Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware hiding?


  • Please log in to reply
31 replies to this topic

#1 Westley A

Westley A

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 10 October 2012 - 08:07 AM

Hi,

I've got an XP machine that started acting up (couldn't open programs, browser, etc.) and eventually it stopped responding all together (mouse would move, but clock display stopped, no keyboard response).

Rebooted and ran AVG Boot disk scan. Cleaned about a dozen JAVA viruses and a couple of other non-JAVA ones.

Rebooted and ran MalwareBytes, cleaned out some more. Still had an issue where you couldn't open any programs after a couple of minutes of logging int Windows.

I tried to run HiJackThis and it locked up trying to scan for O4 items. Tried to run ComboFix, both normal and safe mood, and it bombed out at Stage 48 (left it running overnight).

Anyone have any thoughts?

Thanks,
Westley

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 10 October 2012 - 08:14 AM

Try this first .Do this in normal mode.


Hit the Start button then Right Click My computer>>>>>>>>>>>>>>Properties>>>>>>>>>>>
Harwdare Tab>>>>>>>>>>>>>Device Manager.
Scroll down to the IDE ATA/ATAPI Controlers Left click the + to the left of the drivers.
Right Click and uninstall all of your Primary IDE drivers there most likely will be more than one of the Primary IDE Drivers Make sure and un-install All of them prior to rebooting.

Now reboot your machine.

Download Norman Malware Cleaner Run it Go to options then put a tick next to Enable rootkit cleaning. Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.

#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 10 October 2012 - 08:15 AM

Also tell me if this is a laptop or desktop in your next reply.And the exact make and model of the machine please.

#4 Westley A

Westley A
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 10 October 2012 - 09:22 AM

Remove window locked up trying to remove the SATA controller (no IDE drivers loaded).

PC is a Dell Vostro 220. Getting ready to start Norman scan. Will report when it is over.

#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 10 October 2012 - 09:29 AM

Remove window locked up trying to remove the SATA controller (no IDE drivers loaded).


Ok I never said anything about removing a sata controller.Only primaary ide drivers.

PC is a Dell Vostro 220. Getting ready to start Norman scan. Will report when it is over.


:thumbup2:

#6 Westley A

Westley A
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 10 October 2012 - 11:16 AM

Strange thing about the Norman log.

When I copied it to my normal PC that I'm using to post on the Forum, the copy was gibberish (looked like a failed unibyte conversion). Was able to use VNC to copy and paste using the clipboard.

-------------

Norman Malware Cleaner v2.05.06
Copyright 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 6.08.06
nvcbin.def: Version: 6.08.00, Date: 2012/10/09 10:01:34, Variants: 18865362
nvcmacro.def: Version: 6.08.00, Date: 2011/12/19 04:20:35, Variants: 20465

Operating System: Windows XP Service Pack 3

Switches: /iagree /cleanrootkit /nosb

Scan started: 2012/10/10 10:59:37

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Scanning system for active rootkit activity...
Rootkit infection detected (W32/rootkit!TDL4)
Cleaning operation failed (Error code: 0x00000001)

Number of malicious objects found: 1
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1s

Scanning running processes and process memory...

Number of objects found: 837
Number of objects scanned: 837
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 13s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running full scan...

Number of files found: 317
Number of archives unpacked: 111
Number of objects found: 427
Number of objects scanned: 425
Number of objects not scanned: 0
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 9s
Scan aborted by user

Results:
Total number of files found: 317
Total number of archives unpacked: 111
Total number of objects found: 1264
Total number of objects scanned: 1262
Total number of objects not scanned: 0
Total number of malicious objects found: 1
Total number of malicious objects cleaned: 0
Total number of malicious files found: 0
Total number of malicious files cleaned: 0
Total number of objects quarantined: 0
Total scanning time: 24s

#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 10 October 2012 - 11:21 AM

Any reason you stopped the scan?

Can you run the machine in safe mode with networking?

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe



Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results



Run the program below as admin hit the scan button allow it to finish then hit the delete button.

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Download Rkill run it post the log.
http://www.bleepingcomputer.com/download/rkill/

Download the junkware removal tool save it to your desktop run it in safe mode post the log.
http://thisisudax.org/downloads/JRT.exe


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

http://download.sysinternals.com/files/Autoruns.zip

#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 10 October 2012 - 11:23 AM

If you would not have aborted the scan I am pretty sure that it would have cleaned the infection.

Edited by InadequateInfirmity, 10 October 2012 - 11:23 AM.


#9 Westley A

Westley A
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 10 October 2012 - 01:44 PM

Actually, I aborted the second run. I missed clicking on the DELETE button and had clicked Start again.

