Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Boot to PC desktop but no further


  • Please log in to reply
5 replies to this topic

#1 ocular

ocular

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 10 October 2012 - 05:13 AM

Running XP SP3, F Secure Client 9.00

About a week ago noticed occasional lock ups where clicking with mouse pointer did nothing, forced shut down with reboot would seem to sort out the problem, but now can't get past desktop screen, mouse clicks dont open icons, hour glass shows if pointer over bottom task bar.

Can boot into safe mode with networking.

so have followed log gathering advice from

this thread

all run from safe mode with networking

-----------------------------------------------
TDSSkiller log

18:18:36.0093 0432 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:18:37.0265 0432 ============================================================
18:18:37.0265 0432 Current date / time: 2012/10/10 18:18:37.0265
18:18:37.0265 0432 SystemInfo:
18:18:37.0265 0432
18:18:37.0265 0432 OS Version: 5.1.2600 ServicePack: 3.0
18:18:37.0265 0432 Product type: Workstation
18:18:37.0265 0432 ComputerName: LENOVO
18:18:37.0265 0432 UserName: Administrator
18:18:37.0265 0432 Windows directory: C:\WINDOWS
18:18:37.0265 0432 System windows directory: C:\WINDOWS
18:18:37.0265 0432 Processor architecture: Intel x86
18:18:37.0265 0432 Number of processors: 2
18:18:37.0265 0432 Page size: 0x1000
18:18:37.0265 0432 Boot type: Safe boot with network
18:18:37.0265 0432 ============================================================
18:18:39.0250 0432 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:18:39.0250 0432 ============================================================
18:18:39.0250 0432 \Device\Harddisk0\DR0:
18:18:39.0250 0432 MBR partitions:
18:18:39.0250 0432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1232017B
18:18:39.0250 0432 ============================================================
18:18:39.0296 0432 C: <-> \Device\Harddisk0\DR0\Partition1
18:18:39.0343 0432 ============================================================
18:18:39.0343 0432 Initialize success
18:18:39.0343 0432 ============================================================
18:19:04.0468 0488 ============================================================
18:19:04.0468 0488 Scan started
18:19:04.0468 0488 Mode: Manual; TDLFS;
18:19:04.0468 0488 ============================================================
18:19:05.0046 0488 ================ Scan system memory ========================
18:19:05.0046 0488 System memory - ok
18:19:05.0046 0488 ================ Scan services =============================
18:19:05.0109 0488 A2DDA - ok
18:19:05.0203 0488 Abiosdsk - ok
18:19:05.0234 0488 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:19:05.0234 0488 abp480n5 - ok
18:19:05.0265 0488 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
18:19:05.0265 0488 ac97intc - ok
18:19:05.0312 0488 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:19:05.0312 0488 ACPI - ok
18:19:05.0343 0488 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:19:05.0343 0488 ACPIEC - ok
18:19:05.0421 0488 [ BA73574247E4F3F50A19C9B09D1F759B ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
18:19:05.0437 0488 AcrSch2Svc - ok
18:19:05.0453 0488 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:19:05.0468 0488 adpu160m - ok
18:19:05.0500 0488 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:19:05.0500 0488 aec - ok
18:19:05.0515 0488 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:19:05.0515 0488 AFD - ok
18:19:05.0546 0488 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:19:05.0546 0488 agp440 - ok
18:19:05.0593 0488 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:19:05.0593 0488 agpCPQ - ok
18:19:05.0640 0488 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:19:05.0640 0488 Aha154x - ok
18:19:05.0671 0488 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:19:05.0671 0488 aic78u2 - ok
18:19:05.0687 0488 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:19:05.0687 0488 aic78xx - ok
18:19:05.0734 0488 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:19:05.0734 0488 Alerter - ok
18:19:05.0750 0488 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:19:05.0750 0488 ALG - ok
18:19:05.0781 0488 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
18:19:05.0781 0488 AliIde - ok
18:19:05.0828 0488 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:19:05.0828 0488 alim1541 - ok
18:19:05.0875 0488 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:19:05.0875 0488 amdagp - ok
18:19:05.0890 0488 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
18:19:05.0890 0488 amsint - ok
18:19:05.0968 0488 [ 40C279A23BD43553BFBA6E88A9B38AE2 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
18:19:05.0968 0488 AnyDVD - ok
18:19:06.0015 0488 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:19:06.0015 0488 Apple Mobile Device - ok
18:19:06.0062 0488 [ 0805ECF10476A091999E4D59D0DB71A2 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
18:19:06.0078 0488 Application Updater - ok
18:19:06.0125 0488 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:19:06.0125 0488 AppMgmt - ok
18:19:06.0156 0488 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
18:19:06.0156 0488 asc - ok
18:19:06.0171 0488 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:19:06.0171 0488 asc3350p - ok
18:19:06.0218 0488 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:19:06.0218 0488 asc3550 - ok
18:19:06.0343 0488 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:19:06.0375 0488 aspnet_state - ok
18:19:06.0421 0488 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:19:06.0421 0488 AsyncMac - ok
18:19:06.0453 0488 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:19:06.0453 0488 atapi - ok
18:19:06.0453 0488 Atdisk - ok
18:19:06.0484 0488 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:19:06.0500 0488 Atmarpc - ok
18:19:06.0531 0488 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:19:06.0531 0488 AudioSrv - ok
18:19:06.0562 0488 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:19:06.0562 0488 audstub - ok
18:19:06.0593 0488 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:19:06.0593 0488 Beep - ok
18:19:06.0625 0488 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:19:06.0765 0488 BITS - ok
18:19:06.0796 0488 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
18:19:06.0796 0488 Browser - ok
18:19:06.0828 0488 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:19:06.0828 0488 cbidf - ok
18:19:06.0828 0488 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:19:06.0828 0488 cbidf2k - ok
18:19:06.0890 0488 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:19:06.0890 0488 CCDECODE - ok
18:19:06.0921 0488 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:19:06.0921 0488 cd20xrnt - ok
18:19:06.0953 0488 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:19:06.0953 0488 Cdaudio - ok
18:19:06.0968 0488 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:19:06.0968 0488 Cdfs - ok
18:19:07.0000 0488 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:19:07.0000 0488 Cdrom - ok
18:19:07.0015 0488 Changer - ok
18:19:07.0046 0488 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:19:07.0046 0488 CiSvc - ok
18:19:07.0078 0488 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:19:07.0078 0488 ClipSrv - ok
18:19:07.0125 0488 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:19:07.0140 0488 clr_optimization_v2.0.50727_32 - ok
18:19:07.0171 0488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:19:07.0218 0488 clr_optimization_v4.0.30319_32 - ok
18:19:07.0265 0488 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:19:07.0265 0488 CmdIde - ok
18:19:07.0281 0488 COMSysApp - ok
18:19:07.0328 0488 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:19:07.0328 0488 Cpqarray - ok
18:19:07.0359 0488 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:19:07.0359 0488 CryptSvc - ok
18:19:07.0390 0488 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:19:07.0406 0488 dac2w2k - ok
18:19:07.0406 0488 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:19:07.0406 0488 dac960nt - ok
18:19:07.0453 0488 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:19:07.0453 0488 DcomLaunch - ok
18:19:07.0484 0488 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:19:07.0484 0488 Dhcp - ok
18:19:07.0500 0488 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:19:07.0500 0488 Disk - ok
18:19:07.0546 0488 [ 35CBC02546335EA41A5D516DA6626C8A ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
18:19:07.0546 0488 DLABOIOM - ok
18:19:07.0562 0488 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:19:07.0562 0488 DLACDBHM - ok
18:19:07.0578 0488 [ 19E3DB16DE2BB3DB81B172A78D140B03 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
18:19:07.0578 0488 DLADResN - ok
18:19:07.0593 0488 [ E4859CA5BD8412A9A60D62067A653522 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
18:19:07.0593 0488 DLAIFS_M - ok
18:19:07.0609 0488 [ 20C24A3D1CF0825487C93F806625805E ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
18:19:07.0609 0488 DLAOPIOM - ok
18:19:07.0625 0488 [ 8A530DA5DC81954BCF1966813F699B49 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
18:19:07.0625 0488 DLAPoolM - ok
18:19:07.0640 0488 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
18:19:07.0640 0488 DLARTL_N - ok
18:19:07.0656 0488 [ 7EDA68AF6A91BF64AF6F301E39928EBF ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
18:19:07.0656 0488 DLAUDFAM - ok
18:19:07.0687 0488 [ A18423BBC6D92B01FDF3C51E7510EE70 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
18:19:07.0687 0488 DLAUDF_M - ok
18:19:07.0687 0488 dmadmin - ok
18:19:07.0750 0488 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:19:07.0765 0488 dmboot - ok
18:19:07.0781 0488 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:19:07.0781 0488 dmio - ok
18:19:07.0812 0488 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:19:07.0812 0488 dmload - ok
18:19:07.0843 0488 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:19:07.0843 0488 dmserver - ok
18:19:07.0953 0488 [ 4E82A6C63AF27769D116EAB576E5357E ] DMService C:\WINDOWS\DOWNLO~1\DMService.exe
18:19:07.0953 0488 DMService - ok
18:19:08.0000 0488 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:19:08.0000 0488 DMusic - ok
18:19:08.0031 0488 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:19:08.0031 0488 Dnscache - ok
18:19:08.0062 0488 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:19:08.0078 0488 Dot3svc - ok
18:19:08.0093 0488 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:19:08.0093 0488 dpti2o - ok
18:19:08.0140 0488 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:19:08.0140 0488 drmkaud - ok
18:19:08.0156 0488 [ 48C7008D23DCFCE0D0232F49307EFCED ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:19:08.0156 0488 DRVMCDB - ok
18:19:08.0171 0488 [ 05467E44A42C777DD1534BB4539B16D1 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:19:08.0171 0488 DRVNDDM - ok
18:19:08.0218 0488 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:19:08.0218 0488 E100B - ok
18:19:08.0265 0488 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:19:08.0265 0488 EapHost - ok
18:19:08.0281 0488 [ FBA15C1DD6D7C106A3AC519D97778B7B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
18:19:08.0281 0488 ElbyCDIO - ok
18:19:08.0312 0488 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:19:08.0312 0488 ERSvc - ok
18:19:08.0328 0488 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe
18:19:08.0343 0488 Eventlog - ok
18:19:08.0359 0488 [ 19A799805B24990867B00C120D300C3A ] EventSystem C:\WINDOWS\system32\es.dll
18:19:08.0359 0488 EventSystem - ok
18:19:08.0453 0488 [ DC2FFA1CE9841C12DBC038B24FF17FF0 ] F-Secure Gatekeeper C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys
18:19:08.0453 0488 F-Secure Gatekeeper - ok
18:19:08.0500 0488 [ D8D246F6F64C8115C771589879D966BF ] F-Secure Gatekeeper Handler Starter C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
18:19:08.0500 0488 F-Secure Gatekeeper Handler Starter - ok
18:19:08.0562 0488 [ 6137A461CEA0277EF62F53DF4BADF7D0 ] F-Secure HIPS C:\Program Files\F-Secure\HIPS\drivers\fshs.sys
18:19:08.0562 0488 F-Secure HIPS - ok
18:19:08.0609 0488 [ B17FA57BB3085E0CFDF233E4DBD9B30F ] F-Secure Network Request Broker C:\Program Files\F-Secure\Common\FNRB32.EXE
18:19:08.0609 0488 F-Secure Network Request Broker - ok
18:19:08.0625 0488 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:19:08.0625 0488 Fastfat - ok
18:19:08.0656 0488 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:19:08.0656 0488 FastUserSwitchingCompatibility - ok
18:19:08.0687 0488 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:19:08.0687 0488 Fdc - ok
18:19:08.0718 0488 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:19:08.0734 0488 Fips - ok
18:19:08.0750 0488 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:19:08.0750 0488 Flpydisk - ok
18:19:08.0796 0488 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:19:08.0796 0488 FltMgr - ok
18:19:08.0843 0488 [ 18DA737DD5122A475DA4948ED4643675 ] fsbts C:\WINDOWS\system32\Drivers\fsbts.sys
