Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef trojan


  • Please log in to reply
15 replies to this topic

#1 tim876

tim876

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 12 October 2012 - 07:12 PM

hi, looks loke i've come up with this trojan, according to hitman pro. looks like a nasty one. sophos says i have zero accessd trojan, may or may not be the same thing

i see that sirefef was dealt with here

http://www.bleepingcomputer.com/forums/topic465107.html

should i follow the same steps? should i consider reinstalling windows?


TIA

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:32 PM

Posted 12 October 2012 - 07:17 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 tim876

tim876
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 13 October 2012 - 12:00 PM

tdss

09:54:55.0948 3752 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:54:56.0749 3752 ============================================================
09:54:56.0749 3752 Current date / time: 2012/10/13 09:54:56.0749
09:54:56.0749 3752 SystemInfo:
09:54:56.0749 3752
09:54:56.0749 3752 OS Version: 5.1.2600 ServicePack: 3.0
09:54:56.0749 3752 Product type: Workstation
09:54:56.0749 3752 ComputerName: U1-C63792EBF3A7
09:54:56.0749 3752 UserName: U1
09:54:56.0749 3752 Windows directory: C:\windows
09:54:56.0749 3752 System windows directory: C:\windows
09:54:56.0749 3752 Processor architecture: Intel x86
09:54:56.0749 3752 Number of processors: 1
09:54:56.0749 3752 Page size: 0x1000
09:54:56.0749 3752 Boot type: Normal boot
09:54:56.0749 3752 ============================================================
09:55:00.0204 3752 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:55:00.0244 3752 Drive \Device\Harddisk1\DR2 - Size: 0x7B00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:55:00.0244 3752 ============================================================
09:55:00.0244 3752 \Device\Harddisk0\DR0:
09:55:00.0264 3752 MBR partitions:
09:55:00.0264 3752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
09:55:00.0264 3752 \Device\Harddisk1\DR2:
09:55:00.0274 3752 MBR partitions:
09:55:00.0274 3752 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D7E0
09:55:00.0274 3752 ============================================================
09:55:00.0375 3752 C: <-> \Device\Harddisk0\DR0\Partition1
09:55:00.0375 3752 ============================================================
09:55:00.0375 3752 Initialize success
09:55:00.0375 3752 ============================================================
09:55:04.0721 1432 ============================================================
09:55:04.0721 1432 Scan started
09:55:04.0721 1432 Mode: Manual;
09:55:04.0721 1432 ============================================================
09:55:07.0114 1432 ================ Scan system memory ========================
09:55:07.0114 1432 System memory - ok
09:55:07.0124 1432 ================ Scan services =============================
09:55:08.0426 1432 [ 6716B1AC3C76CC7B4085369C3F7173EF ] 3CWMCRU C:\windows\system32\DRIVERS\3CWMCRU.sys
09:55:08.0686 1432 3CWMCRU - ok
09:55:08.0717 1432 Abiosdsk - ok
09:55:08.0787 1432 abp480n5 - ok
09:55:08.0947 1432 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\windows\system32\drivers\ac97intc.sys
09:55:09.0007 1432 ac97intc - ok
09:55:09.0247 1432 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
09:55:09.0287 1432 ACPI - ok
09:55:09.0387 1432 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys
09:55:09.0428 1432 ACPIEC - ok
09:55:09.0728 1432 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:55:09.0808 1432 AdobeFlashPlayerUpdateSvc - ok
09:55:09.0868 1432 adpu160m - ok
09:55:10.0509 1432 [ B11C71B29FA69E4586F9B65560E6604D ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
09:55:10.0539 1432 AdvancedSystemCareService5 - ok
09:55:10.0649 1432 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys
09:55:10.0749 1432 aec - ok
09:55:10.0850 1432 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\windows\system32\DRIVERS\AegisP.sys
09:55:10.0850 1432 AegisP - ok
09:55:11.0040 1432 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys
09:55:11.0070 1432 AFD - ok
09:55:11.0160 1432 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
09:55:11.0170 1432 agp440 - ok
