssistant nisbetadmin SUPPORT_388945a0

========================= Restore Points ==================================

06-07-2012 19:37:31 System Checkpoint
07-07-2012 20:37:31 System Checkpoint
08-07-2012 21:37:29 System Checkpoint
09-07-2012 22:37:28 System Checkpoint
10-07-2012 23:37:28 System Checkpoint
12-07-2012 00:37:25 System Checkpoint
13-07-2012 01:37:25 System Checkpoint
14-07-2012 02:37:24 System Checkpoint
15-07-2012 03:37:23 System Checkpoint
16-07-2012 04:37:22 System Checkpoint
17-07-2012 05:37:22 System Checkpoint
18-07-2012 06:37:21 System Checkpoint
19-07-2012 07:37:19 System Checkpoint
20-07-2012 08:37:18 System Checkpoint
21-07-2012 09:37:17 System Checkpoint
22-07-2012 10:37:15 System Checkpoint
23-07-2012 10:45:08 System Checkpoint
23-07-2012 12:56:49 Software Distribution Service 3.0
24-07-2012 13:23:27 System Checkpoint
25-07-2012 15:15:35 System Checkpoint
26-07-2012 15:20:42 System Checkpoint
27-07-2012 15:54:34 System Checkpoint
28-07-2012 16:00:26 System Checkpoint
29-07-2012 17:00:24 System Checkpoint
30-07-2012 18:00:24 System Checkpoint
31-07-2012 18:48:29 System Checkpoint
01-08-2012 18:56:00 System Checkpoint
02-08-2012 19:48:18 System Checkpoint
03-08-2012 20:16:25 System Checkpoint
04-08-2012 21:24:19 System Checkpoint
05-08-2012 22:00:19 System Checkpoint
06-08-2012 23:00:18 System Checkpoint
08-08-2012 00:00:17 System Checkpoint
09-08-2012 01:00:16 System Checkpoint
10-08-2012 02:00:15 System Checkpoint
11-08-2012 03:00:15 System Checkpoint
12-08-2012 04:00:15 System Checkpoint
13-08-2012 05:00:13 System Checkpoint
14-08-2012 05:57:52 System Checkpoint
15-08-2012 06:00:10 System Checkpoint
16-08-2012 07:00:10 System Checkpoint
16-08-2012 11:31:26 Software Distribution Service 3.0
17-08-2012 12:12:53 System Checkpoint
18-08-2012 12:14:50 System Checkpoint
19-08-2012 13:14:49 System Checkpoint
20-08-2012 14:14:48 System Checkpoint
21-08-2012 14:25:51 System Checkpoint
22-08-2012 15:25:32 System Checkpoint
23-08-2012 19:33:04 System Checkpoint
27-08-2012 11:24:41 System Checkpoint
28-08-2012 11:55:41 System Checkpoint
29-08-2012 13:56:12 System Checkpoint
30-08-2012 15:52:36 System Checkpoint
31-08-2012 16:18:16 System Checkpoint
01-09-2012 16:55:37 System Checkpoint
02-09-2012 17:55:36 System Checkpoint
03-09-2012 17:56:07 System Checkpoint
04-09-2012 18:52:34 System Checkpoint
05-09-2012 19:45:01 System Checkpoint
06-09-2012 20:26:35 System Checkpoint
07-09-2012 20:55:31 System Checkpoint
08-09-2012 21:29:02 System Checkpoint
09-09-2012 22:29:01 System Checkpoint
10-09-2012 23:29:01 System Checkpoint
12-09-2012 00:28:58 System Checkpoint
13-09-2012 01:28:57 System Checkpoint
14-09-2012 02:28:56 System Checkpoint
15-09-2012 03:28:55 System Checkpoint
16-09-2012 04:28:54 System Checkpoint
17-09-2012 05:28:53 System Checkpoint
18-09-2012 06:28:53 System Checkpoint
19-09-2012 07:40:52 System Checkpoint
20-09-2012 08:28:52 System Checkpoint
20-09-2012 13:37:20 Software Distribution Service 3.0
21-09-2012 14:20:09 System Checkpoint
21-09-2012 15:05:40 Removed Adobe Reader X (10.1.4).
21-09-2012 15:54:29 Installed Nitro Reader 2
24-09-2012 12:09:40 System Checkpoint
25-09-2012 12:11:10 Removed Nitro Reader 2
26-09-2012 12:12:48 System Checkpoint
27-09-2012 12:39:32 System Checkpoint
28-09-2012 15:04:26 System Checkpoint
29-09-2012 15:55:39 System Checkpoint
30-09-2012 16:55:38 System Checkpoint
01-10-2012 17:05:42 System Checkpoint
02-10-2012 13:36:35 Software Distribution Service 3.0
02-10-2012 13:46:33 Installed LogMeIn
03-10-2012 14:15:47 System Checkpoint
04-10-2012 15:01:28 System Checkpoint