Here are the log files requested:

TDSS Killer:
13:40:41.0468 1412 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:40:42.0078 1412 ============================================================
13:40:42.0078 1412 Current date / time: 2012/10/10 13:40:42.0078
13:40:42.0078 1412 SystemInfo:
13:40:42.0078 1412
13:40:42.0078 1412 OS Version: 5.1.2600 ServicePack: 3.0
13:40:42.0078 1412 Product type: Workstation
13:40:42.0078 1412 ComputerName: WORKSTATION2
13:40:42.0078 1412 UserName: User
13:40:42.0078 1412 Windows directory: C:\WINDOWS
13:40:42.0078 1412 System windows directory: C:\WINDOWS
13:40:42.0078 1412 Processor architecture: Intel x86
13:40:42.0078 1412 Number of processors: 2
13:40:42.0078 1412 Page size: 0x1000
13:40:42.0078 1412 Boot type: Safe boot with network
13:40:42.0078 1412 ============================================================
13:40:42.0265 1412 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:40:42.0265 1412 ============================================================
13:40:42.0265 1412 \Device\Harddisk0\DR0:
13:40:42.0265 1412 MBR partitions:
13:40:42.0265 1412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2541A2B0
13:40:42.0265 1412 ============================================================
13:40:42.0312 1412 C: <-> \Device\Harddisk0\DR0\Partition1
13:40:42.0312 1412 ============================================================
13:40:42.0312 1412 Initialize success
13:40:42.0312 1412 ============================================================
13:40:47.0359 0572 ============================================================
13:40:47.0359 0572 Scan started
13:40:47.0359 0572 Mode: Manual; TDLFS;
13:40:47.0359 0572 ============================================================
13:40:47.0421 0572 ================ Scan system memory ========================
13:40:47.0421 0572 System memory - ok
13:40:47.0421 0572 ================ Scan services =============================
13:40:47.0578 0572 Abiosdsk - ok
13:40:47.0609 0572 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:40:47.0609 0572 abp480n5 - ok
13:40:47.0656 0572 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:40:47.0656 0572 ACPI - ok
13:40:47.0671 0572 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:40:47.0687 0572 ACPIEC - ok
13:40:47.0734 0572 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:40:47.0734 0572 AdobeFlashPlayerUpdateSvc - ok
13:40:47.0765 0572 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:40:47.0765 0572 adpu160m - ok
13:40:47.0796 0572 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:40:47.0796 0572 aec - ok
13:40:47.0843 0572 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:40:47.0843 0572 AFD - ok
13:40:47.0859 0572 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
13:40:47.0859 0572 agp440 - ok
13:40:47.0875 0572 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:40:47.0875 0572 agpCPQ - ok
13:40:47.0890 0572 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:40:47.0890 0572 Aha154x - ok
13:40:47.0906 0572 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:40:47.0906 0572 aic78u2 - ok
13:40:47.0921 0572 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:40:47.0921 0572 aic78xx - ok
13:40:47.0968 0572 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:40:47.0968 0572 Alerter - ok
13:40:48.0015 0572 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:40:48.0015 0572 ALG - ok
13:40:48.0015 0572 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
13:40:48.0015 0572 AliIde - ok
13:40:48.0031 0572 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:40:48.0031 0572 alim1541 - ok
13:40:48.0046 0572 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:40:48.0046 0572 amdagp - ok
13:40:48.0078 0572 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
13:40:48.0078 0572 amsint - ok
13:40:48.0109 0572 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:40:48.0109 0572 AppMgmt - ok
13:40:48.0125 0572 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
13:40:48.0125 0572 asc - ok
13:40:48.0140 0572 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:40:48.0140 0572 asc3350p - ok
13:40:48.0156 0572 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:40:48.0156 0572 asc3550 - ok
13:40:48.0281 0572 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:40:48.0281 0572 aspnet_state - ok
13:40:48.0296 0572 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:40:48.0296 0572 AsyncMac - ok
13:40:48.0312 0572 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:40:48.0312 0572 atapi - ok
13:40:48.0328 0572 Atdisk - ok
13:40:48.0359 0572 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:40:48.0359 0572 Atmarpc - ok
13:40:48.0375 0572 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:40:48.0375 0572 AudioSrv - ok
13:40:48.0390 0572 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:40:48.0390 0572 audstub - ok
13:40:48.0515 0572 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
13:40:48.0515 0572 BBSvc - ok
13:40:48.0562 0572 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
13:40:48.0562 0572 BBUpdate - ok
13:40:48.0593 0572 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:40:48.0593 0572 Beep - ok
13:40:48.0640 0572 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:40:48.0640 0572 BITS - ok
13:40:48.0671 0572 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:40:48.0671 0572 Browser - ok
13:40:48.0734 0572 catchme - ok
13:40:48.0750 0572 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:40:48.0750 0572 cbidf - ok
13:40:48.0765 0572 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:40:48.0765 0572 cbidf2k - ok
13:40:48.0796 0572 [ 83053D67F40CD00D5FB3BAA2C4D6F9EC ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
13:40:48.0796 0572 ccEvtMgr - ok
13:40:48.0812 0572 [ AC60AD2FCA93F0D0180C9610403782EF ] ccPwdSvc C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
13:40:48.0812 0572 ccPwdSvc - ok
13:40:48.0843 0572 [ 2013A368106F5EB9AA6F492369F8063C ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
13:40:48.0859 0572 ccSetMgr - ok
13:40:48.0859 0572 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:40:48.0859 0572 cd20xrnt - ok
13:40:48.0906 0572 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:40:48.0906 0572 Cdaudio - ok
13:40:48.0921 0572 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:40:48.0921 0572 Cdfs - ok
13:40:48.0968 0572 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:40:48.0968 0572 Cdrom - ok
13:40:48.0968 0572 Changer - ok
13:40:49.0031 0572 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:40:49.0031 0572 CiSvc - ok
13:40:49.0046 0572 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:40:49.0046 0572 ClipSrv - ok
13:40:49.0078 0572 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:40:49.0078 0572 clr_optimization_v2.0.50727_32 - ok