18:19:08.0843 0488 fsbts - ok
18:19:08.0921 0488 [ ACCB19D7C58C4CA908904934EFC5B236 ] FSDFWD C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
18:19:08.0921 0488 FSDFWD - ok
18:19:08.0953 0488 [ 3B40B0703059461F6F739F4D88FAA6F8 ] FSFW C:\WINDOWS\system32\drivers\fsdfw.sys
18:19:08.0953 0488 FSFW - ok
18:19:09.0031 0488 [ BCA5577B0C300524BBC61CB19D89A582 ] FSMA C:\Program Files\F-Secure\Common\FSMA32.EXE
18:19:09.0031 0488 FSMA - ok
18:19:09.0093 0488 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
18:19:09.0093 0488 FSORSPClient - ok
18:19:09.0125 0488 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:19:09.0125 0488 Fs_Rec - ok
18:19:09.0140 0488 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:19:09.0140 0488 Ftdisk - ok
18:19:09.0156 0488 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:19:09.0156 0488 GEARAspiWDM - ok
18:19:09.0187 0488 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:19:09.0187 0488 Gpc - ok
18:19:09.0234 0488 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:19:09.0234 0488 gusvc - ok
18:19:09.0265 0488 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:19:09.0265 0488 HDAudBus - ok
18:19:09.0312 0488 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:19:09.0312 0488 helpsvc - ok
18:19:09.0343 0488 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:19:09.0343 0488 HidServ - ok
18:19:09.0359 0488 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:19:09.0359 0488 HidUsb - ok
18:19:09.0390 0488 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:19:09.0390 0488 hkmsvc - ok
18:19:09.0437 0488 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
18:19:09.0437 0488 hpn - ok
18:19:09.0468 0488 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:19:09.0468 0488 HTTP - ok
18:19:09.0515 0488 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:19:09.0531 0488 HTTPFilter - ok
18:19:09.0546 0488 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
18:19:09.0546 0488 i2omgmt - ok
18:19:09.0578 0488 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:19:09.0578 0488 i2omp - ok
18:19:09.0593 0488 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:19:09.0593 0488 i8042prt - ok
18:19:09.0718 0488 [ 42CAA789A21014AA809A8FF59B3CCFD9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:19:09.0796 0488 ialm - ok
18:19:09.0843 0488 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:19:09.0859 0488 iaStor - ok
18:19:09.0859 0488 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:19:09.0875 0488 Imapi - ok
18:19:09.0906 0488 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:19:09.0906 0488 ImapiService - ok
18:19:09.0937 0488 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:19:09.0937 0488 ini910u - ok
18:19:10.0046 0488 [ 1288FA08506E2053D0905E19BFA3DF7B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:19:10.0109 0488 IntcAzAudAddService - ok
18:19:10.0140 0488 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:19:10.0140 0488 IntelIde - ok
18:19:10.0156 0488 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:19:10.0156 0488 intelppm - ok
18:19:10.0187 0488 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:19:10.0187 0488 Ip6Fw - ok
18:19:10.0218 0488 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:19:10.0218 0488 IpFilterDriver - ok
18:19:10.0234 0488 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:19:10.0234 0488 IpInIp - ok
18:19:10.0265 0488 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:19:10.0281 0488 IpNat - ok
18:19:10.0328 0488 [ CA9D4B998BFF311A539604ED87318FA0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:19:10.0343 0488 iPod Service - ok
18:19:10.0359 0488 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:19:10.0359 0488 IPSec - ok
18:19:10.0375 0488 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:19:10.0375 0488 IRENUM - ok
18:19:10.0406 0488 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:19:10.0406 0488 isapnp - ok
18:19:10.0437 0488 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
18:19:10.0437 0488 Iviaspi - ok
18:19:10.0484 0488 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:19:10.0484 0488 IviRegMgr - ok
18:19:10.0546 0488 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:19:10.0546 0488 JavaQuickStarterService - ok
18:19:10.0578 0488 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:19:10.0578 0488 Kbdclass - ok
18:19:10.0593 0488 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:19:10.0593 0488 kbdhid - ok
18:19:10.0609 0488 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:19:10.0609 0488 kmixer - ok
18:19:10.0640 0488 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:19:10.0640 0488 KSecDD - ok
18:19:10.0671 0488 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:19:10.0671 0488 lanmanserver - ok
18:19:10.0687 0488 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:19:10.0703 0488 lanmanworkstation - ok
18:19:10.0703 0488 lbrtfdc - ok
18:19:10.0750 0488 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:19:10.0750 0488 LmHosts - ok
18:19:10.0781 0488 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:19:10.0781 0488 MBAMProtector - ok
18:19:10.0843 0488 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:19:10.0843 0488 MBAMScheduler - ok
18:19:10.0906 0488 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:19:10.0921 0488 MBAMService - ok
18:19:10.0937 0488 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:19:10.0937 0488 Messenger - ok
18:19:10.0984 0488 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:19:10.0984 0488 mnmdd - ok
18:19:11.0000 0488 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:19:11.0015 0488 mnmsrvc - ok
18:19:11.0031 0488 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:19:11.0031 0488 Modem - ok
18:19:11.0046 0488 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:19:11.0046 0488 Mouclass - ok
18:19:11.0078 0488 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:19:11.0078 0488 mouhid - ok
18:19:11.0109 0488 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:19:11.0109 0488 MountMgr - ok
18:19:11.0140 0488 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:19:11.0140 0488 mraid35x - ok
18:19:11.0156 0488 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:19:11.0156 0488 MRxDAV - ok
18:19:11.0171 0488 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:19:11.0171 0488 MRxSmb - ok
18:19:11.0187 0488 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:19:11.0203 0488 MSDTC - ok
18:19:11.0218 0488 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:19:11.0218 0488 Msfs - ok
18:19:11.0234 0488 MSIServer - ok
18:19:11.0265 0488 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:19:11.0265 0488 MSKSSRV - ok
18:19:11.0281 0488 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:19:11.0281 0488 MSPCLOCK - ok
18:19:11.0296 0488 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:19:11.0296 0488 MSPQM - ok
18:19:11.0312 0488 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:19:11.0312 0488 mssmbios - ok
18:19:11.0359 0488 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:19:11.0359 0488 MSTEE - ok
18:19:11.0390 0488 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:19:11.0390 0488 Mup - ok
18:19:11.0437 0488 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:19:11.0437 0488 NABTSFEC - ok
18:19:11.0484 0488 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:19:11.0500 0488 napagent - ok
18:19:11.0515 0488 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:19:11.0515 0488 NDIS - ok
18:19:11.0531 0488 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:19:11.0531 0488 NdisIP - ok
18:19:11.0546 0488 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:19:11.0546 0488 NdisTapi - ok
18:19:11.0578 0488 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:19:11.0578 0488 Ndisuio - ok
18:19:11.0609 0488 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:19:11.0609 0488 NdisWan - ok
18:19:11.0625 0488 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:19:11.0625 0488 NDProxy - ok
18:19:11.0640 0488 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:19:11.0640 0488 NetBIOS - ok
18:19:11.0656 0488 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:19:11.0656 0488 NetBT - ok
18:19:11.0687 0488 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:19:11.0687 0488 NetDDE - ok
18:19:11.0703 0488 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:19:11.0703 0488 NetDDEdsdm - ok
18:19:11.0734 0488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:19:11.0734 0488 Netlogon - ok
18:19:11.0781 0488 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:19:11.0781 0488 Netman - ok
18:19:11.0843 0488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:19:11.0875 0488 NetTcpPortSharing - ok
18:19:11.0906 0488 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla C:\WINDOWS\System32\mswsock.dll
18:19:11.0906 0488 Nla - ok
18:19:11.0953 0488 [ EF7A048FE8E3F102C78C9BD7C448BB6C ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
18:19:11.0953 0488 nosGetPlusHelper - ok
18:19:12.0015 0488 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:19:12.0015 0488 Npfs - ok
18:19:12.0046 0488 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:19:12.0062 0488 Ntfs - ok
18:19:12.0093 0488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:19:12.0093 0488 NtLmSsp - ok
18:19:12.0125 0488 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:19:12.0140 0488 NtmsSvc - ok
18:19:12.0156 0488 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:19:12.0156 0488 Null - ok
18:19:12.0218 0488 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:19:12.0250 0488 nv - ok
18:19:12.0281 0488 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:19:12.0281 0488 NwlnkFlt - ok
18:19:12.0296 0488 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:19:12.0296 0488 NwlnkFwd - ok
18:19:12.0390 0488 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:19:12.0406 0488 odserv - ok
18:19:12.0437 0488 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:19:12.0453 0488 ose - ok
18:19:12.0484 0488 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:19:12.0484 0488 Parport - ok
18:19:12.0500 0488 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:19:12.0500 0488 PartMgr - ok
18:19:12.0515 0488 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:19:12.0515 0488 ParVdm - ok
18:19:12.0546 0488 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:19:12.0546 0488 PCI - ok
18:19:12.0562 0488 PCIDump - ok
18:19:12.0578 0488 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:19:12.0578 0488 PCIIde - ok
18:19:12.0609 0488 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:19:12.0609 0488 Pcmcia - ok
18:19:12.0609 0488 PDCOMP - ok
18:19:12.0625 0488 PDFRAME - ok
18:19:12.0640 0488 PDRELI - ok
18:19:12.0656 0488 PDRFRAME - ok
18:19:12.0687 0488 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
18:19:12.0687 0488 perc2 - ok
18:19:12.0703 0488 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:19:12.0703 0488 perc2hib - ok
18:19:12.0781 0488 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] PIEUsb C:\WINDOWS\system32\Drivers\usbscan.sys
18:19:12.0781 0488 PIEUsb - ok
18:19:12.0796 0488 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe
18:19:12.0796 0488 PlugPlay - ok
18:19:12.0828 0488 [ DEDEF40E1D05842639491365CB2C069E ] pmem C:\WINDOWS\System32\drivers\pmemnt.sys
18:19:12.0828 0488 pmem - ok
18:19:12.0843 0488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:19:12.0843 0488 PolicyAgent - ok
18:19:12.0890 0488 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:19:12.0890 0488 PptpMiniport - ok
18:19:12.0906 0488 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:19:12.0906 0488 Processor - ok
18:19:12.0921 0488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:19:12.0921 0488 ProtectedStorage - ok
18:19:12.0953 0488 [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
18:19:12.0953 0488 psadd - ok
18:19:12.0968 0488 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:19:12.0968 0488 PSched - ok
18:19:13.0031 0488 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:19:13.0031 0488 PSI_SVC_2 - ok
18:19:13.0062 0488 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:19:13.0062 0488 Ptilink - ok
18:19:13.0125 0488 [ 5039A4F67F781E03B79A4FD0CAE27FC8 ] PVUSB C:\WINDOWS\system32\DRIVERS\CESG502.sys
18:19:13.0125 0488 PVUSB - ok
18:19:13.0156 0488 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:19:13.0156 0488 PxHelp20 - ok
18:19:13.0171 0488 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:19:13.0171 0488 ql1080 - ok
18:19:13.0187 0488 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:19:13.0187 0488 Ql10wnt - ok
18:19:13.0234 0488 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:19:13.0234 0488 ql12160 - ok
18:19:13.0250 0488 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:19:13.0250 0488 ql1240 - ok
18:19:13.0250 0488 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:19:13.0250 0488 ql1280 - ok
18:19:13.0281 0488 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:19:13.0281 0488 RasAcd - ok
18:19:13.0312 0488 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:19:13.0328 0488 RasAuto - ok