09:55:11.0220 1432 Aha154x - ok
09:55:11.0270 1432 aic78u2 - ok
09:55:11.0310 1432 aic78xx - ok
09:55:11.0440 1432 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\windows\system32\alrsvc.dll
09:55:11.0470 1432 Alerter - ok
09:55:11.0561 1432 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\windows\System32\alg.exe
09:55:11.0581 1432 ALG - ok
09:55:11.0641 1432 AliIde - ok
09:55:11.0691 1432 amsint - ok
09:55:12.0612 1432 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:55:12.0682 1432 Apple Mobile Device - ok
09:55:12.0752 1432 AppMgmt - ok
09:55:12.0872 1432 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\windows\system32\DRIVERS\arp1394.sys
09:55:12.0913 1432 Arp1394 - ok
09:55:12.0963 1432 asc - ok
09:55:13.0063 1432 asc3350p - ok
09:55:13.0123 1432 asc3550 - ok
09:55:13.0433 1432 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
09:55:13.0443 1432 aspnet_state - ok
09:55:13.0503 1432 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
09:55:13.0513 1432 AsyncMac - ok
09:55:13.0614 1432 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys
09:55:13.0614 1432 atapi - ok
09:55:13.0664 1432 Atdisk - ok
09:55:13.0774 1432 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
09:55:13.0794 1432 Atmarpc - ok
09:55:13.0874 1432 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\windows\System32\audiosrv.dll
09:55:13.0894 1432 AudioSrv - ok
09:55:13.0984 1432 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys
09:55:13.0984 1432 audstub - ok
09:55:14.0375 1432 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\windows\system32\DRIVERS\bcmwl5.sys
09:55:14.0575 1432 BCM43XX - ok
09:55:15.0046 1432 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys
09:55:15.0046 1432 Beep - ok
09:55:16.0217 1432 [ A40A990E37F6688012C5AD2AF2568116 ] BKNDIS5 C:\PROGRA~1\Belkin\F5D9050\BKNDIS5.SYS
09:55:16.0307 1432 BKNDIS5 - ok
09:55:16.0698 1432 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:55:16.0848 1432 Bonjour Service - ok
09:55:16.0988 1432 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\windows\System32\browser.dll
09:55:17.0008 1432 Browser - ok
09:55:17.0159 1432 [ 9060FA1F3EE5C1100AB1D358C3B0996B ] CBEN5 C:\windows\system32\DRIVERS\cben5.sys
09:55:17.0189 1432 CBEN5 - ok
09:55:17.0429 1432 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys
09:55:17.0429 1432 cbidf2k - ok
09:55:17.0499 1432 cd20xrnt - ok
09:55:17.0599 1432 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys
09:55:17.0619 1432 Cdaudio - ok
09:55:17.0719 1432 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys
09:55:17.0719 1432 Cdfs - ok
09:55:17.0790 1432 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys
09:55:17.0830 1432 Cdrom - ok
09:55:17.0860 1432 Changer - ok
09:55:17.0950 1432 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\windows\system32\cisvc.exe
09:55:17.0970 1432 CiSvc - ok
09:55:18.0641 1432 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\windows\system32\clipsrv.exe
09:55:18.0671 1432 ClipSrv - ok
09:55:18.0821 1432 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
09:55:18.0871 1432 CmBatt - ok
09:55:18.0921 1432 CmdIde - ok
09:55:19.0863 1432 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
09:55:19.0863 1432 Compbatt - ok
09:55:19.0933 1432 COMSysApp - ok
09:55:20.0023 1432 Cpqarray - ok
09:55:20.0123 1432 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\windows\System32\cryptsvc.dll
09:55:20.0143 1432 CryptSvc - ok
09:55:20.0173 1432 dac2w2k - ok
09:55:20.0223 1432 dac960nt - ok
09:55:20.0473 1432 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\windows\system32\rpcss.dll
09:55:20.0604 1432 DcomLaunch - ok
09:55:20.0714 1432 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll
09:55:20.0764 1432 Dhcp - ok
09:55:20.0824 1432 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys
09:55:20.0824 1432 Disk - ok
09:55:20.0874 1432 dmadmin - ok
09:55:21.0265 1432 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\windows\system32\drivers\dmboot.sys
09:55:21.0565 1432 dmboot - ok
09:55:21.0705 1432 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\windows\system32\drivers\dmio.sys
09:55:21.0785 1432 dmio - ok
09:55:21.0875 1432 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys
09:55:21.0875 1432 dmload - ok