13:40:49.0156 0572 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:40:49.0171 0572 clr_optimization_v4.0.30319_32 - ok
13:40:49.0171 0572 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:40:49.0171 0572 CmdIde - ok
13:40:49.0187 0572 COMSysApp - ok
13:40:49.0218 0572 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:40:49.0218 0572 Cpqarray - ok
13:40:49.0265 0572 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:40:49.0265 0572 CryptSvc - ok
13:40:49.0281 0572 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:40:49.0281 0572 dac2w2k - ok
13:40:49.0296 0572 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:40:49.0296 0572 dac960nt - ok
13:40:49.0343 0572 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:40:49.0343 0572 DcomLaunch - ok
13:40:49.0359 0572 [ 955924C3532EFB803B0661B6AA516126 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
13:40:49.0359 0572 DefWatch - ok
13:40:49.0406 0572 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:40:49.0406 0572 Dhcp - ok
13:40:49.0421 0572 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:40:49.0421 0572 Disk - ok
13:40:49.0437 0572 dmadmin - ok
13:40:49.0468 0572 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:40:49.0468 0572 dmboot - ok
13:40:49.0484 0572 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:40:49.0484 0572 dmio - ok
13:40:49.0500 0572 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:40:49.0500 0572 dmload - ok
13:40:49.0515 0572 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:40:49.0515 0572 dmserver - ok
13:40:49.0562 0572 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:40:49.0562 0572 DMusic - ok
13:40:49.0609 0572 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:40:49.0609 0572 Dnscache - ok
13:40:49.0625 0572 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:40:49.0625 0572 Dot3svc - ok
13:40:49.0640 0572 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:40:49.0640 0572 dpti2o - ok
13:40:49.0656 0572 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:40:49.0656 0572 drmkaud - ok
13:40:49.0703 0572 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:40:49.0703 0572 EapHost - ok
13:40:49.0750 0572 [ 579A6B6135D32B857FAF0E3A974535D8 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:40:49.0750 0572 eeCtrl - ok
13:40:49.0781 0572 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:40:49.0781 0572 ERSvc - ok
13:40:49.0828 0572 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:40:49.0828 0572 Eventlog - ok
13:40:49.0875 0572 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:40:49.0875 0572 EventSystem - ok
13:40:49.0906 0572 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:40:49.0906 0572 Fastfat - ok
13:40:49.0937 0572 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:40:49.0937 0572 FastUserSwitchingCompatibility - ok
13:40:49.0984 0572 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
13:40:49.0984 0572 Fax - ok
13:40:50.0000 0572 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:40:50.0000 0572 Fdc - ok
13:40:50.0031 0572 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:40:50.0031 0572 Fips - ok
13:40:50.0031 0572 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:40:50.0031 0572 Flpydisk - ok
13:40:50.0046 0572 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:40:50.0046 0572 FltMgr - ok
13:40:50.0140 0572 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:40:50.0140 0572 FontCache3.0.0.0 - ok
13:40:50.0156 0572 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:40:50.0156 0572 Fs_Rec - ok
13:40:50.0171 0572 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:40:50.0171 0572 Ftdisk - ok
13:40:50.0281 0572 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
13:40:50.0281 0572 GoToAssist - ok
13:40:50.0312 0572 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:40:50.0312 0572 Gpc - ok
13:40:50.0328 0572 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:40:50.0328 0572 HDAudBus - ok
13:40:50.0390 0572 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:40:50.0390 0572 helpsvc - ok
13:40:50.0406 0572 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:40:50.0406 0572 HidServ - ok
13:40:50.0421 0572 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:40:50.0421 0572 hidusb - ok
13:40:50.0468 0572 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:40:50.0468 0572 hkmsvc - ok
13:40:50.0515 0572 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
13:40:50.0515 0572 hpn - ok
13:40:50.0562 0572 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:40:50.0562 0572 HTTP - ok
13:40:50.0593 0572 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:40:50.0593 0572 HTTPFilter - ok
13:40:50.0625 0572 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
13:40:50.0625 0572 i2omgmt - ok
13:40:50.0640 0572 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:40:50.0640 0572 i2omp - ok
13:40:50.0718 0572 [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:40:50.0718 0572 IAANTMON - ok
13:40:50.0843 0572 [ 2DA364EE62D4949620B6FAE4FFEA16A7 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:40:50.0875 0572 ialm - ok
13:40:50.0906 0572 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
13:40:50.0906 0572 iaStor - ok
13:40:50.0968 0572 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:40:50.0984 0572 idsvc - ok
13:40:50.0984 0572 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:40:50.0984 0572 Imapi - ok
13:40:51.0031 0572 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:40:51.0031 0572 ImapiService - ok
13:40:51.0062 0572 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:40:51.0062 0572 ini910u - ok
13:40:51.0187 0572 [ 5C8F36CDCB489111B24003AF4DFE1FDC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:40:51.0203 0572 IntcAzAudAddService - ok
13:40:51.0218 0572 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:40:51.0218 0572 IntelIde - ok
13:40:51.0250 0572 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:40:51.0250 0572 intelppm - ok
13:40:51.0265 0572 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:40:51.0265 0572 Ip6Fw - ok
13:40:51.0281 0572 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:40:51.0281 0572 IpFilterDriver - ok
13:40:51.0312 0572 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:40:51.0312 0572 IpInIp - ok
13:40:51.0343 0572 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:40:51.0343 0572 IpNat - ok
13:40:51.0375 0572 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:40:51.0375 0572 IPSec - ok
13:40:51.0390 0572 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:40:51.0390 0572 IRENUM - ok
13:40:51.0406 0572 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:40:51.0406 0572 isapnp - ok
13:40:51.0500 0572 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
13:40:51.0515 0572 JavaQuickStarterService - ok
13:40:51.0515 0572 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:40:51.0515 0572 Kbdclass - ok
