Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection - residual symptoms


  • Please log in to reply
11 replies to this topic

#1 FormerAgentOfDeath

FormerAgentOfDeath

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 11 October 2012 - 12:47 PM

I am using a Dell Latitude E5400 (Core 2 Duo-2.4 GHz CPU) with 4GB RAM. I am running Windows XP Professional-SP3 with the latest patches applied. A few days ago I was apparently infected with one of the “FakeAlert” variants (lots of popups warning about various security issues). I could not run any executable file while in Normal mode. When I attempt to do so, I get the “Open With” dialog box as if the file associations are damaged or missing. I can run these same applications when in safe mode. Also, I was getting frequent browser redirections. I installed the latest version of malwarebytes (free version), updated and did a scan. It detected Trojan.ExeShell.gen along with 4 suspicious registry items. Mbam log shows it quarantined and repaired/deleted all of these items. I also ran TDSSKiller, but it did not detect anything. Finally, I installed SuperAntiSpyware and scanned. It detected 260 file threats and was set for automatic cleaning. Since running all the scans, I have not seen the popups from the Trojan, but I cannot connect to the web at all with IE (getting “Internet Explorer cannot display the webpage”) and I am still unable to run any executables. Also, in Control Panel, I cannot open Securty Center, Windows Firewall, etc. I get the following message: “C:\Windows\System32\rundll32.exe Application not found”.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:35 AM

Posted 11 October 2012 - 12:48 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 11 October 2012 - 01:18 PM

Thank you for your reply.

I followed your instructions. However, please note I cannot run any of these applications in Normal Mode or in Safe Mode with Networking. The only option I have is Safe Mode. Therefore, the latest definitions could not be downloaded for aswMBR, nor could the ESET Online Scanner be downloaded. Here are the logs.