09:55:21.0966 1432 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\windows\System32\dmserver.dll
09:55:21.0976 1432 dmserver - ok
09:55:22.0066 1432 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys
09:55:22.0106 1432 DMusic - ok
09:55:22.0206 1432 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\windows\System32\dnsrslvr.dll
09:55:22.0226 1432 Dnscache - ok
09:55:22.0366 1432 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\windows\System32\dot3svc.dll
09:55:22.0416 1432 Dot3svc - ok
09:55:22.0446 1432 dpti2o - ok
09:55:22.0536 1432 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
09:55:22.0606 1432 drmkaud - ok
09:55:22.0677 1432 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\windows\System32\eapsvc.dll
09:55:22.0737 1432 EapHost - ok
09:55:22.0887 1432 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\windows\system32\DRIVERS\el90xbc5.sys
09:55:22.0957 1432 EL90XBC - ok
09:55:23.0107 1432 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\windows\System32\ersvc.dll
09:55:23.0107 1432 ERSvc - ok
09:55:23.0488 1432 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\windows\system32\services.exe
09:55:23.0528 1432 Eventlog - ok
09:55:23.0718 1432 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:55:23.0798 1432 EventSystem - ok
09:55:23.0938 1432 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys
09:55:24.0008 1432 Fastfat - ok
09:55:24.0139 1432 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
09:55:24.0179 1432 FastUserSwitchingCompatibility - ok
09:55:24.0259 1432 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\DRIVERS\fdc.sys
09:55:24.0269 1432 Fdc - ok
09:55:24.0369 1432 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\windows\system32\drivers\Fips.sys
09:55:24.0369 1432 Fips - ok
09:55:24.0489 1432 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\drivers\Flpydisk.sys
09:55:24.0499 1432 Flpydisk - ok
09:55:24.0679 1432 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
09:55:24.0710 1432 FltMgr - ok
09:55:24.0770 1432 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
09:55:24.0770 1432 Fs_Rec - ok
09:55:24.0870 1432 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
09:55:24.0890 1432 Ftdisk - ok
09:55:24.0980 1432 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:55:24.0980 1432 GEARAspiWDM - ok
09:55:25.0050 1432 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys
09:55:25.0070 1432 Gpc - ok
09:55:25.0220 1432 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:55:25.0220 1432 helpsvc - ok
09:55:25.0270 1432 HidServ - ok
09:55:25.0360 1432 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
09:55:25.0370 1432 HidUsb - ok
09:55:25.0431 1432 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\windows\System32\kmsvc.dll
09:55:25.0461 1432 hkmsvc - ok
09:55:25.0501 1432 hpn - ok
09:55:25.0601 1432 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\windows\system32\DRIVERS\HPZid412.sys
09:55:25.0621 1432 HPZid412 - ok
09:55:25.0701 1432 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\windows\system32\DRIVERS\HPZipr12.sys
09:55:25.0721 1432 HPZipr12 - ok
09:55:25.0821 1432 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\windows\system32\DRIVERS\HPZius12.sys
09:55:25.0831 1432 HPZius12 - ok
09:55:26.0001 1432 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys
09:55:26.0071 1432 HTTP - ok
09:55:26.0172 1432 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\windows\System32\w3ssl.dll
09:55:26.0172 1432 HTTPFilter - ok
09:55:26.0222 1432 i2omgmt - ok
09:55:26.0272 1432 i2omp - ok
09:55:26.0362 1432 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
09:55:26.0382 1432 i8042prt - ok
09:55:26.0442 1432 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys
09:55:26.0462 1432 Imapi - ok
09:55:26.0602 1432 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\windows\system32\imapi.exe
09:55:26.0652 1432 ImapiService - ok
09:55:26.0722 1432 ini910u - ok
09:55:26.0813 1432 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\windows\system32\DRIVERS\intelide.sys
09:55:26.0813 1432 IntelIde - ok
09:55:26.0913 1432 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
09:55:26.0923 1432 intelppm - ok
09:55:26.0993 1432 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys
09:55:27.0013 1432 Ip6Fw - ok
09:55:27.0093 1432 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
09:55:27.0103 1432 IpFilterDriver - ok
09:55:27.0183 1432 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys
09:55:27.0193 1432 IpInIp - ok
09:55:27.0313 1432 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys
09:55:27.0313 1432 IpNat - ok
09:55:27.0684 1432 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:55:27.0984 1432 iPod Service - ok
09:55:28.0064 1432 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys
09:55:28.0094 1432 IPSec - ok
09:55:28.0164 1432 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys
09:55:28.0174 1432 IRENUM - ok
09:55:28.0285 1432 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
09:55:28.0285 1432 isapnp - ok
09:55:28.0455 1432 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:55:28.0505 1432 JavaQuickStarterService - ok
09:55:28.0595 1432 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
09:55:28.0605 1432 Kbdclass - ok
09:55:28.0735 1432 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys
09:55:28.0795 1432 kmixer - ok
09:55:28.0896 1432 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys
09:55:28.0906 1432 KSecDD - ok
09:55:29.0016 1432 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\windows\System32\srvsvc.dll
09:55:29.0046 1432 lanmanserver - ok
09:55:29.0176 1432 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll
09:55:29.0216 1432 lanmanworkstation - ok
09:55:29.0246 1432 lbrtfdc - ok
09:55:29.0366 1432 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\windows\System32\lmhsvc.dll
09:55:29.0376 1432 LmHosts - ok
09:55:29.0456 1432 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\windows\System32\msgsvc.dll
09:55:29.0466 1432 Messenger - ok
09:55:29.0556 1432 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys
09:55:29.0556 1432 mnmdd - ok
09:55:29.0667 1432 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:55:29.0677 1432 mnmsrvc - ok
09:55:29.0767 1432 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\windows\system32\drivers\Modem.sys
09:55:29.0827 1432 Modem - ok
09:55:30.0057 1432 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys
09:55:30.0067 1432 Mouclass - ok
09:55:30.0157 1432 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys
09:55:30.0167 1432 MountMgr - ok
09:55:30.0318 1432 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:55:30.0368 1432 MozillaMaintenance - ok
09:55:30.0418 1432 mraid35x - ok
09:55:30.0558 1432 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
09:55:30.0618 1432 MRxDAV - ok
09:55:30.0868 1432 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
09:55:30.0999 1432 MRxSmb - ok
09:55:31.0079 1432 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:55:31.0089 1432 MSDTC - ok
09:55:31.0149 1432 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys
09:55:31.0149 1432 Msfs - ok
09:55:31.0199 1432 MSIServer - ok
09:55:31.0269 1432 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
09:55:31.0269 1432 MSKSSRV - ok
09:55:31.0339 1432 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
09:55:31.0339 1432 MSPCLOCK - ok
09:55:31.0379 1432 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys
09:55:31.0399 1432 MSPQM - ok
09:55:31.0489 1432 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
09:55:31.0499 1432 mssmbios - ok
09:55:31.0589 1432 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys
09:55:31.0629 1432 Mup - ok
09:55:31.0810 1432 [ 0102140028FAD045756796E1C685D695 ] napagent C:\windows\System32\qagentrt.dll
09:55:31.0910 1432 napagent - ok
09:55:32.0050 1432 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys
09:55:32.0090 1432 NDIS - ok
09:55:32.0180 1432 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
09:55:32.0190 1432 NdisTapi - ok
09:55:32.0270 1432 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
09:55:32.0280 1432 Ndisuio - ok
09:55:32.0340 1432 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
09:55:32.0371 1432 NdisWan - ok
09:55:32.0451 1432 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys
09:55:32.0451 1432 NDProxy - ok
09:55:32.0491 1432 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
09:55:32.0501 1432 NetBIOS - ok