18:19:13.0343 0488 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:19:13.0343 0488 Rasl2tp - ok
18:19:13.0375 0488 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:19:13.0375 0488 RasMan - ok
18:19:13.0390 0488 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:19:13.0390 0488 RasPppoe - ok
18:19:13.0406 0488 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:19:13.0406 0488 Raspti - ok
18:19:13.0421 0488 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:19:13.0437 0488 Rdbss - ok
18:19:13.0437 0488 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:19:13.0437 0488 RDPCDD - ok
18:19:13.0468 0488 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:19:13.0468 0488 rdpdr - ok
18:19:13.0500 0488 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:19:13.0500 0488 RDPWD - ok
18:19:13.0531 0488 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:19:13.0531 0488 RDSessMgr - ok
18:19:13.0546 0488 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:19:13.0546 0488 redbook - ok
18:19:13.0578 0488 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:19:13.0578 0488 RemoteAccess - ok
18:19:13.0625 0488 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:19:13.0625 0488 RemoteRegistry - ok
18:19:13.0625 0488 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:19:13.0625 0488 RpcLocator - ok
18:19:13.0656 0488 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:19:13.0656 0488 RpcSs - ok
18:19:13.0687 0488 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:19:13.0687 0488 RSVP - ok
18:19:13.0703 0488 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:19:13.0703 0488 SamSs - ok
18:19:13.0718 0488 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:19:13.0718 0488 SCardSvr - ok
18:19:13.0750 0488 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:19:13.0750 0488 Schedule - ok
18:19:13.0796 0488 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:19:13.0796 0488 Secdrv - ok
18:19:13.0859 0488 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:19:13.0859 0488 seclogon - ok
18:19:13.0906 0488 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:19:13.0906 0488 SENS - ok
18:19:13.0937 0488 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:19:13.0937 0488 serenum - ok
18:19:13.0953 0488 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:19:13.0953 0488 Serial - ok
18:19:13.0984 0488 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:19:13.0984 0488 Sfloppy - ok
18:19:14.0031 0488 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:19:14.0031 0488 SharedAccess - ok
18:19:14.0046 0488 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:19:14.0046 0488 ShellHWDetection - ok
18:19:14.0046 0488 Simbad - ok
18:19:14.0093 0488 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:19:14.0093 0488 sisagp - ok
18:19:14.0140 0488 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:19:14.0140 0488 SLIP - ok
18:19:14.0187 0488 [ 5CE1CF27620B144E212D407CDB14D339 ] snapman380 C:\WINDOWS\system32\DRIVERS\snman380.sys
18:19:14.0187 0488 snapman380 - ok
18:19:14.0218 0488 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:19:14.0218 0488 Sparrow - ok
18:19:14.0250 0488 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:19:14.0250 0488 splitter - ok
18:19:14.0281 0488 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:19:14.0281 0488 Spooler - ok
18:19:14.0281 0488 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:19:14.0296 0488 sr - ok
18:19:14.0328 0488 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:19:14.0328 0488 srservice - ok
18:19:14.0343 0488 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:19:14.0343 0488 Srv - ok
18:19:14.0375 0488 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:19:14.0375 0488 SSDPSRV - ok
18:19:14.0421 0488 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:19:14.0421 0488 stisvc - ok
18:19:14.0437 0488 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:19:14.0437 0488 streamip - ok
18:19:14.0468 0488 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:19:14.0468 0488 swenum - ok
18:19:14.0484 0488 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:19:14.0484 0488 swmidi - ok
18:19:14.0500 0488 SwPrv - ok
18:19:14.0562 0488 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
18:19:14.0562 0488 symc810 - ok
18:19:14.0578 0488 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:19:14.0578 0488 symc8xx - ok
18:19:14.0593 0488 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:19:14.0593 0488 sym_hi - ok
18:19:14.0609 0488 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:19:14.0609 0488 sym_u3 - ok
18:19:14.0625 0488 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:19:14.0625 0488 sysaudio - ok
18:19:14.0671 0488 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:19:14.0671 0488 SysmonLog - ok
18:19:14.0703 0488 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:19:14.0703 0488 TapiSrv - ok
18:19:14.0734 0488 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:19:14.0750 0488 Tcpip - ok
18:19:14.0781 0488 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:19:14.0781 0488 TDPIPE - ok
18:19:14.0828 0488 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:19:14.0828 0488 TDTCP - ok
18:19:14.0859 0488 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:19:14.0859 0488 TermDD - ok
18:19:14.0890 0488 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:19:14.0890 0488 TermService - ok
18:19:14.0937 0488 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:19:14.0937 0488 Themes - ok
18:19:15.0015 0488 [ D04402CD654AF1058AD9A82B73AD67C8 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
18:19:15.0031 0488 ThinkVantage Registry Monitor Service - ok
18:19:15.0109 0488 [ A1124EBC672AA3AE1B327096C1DCC346 ] TIEHDUSB C:\WINDOWS\system32\drivers\tiehdusb.sys
18:19:15.0109 0488 TIEHDUSB - ok
18:19:15.0171 0488 [ E52011FFE8E8947078AC797DF216E5A6 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
18:19:15.0171 0488 tifsfilter - ok
18:19:15.0187 0488 [ F644B9EBA05806EB5D6F2A8716CE0EEE ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
18:19:15.0187 0488 timounter - ok
18:19:15.0234 0488 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:19:15.0234 0488 TlntSvr - ok
18:19:15.0281 0488 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
18:19:15.0281 0488 TosIde - ok
18:19:15.0296 0488 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:19:15.0296 0488 TrkWks - ok
18:19:15.0343 0488 [ EAC42DF153B85C33621788B49CE58287 ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
18:19:15.0343 0488 TVT Backup Protection Service - ok
18:19:15.0390 0488 [ 57485259D6E558228EAE711890119D05 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
18:19:15.0406 0488 TVT Backup Service - ok
18:19:15.0437 0488 [ BBD79E6250B39B385030F17343365877 ] TVT Scheduler C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
18:19:15.0453 0488 TVT Scheduler - ok
18:19:15.0484 0488 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
18:19:15.0484 0488 tvtfilter - ok
18:19:15.0531 0488 [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
18:19:15.0531 0488 TVTI2C - ok
18:19:15.0546 0488 [ 2E72C66682E9274C97AE3F5A57C2FA33 ] tvtnetwk C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
18:19:15.0546 0488 tvtnetwk - ok
18:19:15.0562 0488 TVTPktFilter - ok
18:19:15.0609 0488 [ E212CD75C7558450C0890710F892084C ] uagqecsvc C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
18:19:15.0609 0488 uagqecsvc - ok
18:19:15.0625 0488 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:19:15.0625 0488 Udfs - ok
18:19:15.0671 0488 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
18:19:15.0671 0488 ultra - ok
18:19:15.0703 0488 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:19:15.0703 0488 Update - ok
18:19:15.0734 0488 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:19:15.0734 0488 upnphost - ok
18:19:15.0781 0488 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:19:15.0781 0488 UPS - ok
18:19:15.0812 0488 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
18:19:15.0812 0488 USBAAPL - ok
18:19:15.0859 0488 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:19:15.0859 0488 usbaudio - ok
18:19:15.0906 0488 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:19:15.0906 0488 usbccgp - ok
18:19:15.0953 0488 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:19:15.0953 0488 usbehci - ok
18:19:15.0968 0488 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:19:15.0968 0488 usbhub - ok
18:19:16.0015 0488 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:19:16.0015 0488 usbprint - ok
18:19:16.0031 0488 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:19:16.0031 0488 usbscan - ok
18:19:16.0062 0488 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:19:16.0062 0488 USBSTOR - ok
18:19:16.0078 0488 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:19:16.0078 0488 usbuhci - ok
18:19:16.0109 0488 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
18:19:16.0109 0488 usbvideo - ok
18:19:16.0125 0488 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
18:19:16.0125 0488 usb_rndisx - ok
18:19:16.0171 0488 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:19:16.0171 0488 VgaSave - ok
18:19:16.0187 0488 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:19:16.0187 0488 viaagp - ok
18:19:16.0218 0488 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
18:19:16.0218 0488 ViaIde - ok
18:19:16.0343 0488 [ E2DB8094603D28D88577A0C89B5121FE ] Vodafone Mobile Broadband QuickStart C:\Documents and Settings\All Users\Application Data\MobileBroadbandQuickStartService\VMBQuickStartService.exe
18:19:16.0343 0488 Vodafone Mobile Broadband QuickStart - ok
18:19:16.0375 0488 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:19:16.0375 0488 VolSnap - ok
18:19:16.0406 0488 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:19:16.0406 0488 VSS - ok
18:19:16.0421 0488 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:19:16.0421 0488 W32Time - ok
18:19:16.0453 0488 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:19:16.0453 0488 Wanarp - ok
18:19:16.0468 0488 WDICA - ok
18:19:16.0484 0488 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:19:16.0484 0488 wdmaud - ok
18:19:16.0515 0488 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:19:16.0515 0488 WebClient - ok
18:19:16.0578 0488 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:19:16.0593 0488 winmgmt - ok
18:19:16.0687 0488 [ CD99C9FEAE87C1963273F6B150251E33 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
18:19:16.0703 0488 WMConnectCDS - ok
18:19:16.0734 0488 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:19:16.0734 0488 WmdmPmSN - ok
18:19:16.0765 0488 [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:19:16.0781 0488 Wmi - ok
18:19:16.0828 0488 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:19:16.0828 0488 WmiApSrv - ok
18:19:16.0890 0488 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:19:16.0921 0488 WPFFontCache_v0400 - ok
18:19:16.0968 0488 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:19:16.0968 0488 wscsvc - ok
18:19:17.0000 0488 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:19:17.0000 0488 WSTCODEC - ok
18:19:17.0031 0488 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:19:17.0031 0488 wuauserv - ok
18:19:17.0062 0488 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:19:17.0078 0488 WudfPf - ok
18:19:17.0093 0488 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:19:17.0093 0488 WudfRd - ok
18:19:17.0125 0488 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:19:17.0125 0488 WudfSvc - ok
18:19:17.0156 0488 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:19:17.0171 0488 WZCSVC - ok
18:19:17.0203 0488 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:19:17.0265 0488 xmlprov - ok
18:19:17.0296 0488 [ F44F7F71B3C84F8EE96C3BFD3915C25F ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:19:17.0296 0488 yukonwxp - ok
18:19:17.0343 0488 ================ Scan global ===============================
18:19:17.0359 0488 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:19:17.0375 0488 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
18:19:17.0390 0488 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
18:19:17.0406 0488 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
18:19:17.0406 0488 [Global] - ok
18:19:17.0406 0488 ================ Scan MBR ==================================
18:19:17.0421 0488 [ 16FD4D8518979B9B9439C260461FC18F ] \Device\Harddisk0\DR0
18:19:18.0296 0488 \Device\Harddisk0\DR0 - ok
18:19:18.0296 0488 ================ Scan VBR ==================================
18:19:18.0312 0488 [ FEDCBCBA32886AECD7975F29F1F8AD5A ] \Device\Harddisk0\DR0\Partition1
18:19:18.0312 0488 \Device\Harddisk0\DR0\Partition1 - ok
18:19:18.0312 0488 ============================================================
18:19:18.0312 0488 Scan finished
18:19:18.0312 0488 ============================================================
18:19:18.0343 0476 Detected object count: 0
18:19:18.0343 0476 Actual detected object count: 0
18:20:39.0828 0392 Deinitialize success
--------------------------------