**** End of log ****


Farbar Service Scanner:

Farbar Service Scanner Version: 07-10-2012
Ran by hadkins (administrator) on 09-10-2012 at 13:08:55
Running from "C:\Documents and Settings\hadkins\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Junkware

Junkware Removal Tool (JRT) by Thisisu
Version: 1.3.6 (10.09.2012)
OS: Microsoft Windows XP x86
Ran by hadkins on Tue 10/09/2012 at 13:58:27.25
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Tue 10/09/2012 at 13:58:27.28
End of Report

#12 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 09 October 2012 - 01:18 PM

Forgot one. Here is AdwCleaner:

# AdwCleaner v2.004 - Logfile created 10/09/2012 at 13:09:46
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : hadkins - NISBROPC052311
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\hadkins\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [425 octets] - [09/10/2012 13:09:45]

########## EOF - U:\AdwCleaner[S1].txt - [425 octets] ##########

Are we good?

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:22 PM

Posted 09 October 2012 - 05:23 PM

Reboot to normal mode and run mbam scan again and post the clean log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#14 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:22 PM

Posted 10 October 2012 - 07:30 AM

Scans run. Posts follow:

Mbam:

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.09.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
hadkins :: NISBROPC052311 [administrator]

Protection: Enabled

10/9/2012 7:46:44 PM
mbam-log-2012-10-09 (19-46-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 452286
Time elapsed: 2 hour(s), 16 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Service Scanner:

Farbar Service Scanner Version: 07-10-2012
Ran by hadkins (administrator) on 10-10-2012 at 07:56:41
Running from "C:\Spyware tools"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Rkill:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/10/2012 07:58:57 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
172.16.2.15 n3500

Program finished at: 10/10/2012 07:59:40 AM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)