09:55:32.0621 1432 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys
09:55:32.0671 1432 NetBT - ok
09:55:32.0791 1432 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\windows\system32\netdde.exe
09:55:32.0831 1432 NetDDE - ok
09:55:32.0911 1432 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\windows\system32\netdde.exe
09:55:32.0921 1432 NetDDEdsdm - ok
09:55:33.0021 1432 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\windows\system32\lsass.exe
09:55:33.0021 1432 Netlogon - ok
09:55:33.0152 1432 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\windows\System32\netman.dll
09:55:33.0222 1432 Netman - ok
09:55:33.0322 1432 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\windows\system32\DRIVERS\nic1394.sys
09:55:33.0342 1432 NIC1394 - ok
09:55:33.0492 1432 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\windows\System32\mswsock.dll
09:55:33.0572 1432 Nla - ok
09:55:33.0662 1432 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys
09:55:33.0662 1432 Npfs - ok
09:55:33.0903 1432 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
09:55:34.0083 1432 Ntfs - ok
09:55:34.0123 1432 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\windows\system32\lsass.exe
09:55:34.0123 1432 NtLmSsp - ok
09:55:34.0363 1432 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\windows\system32\ntmssvc.dll
09:55:34.0514 1432 NtmsSvc - ok
09:55:34.0584 1432 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys
09:55:34.0584 1432 Null - ok
09:55:34.0684 1432 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
09:55:34.0684 1432 NwlnkFlt - ok
09:55:34.0764 1432 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
09:55:34.0774 1432 NwlnkFwd - ok
09:55:34.0854 1432 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
09:55:34.0854 1432 ohci1394 - ok
09:55:34.0904 1432 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\windows\system32\DRIVERS\omci.sys
09:55:34.0914 1432 omci - ok
09:55:34.0974 1432 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\windows\system32\DRIVERS\parport.sys
09:55:35.0004 1432 Parport - ok
09:55:35.0064 1432 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys
09:55:35.0064 1432 PartMgr - ok
09:55:35.0145 1432 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys
09:55:35.0145 1432 ParVdm - ok
09:55:35.0215 1432 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\windows\system32\DRIVERS\pci.sys
09:55:35.0225 1432 PCI - ok
09:55:35.0275 1432 PCIDump - ok
09:55:35.0315 1432 PCIIde - ok
09:55:35.0405 1432 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
09:55:35.0425 1432 Pcmcia - ok
09:55:35.0475 1432 PDCOMP - ok
09:55:35.0525 1432 PDFRAME - ok
09:55:35.0545 1432 PDRELI - ok
09:55:35.0595 1432 PDRFRAME - ok
09:55:35.0645 1432 perc2 - ok
09:55:35.0685 1432 perc2hib - ok
09:55:35.0966 1432 PEVSystemStart - ok
09:55:36.0056 1432 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\windows\system32\services.exe
09:55:36.0066 1432 PlugPlay - ok
09:55:36.0196 1432 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
09:55:36.0226 1432 Pml Driver HPZ12 - ok
09:55:36.0276 1432 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\windows\system32\lsass.exe
09:55:36.0276 1432 PolicyAgent - ok
09:55:36.0376 1432 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
09:55:36.0396 1432 PptpMiniport - ok
09:55:36.0446 1432 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe
09:55:36.0446 1432 ProtectedStorage - ok
09:55:36.0526 1432 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys
09:55:36.0547 1432 PSched - ok
09:55:36.0607 1432 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys
09:55:36.0617 1432 Ptilink - ok
09:55:36.0647 1432 ql1080 - ok
09:55:36.0697 1432 Ql10wnt - ok
09:55:36.0747 1432 ql12160 - ok
09:55:36.0797 1432 ql1240 - ok
09:55:36.0837 1432 ql1280 - ok
09:55:36.0887 1432 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
09:55:36.0887 1432 RasAcd - ok
09:55:36.0987 1432 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\windows\System32\rasauto.dll
09:55:37.0027 1432 RasAuto - ok
09:55:37.0077 1432 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
09:55:37.0097 1432 Rasl2tp - ok
09:55:37.0278 1432 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\windows\System32\rasmans.dll
09:55:37.0358 1432 RasMan - ok