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-10 18:20:50
-----------------------------
18:20:50.953 OS Version: Windows 5.1.2600 Service Pack 3
18:20:50.953 Number of processors: 2 586 0x1706
18:20:50.953 ComputerName: LENOVO UserName:
18:20:51.453 Initialize success
18:31:40.843 AVAST engine defs: 12100901
18:31:51.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
18:31:51.859 Disk 0 Vendor: WDC_WD1600AAJS-08B4A0 01.03A01 Size: 152627MB BusType: 3
18:31:51.890 Disk 0 MBR read successfully
18:31:51.890 Disk 0 MBR scan
18:31:51.953 Disk 0 unknown MBR code
18:31:51.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149056 MB offset 63
18:31:52.000 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 3563 MB offset 305281024
18:31:52.015 Disk 0 scanning sectors +312578048
18:31:52.093 Disk 0 scanning C:\WINDOWS\system32\drivers
18:32:01.218 Service scanning
18:32:15.921 Modules scanning
18:32:19.312 Disk 0 trace - called modules:
18:32:19.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:32:19.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a968ab8]
18:32:19.390 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a9eb9e8]
18:32:19.421 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a9ebd98]
18:32:20.218 AVAST engine scan C:\WINDOWS
18:32:27.953 AVAST engine scan C:\WINDOWS\system32
18:34:23.484 AVAST engine scan C:\WINDOWS\system32\drivers
18:34:39.953 AVAST engine scan C:\Documents and Settings\Administrator
18:34:56.437 AVAST engine scan C:\Documents and Settings\All Users
18:36:03.171 Scan finished successfully
18:40:46.171 Disk 0 MBR has been saved successfully to "C:\bleep\MBR.dat"
18:40:46.187 The log file has been saved successfully to "C:\bleep\aswMBR.txt"