14:10:54.0296 1576 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:10:54.0296 1576 ============================================================
14:10:54.0296 1576 Current date / time: 2012/10/11 14:10:54.0296
14:10:54.0296 1576 SystemInfo:
14:10:54.0296 1576
14:10:54.0296 1576 OS Version: 5.1.2600 ServicePack: 3.0
14:10:54.0296 1576 Product type: Workstation
14:10:54.0296 1576 ComputerName: JNEWMAN-MOBILE
14:10:54.0296 1576 UserName: Administrator
14:10:54.0296 1576 Windows directory: C:\WINDOWS
14:10:54.0296 1576 System windows directory: C:\WINDOWS
14:10:54.0296 1576 Processor architecture: Intel x86
14:10:54.0296 1576 Number of processors: 2
14:10:54.0296 1576 Page size: 0x1000
14:10:54.0296 1576 Boot type: Safe boot
14:10:54.0296 1576 ============================================================
14:10:58.0125 1576 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:10:58.0125 1576 ============================================================
14:10:58.0125 1576 \Device\Harddisk0\DR0:
14:10:58.0125 1576 MBR partitions:
14:10:58.0125 1576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x129F1737
14:10:58.0125 1576 ============================================================
14:10:58.0171 1576 C: <-> \Device\Harddisk0\DR0\Partition1
14:10:58.0203 1576 ============================================================
14:10:58.0203 1576 Initialize success
14:10:58.0203 1576 ============================================================
14:11:48.0515 1612 ============================================================
14:11:48.0515 1612 Scan started
14:11:48.0515 1612 Mode: Manual; TDLFS;
14:11:48.0515 1612 ============================================================
14:11:49.0093 1612 ================ Scan system memory ========================
14:11:49.0093 1612 System memory - ok
14:11:49.0093 1612 ================ Scan services =============================
14:11:49.0687 1612 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:11:49.0687 1612 !SASCORE - ok
14:11:49.0921 1612 Abiosdsk - ok
14:11:50.0000 1612 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:11:50.0000 1612 abp480n5 - ok
14:11:50.0031 1612 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:11:50.0046 1612 ACPI - ok
14:11:50.0046 1612 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:11:50.0046 1612 ACPIEC - ok
14:11:50.0203 1612 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:11:50.0218 1612 AdobeFlashPlayerUpdateSvc - ok
14:11:50.0343 1612 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:11:50.0359 1612 adpu160m - ok
14:11:50.0437 1612 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:11:50.0437 1612 aec - ok
14:11:50.0515 1612 [ FDE8ED2C9280AFB8975894AA78EEF59F ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
14:11:50.0515 1612 AESTAud - ok
14:11:50.0593 1612 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:11:50.0593 1612 AFD - ok
14:11:50.0609 1612 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:11:50.0609 1612 agp440 - ok
14:11:50.0640 1612 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:11:50.0640 1612 agpCPQ - ok
14:11:50.0703 1612 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:11:50.0703 1612 Aha154x - ok
14:11:50.0750 1612 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:11:50.0750 1612 aic78u2 - ok
14:11:50.0765 1612 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:11:50.0765 1612 aic78xx - ok
14:11:50.0812 1612 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:11:50.0890 1612 Alerter - ok
14:11:50.0921 1612 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:11:50.0921 1612 ALG - ok
14:11:50.0968 1612 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:11:50.0968 1612 AliIde - ok
14:11:51.0046 1612 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:11:51.0046 1612 alim1541 - ok
14:11:51.0125 1612 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:11:51.0125 1612 amdagp - ok
14:11:51.0171 1612 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
14:11:51.0171 1612 amsint - ok
14:11:51.0296 1612 [ 1DE27858A431A5749E0F3DF54BA935B9 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
14:11:51.0296 1612 ApfiltrService - ok
14:11:51.0437 1612 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:11:51.0468 1612 Apple Mobile Device - ok
14:11:51.0515 1612 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:11:51.0515 1612 AppMgmt - ok
14:11:51.0562 1612 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:11:51.0562 1612 Arp1394 - ok
14:11:51.0593 1612 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
14:11:51.0593 1612 asc - ok
14:11:51.0671 1612 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:11:51.0671 1612 asc3350p - ok
14:11:51.0734 1612 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:11:51.0734 1612 asc3550 - ok
14:11:51.0937 1612 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:11:51.0984 1612 aspnet_state - ok
14:11:52.0093 1612 [ 0C83FC56707BF68DB04947052A8188B1 ] astcc C:\WINDOWS\SYSTEM32\astsrv.exe
14:11:52.0093 1612 astcc - ok
14:11:52.0109 1612 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:11:52.0109 1612 AsyncMac - ok
14:11:52.0187 1612 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:11:52.0203 1612 atapi - ok
14:11:52.0265 1612 Atdisk - ok
14:11:52.0281 1612 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:11:52.0281 1612 Atmarpc - ok
14:11:52.0406 1612 [ E8F76BAE163650C6DC7E3ABEB951A102 ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
14:11:52.0453 1612 ATService - ok
14:11:52.0531 1612 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:11:52.0531 1612 AudioSrv - ok
14:11:52.0593 1612 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:11:52.0593 1612 audstub - ok
14:11:52.0687 1612 [ 7305E36433AE7CE4A878CCC900BCF2A8 ] awecho C:\WINDOWS\system32\drivers\awechomd.sys
14:11:52.0687 1612 awecho - ok
14:11:52.0750 1612 [ 66847905242D7C66CD628643EB3413FE ] awhost32 C:\Program Files\Symantec\pcAnywhere\awhost32.exe
14:11:52.0750 1612 awhost32 - ok
14:11:52.0781 1612 [ 1464F3DAF223E7A204BAF1B556EE7769 ] awlegacy C:\WINDOWS\System32\Drivers\awlegacy.sys
14:11:52.0781 1612 awlegacy - ok
14:11:52.0796 1612 [ 71C32536B50136E9E439306A2E9296E2 ] AW_HOST C:\WINDOWS\system32\drivers\aw_host5.sys
14:11:52.0796 1612 AW_HOST - ok
14:11:52.0890 1612 [ 58911390115465BF6D8048F21F48655A ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:11:52.0890 1612 b57w2k - ok
14:11:52.0984 1612 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\MgmtAgent\BASFND.sys
14:11:52.0984 1612 BASFND - ok
14:11:53.0156 1612 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
14:11:53.0203 1612 BBSvc - ok
14:11:53.0281 1612 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
14:11:53.0281 1612 BBUpdate - ok
14:11:53.0453 1612 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:11:53.0453 1612 BcmSqlStartupSvc - ok
14:11:53.0531 1612 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:11:53.0531 1612 Beep - ok
14:11:53.0640 1612 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:11:53.0734 1612 BITS - ok
14:11:53.0812 1612 [ 9B53D428DE0A2566A03499D7AA48DEC4 ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys
14:11:53.0828 1612 Blfp - ok
14:11:54.0000 1612 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:11:54.0015 1612 Bonjour Service - ok
14:11:54.0031 1612 [ B45BB1781F0DB38BDF52DD9277E53E4A ] BrcmMgmtAgent C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
14:11:54.0031 1612 BrcmMgmtAgent - ok
14:11:54.0109 1612 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:11:54.0109 1612 Browser - ok
14:11:54.0218 1612 [ 4749020C47AA0F13F256D8F694751812 ] buttonsvc32 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
14:11:54.0218 1612 buttonsvc32 - ok
14:11:54.0312 1612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:11:54.0312 1612 cbidf - ok
14:11:54.0312 1612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:11:54.0312 1612 cbidf2k - ok
14:11:54.0375 1612 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:11:54.0390 1612 cd20xrnt - ok
14:11:54.0421 1612 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:11:54.0421 1612 Cdaudio - ok
14:11:54.0453 1612 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:11:54.0453 1612 Cdfs - ok
14:11:54.0531 1612 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:11:54.0531 1612 Cdrom - ok
14:11:54.0546 1612 Changer - ok
14:11:54.0593 1612 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:11:54.0593 1612 CiSvc - ok
14:11:54.0625 1612 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:11:54.0625 1612 ClipSrv - ok
14:11:54.0718 1612 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:54.0828 1612 clr_optimization_v2.0.50727_32 - ok
14:11:54.0890 1612 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:11:54.0890 1612 CmBatt - ok
14:11:54.0921 1612 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:11:54.0921 1612 CmdIde - ok
14:11:54.0968 1612 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:11:54.0968 1612 Compbatt - ok
14:11:54.0984 1612 COMSysApp - ok
14:11:55.0078 1612 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:11:55.0078 1612 Cpqarray - ok
14:11:55.0328 1612 [ C128E740CDB1048FB72F4F80FA384943 ] CrossLoopService C:\Documents and Settings\jnewman\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
14:11:55.0328 1612 CrossLoopService - ok
14:11:55.0406 1612 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:11:55.0406 1612 CryptSvc - ok
14:11:55.0468 1612 [ CB7D7C0E74ADCB7DA96D08EC8DB86062 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:11:55.0468 1612 CVirtA - ok
14:11:55.0562 1612 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:11:55.0562 1612 dac2w2k - ok
14:11:55.0593 1612 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:11:55.0593 1612 dac960nt - ok
14:11:55.0656 1612 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:11:55.0656 1612 DcomLaunch - ok
14:11:55.0796 1612 [ 4585A5A02186EE2B51254E70B304366D ] dcpsysmgrsvc C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
14:11:55.0796 1612 dcpsysmgrsvc - ok
14:11:55.0875 1612 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:11:55.0890 1612 Dhcp - ok
14:11:55.0953 1612 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:11:55.0953 1612 Disk - ok
14:11:56.0031 1612 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
14:11:56.0031 1612 DLABMFSM - ok
14:11:56.0109 1612 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
14:11:56.0109 1612 DLABOIOM - ok
14:11:56.0125 1612 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:11:56.0125 1612 DLACDBHM - ok
14:11:56.0140 1612 [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS
14:11:56.0140 1612 DLADResM - ok
14:11:56.0156 1612 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
14:11:56.0171 1612 DLAIFS_M - ok
14:11:56.0187 1612 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
14:11:56.0187 1612 DLAOPIOM - ok
14:11:56.0203 1612 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
14:11:56.0203 1612 DLAPoolM - ok
14:11:56.0218 1612 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
14:11:56.0218 1612 DLARTL_M - ok
14:11:56.0234 1612 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
14:11:56.0234 1612 DLAUDFAM - ok
14:11:56.0250 1612 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
14:11:56.0250 1612 DLAUDF_M - ok
14:11:56.0515 1612 dmadmin - ok
14:11:56.0781 1612 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:11:56.0828 1612 dmboot - ok
14:11:56.0859 1612 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:11:56.0890 1612 dmio - ok
14:11:56.0921 1612 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:11:56.0921 1612 dmload - ok
14:11:56.0953 1612 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:11:56.0953 1612 dmserver - ok
14:11:57.0046 1612 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:11:57.0046 1612 DMusic - ok
14:11:57.0125 1612 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:11:57.0125 1612 Dnscache - ok
14:11:57.0156 1612 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:11:57.0203 1612 Dot3svc - ok
14:11:57.0234 1612 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:11:57.0234 1612 dpti2o - ok
14:11:57.0281 1612 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:11:57.0281 1612 drmkaud - ok
14:11:57.0296 1612 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:11:57.0296 1612 DRVMCDB - ok
14:11:57.0296 1612 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:11:57.0296 1612 DRVNDDM - ok
14:11:57.0343 1612 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:11:57.0343 1612 EapHost - ok
14:11:57.0375 1612 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:11:57.0375 1612 ERSvc - ok
14:11:57.0437 1612 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:11:57.0468 1612 Eventlog - ok
14:11:57.0578 1612 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:11:57.0578 1612 EventSystem - ok
14:11:57.0750 1612 [ 2D41D7250F73272946DE04FF7A19761E ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:11:57.0781 1612 EvtEng - ok
14:11:57.0859 1612 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:11:57.0859 1612 Fastfat - ok
14:11:57.0953 1612 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:11:57.0953 1612 FastUserSwitchingCompatibility - ok
14:11:58.0031 1612 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
14:11:58.0031 1612 Fax - ok
14:11:58.0046 1612 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
14:11:58.0046 1612 Fdc - ok