13:40:51.0531 0572 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:40:51.0531 0572 kbdhid - ok
13:40:51.0562 0572 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:40:51.0562 0572 kmixer - ok
13:40:51.0578 0572 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:40:51.0593 0572 KSecDD - ok
13:40:51.0625 0572 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:40:51.0640 0572 LanmanServer - ok
13:40:51.0687 0572 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:40:51.0687 0572 lanmanworkstation - ok
13:40:51.0687 0572 lbrtfdc - ok
13:40:51.0750 0572 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:40:51.0750 0572 LmHosts - ok
13:40:51.0765 0572 MEMSWEEP2 - ok
13:40:51.0812 0572 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:40:51.0812 0572 Messenger - ok
13:40:51.0812 0572 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:40:51.0812 0572 mnmdd - ok
13:40:51.0843 0572 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:40:51.0843 0572 mnmsrvc - ok
13:40:51.0875 0572 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:40:51.0875 0572 Modem - ok
13:40:51.0875 0572 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:40:51.0875 0572 Mouclass - ok
13:40:51.0890 0572 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:40:51.0890 0572 mouhid - ok
13:40:51.0906 0572 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:40:51.0906 0572 MountMgr - ok
13:40:51.0921 0572 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:40:51.0921 0572 mraid35x - ok
13:40:51.0953 0572 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:40:51.0953 0572 MRxDAV - ok
13:40:52.0000 0572 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:40:52.0015 0572 MRxSmb - ok
13:40:52.0015 0572 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:40:52.0015 0572 MSDTC - ok
13:40:52.0046 0572 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:40:52.0046 0572 Msfs - ok
13:40:52.0062 0572 MSIServer - ok
13:40:52.0093 0572 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:40:52.0093 0572 MSKSSRV - ok
13:40:52.0156 0572 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:40:52.0156 0572 MSPCLOCK - ok
13:40:52.0171 0572 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:40:52.0171 0572 MSPQM - ok
13:40:52.0187 0572 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:40:52.0187 0572 mssmbios - ok
13:40:52.0218 0572 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:40:52.0218 0572 Mup - ok
13:40:52.0250 0572 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:40:52.0250 0572 napagent - ok
13:40:52.0328 0572 [ F11033730B38260B6892E837C457FB4B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120524.003\naveng.sys
13:40:52.0328 0572 NAVENG - ok
13:40:52.0375 0572 [ 4E4E7C0259D3BB97DE24A636C0E06ABA ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120524.003\navex15.sys
13:40:52.0375 0572 NAVEX15 - ok
13:40:52.0406 0572 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:40:52.0406 0572 NDIS - ok
13:40:52.0437 0572 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:40:52.0437 0572 NdisTapi - ok
13:40:52.0453 0572 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:40:52.0453 0572 Ndisuio - ok
13:40:52.0468 0572 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:40:52.0468 0572 NdisWan - ok
13:40:52.0515 0572 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:40:52.0515 0572 NDProxy - ok
13:40:52.0515 0572 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:40:52.0515 0572 NetBIOS - ok
13:40:52.0546 0572 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:40:52.0546 0572 NetBT - ok
13:40:52.0578 0572 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:40:52.0593 0572 NetDDE - ok
13:40:52.0609 0572 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:40:52.0609 0572 NetDDEdsdm - ok
13:40:52.0640 0572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:40:52.0640 0572 Netlogon - ok
13:40:52.0671 0572 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:40:52.0671 0572 Netman - ok
13:40:52.0718 0572 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:40:52.0718 0572 NetTcpPortSharing - ok
13:40:52.0734 0572 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:40:52.0734 0572 Nla - ok
13:40:52.0750 0572 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:40:52.0750 0572 Npfs - ok
13:40:52.0796 0572 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:40:52.0796 0572 Ntfs - ok
13:40:52.0812 0572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:40:52.0812 0572 NtLmSsp - ok
13:40:52.0828 0572 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:40:52.0828 0572 NtmsSvc - ok
13:40:52.0843 0572 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:40:52.0859 0572 Null - ok
13:40:52.0859 0572 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:40:52.0859 0572 NwlnkFlt - ok
13:40:52.0890 0572 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:40:52.0890 0572 NwlnkFwd - ok
13:40:52.0953 0572 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:40:52.0953 0572 ose - ok
13:40:52.0984 0572 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:40:52.0984 0572 Parport - ok
13:40:52.0984 0572 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:40:52.0984 0572 PartMgr - ok
13:40:53.0015 0572 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:40:53.0015 0572 ParVdm - ok
13:40:53.0031 0572 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:40:53.0031 0572 PCI - ok
13:40:53.0046 0572 PCIDump - ok
13:40:53.0078 0572 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:40:53.0078 0572 PCIIde - ok
13:40:53.0078 0572 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:40:53.0093 0572 Pcmcia - ok
13:40:53.0093 0572 PDCOMP - ok
13:40:53.0109 0572 PDFRAME - ok
13:40:53.0125 0572 PDRELI - ok
13:40:53.0140 0572 PDRFRAME - ok
13:40:53.0156 0572 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
13:40:53.0156 0572 perc2 - ok
13:40:53.0171 0572 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:40:53.0171 0572 perc2hib - ok
13:40:53.0234 0572 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:40:53.0234 0572 PlugPlay - ok
13:40:53.0250 0572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:40:53.0250 0572 PolicyAgent - ok
13:40:53.0265 0572 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:40:53.0265 0572 PptpMiniport - ok
13:40:53.0281 0572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:40:53.0281 0572 ProtectedStorage - ok
13:40:53.0296 0572 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:40:53.0296 0572 PSched - ok
13:40:53.0312 0572 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:40:53.0312 0572 Ptilink - ok
13:40:53.0328 0572 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:40:53.0328 0572 PxHelp20 - ok
13:40:53.0343 0572 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:40:53.0343 0572 ql1080 - ok