09:55:37.0428 1432 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
09:55:37.0438 1432 RasPppoe - ok
09:55:37.0488 1432 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys
09:55:37.0498 1432 Raspti - ok
09:55:37.0608 1432 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys
09:55:37.0648 1432 Rdbss - ok
09:55:37.0698 1432 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
09:55:37.0698 1432 RDPCDD - ok
09:55:37.0868 1432 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
09:55:37.0898 1432 RDPWD - ok
09:55:38.0019 1432 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:55:38.0069 1432 RDSessMgr - ok
09:55:38.0159 1432 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\windows\system32\DRIVERS\redbook.sys
09:55:38.0179 1432 redbook - ok
09:55:38.0289 1432 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\windows\System32\mprdim.dll
09:55:38.0309 1432 RemoteAccess - ok
09:55:38.0429 1432 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\windows\system32\locator.exe
09:55:38.0449 1432 RpcLocator - ok
09:55:38.0660 1432 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\windows\system32\rpcss.dll
09:55:38.0670 1432 RpcSs - ok
09:55:38.0800 1432 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\windows\system32\rsvp.exe
09:55:38.0850 1432 RSVP - ok
09:55:39.0000 1432 [ 7436BFD3A542CF6FF55097200031B293 ] RT73 C:\windows\system32\DRIVERS\rt73.sys
09:55:39.0080 1432 RT73 - ok
09:55:39.0180 1432 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\windows\system32\lsass.exe
09:55:39.0180 1432 SamSs - ok
09:55:39.0270 1432 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\windows\System32\SCardSvr.exe
09:55:39.0310 1432 SCardSvr - ok
09:55:39.0461 1432 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\windows\system32\schedsvc.dll
09:55:39.0531 1432 Schedule - ok
09:55:39.0631 1432 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys
09:55:39.0641 1432 Secdrv - ok
09:55:39.0721 1432 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\windows\System32\seclogon.dll
09:55:39.0731 1432 seclogon - ok
09:55:39.0801 1432 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\windows\system32\sens.dll
09:55:39.0811 1432 SENS - ok
09:55:39.0851 1432 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\windows\system32\DRIVERS\serenum.sys
09:55:39.0871 1432 serenum - ok
09:55:39.0941 1432 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\windows\system32\DRIVERS\serial.sys
09:55:39.0971 1432 Serial - ok
09:55:40.0022 1432 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys
09:55:40.0032 1432 Sfloppy - ok
09:55:40.0142 1432 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:55:40.0152 1432 ShellHWDetection - ok
09:55:40.0212 1432 Simbad - ok
09:55:40.0282 1432 Sparrow - ok
09:55:40.0352 1432 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys
09:55:40.0352 1432 splitter - ok
09:55:40.0452 1432 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe
09:55:40.0472 1432 Spooler - ok
09:55:40.0562 1432 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\windows\system32\DRIVERS\sr.sys
09:55:40.0572 1432 sr - ok
09:55:40.0682 1432 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\windows\system32\srsvc.dll
09:55:40.0743 1432 srservice - ok
09:55:40.0943 1432 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys
09:55:41.0043 1432 Srv - ok
09:55:41.0133 1432 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
09:55:41.0153 1432 SSDPSRV - ok
09:55:41.0383 1432 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\windows\system32\wiaservc.dll
09:55:41.0494 1432 stisvc - ok
09:55:41.0594 1432 [ 21017E14E92B65F157AE30BE7BADAF5E ] StreamSurge C:\windows\system32\DRIVERS\ss.sys
09:55:41.0594 1432 StreamSurge - ok
09:55:41.0694 1432 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys
09:55:41.0694 1432 swenum - ok
09:55:41.0774 1432 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys
09:55:41.0794 1432 swmidi - ok
09:55:41.0844 1432 SwPrv - ok
09:55:41.0914 1432 symc810 - ok
09:55:41.0964 1432 symc8xx - ok
09:55:42.0004 1432 sym_hi - ok
09:55:42.0054 1432 sym_u3 - ok
09:55:42.0145 1432 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys
09:55:42.0165 1432 sysaudio - ok
09:55:42.0305 1432 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\windows\system32\smlogsvc.exe