14:11:58.0062 1612 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:11:58.0062 1612 Fips - ok
14:11:58.0171 1612 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:11:58.0171 1612 FLEXnet Licensing Service - ok
14:11:58.0234 1612 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:11:58.0234 1612 Flpydisk - ok
14:11:58.0296 1612 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:11:58.0296 1612 FltMgr - ok
14:11:58.0437 1612 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:11:58.0437 1612 FontCache3.0.0.0 - ok
14:11:58.0468 1612 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:11:58.0468 1612 Fs_Rec - ok
14:11:58.0546 1612 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:11:58.0546 1612 Ftdisk - ok
14:11:58.0640 1612 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:11:58.0640 1612 GEARAspiWDM - ok
14:11:58.0640 1612 [ FD25177CED6751C14DE170D8282CED90 ] Gernuwa C:\WINDOWS\system32\drivers\Gernuwa.sys
14:11:58.0640 1612 Gernuwa - ok
14:11:58.0828 1612 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
14:11:58.0843 1612 GoogleDesktopManager-051210-111108 - ok
14:11:58.0906 1612 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:11:58.0921 1612 Gpc - ok
14:11:59.0000 1612 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:11:59.0000 1612 gupdate - ok
14:11:59.0015 1612 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:11:59.0015 1612 gupdatem - ok
14:11:59.0109 1612 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:11:59.0109 1612 gusvc - ok
14:11:59.0156 1612 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:11:59.0156 1612 HDAudBus - ok
14:11:59.0312 1612 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:11:59.0312 1612 helpsvc - ok
14:11:59.0343 1612 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:11:59.0343 1612 HidServ - ok
14:11:59.0375 1612 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:11:59.0375 1612 hidusb - ok
14:11:59.0421 1612 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:11:59.0421 1612 hkmsvc - ok
14:11:59.0484 1612 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
14:11:59.0484 1612 hpn - ok
14:11:59.0687 1612 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:11:59.0703 1612 hpqcxs08 - ok
14:11:59.0781 1612 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:11:59.0796 1612 hpqddsvc - ok
14:11:59.0890 1612 [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
14:11:59.0921 1612 HPSLPSVC - ok
14:12:00.0000 1612 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:12:00.0000 1612 HPZid412 - ok
14:12:00.0031 1612 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:12:00.0031 1612 HPZipr12 - ok
14:12:00.0062 1612 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:12:00.0062 1612 HPZius12 - ok
14:12:00.0125 1612 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:12:00.0140 1612 HTTP - ok
14:12:00.0203 1612 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:12:00.0265 1612 HTTPFilter - ok
14:12:00.0281 1612 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:12:00.0281 1612 i2omgmt - ok
14:12:00.0328 1612 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:12:00.0328 1612 i2omp - ok
14:12:00.0375 1612 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:12:00.0375 1612 i8042prt - ok
14:12:00.0453 1612 [ F148C2E931BFC20397EDC0A7B4F8E22B ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:12:00.0453 1612 IAANTMON - ok
14:12:00.0671 1612 [ 4F3139829F1AC202FF0D29C2FD6C15B6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:12:00.0812 1612 ialm - ok
14:12:00.0890 1612 [ 692830B048AACD7E0D6EDEDF098ACC01 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
14:12:00.0890 1612 iaStor - ok
14:12:01.0062 1612 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:12:01.0109 1612 idsvc - ok
14:12:01.0187 1612 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:12:01.0187 1612 Imapi - ok
14:12:01.0250 1612 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:12:01.0265 1612 ImapiService - ok
14:12:01.0296 1612 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:12:01.0296 1612 ini910u - ok
14:12:01.0406 1612 [ 64C301D73DB18EBDC8680CA82D82AF2D ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
14:12:01.0406 1612 IntcHdmiAddService - ok
14:12:01.0437 1612 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:12:01.0453 1612 IntelIde - ok
14:12:01.0484 1612 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:12:01.0484 1612 intelppm - ok
14:12:01.0515 1612 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:12:01.0515 1612 Ip6Fw - ok
14:12:01.0562 1612 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:12:01.0562 1612 IpFilterDriver - ok
14:12:01.0562 1612 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:12:01.0562 1612 IpInIp - ok
14:12:01.0578 1612 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:12:01.0593 1612 IpNat - ok
14:12:01.0671 1612 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:12:01.0703 1612 iPod Service - ok
14:12:01.0718 1612 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:12:01.0718 1612 IPSec - ok
14:12:01.0734 1612 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:12:01.0734 1612 IRENUM - ok
14:12:01.0828 1612 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:12:01.0828 1612 isapnp - ok
14:12:02.0000 1612 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
14:12:02.0000 1612 JavaQuickStarterService - ok
14:12:02.0062 1612 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:12:02.0078 1612 Kbdclass - ok
14:12:02.0093 1612 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:12:02.0093 1612 kbdhid - ok
14:12:02.0109 1612 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:12:02.0109 1612 kmixer - ok
14:12:02.0125 1612 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:12:02.0125 1612 KSecDD - ok
14:12:02.0203 1612 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
14:12:02.0203 1612 LanmanServer - ok
14:12:02.0281 1612 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:12:02.0296 1612 lanmanworkstation - ok
14:12:02.0296 1612 lbrtfdc - ok
14:12:02.0359 1612 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:12:02.0359 1612 LmHosts - ok
14:12:02.0437 1612 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:12:02.0437 1612 Messenger - ok
14:12:02.0515 1612 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:12:02.0515 1612 mnmdd - ok
14:12:02.0515 1612 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:12:02.0515 1612 mnmsrvc - ok
14:12:02.0546 1612 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:12:02.0546 1612 Modem - ok
14:12:02.0625 1612 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:12:02.0625 1612 Mouclass - ok
14:12:02.0640 1612 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:12:02.0640 1612 mouhid - ok
14:12:02.0656 1612 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:12:02.0656 1612 MountMgr - ok
14:12:02.0687 1612 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:12:02.0687 1612 mraid35x - ok
14:12:02.0703 1612 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:12:02.0703 1612 MRxDAV - ok
14:12:02.0765 1612 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:12:02.0796 1612 MRxSmb - ok
14:12:02.0859 1612 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:12:02.0859 1612 MSDTC - ok
14:12:02.0875 1612 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:12:02.0875 1612 Msfs - ok
14:12:02.0875 1612 MSIServer - ok
14:12:02.0906 1612 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:12:02.0906 1612 MSKSSRV - ok
14:12:02.0906 1612 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:12:02.0906 1612 MSPCLOCK - ok
14:12:02.0937 1612 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:12:02.0937 1612 MSPQM - ok
14:12:02.0968 1612 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:12:02.0968 1612 mssmbios - ok
14:12:03.0078 1612 MSSQL$MSSMLBIZ - ok
14:12:03.0171 1612 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:12:03.0187 1612 MSSQLServerADHelper - ok
14:12:03.0281 1612 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:12:03.0281 1612 Mup - ok
14:12:03.0359 1612 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:12:03.0359 1612 napagent - ok
14:12:03.0390 1612 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:12:03.0390 1612 NDIS - ok
14:12:03.0468 1612 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:12:03.0468 1612 NdisTapi - ok
14:12:03.0546 1612 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:12:03.0546 1612 Ndisuio - ok
14:12:03.0609 1612 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:12:03.0609 1612 NdisWan - ok
14:12:03.0687 1612 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:12:03.0687 1612 NDProxy - ok
14:12:03.0781 1612 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:12:03.0781 1612 Net Driver HPZ12 - ok
14:12:03.0796 1612 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:12:03.0796 1612 NetBIOS - ok
14:12:03.0828 1612 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:12:03.0828 1612 NetBT - ok
14:12:03.0890 1612 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:12:03.0890 1612 NetDDE - ok
14:12:03.0890 1612 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:12:03.0906 1612 NetDDEdsdm - ok
14:12:03.0968 1612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:12:03.0968 1612 Netlogon - ok
14:12:03.0984 1612 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:12:04.0000 1612 Netman - ok
14:12:04.0062 1612 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:12:04.0062 1612 NetTcpPortSharing - ok
14:12:04.0593 1612 [ CFE1981A47A2F7650A1EF8917DC4D1C3 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
14:12:04.0687 1612 NETw5x32 - ok
14:12:04.0718 1612 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:12:04.0718 1612 NIC1394 - ok
14:12:04.0796 1612 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:12:04.0796 1612 Nla - ok
14:12:04.0875 1612 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:12:04.0875 1612 Npfs - ok
14:12:04.0953 1612 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:12:04.0953 1612 Ntfs - ok
14:12:04.0968 1612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:12:04.0968 1612 NtLmSsp - ok
14:12:05.0046 1612 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:12:05.0062 1612 NtmsSvc - ok
14:12:05.0078 1612 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:12:05.0093 1612 Null - ok
14:12:05.0109 1612 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:12:05.0109 1612 NwlnkFlt - ok
14:12:05.0125 1612 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:12:05.0140 1612 NwlnkFwd - ok
14:12:05.0500 1612 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:12:05.0500 1612 odserv - ok
14:12:05.0562 1612 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:12:05.0593 1612 ohci1394 - ok
14:12:05.0640 1612 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:12:05.0640 1612 ose - ok
14:12:05.0718 1612 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
14:12:05.0734 1612 Parport - ok
14:12:05.0734 1612 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:12:05.0734 1612 PartMgr - ok
14:12:05.0781 1612 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:12:05.0781 1612 ParVdm - ok
14:12:05.0796 1612 [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV C:\WINDOWS\system32\DRIVERS\PBADRV.sys
14:12:05.0796 1612 PBADRV - ok
14:12:05.0843 1612 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:12:05.0875 1612 PCI - ok
14:12:05.0890 1612 PCIDump - ok
14:12:05.0906 1612 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:12:05.0906 1612 PCIIde - ok
14:12:05.0937 1612 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:12:05.0937 1612 Pcmcia - ok
14:12:05.0953 1612 PDCOMP - ok
14:12:05.0953 1612 PDFRAME - ok
14:12:05.0953 1612 PDRELI - ok
14:12:05.0968 1612 PDRFRAME - ok
14:12:05.0984 1612 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
14:12:05.0984 1612 perc2 - ok
14:12:06.0031 1612 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:12:06.0031 1612 perc2hib - ok
14:12:06.0078 1612 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:12:06.0078 1612 PlugPlay - ok
14:12:06.0171 1612 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:12:06.0171 1612 Pml Driver HPZ12 - ok
14:12:06.0218 1612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:12:06.0218 1612 PolicyAgent - ok
14:12:06.0312 1612 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:12:06.0312 1612 PptpMiniport - ok
14:12:06.0312 1612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:12:06.0312 1612 ProtectedStorage - ok
14:12:06.0328 1612 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:12:06.0328 1612 PSched - ok
14:12:06.0343 1612 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:12:06.0343 1612 Ptilink - ok
14:12:06.0421 1612 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:12:06.0421 1612 PxHelp20 - ok
14:12:06.0453 1612 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:12:06.0453 1612 ql1080 - ok
14:12:06.0500 1612 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:12:06.0500 1612 Ql10wnt - ok
14:12:06.0500 1612 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:12:06.0500 1612 ql12160 - ok
14:12:06.0515 1612 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:12:06.0515 1612 ql1240 - ok
14:12:06.0593 1612 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:12:06.0593 1612 ql1280 - ok
14:12:06.0625 1612 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:12:06.0625 1612 RasAcd - ok