13:40:53.0359 0572 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:40:53.0359 0572 Ql10wnt - ok
13:40:53.0375 0572 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:40:53.0375 0572 ql12160 - ok
13:40:53.0390 0572 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:40:53.0390 0572 ql1240 - ok
13:40:53.0406 0572 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:40:53.0406 0572 ql1280 - ok
13:40:53.0421 0572 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:40:53.0421 0572 RasAcd - ok
13:40:53.0453 0572 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:40:53.0453 0572 RasAuto - ok
13:40:53.0484 0572 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:40:53.0484 0572 Rasl2tp - ok
13:40:53.0500 0572 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:40:53.0500 0572 RasMan - ok
13:40:53.0515 0572 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:40:53.0515 0572 RasPppoe - ok
13:40:53.0546 0572 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:40:53.0546 0572 Raspti - ok
13:40:53.0546 0572 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:40:53.0546 0572 Rdbss - ok
13:40:53.0562 0572 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:40:53.0562 0572 RDPCDD - ok
13:40:53.0609 0572 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:40:53.0609 0572 rdpdr - ok
13:40:53.0656 0572 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:40:53.0656 0572 RDPWD - ok
13:40:53.0671 0572 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:40:53.0671 0572 RDSessMgr - ok
13:40:53.0718 0572 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:40:53.0718 0572 redbook - ok
13:40:53.0750 0572 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:40:53.0750 0572 RemoteAccess - ok
13:40:53.0765 0572 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:40:53.0765 0572 RemoteRegistry - ok
13:40:53.0812 0572 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:40:53.0812 0572 RpcLocator - ok
13:40:53.0843 0572 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:40:53.0843 0572 RpcSs - ok
13:40:53.0875 0572 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:40:53.0875 0572 RSVP - ok
13:40:53.0906 0572 [ C6D34A1874CD2B212DC3E788091C64B4 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:40:53.0906 0572 RTLE8023xp - ok
13:40:53.0953 0572 [ 9F6B9F66223B1265ED66D005D93E539D ] RTLTEAMING C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
13:40:53.0953 0572 RTLTEAMING - ok
13:40:53.0984 0572 [ 6EC43DC18746BB9B6DDEC4C99B15B6FC ] RTLVLAN C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
13:40:53.0984 0572 RTLVLAN - ok
13:40:54.0015 0572 [ 5FFD2AAF467B80FAB34929AFB7702060 ] RtNdPt5x C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
13:40:54.0015 0572 RtNdPt5x - ok
13:40:54.0031 0572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:40:54.0031 0572 SamSs - ok
13:40:54.0078 0572 [ 0AEF47E0A6B0CBA8C9833D55298B2791 ] SAVRKBootTasks C:\WINDOWS\system32\SAVRKBootTasks.sys
13:40:54.0078 0572 SAVRKBootTasks - ok
13:40:54.0125 0572 [ 778F31AA8685426CA2D0D38B423C2512 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
13:40:54.0125 0572 SavRoam - ok
13:40:54.0171 0572 [ A00D5AA4748A1002590F08AA00FC660D ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
13:40:54.0171 0572 SAVRT - ok
13:40:54.0171 0572 [ 1E805005583BE1C1568A3FCE259C81E3 ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
13:40:54.0171 0572 SAVRTPEL - ok
13:40:54.0218 0572 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:40:54.0218 0572 SCardSvr - ok
13:40:54.0250 0572 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:40:54.0250 0572 Schedule - ok
13:40:54.0296 0572 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:40:54.0296 0572 Secdrv - ok
13:40:54.0312 0572 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:40:54.0312 0572 seclogon - ok
13:40:54.0359 0572 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:40:54.0359 0572 SENS - ok
13:40:54.0375 0572 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:40:54.0375 0572 Serenum - ok
13:40:54.0390 0572 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:40:54.0390 0572 Serial - ok
13:40:54.0468 0572 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:40:54.0468 0572 Sfloppy - ok
13:40:54.0515 0572 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:40:54.0515 0572 SharedAccess - ok
13:40:54.0531 0572 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:40:54.0531 0572 ShellHWDetection - ok
13:40:54.0546 0572 Simbad - ok
13:40:54.0578 0572 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:40:54.0578 0572 sisagp - ok
13:40:54.0640 0572 [ 443E397643965E08C5AB6A6CAA732B97 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
13:40:54.0640 0572 SNDSrvc - ok
13:40:54.0656 0572 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:40:54.0656 0572 Sparrow - ok
13:40:54.0703 0572 [ C30FA11923892A4DBD1C747DB8492E8F ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
13:40:54.0703 0572 SPBBCDrv - ok
13:40:54.0734 0572 [ EA07435C72A8534C3A8E02D87246E546 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
13:40:54.0734 0572 SPBBCSvc - ok
13:40:54.0750 0572 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:40:54.0750 0572 splitter - ok
13:40:54.0796 0572 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:40:54.0796 0572 Spooler - ok
13:40:54.0812 0572 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:40:54.0812 0572 sr - ok
13:40:54.0859 0572 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:40:54.0859 0572 srservice - ok
13:40:54.0890 0572 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:40:54.0890 0572 Srv - ok
13:40:54.0921 0572 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:40:54.0921 0572 SSDPSRV - ok
13:40:54.0968 0572 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:40:54.0968 0572 stisvc - ok
13:40:55.0031 0572 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:40:55.0031 0572 stllssvr - ok
13:40:55.0046 0572 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:40:55.0046 0572 swenum - ok
13:40:55.0062 0572 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:40:55.0062 0572 swmidi - ok
13:40:55.0078 0572 SwPrv - ok
13:40:55.0125 0572 [ BC59BC3B68D45EB1716CC95E567A3B69 ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
13:40:55.0125 0572 Symantec AntiVirus - ok
13:40:55.0140 0572 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
13:40:55.0140 0572 symc810 - ok
13:40:55.0156 0572 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:40:55.0156 0572 symc8xx - ok
13:40:55.0187 0572 [ B3F8B9EAB2EBE205C0FE053FBA951D8C ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
13:40:55.0187 0572 SymEvent - ok
13:40:55.0234 0572 [ 7C73B65F1BDFAB9052A5076C0CA622DE ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
13:40:55.0234 0572 SYMREDRV - ok
13:40:55.0265 0572 [ B4562798891DCA27ED67CA07ACBADBD9 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