09:55:42.0335 1432 SysmonLog - ok
09:55:42.0475 1432 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\windows\System32\tapisrv.dll
09:55:42.0555 1432 TapiSrv - ok
09:55:42.0745 1432 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys
09:55:42.0856 1432 Tcpip - ok
09:55:42.0926 1432 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys
09:55:42.0926 1432 TDPIPE - ok
09:55:42.0976 1432 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys
09:55:42.0976 1432 TDTCP - ok
09:55:43.0036 1432 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys
09:55:43.0056 1432 TermDD - ok
09:55:43.0226 1432 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\windows\System32\termsrv.dll
09:55:43.0336 1432 TermService - ok
09:55:43.0426 1432 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\windows\System32\shsvcs.dll
09:55:43.0436 1432 Themes - ok
09:55:43.0497 1432 TosIde - ok
09:55:43.0597 1432 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\windows\system32\trkwks.dll
09:55:43.0627 1432 TrkWks - ok
09:55:43.0727 1432 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys
09:55:43.0757 1432 Udfs - ok
09:55:43.0807 1432 ultra - ok
09:55:44.0017 1432 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys
09:55:44.0167 1432 Update - ok
09:55:44.0278 1432 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\windows\System32\upnphost.dll
09:55:44.0338 1432 upnphost - ok
09:55:44.0408 1432 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\windows\System32\ups.exe
09:55:44.0418 1432 UPS - ok
09:55:44.0508 1432 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
09:55:44.0518 1432 USBAAPL - ok
09:55:44.0598 1432 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
09:55:44.0618 1432 usbaudio - ok
09:55:44.0708 1432 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
09:55:44.0718 1432 usbccgp - ok
09:55:44.0788 1432 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
09:55:44.0808 1432 usbhub - ok
09:55:44.0879 1432 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
09:55:44.0889 1432 usbprint - ok
09:55:44.0959 1432 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
09:55:44.0959 1432 usbscan - ok
09:55:45.0019 1432 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
09:55:45.0029 1432 USBSTOR - ok
09:55:45.0099 1432 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
09:55:45.0109 1432 usbuhci - ok
09:55:45.0169 1432 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys
09:55:45.0179 1432 VgaSave - ok
09:55:45.0229 1432 ViaIde - ok
09:55:45.0309 1432 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys
09:55:45.0309 1432 VolSnap - ok
09:55:45.0489 1432 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\windows\System32\vssvc.exe
09:55:45.0610 1432 VSS - ok
09:55:45.0740 1432 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\windows\system32\w32time.dll
09:55:45.0810 1432 W32Time - ok
09:55:45.0900 1432 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
09:55:45.0920 1432 Wanarp - ok
09:55:45.0940 1432 WDICA - ok
09:55:46.0030 1432 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys
09:55:46.0070 1432 wdmaud - ok
09:55:46.0170 1432 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\windows\System32\webclnt.dll
09:55:46.0200 1432 WebClient - ok
09:55:46.0411 1432 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll
09:55:46.0461 1432 winmgmt - ok
09:55:46.0571 1432 wltrysvc - ok
09:55:46.0661 1432 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
09:55:46.0681 1432 WmdmPmSN - ok
09:55:46.0831 1432 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:55:46.0871 1432 WmiApSrv - ok
09:55:46.0941 1432 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys
09:55:46.0941 1432 WS2IFSL - ok
09:55:47.0042 1432 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\windows\system32\wscsvc.dll
09:55:47.0072 1432 wscsvc - ok
09:55:47.0112 1432 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:55:47.0122 1432 wuauserv - ok
09:55:47.0372 1432 [ E189A58938E5E1EA269D73AAD84C9311 ] wwSecSvc C:\WINDOWS\system32\wwSecure.exe
09:55:47.0562 1432 wwSecSvc - ok
09:55:47.0843 1432 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\windows\System32\wzcsvc.dll
09:55:48.0023 1432 WZCSVC - ok