14:12:06.0703 1612 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:12:06.0703 1612 RasAuto - ok
14:12:06.0734 1612 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:12:06.0734 1612 Rasl2tp - ok
14:12:06.0750 1612 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:12:06.0750 1612 RasMan - ok
14:12:06.0765 1612 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:12:06.0765 1612 RasPppoe - ok
14:12:06.0781 1612 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:12:06.0781 1612 Raspti - ok
14:12:06.0796 1612 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:12:06.0796 1612 Rdbss - ok
14:12:06.0812 1612 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:12:06.0812 1612 RDPCDD - ok
14:12:06.0843 1612 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:12:06.0843 1612 rdpdr - ok
14:12:06.0890 1612 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:12:06.0890 1612 RDPWD - ok
14:12:06.0921 1612 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:12:06.0921 1612 RDSessMgr - ok
14:12:06.0953 1612 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:12:06.0953 1612 redbook - ok
14:12:07.0093 1612 [ ED8C9F16E10C1E4C4C5D16CD04966E24 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:12:07.0109 1612 RegSrvc - ok
14:12:07.0140 1612 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:12:07.0140 1612 RemoteAccess - ok
14:12:07.0140 1612 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:12:07.0156 1612 RemoteRegistry - ok
14:12:07.0203 1612 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
14:12:07.0203 1612 rimmptsk - ok
14:12:07.0281 1612 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:12:07.0281 1612 RpcLocator - ok
14:12:07.0343 1612 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:12:07.0343 1612 RpcSs - ok
14:12:07.0359 1612 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:12:07.0375 1612 RSVP - ok
14:12:07.0453 1612 [ D7F1F8D85F31CBB74442EC30177885CC ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
14:12:07.0500 1612 S24EventMonitor - ok
14:12:07.0562 1612 [ 1F950F97DBF5E0BA4FBBFAF074D3B47C ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:12:07.0562 1612 s24trans - ok
14:12:07.0578 1612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:12:07.0578 1612 SamSs - ok
14:12:07.0671 1612 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:12:07.0671 1612 SASDIFSV - ok
14:12:07.0687 1612 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:12:07.0687 1612 SASKUTIL - ok
14:12:07.0765 1612 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:12:07.0765 1612 SCardSvr - ok
14:12:07.0796 1612 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:12:07.0796 1612 Schedule - ok
14:12:07.0875 1612 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:12:07.0875 1612 sdbus - ok
14:12:07.0906 1612 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:12:07.0906 1612 Secdrv - ok
14:12:07.0921 1612 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:12:07.0921 1612 seclogon - ok
14:12:08.0109 1612 [ E80163F46AE96CC0A05FB9F3F55DEB18 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
14:12:08.0125 1612 SecureStorageService - ok
14:12:08.0156 1612 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:12:08.0203 1612 SENS - ok
14:12:08.0234 1612 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
14:12:08.0234 1612 Serial - ok
14:12:08.0343 1612 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:12:08.0343 1612 Sfloppy - ok
14:12:08.0421 1612 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:12:08.0421 1612 SharedAccess - ok
14:12:08.0453 1612 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:12:08.0453 1612 ShellHWDetection - ok
14:12:08.0453 1612 Simbad - ok
14:12:08.0484 1612 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:12:08.0484 1612 sisagp - ok
14:12:08.0671 1612 [ 142EB9DFED214C274D862D3D17E4498B ] SMManager C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
14:12:08.0671 1612 SMManager - ok
14:12:08.0718 1612 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:12:08.0718 1612 Sparrow - ok
14:12:08.0765 1612 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:12:08.0781 1612 splitter - ok
14:12:08.0843 1612 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:12:08.0843 1612 Spooler - ok
14:12:08.0921 1612 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:12:08.0937 1612 SQLBrowser - ok
14:12:09.0000 1612 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:12:09.0015 1612 SQLWriter - ok
14:12:09.0046 1612 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:12:09.0046 1612 sr - ok
14:12:09.0125 1612 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:12:09.0125 1612 srservice - ok
14:12:09.0203 1612 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:12:09.0203 1612 Srv - ok
14:12:09.0234 1612 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:12:09.0234 1612 SSDPSRV - ok
14:12:09.0343 1612 [ 12898D947CFCB36CB7A43E8F86A53CBC ] STacSV c:\drivers\audio\r190031\stacsv.exe
14:12:09.0343 1612 STacSV - ok
14:12:09.0390 1612 [ 503A4536C83E041DDCDF75B38CD5ECF7 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
14:12:09.0437 1612 STHDA - ok
14:12:09.0500 1612 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
14:12:09.0500 1612 StillCam - ok
14:12:09.0531 1612 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:12:09.0531 1612 stisvc - ok
14:12:09.0625 1612 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:12:09.0625 1612 stllssvr - ok
14:12:09.0656 1612 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:12:09.0671 1612 swenum - ok
14:12:09.0734 1612 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:12:09.0734 1612 swmidi - ok
14:12:09.0750 1612 SwPrv - ok
14:12:09.0828 1612 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
14:12:09.0828 1612 symc810 - ok
14:12:09.0859 1612 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:12:09.0875 1612 symc8xx - ok
14:12:09.0984 1612 [ 42123611A49C33536AB29BDD852A9F5E ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
14:12:10.0000 1612 SymEvent - ok
14:12:10.0000 1612 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:12:10.0000 1612 sym_hi - ok
14:12:10.0015 1612 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:12:10.0015 1612 sym_u3 - ok
14:12:10.0046 1612 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:12:10.0046 1612 sysaudio - ok
14:12:10.0109 1612 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:12:10.0125 1612 SysmonLog - ok
14:12:10.0156 1612 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:12:10.0171 1612 TapiSrv - ok
14:12:10.0265 1612 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:12:10.0265 1612 Tcpip - ok
14:12:10.0375 1612 [ BA9202E263A6FC1FFD7889FEA186A2C4 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
14:12:10.0421 1612 tcsd_win32.exe - ok
14:12:10.0515 1612 [ EA63BF38938AD9917BEB1846D6D15C84 ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
14:12:10.0546 1612 TdmService - ok
14:12:10.0640 1612 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:12:10.0640 1612 TDPIPE - ok
14:12:10.0656 1612 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:12:10.0656 1612 TDTCP - ok
14:12:10.0687 1612 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:12:10.0687 1612 TermDD - ok
14:12:10.0781 1612 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:12:10.0781 1612 TermService - ok
14:12:10.0812 1612 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:12:10.0812 1612 Themes - ok
14:12:10.0843 1612 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:12:10.0843 1612 TlntSvr - ok
14:12:10.0906 1612 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
14:12:10.0906 1612 TosIde - ok
14:12:10.0937 1612 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:12:10.0937 1612 TrkWks - ok
14:12:11.0140 1612 [ 7694DCA064D0B7E0D1A6972BB9C71B39 ] tvnserver C:\Documents and Settings\jnewman\Local Settings\Application Data\CrossLoop\tvnserver.exe
14:12:11.0171 1612 tvnserver - ok
14:12:11.0281 1612 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:12:11.0281 1612 Udfs - ok
14:12:11.0343 1612 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
14:12:11.0343 1612 ultra - ok
14:12:11.0390 1612 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:12:11.0390 1612 Update - ok
14:12:11.0468 1612 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:12:11.0468 1612 upnphost - ok
14:12:11.0468 1612 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:12:11.0468 1612 UPS - ok
14:12:11.0546 1612 [ E8C1B9EBAC65288E1B51E8A987D98AF6 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:12:11.0562 1612 USBAAPL - ok
14:12:11.0625 1612 [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:12:11.0625 1612 usbccgp - ok
14:12:11.0671 1612 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:12:11.0671 1612 usbehci - ok
14:12:11.0734 1612 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:12:11.0734 1612 usbhub - ok
14:12:11.0828 1612 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:12:11.0828 1612 usbprint - ok
14:12:11.0906 1612 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:12:11.0906 1612 usbscan - ok
14:12:11.0984 1612 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:12:11.0984 1612 USBSTOR - ok
14:12:11.0984 1612 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:12:11.0984 1612 usbuhci - ok
14:12:12.0000 1612 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:12:12.0000 1612 VgaSave - ok
14:12:12.0031 1612 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:12:12.0031 1612 viaagp - ok
14:12:12.0078 1612 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:12:12.0078 1612 ViaIde - ok
14:12:12.0125 1612 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:12:12.0125 1612 VolSnap - ok
14:12:12.0250 1612 [ 5EA22CB6B100212837A97F281EDB3C47 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
14:12:12.0250 1612 vpnagent - ok
14:12:12.0296 1612 [ E1F2333A88EC4A5C8EA6BE357323B72D ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
14:12:12.0296 1612 vpnva - ok
14:12:12.0296 1612 vsdatant - ok
14:12:12.0343 1612 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:12:12.0359 1612 VSS - ok
14:12:12.0375 1612 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
14:12:12.0390 1612 w32time - ok
14:12:12.0406 1612 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:12:12.0406 1612 Wanarp - ok
14:12:12.0484 1612 [ 0BE8DD6C95C5BDFF9C5F3FA8095D304C ] WavxDMgr C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
14:12:12.0484 1612 WavxDMgr - ok
14:12:12.0562 1612 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:12:12.0562 1612 Wdf01000 - ok
14:12:12.0562 1612 WDICA - ok
14:12:12.0578 1612 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:12:12.0578 1612 wdmaud - ok
14:12:12.0593 1612 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:12:12.0609 1612 WebClient - ok
14:12:12.0671 1612 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
14:12:12.0671 1612 WinDefend - ok
14:12:12.0843 1612 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:12:12.0843 1612 winmgmt - ok
14:12:12.0921 1612 [ BD4DACD31BD71CFCD5610BF9AD6E06E7 ] WLANKEEPER C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
14:12:12.0937 1612 WLANKEEPER - ok
14:12:13.0000 1612 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:12:13.0000 1612 WmdmPmSN - ok
14:12:13.0078 1612 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:12:13.0093 1612 Wmi - ok
14:12:13.0156 1612 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:12:13.0156 1612 WmiAcpi - ok
14:12:13.0234 1612 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:12:13.0250 1612 WmiApSrv - ok
14:12:13.0359 1612 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:12:13.0390 1612 WMPNetworkSvc - ok
14:12:13.0468 1612 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:12:13.0468 1612 wscsvc - ok
14:12:13.0546 1612 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:12:13.0546 1612 WudfPf - ok
14:12:13.0546 1612 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:12:13.0562 1612 WudfRd - ok
14:12:13.0562 1612 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:12:13.0625 1612 WudfSvc - ok
14:12:13.0671 1612 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:12:13.0671 1612 WZCSVC - ok
14:12:13.0687 1612 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:12:13.0687 1612 xmlprov - ok
14:12:13.0703 1612 ================ Scan global ===============================
14:12:13.0781 1612 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:12:13.0859 1612 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:12:13.0875 1612 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:12:13.0890 1612 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:12:13.0890 1612 [Global] - ok
14:12:13.0890 1612 ================ Scan MBR ==================================
14:12:13.0921 1612 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:12:14.0359 1612 \Device\Harddisk0\DR0 - ok
14:12:14.0359 1612 ================ Scan VBR ==================================
14:12:14.0359 1612 [ 9CB38F12C89DB969251A6D7AB342B043 ] \Device\Harddisk0\DR0\Partition1
14:12:14.0359 1612 \Device\Harddisk0\DR0\Partition1 - ok
14:12:14.0375 1612 ============================================================
14:12:14.0375 1612 Scan finished
14:12:14.0375 1612 ============================================================
14:12:14.0375 1604 Detected object count: 0
14:12:14.0375 1604 Actual detected object count: 0
14:12:23.0156 1568 Deinitialize success