13:40:55.0265 0572 SYMTDI - ok
13:40:55.0281 0572 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:40:55.0281 0572 sym_hi - ok
13:40:55.0281 0572 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:40:55.0296 0572 sym_u3 - ok
13:40:55.0312 0572 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:40:55.0312 0572 sysaudio - ok
13:40:55.0343 0572 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:40:55.0343 0572 SysmonLog - ok
13:40:55.0375 0572 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:40:55.0375 0572 TapiSrv - ok
13:40:55.0390 0572 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:40:55.0390 0572 Tcpip - ok
13:40:55.0406 0572 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:40:55.0406 0572 TDPIPE - ok
13:40:55.0437 0572 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:40:55.0437 0572 TDTCP - ok
13:40:55.0468 0572 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:40:55.0468 0572 TermDD - ok
13:40:55.0484 0572 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:40:55.0484 0572 TermService - ok
13:40:55.0531 0572 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:40:55.0531 0572 Themes - ok
13:40:55.0562 0572 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:40:55.0562 0572 TlntSvr - ok
13:40:55.0578 0572 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
13:40:55.0578 0572 TosIde - ok
13:40:55.0609 0572 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:40:55.0609 0572 TrkWks - ok
13:40:55.0640 0572 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:40:55.0640 0572 Udfs - ok
13:40:55.0656 0572 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
13:40:55.0656 0572 ultra - ok
13:40:55.0687 0572 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:40:55.0687 0572 Update - ok
13:40:55.0703 0572 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:40:55.0703 0572 upnphost - ok
13:40:55.0718 0572 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:40:55.0718 0572 UPS - ok
13:40:55.0750 0572 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:40:55.0750 0572 usbccgp - ok
13:40:55.0796 0572 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:40:55.0796 0572 usbehci - ok
13:40:55.0796 0572 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:40:55.0796 0572 usbhub - ok
13:40:55.0843 0572 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:40:55.0843 0572 usbprint - ok
13:40:55.0890 0572 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:40:55.0890 0572 usbscan - ok
13:40:55.0921 0572 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:40:55.0921 0572 USBSTOR - ok
13:40:55.0937 0572 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:40:55.0937 0572 usbuhci - ok
13:40:56.0015 0572 [ B840C0D1A043BD4F3D98EE0C8BD8DE72 ] uvnc_service C:\Program Files\UltraVNC\WinVNC.exe
13:40:56.0031 0572 uvnc_service - ok
13:40:56.0031 0572 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:40:56.0031 0572 VgaSave - ok
13:40:56.0046 0572 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:40:56.0046 0572 viaagp - ok
13:40:56.0078 0572 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
13:40:56.0078 0572 ViaIde - ok
13:40:56.0109 0572 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:40:56.0109 0572 VolSnap - ok
13:40:56.0140 0572 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:40:56.0140 0572 VSS - ok
13:40:56.0171 0572 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
13:40:56.0171 0572 w32time - ok
13:40:56.0203 0572 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:40:56.0203 0572 Wanarp - ok
13:40:56.0218 0572 WDICA - ok
13:40:56.0234 0572 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:40:56.0234 0572 wdmaud - ok
13:40:56.0250 0572 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:40:56.0250 0572 WebClient - ok
13:40:56.0328 0572 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:40:56.0328 0572 winmgmt - ok
13:40:56.0375 0572 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:40:56.0390 0572 WinRM - ok
13:40:56.0453 0572 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:40:56.0453 0572 WmdmPmSN - ok
13:40:56.0468 0572 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:40:56.0484 0572 Wmi - ok
13:40:56.0531 0572 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:40:56.0531 0572 WmiApSrv - ok
13:40:56.0609 0572 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:40:56.0609 0572 WMPNetworkSvc - ok
13:40:56.0671 0572 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:40:56.0687 0572 WPFFontCache_v0400 - ok
13:40:56.0687 0572 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:40:56.0687 0572 WS2IFSL - ok
13:40:56.0734 0572 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:40:56.0734 0572 wscsvc - ok
13:40:56.0750 0572 WSearch - ok
13:40:56.0781 0572 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:40:56.0781 0572 wuauserv - ok
13:40:56.0812 0572 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:40:56.0828 0572 WudfPf - ok
13:40:56.0843 0572 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:40:56.0843 0572 WudfRd - ok
13:40:56.0890 0572 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:40:56.0890 0572 WudfSvc - ok
13:40:56.0906 0572 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:40:56.0921 0572 WZCSVC - ok
13:40:56.0937 0572 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:40:56.0937 0572 xmlprov - ok
13:40:56.0937 0572 ================ Scan global ===============================
13:40:56.0968 0572 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:40:57.0015 0572 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:40:57.0015 0572 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:40:57.0031 0572 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:40:57.0031 0572 [Global] - ok
13:40:57.0031 0572 ================ Scan MBR ==================================
13:40:57.0062 0572 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
13:40:57.0281 0572 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:40:57.0281 0572 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:40:57.0281 0572 ================ Scan VBR ==================================
13:40:57.0296 0572 [ 579213A935260340EFDC6F46C3136A2A ] \Device\Harddisk0\DR0\Partition1
13:40:57.0296 0572 \Device\Harddisk0\DR0\Partition1 - ok
13:40:57.0296 0572 ============================================================
13:40:57.0296 0572 Scan finished
13:40:57.0296 0572 ============================================================
13:40:57.0328 0524 Detected object count: 1
13:40:57.0328 0524 Actual detected object count: 1
13:41:03.0140 0524 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:41:03.0156 0524 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Roguekiller
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode with network support
User : User [Admin rights]
Mode : Remove -- Date : 10/10/2012 11:44:59