Autoruns:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "LogMeIn GUI" "LogMeIn Desktop Application" "LogMeIn, Inc." "c:\program files\logmein\x86\logmeinsystray.exe"
+ "McAfeeUpdaterUI" "Common User Interface" "McAfee, Inc." "c:\program files\mcafee\common framework\udaterui.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 111.75 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "rsqof" "" "" "File not found: ,FISSPACEA"
+ "ShStatEXE" "VirusScan tray icon" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shstat.exe"
+ "SoundMan" "Realtek Sound Manager" "Realtek Semiconductor Corp." "c:\windows\soundman.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "AutoCAD LT Startup Accelerator.lnk" "AutoCAD Startup Accelerator" "Autodesk, Inc" "c:\program files\common files\autodesk shared\acstart17.exe"
+ "Windows Search.lnk" "Windows Search System Tray" "Microsoft Corporation" "c:\program files\windows desktop search\windowssearch.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Akamai NetSession Interface" "Akamai NetSession Client" "Akamai Technologies, Inc." "c:\documents and settings\hadkins\local settings\application data\akamai\netsession_win.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Windows Desktop Search Namespace Manager" "Windows Search Namespace Manager" "Microsoft Corporation" "c:\program files\windows desktop search\msnlnamespacemgr.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AcShellExtension.AcContextMenuHandler" "AutoCAD Dwg common shell extension handler" "Autodesk" "c:\program files\common files\autodesk shared\acshellex\acshellextension.dll"
+ "Autodesk.DWF.ContextMenu" "Autodesk DWF ShellExtension Module" "Autodesk, Inc." "c:\program files\common files\autodesk shared\dwf common\dwfshellextension.dll"
+ "VirusScan" "Shell Extension" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "VirusScan" "Shell Extension" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 111.75 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "AcColumnHandler" "AutoCAD Dwg common shell extension handler" "Autodesk" "c:\program files\common files\autodesk shared\acshellex\acshellextension.dll"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "VirusScan" "Shell Extension" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "AutoCAD Digital Signatures Icon Overlay Handler" "AutoCAD component" "Autodesk, Inc." "c:\windows\system32\acsignicon.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\scriptsn.20110523122245.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-1318808811-623969416-5522801-1401Core.job" "Google Installer" "Google Inc." "c:\documents and settings\dbolton\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-1318808811-623969416-5522801-1401UA.job" "Google Installer" "Google Inc." "c:\documents and settings\dbolton\local settings\application data\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Autodesk Licensing Service" "Anchor service for Autodesk products licensed with SafeCast" "Autodesk" "c:\program files\common files\autodesk shared\service\adskscsrv.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "LMIGuardianSvc" "Support LogMeIn processes with quality assurance feedback" "LogMeIn, Inc." "c:\program files\logmein\x86\lmiguardiansvc.exe"
+ "LMIMaint" "LogMeIn Maintenance Service" "LogMeIn, Inc." "c:\program files\logmein\x86\ramaint.exe"
+ "LogMeIn" "LogMeIn" "LogMeIn, Inc." "c:\program files\logmein\x86\logmein.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "McAfeeFramework" "Shared component framework for McAfee products" "McAfee, Inc." "c:\program files\mcafee\common framework\frameworkservice.exe"
+ "McShield" "McAfee OnAccess Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mcshield.exe"
+ "McTaskManager" "Allows scheduling of McAfee scanning and updating activities." "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\vstskmgr.exe"
+ "mfevtp" "Provides validation trust protection services" "McAfee, Inc." "c:\windows\system32\mfevtps.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "akshasp" "AKSHASP Device Driver" "Aladdin Knowledge Systems Ltd." "c:\windows\system32\drivers\akshasp.sys"
+ "aksusb" "Aladdin USB Key Driver" "Aladdin Knowledge Systems Ltd." "c:\windows\system32\drivers\aksusb.sys"
+ "ALCXSENS" "Sensaura WDM 3D Audio Driver" "Sensaura Ltd" "c:\windows\system32\drivers\alcxsens.sys"
+ "ALCXWDM" "Realtek AC'97 Audio Driver (WDM)" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\alcxwdm.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "Hardlock" "Hardlock Device Driver for Windows NT" "Aladdin Knowledge Systems Ltd." "c:\windows\system32\drivers\hardlock.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Controller Hub for Intel Graphics Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LMIInfo" "RemotelyAnywhere Kernel Information Provider" "LogMeIn, Inc." "c:\program files\logmein\x86\rainfo.sys"
+ "lmimirr" "LogMeIn Mirror Miniport Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmimirr.sys"
+ "LMIRfsDriver" "LogMeIn Rfs Drivemap Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmirfsdriver.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "mfeapfk" "Access Protection Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeapfk.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfeavfk01" "" "" "File not found: C:\WINDOWS\System32\Drivers\mfeavfk01.sys"
+ "mfebopk" "Buffer Overflow Protection Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfebopk.sys"
+ "mfehidk" "McAfee Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mferkdet" "McAfee Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdet.sys"
+ "mfetdi2k" "Anti-Virus Mini-Firewall Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfetdi2k.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.19 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Sentinel" "Sentinel System Driver (NT Parallel driver)" "SafeNet, Inc." "c:\windows\system32\drivers\sentinel.sys"
+ "SNTNLUSB" "Sentinel System USB Driver" "SafeNet, Inc." "c:\windows\system32\drivers\sntnlusb.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "{6080A529-897E-4629-A488-ABA0C29B635E}" "Intel Graphics Platform (SoftBIOS) Driver for Windows 2000® & Windows XP™" "Intel Corporation" "c:\windows\system32\drivers\ialmsbw.sys"
+ "{D31A0762-0CEB-444e-ACFF-B049A1F6FE91}" "Intel Graphics Chipset (KCH) Driver for Windows 2000® & Windows XP™" "Intel Corporation" "c:\windows\system32\drivers\ialmkchw.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LogMeIn Video Decoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "LogMeIn Video Encoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxsrvc Module" "Intel Corporation" "c:\windows\system32\igfxsrvc.dll"
+ "LMIinit" "LogMeIn Remote Control Helper" "LogMeIn, Inc." "c:\windows\system32\lmiinit.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "CutePDF Writer Monitor" "" "" "c:\windows\system32\cpwmon2k.dll"
+ "ImagePrinter Port" "Developed using the MinGw Ibadov Tariel" "Copyright © 2007-2010 Ibadov Tariel <tariel@code-industry.net>" "c:\windows\system32\imgport.dll"
+ "LogMeIn Printer Port Monitor" "RemotelyAnywhere Printer Port Monitor" "LogMeIn, Inc." "c:\windows\system32\lmiport.dll"
+ "Nitro PDF Port Monitor" "Windows NT Nitro Print PDF Interface Driver" "Nitro PDF Software" "c:\windows\system32\nitrolocalmon2.dll"
+ "Procomm Plus Fax Port Monitor" "" "" "File not found: PW4NTMON.DLL"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "LMIRfsClientNP" "LogMeIn Virtual Disk Network" "LogMeIn, Inc." "c:\windows\system32\lmirfsclientnp.dll"
+ "PnSson" "Citrix Single Sign-on" "Citrix Systems, Inc." "c:\program files\citrix\ica client\pnsson.dll"

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:22 PM

Posted 10 October 2012 - 07:50 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users