--- --- --- --- --- --- --- ---

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-11 14:16:25
-----------------------------
14:16:25.796 OS Version: Windows 5.1.2600 Service Pack 3
14:16:25.796 Number of processors: 2 586 0x1706
14:16:25.796 ComputerName: JNEWMAN-MOBILE UserName: Administrator
14:16:28.921 Initialize success
14:16:48.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:16:48.359 Disk 0 Vendor: ST916031 DE05 Size: 152627MB BusType: 3
14:16:48.406 Disk 0 MBR read successfully
14:16:48.421 Disk 0 MBR scan
14:16:48.421 Disk 0 Windows VISTA default MBR code
14:16:48.437 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
14:16:48.468 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152546 MB offset 160650
14:16:48.484 Disk 0 scanning sectors +312576705
14:16:48.640 Disk 0 scanning C:\WINDOWS\system32\drivers
14:17:00.312 Service scanning
14:17:32.671 Modules scanning
14:17:38.531 Disk 0 trace - called modules:
14:17:38.578 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:17:38.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a455318]
14:17:39.359 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a456028]
14:17:39.406 Scan finished successfully
14:20:08.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jnewman\Desktop\New Folder\MBR.dat"
14:20:08.406 The log file has been saved successfully to "C:\Documents and Settings\jnewman\Desktop\New Folder\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:35 AM

Posted 11 October 2012 - 01:32 PM

Run this tool in safemode with networking

Please download exeHelper to your desktop.

http://www.raktor.net/exeHelper/exeHelper.com

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

You should be able to launch applications now

#5 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 11 October 2012 - 03:34 PM

Yes, thank you. I was now able to run these as instructed under Normal Mode.
Logs to follow -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-11 14:43:59
-----------------------------
14:43:59.500 OS Version: Windows 5.1.2600 Service Pack 3
14:43:59.500 Number of processors: 2 586 0x1706
14:43:59.500 ComputerName: JNEWMAN-MOBILE UserName: jnewman
14:44:11.671 Initialize success
14:45:27.000 AVAST engine download error: 0
15:08:09.875 The log file has been saved successfully to "C:\Documents and Settings\jnewman\Desktop\New Folder\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-11 14:43:59
-----------------------------
14:43:59.500 OS Version: Windows 5.1.2600 Service Pack 3
14:43:59.500 Number of processors: 2 586 0x1706
14:43:59.500 ComputerName: JNEWMAN-MOBILE UserName: jnewman
14:44:11.671 Initialize success
14:45:27.000 AVAST engine download error: 0
15:08:09.875 The log file has been saved successfully to "C:\Documents and Settings\jnewman\Desktop\New Folder\aswMBR.txt"
15:08:19.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:08:19.265 Disk 0 Vendor: ST916031 DE05 Size: 152627MB BusType: 3
15:08:19.296 Disk 0 MBR read successfully
15:08:19.312 Disk 0 MBR scan
15:08:19.312 Disk 0 Windows VISTA default MBR code
15:08:19.312 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
15:08:19.328 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152546 MB offset 160650
15:08:19.328 Disk 0 scanning sectors +312576705
15:08:19.515 Disk 0 scanning C:\WINDOWS\system32\drivers
15:08:29.921 Service scanning
15:08:56.265 Modules scanning
15:09:06.812 Disk 0 trace - called modules:
15:09:07.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:09:07.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a231478]
15:09:07.593 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a805028]
15:09:07.593 Scan finished successfully
15:25:42.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jnewman\Desktop\New Folder\MBR.dat"
15:25:42.953 The log file has been saved successfully to "C:\Documents and Settings\jnewman\Desktop\New Folder\aswMBR.txt"


--- --- --- ---
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6377f63c89a4e1428ce7dafeb0f64f3a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-11 08:20:14
# local_time=2012-10-11 04:20:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=87211
# found=0
# cleaned=0
# scan_time=2437

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:35 AM

Posted 11 October 2012 - 03:47 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

#7 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 12 October 2012 - 07:28 AM

Here are the logs in the order you requested -

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
jnewman :: JNEWMAN-MOBILE [administrator]

10/11/2012 5:02:44 PM
mbam-log-2012-10-11 (17-02-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333512
Time elapsed: 1 hour(s), 26 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP805\A0074946.exe (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