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 +++++
--- User ---
[MBR] c089aeafd9b98d1c636237d0d7f68bca
[BSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 305204 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RKill
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/10/2012 01:10:46 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 14918 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 10/10/2012 01:11:03 PM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)


JRT
Junkware Removal Tool (JRT) by Thisisu
Version: 1.3.9 (10.10.2012)
OS: Microsoft Windows XP x86
Ran by User on Wed 10/10/2012 at 13:11:31.92
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Wed 10/10/2012 at 13:30:47.12
End of Report


Autoruns
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "cetihpz" "HPCETIUI Protocol Handler Module" "Hewlett-Packard Company" "c:\program files\hp\hpcoretech\comp\hpuiprot.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8089.0726.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8089.0726.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Windows Desktop Search Namespace Manager" "Windows Search Namespace Manager" "Microsoft Corporation" "c:\program files\windows desktop search\msnlnamespacemgr.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\common files\symantec shared\ssc\vpshell2.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\common files\symantec shared\ssc\vpshell2.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files\windows live\writer\writerbrowserextension.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "uvnc_service" "Provides secure remote desktop sharing" "UltraVNC" "c:\program files\ultravnc\winvnc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "catchme" "" "" "File not found: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MEMSWEEP2" "" "" "File not found: C:\WINDOWS\system32\D.tmp"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20120524.003\naveng.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20120524.003\navex15.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTLE8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtenicxp.sys"
+ "RTLTEAMING" "Realtek Intermediate Driver for Ethernet Extended Features" "Realtek Semiconductor Corporation" "c:\windows\system32\drivers\rtlteaming.sys"
+ "RTLVLAN" "Realtek VLAN Intermediate Driver" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtlvlan.sys"
+ "RtNdPt5x" "Realtek NDIS Protocol Driver" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtndpt5x.sys"
+ "SAVRKBootTasks" "Sophos boot tasks for Windows 2000" "Sophos Plc" "c:\windows\system32\savrkboottasks.sys"
+ "SAVRT" "AutoProtect" "Symantec Corporation" "c:\program files\symantec antivirus\savrt.sys"
+ "SAVRTPEL" "SAVRTPEL" "Symantec Corporation" "c:\program files\symantec antivirus\savrtpel.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SPBBCDrv" "SPBBC Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\program files\symantec\symevent.sys"
+ "SYMREDRV" "Redirector Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symredrv.sys"
+ "SYMTDI" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\symtdi.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "GoToAssist" "Citrix Online GoToAssist Corporate" "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\615\g2awinlogon.dll"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
+ "NavLogon" "Symantec AntiVirus Logon Notification" "Symantec Corporation" "c:\windows\system32\navlogon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "CutePDF Writer Monitor" "" "" "c:\windows\system32\cpwmon2k.dll"
+ "EPSON WorkForce 30 Series 32MonitorBA" "EPSON Bi-directional Monitor x86" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbeea.dll"
+ "hpzlnt09" "" "HP" "c:\windows\system32\hpzlnt09.dll"
+ "RICOH Language Monitor2" "RICOH BIDI Language Monitor" "RICOH CO.,Ltd." "c:\windows\system32\rc4mon.dll"