-----------------------------------

ESET online scanner "No threats found"

-------------------------------------

I can do a selective startup via msconfig into "normal" mode if I do the following

in safe mode, click on start, on the search field, type in msconfig and hit enter, on the msconfig window, choose selective start-up and uncheck load start up items, now click on the services tab, put a check on the "hide all microsoft services", then click on disable all, click ok and restart the pc,

that means there is something in the startup process that is bad.

thanks

Edited by ocular, 10 October 2012 - 07:00 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:35 AM

Posted 10 October 2012 - 07:53 AM

So does clean boot help you boot into normal mode?

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.



Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#3 ocular

ocular
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 11 October 2012 - 06:14 AM

yeah interestingly after I changed the msconfig to a selective startup I was able to get my mouse to open icons when booted into "selective startup" normal mode bootup and then went thru and enabled the obvious startup items leaving the less recognizable startup items and everything seemed to work,

then went back to a non selective bootup mode and was able to boot normally with the mouse working and programs and icons opening up. haven't noticed any abnormal behaviour, so i ran malwarebytes, minitoolbox,autoruns, rkill from normal mode.

Seems strange that just fiddling with msconfig and then setting it back to what it was has got the computer going again. (realising the malware is still there)

Notice RKill terminated some strange processes.

------------------------------------------------
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.10.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Master :: LENOVO [administrator]

11/10/2012 6:56:05 AM
mbam-log-2012-10-11 (06-56-05).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 331871
Time elapsed: 54 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
------------------------------------------------


MiniToolBox by Farbar Version: 23-07-2012
Ran by Master (administrator) on 11-10-2012 at 12:27:44
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.1.107 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.1.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=192.168.1.1 register=PRIMARY
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : LENOVO

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller

Physical Address. . . . . . . . . : 00-1C-25-D7-72-2B

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.107

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.237.33, 74.125.237.34, 74.125.237.35, 74.125.237.36
74.125.237.37, 74.125.237.38, 74.125.237.39, 74.125.237.40, 74.125.237.41
74.125.237.46, 74.125.237.32



Pinging google.com [74.125.237.32] with 32 bytes of data:



Reply from 74.125.237.32: bytes=32 time=39ms TTL=57

Reply from 74.125.237.32: bytes=32 time=39ms TTL=57



Ping statistics for 74.125.237.32:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms, Maximum = 39ms, Average = 39ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=253ms TTL=45

Reply from 98.138.253.109: bytes=32 time=276ms TTL=44



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 253ms, Maximum = 276ms, Average = 264ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c 25 d7 72 2b ...... Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.107 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.107 192.168.1.107 10
192.168.1.107 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.107 192.168.1.107 10
224.0.0.0 240.0.0.0 192.168.1.107 192.168.1.107 10
255.255.255.255 255.255.255.255 192.168.1.107 192.168.1.107 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (10/11/2012 00:15:29 PM) (Source: Service Control Manager) (User: )
Description: The Single Frame Film Scanner service failed to start due to the following error:
%%1058

Error: (10/11/2012 06:54:50 AM) (Source: Service Control Manager) (User: )
Description: The Single Frame Film Scanner service failed to start due to the following error:
%%1058

Error: (10/10/2012 09:58:44 PM) (Source: DCOM) (User: LENOVO)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (10/10/2012 09:58:36 PM) (Source: Service Control Manager) (User: )
Description: The Single Frame Film Scanner service failed to start due to the following error:
%%1058

Error: (10/10/2012 09:56:23 PM) (Source: DCOM) (User: LENOVO)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (10/10/2012 09:56:15 PM) (Source: Service Control Manager) (User: )
Description: The Single Frame Film Scanner service failed to start due to the following error:
%%1058

Error: (10/10/2012 09:44:28 PM) (Source: DCOM) (User: LENOVO)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (10/10/2012 09:44:20 PM) (Source: Service Control Manager) (User: )
Description: The Single Frame Film Scanner service failed to start due to the following error:
%%1058

Error: (10/10/2012 09:36:33 PM) (Source: DCOM) (User: LENOVO)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (10/10/2012 09:36:29 PM) (Source: Service Control Manager) (User: )
Description: The Single Frame Film Scanner service failed to start due to the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (07/16/2012 08:26:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 126307 seconds with 2760 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20
Acronis True Image Echo Enterprise Server (Version: 9.7.8206)
Adobe Download Manager (Version: 1.6.2.90)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.14)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
AnyDVD (Version: 6.7.5.0)
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
Audiograbber 1.83 SE (Version: 1.83 SE )
Canon PIXMA iP3000
CD-LabelPrint
ClassPad Manager v3 Professional (30 Day Trial) (Version: 3.04.5010.2160)
ClassPad Screen Capture (Single License) (Version: 1.01.0000)
Contents (Version: 15.0.0.258)
Corel VideoStudio Ultimate X5 (Version: 15.0.0.258)
CyberView X - SF v1.30 (build 20110526) (Version: 1.30.000)
DataStudio (Version: 1.9.8.3)
ESET Online Scanner v3
F-Secure Browsing Protection
F-Secure Client Security - DeepGuard
F-Secure Client Security - E-Mail Scanning
F-Secure Client Security - Internet Shield
F-Secure Client Security - Virus & Spy Protection
F-Secure Client Security - Web Traffic Scanning
F-Secure PSC Prerequisites (Version: 1.0.6)
FastStone Capture 5.3 (Version: 5.3)
FIFA 07
FormatFactory 2.90 (Version: 2.90)
GrabIt 1.7.2 Beta 6 (build 1008)
H.264 Encoder
HD Writer AE 3.0 (Version: 3.00.019.1033)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
ICA (Version: 15.0.0.258)
ImgBurn (Version: 2.5.5.0)
ImTOO DVD Creator (Version: 7.0.3.1214)
ImTOO DVD Ripper Ultimate 6 (Version: 6.0.9.0806)
Intel® Graphics Media Accelerator Driver
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1268)
InterVideo WinDVD Creator 3 (Version: 3.0.01.231)
IPM_VS_Pro (Version: 15.0)
ISCOM (Version: 15.0.0.258)
iTunes (Version: 10.2.2.12)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Marvell Miniport Driver (Version: 10.60.6.3)
MediaInfo 0.7.54 (Version: 0.7.54)
MediaMonkey 3.2 (Version: 3.2)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft ActiveSync (Version: 4.5.5096.0)
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mouse Suite
Mozilla Firefox 10.0.2 (x86 en-GB) (Version: 10.0.2)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MYOB Accounting Plus v18 ED (Version: 18.0.0)
MYOB ODBC Direct v8 AUS (Version: 8.0.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF-Viewer (Version: 2.0.55.0)
pdfFactory Pro
Photo Story 3 for Windows (Version: 3.0.1115.11)
Picasa 3 (Version: 3.8)
Pismo File Mount Audit Package
Presenter version 3.0.0.14 (Version: 3.0.0.14)
Program-Link FA-CP1 (Single License) (Version: 1.0.3.0)
Project64 1.6 (Version: 1.6)
QuickTime (Version: 7.69.80.9)
Radmin Viewer 3.4 (Version: 3.41.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5499)
RecordNow Audio (Version: 2.0.4)
RecordNow Copy (Version: 2.0.4)
RecordNow Data (Version: 2.0.4)
Remove Multimedia Center
Rescue and Recovery (Version: 4.10.0314.00)
SABnzbd 0.6.10 (Version: 0.6.10)
Setup (Version: 15.0.0.258)
Share (Version: 15.0.0.258)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.6)
SolveigMM AVI Trimmer (Version: 2.0.1203.13)
Sonic DLA (Version: 5.2.0)
Sonic Express Labeler (Version: 2.1.0)
Sonic Icons for Lenovo (Version: 1.0.2)
Sonic Update Manager (Version: 3.0.0)
Splash PRO (Version: 1.12.2)
The KMPlayer (remove only)
TI Connect 1.6 (Version: 1.6)
Total Commander (Remove or Repair) (Version: 8.0)
TreeDBNotes Pro 3
TreeSize Professional 5.3.2 (Version: 5.3.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
VC 9.0 Runtime (Version: 1.0.0)
VideoPoint Physics Fundamentals 1.0
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM (Version: 8.0.50727.762)
VLC media player 1.1.9 (Version: 1.1.9)
Vodafone QuickStart Uninstaller (Version: 22.10.2.5011)
VoiceOver Kit (Version: 1.40.128.0)
VSClassic (Version: 15.0.0.258)
VSHelp (Version: 15.0.0.258)
VSUltimate (Version: 15.0.0.258)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - PASCO Scientific (PASCO) USB (01/17/2004 1.9.0.0) (Version: 01/17/2004 1.9.0.0)
Windows Driver Package - PIE Image 10/22/2002 1.1.1 (Version: 1.1.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Toolbar (Version: 03.01.0130)
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinSCP 5.0.5 beta (Version: 5.0.5 beta)
Xilisoft PowerPoint to Video Converter (Version: 1.0.2.1218)
XMedia Recode 3.0.7.6 (Version: 3.0.7.6)
XviD4PSP 6.0 (Version: 6.0)
YouTube Downloader 3.4
YTD Toolbar v6.2 (Version: 6.2)