--- --- --- ---
MiniToolBox by Farbar Version: 23-07-2012
Ran by jnewman (administrator) on 12-10-2012 at 08:21:24
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Disconnected)
Cisco AnyConnect VPN Virtual Miniport Adapter for Windows = Cisco AnyConnect VPN Client Connection (Disconnected)
1394 Net Adapter = 1394 Connection (Connected)
Intel® WiFi Link 5300 AGN = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : jnewman-mobile

Primary Dns Suffix . . . . . . . : pfg.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : pfg.local



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® WiFi Link 5300 AGN

Physical Address. . . . . . . . . : 00-21-6A-0C-4F-68

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Friday, October 12, 2012 8:20:33 AM

Lease Expires . . . . . . . . . . : Saturday, October 13, 2012 8:20:33 AM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.228.32, 74.125.228.38, 74.125.228.35, 74.125.228.34
74.125.228.33, 74.125.228.39, 74.125.228.40, 74.125.228.46, 74.125.228.37
74.125.228.41, 74.125.228.36



Pinging google.com [74.125.228.32] with 32 bytes of data:



Reply from 74.125.228.32: bytes=32 time=43ms TTL=53

Reply from 74.125.228.32: bytes=32 time=54ms TTL=53



Ping statistics for 74.125.228.32:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 54ms, Average = 48ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=1127ms TTL=47

Reply from 72.30.38.140: bytes=32 time=1031ms TTL=47



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1031ms, Maximum = 1127ms, Average = 1079ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 6a 0c 4f 68 ...... Intel® WiFi Link 5300 AGN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.3 192.168.1.3 20
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 20
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 20
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 20
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/12/2012 08:21:04 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for PFG\jnewman failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/12/2012 08:19:53 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/12/2012 08:19:47 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/12/2012 08:19:45 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (10/12/2012 06:42:38 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for PFG\jnewman failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/12/2012 06:41:28 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/12/2012 02:02:01 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070424, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/11/2012 10:42:39 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for PFG\jnewman failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/11/2012 10:41:29 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (10/11/2012 02:42:45 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for PFG\jnewman failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.


System errors:
=============
Error: (10/12/2012 08:21:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/12/2012 08:20:36 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (10/12/2012 08:19:51 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/12/2012 08:19:51 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/12/2012 08:19:50 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/12/2012 08:19:50 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (10/12/2012 08:19:50 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (10/12/2012 08:19:50 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (10/12/2012 08:19:45 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain PFG due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (10/12/2012 08:19:44 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
6500_E709_BasicWeb (Version: 140.0.000.000)
6500_E709_Help_BasicWeb (Version: 1.00.0000)
Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.5.2)
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Shockwave Player (Version: 11)
All Day Battery Life Configuration (Version: 1.1.0)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.2.0)
Ask Toolbar Updater (Version: 1.2.1.23037)
AuthenTec Fingerprint System (Version: 8.1.0.78)
Bing Bar (Version: 7.0.822.0)
BioAPI Framework (Version: 1.0.1)
biolsp patch (Version: 01.00.02.0005)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware_Ini (Version: 1.00.0000)
Broadcom Management Programs (Version: 11.66.01)
Broadcom TPM Driver Installer (Version: 8.04.04)
Browser Address Error Redirector (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.4.0.8)
Canon Personal Printing Guide (Version: 1.1.0.2)
Canon PowerShot SD1300 IS_IXUS 105 Camera User Guide (Version: 1.0.0.2)
Canon Utilities CameraWindow (Version: 7.4.0.7)
Canon Utilities CameraWindow DC 8 (Version: 8.1.0.11)
Canon Utilities Movie Uploader for YouTube (Version: 1.0.0.11)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.5.0.14)
CASE Management System Summit Edition 2.1
Cisco AnyConnect VPN Client (Version: 2.4.1012)
Coupon Cabin Toolbar (Version: 1.0)
Critical Update for Windows Media Player 11 (KB959772)
CrossLoop 2.74 (Version: 2.74)
Dell Control Point (Version: 1.2.4)
Dell ControlPoint Connection Manager (Version: 1.0.4)
Dell ControlPoint Security Manager (Version: 1.2.4)
Dell ControlPoint System Manager (Version: 9.1.23)
Dell Embassy Trust Suite by Wave Systems (Version: 03.00.01.003)
Dell Security Device Driver Pack (Version: 1.00.23)
Dell Touchpad (Version: 7.2.101.209)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
DocMgr (Version: 120.0.000.000)
DocProc (Version: 12.0.0.0)
Document Manager Lite (Version: 06.07.00.104)
EMBASSY Security Center (Version: 03.07.00.074)
EMBASSY Security Setup (Version: 03.07.00.057)
ESC Home Page Plugin (Version: 03.02.00.028)
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fax (Version: 120.0.194.000)
Gemalto (Version: 01.00.00.0010)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
GPBaseService2 (Version: 130.0.371.000)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Officejet 6500 E709 Series (Version: 14.0)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 120.0.194.000)
Inbox Toolbar (Version: 1.0.0)
InstallMgr (Version: 1.0.39.0)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software (Version: 12.00.4000)
Intel® Matrix Storage Manager
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
Java™ 6 Update 7 (Version: 1.6.0.70)
LiveReg (Symantec Corporation) (Version: 2.4.2.2295)
LiveUpdate 2.5 (Symantec Corporation) (Version: 2.5.56.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MarketResearch (Version: 120.0.226.000)
MFCLOC (Version: 1.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 1.1.53.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.201)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MobileMe Control Panel (Version: 3.1.8.0)
MSN Toolbar (Version: 1.0.39.0)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Network (Version: 140.0.215.000)
NetX360 (Version: 4.0.1064.3)
NetX360 (Version: 4.0.1102.1)
Norton Security Scan (Version: 3.0.1.8)
NTRU TCG Software Stack (Version: 2.1.27)
OCR Software by I.R.I.S. 12.0 (Version: 12.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PowerDVD (Version: 8.1)
Preboot Manager (Version: 2.4.0.244)
Private Information Manager (Version: 06.02.00.053)
QuickTime (Version: 7.71.80.42)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.55.3)
Scan (Version: 140.0.167.000)
SearchAssist
Secure Update (Version: 05.05.00.015)
Security Wizards (Version: 01.05.00.039)
Shop for HP Supplies (Version: 12)
Shutterfly Express Uploader (Version: 1.0.0)
Shutterfly Express Uploader (Version: 1.0.0.4)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Status (Version: 120.0.194.000)
SUPERAntiSpyware (Version: 5.6.1010)
Symantec pcAnywhere (Version: 11.5.1.152)
the BetaVest Private Labeling Package for PFG Financial Advisor
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 120.0.194.000)
Trusted Drive Manager (Version: 2.4.0.276)
tsp patch (Version: 01.00.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
UPEK TouchChip Fingerprint Reader (Version: 1.0.0)
Wave Infrastructure Installer (Version: 06.00.34.0000)
Wave Support Software (Version: 05.08.00.052)
WebEx
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.213.017)
Windows Defender (Version: 1.1.1593.21)
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 3539.08 MB
Available physical RAM: 2861.86 MB
Total Pagefile: 5420.79 MB
Available Pagefile: 4893.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.98 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:148.97 GB) (Free:117.23 GB) NTFS