#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 10 October 2012 - 01:49 PM

Re-run tdss killer and quarantine the found threat post new log.

Reboot into normal mode.

Download
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
xp users Doulble click it to Run it.
Vista & Win 7 users please Right Click and Run As Admin.
Once you Have Launched Malwarebytes Go to the Update Tab
Hit the Check for Updates Button.Allow the updates
Hit the Scanner Tab >>> Perform Quick Scan >>> SCAN

Once Finished Remove everything found Reboot your machine.
Post the log here in your next reply.

Edited by InadequateInfirmity, 10 October 2012 - 01:49 PM.


#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 10 October 2012 - 01:50 PM

Uninstall Spybot search and destroy please.

#12 Westley A

Westley A
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 10 October 2012 - 02:35 PM

Sorry, I missed the QuickScan and did a full scan instead.

Here's the log.

Removing SpyBot.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.10.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: WORKSTATION2 [administrator]

10/10/2012 2:00:02 PM
mbam-log-2012-10-10 (14-00-02).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267762
Time elapsed: 23 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\TDSSKiller_Quarantine\10.10.2012_13.51.06\tdlfs0000\tsk0005.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\10.10.2012_13.54.09\tdlfs0000\tsk0005.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

(end)

#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 10 October 2012 - 02:37 PM

Are you able to run in normal mode now with no issue?

#14 Westley A

Westley A
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 10 October 2012 - 02:40 PM

Yes, things seem to be working now.

Thanks for your help!

#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 10 October 2012 - 02:40 PM

Download Hitman Pro .
http://dl.surfright.nl/HitmanPro36.exe
Start the scan Go to setings.
Un-tick Scan for tracking Cookies.
Go back to scan Tab
Select ok
Then Next
No I only want to perform a one time scan to check this computer.
Enter your email to register.
Next.
After the scan make sure to select quarantine found threats.
Then select activate free license then follow the prompts.
Reboot your machine.




Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log here.





Run a scan with Eset.
http://www.eset.com/us/online-scanner/
Make sure that remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.

Edited by InadequateInfirmity, 10 October 2012 - 02:45 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users