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 2038.17 MB
Available physical RAM: 1213.45 MB
Total Pagefile: 3930.51 MB
Available Pagefile: 3220.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.23 MB

========================= Partitions: =====================================

1 Drive c: (Preload) (Fixed) (Total:145.56 GB) (Free:23.25 GB) NTFS
3 Drive y: (Volume_1) (Network) (Total:914.43 GB) (Free:413.94 GB) NTFS
4 Drive z: (Public) (Network) (Total:915.42 GB) (Free:4.77 GB) NTFS

========================= Users: ========================================

User accounts for \\LENOVO

Administrator ASPNET Guest
HelpAssistant Master SUPPORT_388945a0

========================= Restore Points ==================================

22-08-2012 08:28:24 System Checkpoint
23-08-2012 09:06:22 System Checkpoint
24-08-2012 09:28:03 System Checkpoint
25-08-2012 10:25:48 System Checkpoint
26-08-2012 12:39:01 System Checkpoint
27-08-2012 13:05:12 System Checkpoint
28-08-2012 14:05:12 System Checkpoint
29-08-2012 15:05:13 System Checkpoint
30-08-2012 16:05:13 System Checkpoint
31-08-2012 17:05:13 System Checkpoint
01-09-2012 17:05:26 System Checkpoint
02-09-2012 18:05:26 System Checkpoint
03-09-2012 19:05:27 System Checkpoint
05-09-2012 07:24:52 System Checkpoint
06-09-2012 07:47:11 System Checkpoint
07-09-2012 09:02:04 System Checkpoint
08-09-2012 09:47:12 System Checkpoint
09-09-2012 10:15:43 System Checkpoint
10-09-2012 10:47:12 System Checkpoint
11-09-2012 11:48:17 System Checkpoint
12-09-2012 12:47:14 System Checkpoint
13-09-2012 13:47:15 System Checkpoint
14-09-2012 14:47:13 System Checkpoint
15-09-2012 14:47:36 System Checkpoint
16-09-2012 15:47:39 System Checkpoint
17-09-2012 16:47:38 System Checkpoint
18-09-2012 17:47:38 System Checkpoint
19-09-2012 18:47:39 System Checkpoint
20-09-2012 19:36:56 System Checkpoint
21-09-2012 20:36:55 System Checkpoint
22-09-2012 21:36:55 System Checkpoint
23-09-2012 22:38:00 System Checkpoint
25-09-2012 00:09:34 System Checkpoint
25-09-2012 06:18:26 Removed Splash Lite
25-09-2012 06:22:38 Installed Splash PRO
25-09-2012 08:46:26 Unsigned driver install
25-09-2012 09:20:05 Installed CyberView X - SF v1.30 (build 20110526)
25-09-2012 09:21:15 Unsigned driver install
25-09-2012 20:57:11 Removed HD Writer AE 3.0
25-09-2012 21:00:08 Removed CyberView X - SF v1.30 (build 20110526)
26-09-2012 00:10:08 Installed HD Writer AE 3.0
30-09-2012 08:24:12 Installed CyberView X - SF v1.30 (build 20110526)
30-09-2012 08:24:58 Unsigned driver install
01-10-2012 09:23:44 System Checkpoint
02-10-2012 10:23:43 System Checkpoint
03-10-2012 11:07:08 System Checkpoint
04-10-2012 04:36:42 Installed Vodafone QuickStart Uninstaller
04-10-2012 04:37:39 Installed Vodafone QuickStart Uninstaller
04-10-2012 04:38:15 Installed Windows XP KB959765.
05-10-2012 04:42:29 System Checkpoint
06-10-2012 05:42:29 System Checkpoint
07-10-2012 06:42:29 System Checkpoint
08-10-2012 07:43:34 System Checkpoint
08-10-2012 14:08:14 Restore Operation
10-10-2012 12:34:26 System Checkpoint

**** End of log ****
==============================================

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/11/2012 03:29:33 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\ICO.EXE (PID: 2776) [WD-HEUR]
* C:\WINDOWS\System32\DLA\DLACTRLW.EXE (PID: 2840) [WD-HEUR]
* C:\WINDOWS\system32\FSRremoS.EXE (PID: 3396) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/11/2012 03:30:39 PM
Execution time: 0 hours(s), 1 minute(s), and 5 seconds(s)
---------------------------------------------------------------------