========================= Users: ========================================

User accounts for \\JNEWMAN-MOBILE

Administrator Guest HelpAssistant
SUPPORT_388945a0

========================= Restore Points ==================================

15-07-2012 14:54:12 System Checkpoint
16-07-2012 23:28:50 System Checkpoint
18-07-2012 02:00:48 Software Distribution Service 3.0
18-07-2012 21:15:29 Removed Java™ 6 Update 31
18-07-2012 21:15:50 Installed Java™ 6 Update 33
18-07-2012 21:16:57 Installed Java Runtime Environment
20-07-2012 21:06:04 Software Distribution Service 3.0
23-07-2012 00:02:35 System Checkpoint
24-07-2012 00:46:38 System Checkpoint
24-07-2012 21:13:17 Software Distribution Service 3.0
27-07-2012 20:56:22 Software Distribution Service 3.0
29-07-2012 14:47:21 System Checkpoint
31-07-2012 22:30:13 Software Distribution Service 3.0
02-08-2012 23:23:27 System Checkpoint
03-08-2012 20:35:26 Software Distribution Service 3.0
07-08-2012 22:29:09 Software Distribution Service 3.0
11-08-2012 17:44:05 Software Distribution Service 3.0
15-08-2012 00:48:48 System Checkpoint
15-08-2012 22:24:47 Software Distribution Service 3.0
16-08-2012 20:14:29 Software Distribution Service 3.0
17-08-2012 21:20:49 Software Distribution Service 3.0
19-08-2012 14:07:13 System Checkpoint
21-08-2012 21:35:12 Software Distribution Service 3.0
25-08-2012 02:00:32 Software Distribution Service 3.0
28-08-2012 21:36:59 Software Distribution Service 3.0
29-08-2012 22:58:28 System Checkpoint
31-08-2012 21:04:30 Software Distribution Service 3.0
02-09-2012 15:00:13 System Checkpoint
04-09-2012 22:07:04 Software Distribution Service 3.0
06-09-2012 22:43:33 Software Distribution Service 3.0
07-09-2012 20:40:15 Software Distribution Service 3.0
12-09-2012 21:31:20 Software Distribution Service 3.0
13-09-2012 20:42:18 Software Distribution Service 3.0
14-09-2012 23:41:49 Software Distribution Service 3.0
18-09-2012 21:55:28 Software Distribution Service 3.0
22-09-2012 17:35:14 Software Distribution Service 3.0
23-09-2012 17:02:12 Software Distribution Service 3.0
25-09-2012 23:43:55 Software Distribution Service 3.0
29-09-2012 13:50:39 Software Distribution Service 3.0
03-10-2012 23:35:16 Software Distribution Service 3.0
04-10-2012 23:13:44 Installed Java™ 6 Update 35
04-10-2012 23:14:18 Installed Java Runtime Environment
06-10-2012 00:15:48 Software Distribution Service 3.0
10-10-2012 13:05:32 System Checkpoint
11-10-2012 13:24:58 System Checkpoint

**** End of log ****

--- --- --- ---
Farbar Service Scanner Version: 07-10-2012
Ran by jnewman (administrator) on 12-10-2012 at 08:23:25
Running from "C:\Documents and Settings\jnewman\Desktop\New Folder"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

--- --- --- ---
# AdwCleaner v2.004 - Logfile created 10/12/2012 at 08:24:44
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : jnewman - JNEWMAN-MOBILE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\jnewman\Desktop\New Folder\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\jnewman\Application Data\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\jnewman\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Inbox Toolbar
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [6673 octets] - [12/10/2012 08:24:44]

########## EOF - C:\AdwCleaner[S1].txt - [6733 octets] ##########

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:35 AM

Posted 12 October 2012 - 10:47 AM

JUNKWARE tool log?

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 12 October 2012 - 12:52 PM

I ran the Services Repair Tool from Eset as instructed. Here are the logs -


Farbar Service Scanner Version: 07-10-2012
Ran by jnewman (administrator) on 12-10-2012 at 13:47:18
Running from "C:\Documents and Settings\jnewman\Desktop\New Folder"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

--- --- --- --- ---
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/12/2012 01:48:37 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\SYSTEM32\astsrv.exe (PID: 448) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/12/2012 01:49:26 PM
Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)