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acronis Scheduler2 Service" "Acronis Scheduler Helper" "Acronis" "c:\program files\common files\acronis\schedule2\schedhlp.exe"
+ "AcronisTimounterMonitor" "Monitor for Acronis True Image Backup Archive Explorer" "Acronis" "c:\program files\acronis\trueimageechoenterpriseserver\timountermonitor.exe"
+ "Alcmtr" "Realtek Azalia Audio - Event Monitor" "Realtek Semiconductor Corp." "c:\windows\alcmtr.exe"
+ "DLA" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\dlactrlw.exe"
+ "F-Secure Manager" "F-Secure Settings and Statistics" "F-Secure Corporation" "c:\program files\f-secure\common\fsm32.exe"
+ "F-Secure TNB" "TNBUtil" "F-Secure Corporation" "c:\program files\f-secure\fsgui\tnbutil.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "ISUSPM Startup" "InstallShield Update Service Update Manager" "InstallShield Software Corporation" "c:\program files\common files\installshield\updateservice\isuspm.exe"
+ "ISUSScheduler" "InstallShield Update Service Scheduler" "InstallShield Software Corporation" "c:\program files\common files\installshield\updateservice\issch.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Mouse Suite 98 Daemon" "Mouse Suite 98 Daemon" "Primax Electronics Ltd." "c:\windows\system32\ico.exe"
+ "pdfFactory Pro Dispatcher v3" "pdfFactory" "FinePrint Software, LLC" "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "TrueImageMonitor.exe" "Acronis True Image Monitor" "Acronis" "c:\program files\acronis\trueimageechoenterpriseserver\trueimagemonitor.exe"
+ "TVT Scheduler Proxy" "scheduler_proxy Application" "Lenovo Group Limited" "c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "HD Writer.lnk" "" "Panasonic Corporation" "c:\program files\common files\panasonic\hd writer autostart\hdwriterautostart.exe"
+ "PASPortal.lnk" "InstallShield" "Macrovision Corporation" "c:\windows\installer\{ed6f9373-de63-4e95-b751-b7d750a26382}\newshortcut1.exe"
"C:\Documents and Settings\Master\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2007 Screen Clipper and Launcher.lnk" "Microsoft Office OneNote Quick Launcher" "Microsoft Corporation" "c:\program files\microsoft office\office12\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "H/PC Connection Agent" "ActiveSync Connection Manager" "Microsoft Corporation" "c:\program files\microsoft activesync\wcescomm.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "MicrosoftŽ Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimageechoenterpriseserver\tishell.dll"
+ "FormatFactoryShell" "FormatFactory Shell Menu Module" "Free Time" "c:\program files\freetime\formatfactory\shellex_101.dll"
+ "FSAV Shell Extension" "FSAV Shell Extension Dll" "F-Secure Corporation" "c:\program files\f-secure\common\fpshx.dll"
+ "PismoFileMountAuditPackage" "Shell Extension" "Pismo Technic Inc." "c:\windows\system32\pfmshx_463.dll"
+ "ShellConverter" "" "" "File not found: C:\Program Files\Common Files\AVSMedia\ActiveX\AVSShellConverter.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "InfoPage" "PDF-XChange Shell Extention" "Tracker Software Products Ltd." "c:\program files\tracker software\shell extensions\xcshinfo.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "FormatFactoryShell" "FormatFactory Shell Menu Module" "Free Time" "c:\program files\freetime\formatfactory\shellex_101.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "ColHandler" "TreeSize column for Windows Explorer" "JAM Software" "c:\program files\jam software\treesize professional\fsizecol.dll"
+ "PXCInfoShlExt Class" "PDF-XChange Shell Extention" "Tracker Software Products Ltd." "c:\program files\tracker software\shell extensions\xcshinfo.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimageechoenterpriseserver\tishell.dll"
+ "FSAV Shell Extension" "FSAV Shell Extension Dll" "F-Secure Corporation" "c:\program files\f-secure\common\fpshx.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "PismoFileMountAuditPackage" "Shell Extension" "Pismo Technic Inc." "c:\windows\system32\pfmshx_463.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "PismoFileMountAuditPackage" "Shell Extension" "Pismo Technic Inc." "c:\windows\system32\pfmshx_463.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "PismoFileMountAuditPackage" "Shell Extension" "Pismo Technic Inc." "c:\windows\system32\pfmshx_463.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Browsing Protection Class" "Litmus" "F-Secure Corporation" "c:\program files\f-secure\nrs\iescript\baselitmus.dll"
+ "DriveLetterAccess" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\dlashx_w.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "Windows Live Toolbar Helper" "Windows Live Toolbar for Internet Explorer" "Microsoft Corporation" "c:\program files\windows live toolbar\msntb.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Browsing Protection Bar" "Litmus" "F-Secure Corporation" "c:\program files\f-secure\nrs\iescript\baselitmus.dll"
+ "Windows Live Toolbar" "Windows Live Toolbar for Internet Explorer" "Microsoft Corporation" "c:\program files\windows live toolbar\msntb.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Create Mobile Favorite" "ActiveSync Favorite Synchronization" "Microsoft Corporation" "c:\program files\microsoft activesync\inetrepl.dll"
+ "Create Mobile Favorite..." "ActiveSync Favorite Synchronization" "Microsoft Corporation" "c:\program files\microsoft activesync\inetrepl.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Check Updates for Windows Live Toolbar.job" "MSN Search Toolbar Scheduled Update Utility" "Microsoft Corporation" "c:\program files\windows live toolbar\msntbup.exe"
+ "SDMsgUpdate (SD).job" "" "" "File not found: C:\Program Files\SmartDraw 2012\Messages\SDNotify.exe -PSD -V20000100 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AcrSch2Svc" "Provides task scheduling for Acronis applications." "Acronis" "c:\program files\common files\acronis\schedule2\schedul2.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Application Updater" "Automatically downloads and installs application updates." "Spigot, Inc." "c:\program files\application updater\applicationupdater.exe"
+ "F-Secure Gatekeeper Handler Starter" "FSGKHS" "F-Secure Corporation" "c:\program files\f-secure\anti-virus\fsgk32st.exe"
+ "F-Secure Network Request Broker" "F-Secure Network Request Broker" "F-Secure Corporation" "c:\program files\f-secure\common\fnrb32.exe"
+ "FSDFWD" "F-Secure Anti-Virus Firewall Daemon" "F-Secure Corporation" "c:\program files\f-secure\fwes\program\fsdfwd.exe"
+ "FSMA" "F-Secure Management Agent" "F-Secure Corporation" "c:\program files\f-secure\common\fsma32.exe"
+ "FSORSPClient" "F-Secure ORSP Client" "F-Secure Corporation" "c:\program files\f-secure\orsp client\fsorsp.exe"
+ "gusvc" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "IviRegMgr" "RegMgr Module" "InterVideo" "c:\program files\common files\intervideo\regmgr\iviregmgr.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "nosGetPlusHelper" "getPlus® Helper" "NOS Microsystems Ltd." "c:\program files\nos\bin\getplus_helper_3004.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "PSI_SVC_2" "This service provides Protexis licensing functionalty." "Protexis Inc." "c:\program files\common files\protexis\license service\psiservice_2.exe"
+ "ThinkVantage Registry Monitor Service" "ThinkVantage Registry Monitor Service" "Lenovo Group Limited" "c:\program files\common files\lenovo\tvt_reg_monitor_svc.exe"
+ "TVT Backup Protection Service" "rrpservice Module" "" "c:\program files\lenovo\rescue and recovery\rrpservice.exe"
+ "TVT Backup Service" "Rescue and Recovery Backup Service" "Lenovo Group Limited" "c:\program files\lenovo\rescue and recovery\rrservice.exe"
+ "TVT Scheduler" "ThinkVantage Scheduler" "Lenovo Group Limited" "c:\program files\common files\lenovo\scheduler\tvtsched.exe"
+ "tvtnetwk" "" "" "c:\program files\lenovo\rescue and recovery\adm\iuservice.exe"
+ "uagqecsvc" "Reports client health status." "Microsoft Corporation" "c:\program files\microsoft forefront uag\endpoint components\3.1.0\uagqecsvc.exe"
+ "Vodafone Mobile Broadband QuickStart" "Provide service for mobile broadband device." "" "c:\documents and settings\all users\application data\mobilebroadbandquickstartservice\vmbquickstartservice.exe"
+ "WMConnectCDS" "Shares media with media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media connect 2\wmccds.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "A2DDA" "" "" "File not found: E:\EmsisoftEmergencyKit\Run\a2ddax86.sys"
+ "ac97intc" "Intel® Integrated Controller Hub Audio Driver" "Intel Corporation" "c:\windows\system32\drivers\ac97intc.sys"
+ "AnyDVD" "AnyDVD Filter Driver" "SlySoft, Inc." "c:\windows\system32\drivers\anydvd.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "DLABOIOM" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\dlaboiom.sys"
+ "DLACDBHM" "Shared Driver Component" "Sonic Solutions" "c:\windows\system32\drivers\dlacdbhm.sys"
+ "DLADResN" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\dladresn.sys"
+ "DLAIFS_M" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\dlaifs_m.sys"
+ "DLAOPIOM" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\dlaopiom.sys"
+ "DLAPoolM" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\dlapoolm.sys"
+ "DLARTL_N" "Shared Driver Component" "Sonic Solutions" "c:\windows\system32\drivers\dlartl_n.sys"
+ "DLAUDF_M" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\dlaudf_m.sys"
+ "DLAUDFAM" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\dlaudfam.sys"
+ "DRVMCDB" "Device Driver" "Sonic Solutions" "c:\windows\system32\drivers\drvmcdb.sys"
+ "DRVNDDM" "Device Driver Manager" "Sonic Solutions" "c:\windows\system32\drivers\drvnddm.sys"
+ "E100B" "NDIS 5 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "ElbyCDIO" "ElbyCD Windows NT/2000/XP I/O driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\elbycdio.sys"
+ "F-Secure Gatekeeper" "F-Secure Gatekeeper" "F-Secure Corporation" "c:\program files\f-secure\anti-virus\minifilter\fsgk.sys"
+ "F-Secure HIPS" "F-Secure HIPS Driver" "F-Secure Corporation" "c:\program files\f-secure\hips\drivers\fshs.sys"
+ "fsbts" "fsbts" "F-Secure Corporation" "c:\windows\system32\drivers\fsbts.sys"
+ "FSFW" "F-Secure Internet Shield Driver" "F-Secure Corporation" "c:\windows\system32\drivers\fsdfw.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "Iviaspi" "InterVideo ASPI Shell" "InterVideo, Inc." "c:\windows\system32\drivers\iviaspi.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "MBAMSwissArmy" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbamswissarmy.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "psadd" "SMBIOS Driver" "Lenovo (United States) Inc." "c:\windows\system32\drivers\psadd.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PVUSB" "CESG502 USB Driver" "Hitachi Semiconductor and Devices Sales Co.,Ltd." "c:\windows\system32\drivers\cesg502.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "snapman380" "Acronis Snapshot API" "Acronis" "c:\windows\system32\drivers\snman380.sys"
+ "TIEHDUSB" "tiehdusb.sys" "Texas Instruments Incorporated" "c:\windows\system32\drivers\tiehdusb.sys"
+ "tifsfilter" "Acronis True Image File System Filter" "Acronis" "c:\windows\system32\drivers\tifsfilt.sys"
+ "timounter" "Acronis True Image Backup Archive Explorer" "Acronis" "c:\windows\system32\drivers\timntr.sys"
+ "tvtfilter" "tvtfilter Filter Driver" "Lenovo" "c:\windows\system32\drivers\tvtfilter.sys"
+ "TVTI2C" "SMBUS Driver" "Lenovo (United States) Inc." "c:\windows\system32\drivers\tvti2c.sys"
+ "TVTPktFilter" "" "" "File not found: system32\DRIVERS\tvtpktfilter.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "yukonwxp" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk51x86.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.dvacm_vspx5" "Ulead DV Audio ACM Driver" "Corel TW Corp." "c:\program files\corel\corel videostudio ultimate x5\common files\vio\dvacm.acm"
+ "msacm.iac2" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "CinepakŽ Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.yv12" "Helix YV12 YUV Codec" "www.helixcommunity.org" "c:\windows\system32\yv12vfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AAC Encoder" "AACEnc" "InterVider" "c:\program files\intervideo\common\bin\aacenc.ax"
+ "aac_parser" "" "" "File not found: C:\WINDOWS\system32\aac_parser.ax"
+ "AC3Filter" "" "" "File not found: C:\WINDOWS\system32\ac3DX.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmprevu.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CLSID_AVC_TRIM_FA SolveigMM AVC Trimmer FA" "MPEG4 AVC Trimmer Frame Accuracy Filter" "Solveig Multimedia" "c:\program files\common files\solveig multimedia\smm_mpeg4trimmerfa.ax"
+ "CoreAAC Audio Decoder" "" "" "File not found: C:\WINDOWS\system32\CoreAAC.ax"
+ "CoreAVC Video Decoder" "" "" "File not found: C:\WINDOWS\system32\AVCDX.ax"
+ "Correct Corrupted Audio" "Correct Corrupted Audio Filter" "Microsoft Corporation" "c:\program files\intervideo\common\bin\correcta.ax"
+ "Dirac Source" "" "" "File not found: C:\WINDOWS\system32\DiracSplitter.ax"
+ "Dirac Splitter" "" "" "File not found: C:\WINDOWS\system32\DiracSplitter.ax"
+ "Dirac Video Decoder" "" "" "File not found: C:\WINDOWS\system32\DiracSplitter.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\freetime\formatfactory\ffmodules\avisynthplugins\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\freetime\formatfactory\ffmodules\avisynthplugins\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax"
+ "FLV Source" "" "" "File not found: C:\WINDOWS\system32\flvDX.dll"
+ "FLV Splitter" "" "" "File not found: C:\WINDOWS\system32\flvDX.dll"
+ "FLV Video Decoder" "" "" "File not found: C:\WINDOWS\system32\flvDX.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\freetime\formatfactory\ffmodules\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\freetime\formatfactory\ffmodules\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\freetime\formatfactory\ffmodules\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\freetime\formatfactory\ffmodules\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\freetime\formatfactory\ffmodules\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\freetime\formatfactory\ffmodules\filters\haali\splitter.ax"
+ "IndeoŽ audio software" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "IndeoŽ video 5.10 Compression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "IndeoŽ video 5.10 Decompression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Intervideo 3gFileWrite" "Intervideo 3G File Write Filter" "Microsoft Corporation" "c:\program files\intervideo\common\bin\write3g.ax"
+ "Intervideo AMR Encoder" "IVI AMR Encoding" "Intervideo, Inc." "c:\program files\intervideo\common\bin\amrenc.ax"
+ "InterVideo Audio Decoder" "IVIAUDIO LOGID.62149" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaudio.ax"
+ "InterVideo Audio Encoder" "InterVideo?Audio Encoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaenc.ax"
+ "InterVideo Audio Processor" "" "" "c:\program files\intervideo\common\bin\iviaudioprocess.ax"
+ "Intervideo CDSF Filter" "Bouncing Ball Filter (Sample)" "Microsoft Corporation" "c:\program files\intervideo\common\bin\ivicdsf.ax"
+ "InterVideo Demultiplexer" "InterVideoŽ MPEG System Demultiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividemux.ax"
+ "InterVideo Demux" "InterVideoŽ MPEG System Demultiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividemxx.ax"
+ "Intervideo Disc Read2 Filter" "" "" "c:\program files\intervideo\common\bin\discread.ax"
+ "InterVideo Disc Write2 Filter" "DiscRite" "InterVideo Inc." "c:\program files\intervideo\common\bin\discrite.ax"
+ "InterVideo Down Scale Filter" "InterVideoŽ Down Scale Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividowns.ax"
+ "InterVideo DV Pre-Process" "InterVideo DV Pre-Process Filter" "InterVideo" "c:\program files\intervideo\common\bin\dvprocs.ax"
+ "InterVideo File Writer" "InterVideoŽ File Writer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviwrite.ax"
+ "InterVideo MPEG4 Video Decoder" "InterVideoŽ MPEG4 Video Decoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\mp4vdec.ax"
+ "InterVideo MPEG4 Video Encoder" "InterVideoŽ MPEG4 Video Encoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\mp4venc.ax"
+ "InterVideo MpegInspect" "InterVideo MpegInspect Filter" "InterVideo" "c:\program files\intervideo\common\bin\mpginspc.ax"
+ "InterVideo Multiplexer" "InterVideoŽ MPEG System Multiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivimux.ax"
+ "InterVideo Navigator" "IVINAV LOGID.62149" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivinav.ax"
+ "InterVideo Pre-scaling Filter" "InterVideoŽ PreScale Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviscale.ax"
+ "Intervideo SmartRender" "Intervideo SmartRender Filter" "Microsoft Corporation" "c:\program files\intervideo\common\bin\smartrnd.ax"
+ "InterVideo Still Capture" "InterVideoŽ Still Capture Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviscapt.ax"
+ "InterVideo Stream Buffer Filter" "InterVideo Stream Buffer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\smbuffer.ax"
+ "InterVideo Stream Renderer" "IinterVideo Stream Renderer Filter " "InterVideo, Inc." "c:\program files\intervideo\common\bin\ivistreamrenderer.ax"
+ "InterVideo Subpicture Source" "Subpicture Source Filter" "InterVideo, Inc." "c:\program files\intervideo\common\bin\ivispic.ax"
+ "InterVideo VBI Decoder" "InterVideo VBI Decoder Filter" "InterVideo, Inc." "c:\program files\common files\intervideo\vbidec\ivvbidec.ax"
+ "InterVideo Video Decoder" "IVIVIDEO LOGID.62149" " InterVideo Inc." "c:\program files\intervideo\common\bin\ivivideo.ax"
+ "InterVideo Video Encoder" "InterVideoŽ MPEG Video Encoder Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivivenc.ax"
+ "InterVideo Wave Wrapper" "InterVideo Wave Wrapper Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviwavex.ax"
+ "IPEVO Image Effects" "IPEVO Dynamic Link Library" "IPEVO Corp." "c:\program files\ipevo\presenter\ipevo image effects.dll"
+ "IVI QT source" "iviQTsource" "InterVideo" "c:\program files\intervideo\common\bin\iviqtsource.ax"
+ "Matroska Source" "" "" "File not found: C:\WINDOWS\system32\MatroskaDX.ax"
+ "Matroska Splitter" "" "" "File not found: C:\WINDOWS\system32\MatroskaDX.ax"
+ "MPC - Avi Source" "Avi Splitter" "Gabest" "c:\program files\freetime\formatfactory\ffmodules\filters\avisplitter.ax"
+ "MPC - Avi Splitter" "Avi Splitter" "Gabest" "c:\program files\freetime\formatfactory\ffmodules\filters\avisplitter.ax"
+ "MPC - MP4 Source" "MP4 Splitter" "MPC-HC Team" "c:\program files\freetime\formatfactory\ffmodules\filters\mp4splitter.ax"
+ "MPC - MP4 Splitter" "MP4 Splitter" "MPC-HC Team" "c:\program files\freetime\formatfactory\ffmodules\filters\mp4splitter.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "MPC-HC Team" "c:\program files\freetime\formatfactory\ffmodules\filters\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "MPC-HC Team" "c:\program files\freetime\formatfactory\ffmodules\filters\mpegsplitter.ax"
+ "MPC - MPEG4 Video Source" "MP4 Splitter" "MPC-HC Team" "c:\program files\freetime\formatfactory\ffmodules\filters\mp4splitter.ax"
+ "MPC - MPEG4 Video Splitter" "MP4 Splitter" "MPC-HC Team" "c:\program files\freetime\formatfactory\ffmodules\filters\mp4splitter.ax"
+ "MPC - Video decoder" "H.264/VC-1 DXVA video decoder" "MPC HomeCinema" "c:\program files\freetime\formatfactory\ffmodules\filters\mpcvideodec.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Photo Story 3 Source Filter" "Photo Story 3 for Windows" "Microsoft Corp." "c:\program files\photo story 3 for windows\pssourcefilter3.dll"
+ "Plus! Photo Story 3 WAV Dest" "Photo Story 3 for Windows" "Microsoft Corp." "c:\program files\photo story 3 for windows\wavdest3.dll"
+ "RadLight Ogg Splitter" "" "" "File not found: C:\WINDOWS\system32\RLOgg.ax"
+ "RadLight Speex Decoder" "" "" "File not found: C:\WINDOWS\system32\RLSpeexDec.ax"
+ "RadLight Theora Decoder" "" "" "File not found: C:\WINDOWS\system32\RLTheoraDec.ax"
+ "RadLight Vorbis Decoder" "" "" "File not found: C:\WINDOWS\system32\RLVorbisDec.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "WME Record Queue" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmedque.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SolveigMM File Writer" "SolveigMM File Writer" "Solveig Multimedia" "c:\program files\common files\solveig multimedia\smm_filewriter.ax"
+ "SolveigMM Matroska Muxer" "SMM_MKVMuxer.ax" "Solveig Multimedia" "c:\program files\common files\solveig multimedia\smm_mkvmuxer.ax"
+ "SolveigMM Matroska Splitter" "SMM_MKVSplitter.ax" "Solveig Multimedia" "c:\program files\common files\solveig multimedia\smm_mkvsplitter.ax"
+ "SolveigMM Trimmer Filter" "Trimmer DS Filter" "Solveig Multimedia" "c:\program files\common files\solveig multimedia\smm_trimmer.ax"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "TAK SourceFilter" "" "" "File not found: C:\WINDOWS\system32\TAKDSDecoder.ax"
+ "Video Source" "Windows Media Preview Object" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmprevu.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMEnc Screen Capture Filter" "WMESrcWp Module" "Microsoft Corporation" "c:\program files\windows media components\encoder\wmesrcwp.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
+ "Your Image File Name Here without a path" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Canon BJ Language Monitor PIXMA iP3000" "BJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm61.dll"
+ "FPP3:" "pdfFactory" "FinePrint Software, LLC" "c:\windows\system32\fppmon3.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" ""
+ "relog_ap" "Acronis Relogon Authentication Package" "Acronis" "c:\windows\system32\relog_ap.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "pfmunc" "Pismo File Mount" "Pismo Technic Inc." "c:\windows\system32\pfmapi_463.dll"

-----------------------------------------------------------------------------

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:35 AM

Posted 11 October 2012 - 07:36 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#5 ocular

ocular
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 11 October 2012 - 03:33 PM

All running good

Thanks man

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:35 AM

Posted 11 October 2012 - 03:55 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users