--- --- --- --- ---
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acrobat Assistant 8.0" "AcroTray" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat\acrotray.exe"
+ "Adobe Acrobat Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 9.0\acrobat\acrobat_sl.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "AESTFltr" "AEFltrs MFC Application" "Andrea Electronics Corporation" "c:\windows\system32\aestfltr.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files\common files\apple\mobile device support\applesyncnotifier.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "ChangeTPMAuth" "ChangeTPMAuth Application" "Wave Systems Corp." "c:\program files\wave systems corp\common\changetpmauth.exe"
+ "DCPstrApp" "SecurityDeviceInfoSetRegistryString" "Broadcom Corporation" "c:\program files\dell\dell controlpoint\security manager\securitydeviceinfosetregistrystring.exe"
+ "DellConnectionManager" "Dell.UCM" "Smith Micro Software, Inc." "c:\program files\dell\dell controlpoint\connection manager\dell.ucm.exe"
+ "DellControlPoint" "Dell ControlPoint" "Dell, Inc." "c:\program files\dell\dell controlpoint\dell.controlpoint.exe"
+ "EmbassySecurityCheck" "ESC Embassy Security Check" "Wave Systems Corp." "c:\program files\wave systems corp\embassy security setup\embassysecuritycheck.exe"
+ "Google Desktop Search" "Google Desktop" "Google" "c:\program files\google\google desktop search\googledesktop.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IntelWireless" "Intel® PROSet/Wireless Framework" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe"
+ "IntelZeroConfig" "Intel® PROSet/Wireless Zero Config Service" "Intel® Corporation" "c:\program files\intel\wifi\bin\zcfgsvc.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Microsoft Default Manager" "Microsoft Default Manager" "Microsoft Corp." "c:\program files\microsoft\search enhancement pack\default manager\defmgr.exe"
+ "PDVDDXSrv" "CyberLink PowerDVD Resident Program" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SecureUpgrade" "Check For Later Product Line " "Wave Systems Corp." "c:\program files\wave systems corp\secureupgrade.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray.exe"
+ "WavXMgr" "WavX Document Manager Application" "Wave Systems Corp." "c:\program files\wave systems corp\services manager\docmgr\bin\wavxdocmgr.exe"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Dell ControlPoint System Manager.lnk" "DCP System Manager" "Dell Inc." "c:\program files\dell\dell controlpoint\system manager\dcpsysmgr.exe"
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqtra08.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Facebook Update" "Facebook Installer" "Facebook Inc." "c:\documents and settings\jnewman\local settings\application data\facebook\update\facebookupdate.exe"
+ "ISUSPM" "Macrovision Software Manager" "Macrovision Corporation" "c:\program files\common files\installshield\updateservice\isuspm.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "Shockwave Updater" "Shockwave Helper" "Adobe Systems, Inc." "c:\windows\system32\adobe\shockwave 11\swhelper_1103472.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Microsoft AntiMalware ShellExecuteHook" "Shell Execution Monitor" "Microsoft Corporation" "c:\program files\windows defender\mpshhook.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "EncryptDocMgr" "ContextMenuItem Module" "Wave Systems Corp." "c:\program files\wave systems corp\services manager\docmgr\bin\contextmenuitem.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EncryptDocMgr" "ContextMenuItem Module" "Wave Systems Corp." "c:\program files\wave systems corp\services manager\docmgr\bin\contextmenuitem.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\drag-to-disc\shellex.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\drag-to-disc\shellex.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "CBrowserHelperObject Object" "BAE.dll" "Dell Inc." "c:\program files\dell\bae\bae.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll"
+ "HP Print Enhancer" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll"
+ "HP Smart BHO Class" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Show or hide HP Smart Web Printing" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "FacebookUpdateTaskUserS-1-5-21-1301076227-4089627379-405408229-1154Core.job" "Facebook Installer" "Facebook Inc." "c:\documents and settings\jnewman\local settings\application data\facebook\update\facebookupdate.exe"
+ "FacebookUpdateTaskUserS-1-5-21-1301076227-4089627379-405408229-1154UA.job" "Facebook Installer" "Facebook Inc." "c:\documents and settings\jnewman\local settings\application data\facebook\update\facebookupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "MP Scheduled Scan.job" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "Norton Security Scan for jnewman.job" "Norton Security Scan" "Symantec Corporation" "c:\program files\norton security scan\norton security scan\engine\3.0.1.8\nss.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "astcc" "Nalpeiron Highend Service" "Nalpeiron Ltd." "c:\windows\system32\astsrv.exe"
+ "ATService" "Provides applications with access to AuthenTec fingerprint sensors." "AuthenTec, Inc." "c:\program files\fingerprint sensor\atservice.exe"
+ "awhost32" "Allows Remote pcAnywhere users to connect to this machine." "Symantec Corporation" "c:\program files\symantec\pcanywhere\awhost32.exe"
+ "BcmSqlStartupSvc" "Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ)." "Microsoft Corporation" "c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "BrcmMgmtAgent" "Monitors and propagate changes in manageability settings of management enabled Broadcom network interfaces." "Broadcom Corporation" "c:\program files\broadcom\mgmtagent\brcmmgmtagent.exe"
+ "buttonsvc32" "This service manages support for the Dell ControlPoint button." "Dell Inc." "c:\program files\dell\dell controlpoint\dcpbuttonsvc.exe"
+ "CrossLoopService" "CrossLoop service" "CrossLoop Inc" "c:\documents and settings\jnewman\local settings\application data\crossloop\crossloopservice.exe"
+ "dcpsysmgrsvc" "A support service required for the proper operation of Dell ControlPoint System Manager." "Dell Inc." "c:\program files\dell\dell controlpoint\system manager\dcpsysmgrsvc.exe"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "GoogleDesktopManager-051210-111108" "Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly." "Google" "c:\program files\google\google desktop search\googledesktop.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
+ "HPSLPSVC" "Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpslpsvc32.dll"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaantmon.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MSSQL$MSSMLBIZ" "Provides storage, processing and controlled access of data and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "S24EventMonitor" "Wireless Management Service for Intel® PROSet/Wireless WiFi Software" "Intel® Corporation" "c:\program files\intel\wifi\bin\s24evmon.exe"
+ "SecureStorageService" "Secure Storage Service" "Wave Systems Corp." "c:\program files\wave systems corp\secure storage manager\securestorageservice.exe"
+ "SMManager" "SMManager for Dell UCM XP" "Smith Micro Software, Inc." "c:\program files\dell\dell controlpoint\connection manager\smmanager.exe"
+ "SQLBrowser" "Provides SQL Server connection information to client computers." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\drivers\audio\r190031\stacsv.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "tcsd_win32.exe" "TCS service for accessing the TPM" "" "c:\program files\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"
+ "TdmService" "Tdm Service" "Wave Systems Corp." "c:\program files\wave systems corp\trusted drive manager\tdmservice.exe"
+ "tvnserver" "TightVNC Server for Windows" "GlavSoft LLC." "c:\documents and settings\jnewman\local settings\application data\crossloop\tvnserver.exe"
+ "vpnagent" "Cisco AnyConnect VPN Agent for Windows" "Cisco Systems, Inc." "c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe"
+ "WinDefend" "Helps protect users from malicious software, spyware, and other potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\msmpeng.exe"
+ "WLANKEEPER" "Provides Single Sign On (SSO) functionality." "Intel® Corporation" "c:\program files\intel\wifi\bin\wlkeeper.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AESTAud" "Andrea Audio Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aestaud.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "AW_HOST" "pcAnywhere Host Driver for Windows 2000/XP" "Symantec Corporation" "c:\windows\system32\drivers\aw_host5.sys"
+ "awecho" "pcAnywhere Video Miniport Driver" "Symantec Corporation" "c:\windows\system32\drivers\awechomd.sys"
+ "awlegacy" "pcAnywhere Legacy Driver Module" "Symantec Corporation" "c:\windows\system32\drivers\awlegacy.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "BASFND" "Broadcom NetDetect Driver." "Broadcom Corporation" "c:\program files\broadcom\mgmtagent\basfnd.sys"
+ "Blfp" "Broadcom Advanced Server Program Driver" "Broadcom Corporation" "c:\windows\system32\drivers\baspxp32.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "CVirtA" "Cisco Systems VPN Adapter" "Cisco Systems, Inc." "c:\windows\system32\drivers\cvirta.sys"
+ "DLABMFSM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlabmfsm.sys"
+ "DLABOIOM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaboiom.sys"
+ "DLACDBHM" "Shared Driver Component" "Roxio" "c:\windows\system32\drivers\dlacdbhm.sys"
+ "DLADResM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dladresm.sys"
+ "DLAIFS_M" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaifs_m.sys"
+ "DLAOPIOM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaopiom.sys"
+ "DLAPoolM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlapoolm.sys"
+ "DLARTL_M" "Shared Driver Component" "Roxio" "c:\windows\system32\drivers\dlartl_m.sys"
+ "DLAUDF_M" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaudf_m.sys"
+ "DLAUDFAM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaudfam.sys"
+ "DRVMCDB" "Device Driver" "Sonic Solutions" "c:\windows\system32\drivers\drvmcdb.sys"
+ "DRVNDDM" "Device Driver Manager" "Roxio" "c:\windows\system32\drivers\drvnddm.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "Gernuwa" "pcAnywhere AWUNREG Driver" "Symantec Corporation" "c:\windows\system32\drivers\gernuwa.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "IntcHdmiAddService" "Intel® High Definition Audio HDMI" "Intel® Corporation" "c:\windows\system32\drivers\intchdmi.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "NETw5x32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5x32.sys"
+ "PBADRV" "PBADRV" "Dell Inc" "c:\windows\system32\drivers\pbadrv.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "rimmptsk" "RICOH SD Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "s24trans" "WLAN Transport" "Intel Corporation" "c:\windows\system32\drivers\s24trans.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\sthda.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\program files\symantec\symevent.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "vpnva" "Cisco AnyConnect VPN Client Virtual Miniport Adapter for Windows" "Cisco Systems, Inc." "c:\windows\system32\drivers\vpnva.sys"
+ "vsdatant" "" "" "File not found: C:\WINDOWS\system32\vsdatant.sys"
+ "WavxDMgr" "Document Manager Driver" "Wave Systems Corp." "c:\windows\system32\drivers\wavxdmgr.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Canon DES Resizer SaveMode" "CanonDESResizer" "Canon Inc." "c:\program files\canon\mdl30\canondesresizer.ax"
+ "Canon Image Rotation Filter" "Canon Image Rotation Filter " "Canon Inc." "c:\program files\canon\mdp\canonrotatefilter.dll"
+ "Canon MDP Motion-JPEG Decoder" "Canon MDP Motion-JPEG Decoder Filter" "Canon Inc." "c:\program files\canon\mdp\canonmdpmjpegdecoder.ax"
+ "Canon Motion-JPEG Decoder" "Canon Motion-JPEG Decoder Filter" "Canon Inc." "c:\program files\canon\mdl30\canonmjpegdecoder.ax"
+ "Canon Motion-JPEG Encoder" "Motion-JPEG Encoder Filter" "Canon Inc." "c:\program files\canon\mdl30\canonmjpegencoder.ax"
+ "Canon Resizer" "CanonResizer" "Canon Inc." "c:\program files\canon\mdl30\canonresizer.ax"
+ "Canon Text Source Filter" "Canon Text Source Filter" "Canon Inc." "c:\program files\canon\mdl30\canontextsourcefilter.ax"
+ "Canon WAV Dest" "CanonWavDest" "Canon Inc." "c:\program files\canon\mdl30\canonwavdest.ax"
+ "Canon-Actual-Data-Length-Setter" "CanonActualDataLengthSetter" "Canon Inc." "c:\program files\canon\mdl30\canonactualdatalengthsetter.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic Cinemaster® Audio Decoder 4.2" "SonicHDAudio" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemasteraudio.dll"
+ "Sonic Cinemaster® VideoDecoder 4.1" "CinemasterVideo" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemastervideo.dll"
+ "Sonic HD Demuxer" "Sonic HD Demuxer" "" "c:\program files\common files\sonic shared\sonichddemuxer.dll"
+ "Sonic HD Nav" "SonicHDNav" "" "c:\program files\common files\sonic shared\sonichdnav.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" "Google Desktop" "Google" "c:\program files\google\google desktop search\googledesktopnetwork3.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
+ "PCANotify" "Winlogon Notification package" "Symantec Corporation" "c:\windows\system32\pcanotify.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port Monitor" "Adobe PDF Port Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll"
+ "pcAnywhere Remote Printing" "pcAnywhere Monitor DLL" "Symantec Corporation" "c:\windows\system32\awmon.dll"
+ "PCL hpf3l02t" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l02t.dll"
+ "PCL hpf3l082" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l082.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" ""
+ "wvauth" "Authentication Package" "Wave Systems Corp." "c:\windows\system32\wvauth.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "IntelNetProvCredMan" "IntelNetProvCredMan" "Intel® Corporation" "c:\windows\system32\netprovcredman.dll"
+ "TdmNetworkProvider" "TDM Network Provider" "Wave Systems Corp." "c:\windows\system32\tdmnetworkprovider.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:35 AM

Posted 12 October 2012 - 01:11 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#11 FormerAgentOfDeath

FormerAgentOfDeath
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 12 October 2012 - 02:56 PM

Thank you so much for your assistance.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:35 AM

Posted 12 October 2012 - 02:57 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users