09:55:48.0133 1432 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\windows\System32\xmlprov.dll
09:55:48.0183 1432 xmlprov - ok
09:55:48.0323 1432 ================ Scan global ===============================
09:55:48.0404 1432 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll
09:55:48.0604 1432 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
09:55:48.0824 1432 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
09:55:48.0884 1432 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe
09:55:48.0884 1432 [Global] - ok
09:55:48.0904 1432 ================ Scan MBR ==================================
09:55:48.0954 1432 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:55:49.0295 1432 \Device\Harddisk0\DR0 - ok
09:55:49.0375 1432 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR2
09:55:51.0348 1432 \Device\Harddisk1\DR2 - ok
09:55:51.0378 1432 ================ Scan VBR ==================================
09:55:51.0458 1432 [ 5A4D9C3B9A20DE0BD2A42A0364CA87FB ] \Device\Harddisk0\DR0\Partition1
09:55:51.0458 1432 \Device\Harddisk0\DR0\Partition1 - ok
09:55:51.0518 1432 [ 7DE3F07E772FF2813C6A2B1BD0D1682E ] \Device\Harddisk1\DR2\Partition1
09:55:51.0528 1432 \Device\Harddisk1\DR2\Partition1 - ok
09:55:51.0548 1432 ============================================================
09:55:51.0548 1432 Scan finished
09:55:51.0548 1432 ============================================================
09:55:51.0618 0844 Detected object count: 0
09:55:51.0618 0844 Actual detected object count: 0
09:56:43.0443 2244 ============================================================
09:56:43.0443 2244 Scan started
09:56:43.0443 2244 Mode: Manual; TDLFS;
09:56:43.0443 2244 ============================================================
09:56:43.0813 2244 ================ Scan system memory ========================
09:56:43.0823 2244 System memory - ok
09:56:43.0843 2244 ================ Scan services =============================
09:56:44.0494 2244 [ 6716B1AC3C76CC7B4085369C3F7173EF ] 3CWMCRU C:\windows\system32\DRIVERS\3CWMCRU.sys
09:56:44.0504 2244 3CWMCRU - ok
09:56:44.0554 2244 Abiosdsk - ok
09:56:44.0604 2244 abp480n5 - ok
09:56:44.0725 2244 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\windows\system32\drivers\ac97intc.sys
09:56:44.0725 2244 ac97intc - ok
09:56:44.0895 2244 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
09:56:44.0895 2244 ACPI - ok
09:56:45.0005 2244 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys
09:56:45.0005 2244 ACPIEC - ok
09:56:45.0205 2244 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:56:45.0205 2244 AdobeFlashPlayerUpdateSvc - ok
09:56:45.0255 2244 adpu160m - ok
09:56:45.0736 2244 [ B11C71B29FA69E4586F9B65560E6604D ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
09:56:45.0746 2244 AdvancedSystemCareService5 - ok
09:56:45.0896 2244 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys
09:56:45.0896 2244 aec - ok
09:56:45.0986 2244 [ 2F7F3E8DA380325866E566F5D5EC23D5 ] AegisP C:\windows\system32\DRIVERS\AegisP.sys
09:56:45.0986 2244 AegisP - ok
09:56:46.0097 2244 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys
09:56:46.0097 2244 AFD - ok
09:56:46.0217 2244 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
09:56:46.0217 2244 agp440 - ok
09:56:46.0257 2244 Aha154x - ok
09:56:46.0307 2244 aic78u2 - ok
09:56:46.0357 2244 aic78xx - ok
09:56:46.0457 2244 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\windows\system32\alrsvc.dll
09:56:46.0457 2244 Alerter - ok
09:56:46.0537 2244 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\windows\System32\alg.exe
09:56:46.0547 2244 ALG - ok
09:56:46.0587 2244 AliIde - ok
09:56:46.0637 2244 amsint - ok
09:56:46.0767 2244 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:56:46.0767 2244 Apple Mobile Device - ok
09:56:46.0818 2244 AppMgmt - ok
09:56:46.0928 2244 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\windows\system32\DRIVERS\arp1394.sys
09:56:46.0928 2244 Arp1394 - ok
09:56:46.0978 2244 asc - ok
09:56:47.0028 2244 asc3350p - ok
09:56:47.0068 2244 asc3550 - ok
09:56:47.0288 2244 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
09:56:47.0288 2244 aspnet_state - ok
09:56:47.0358 2244 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
09:56:47.0358 2244 AsyncMac - ok
09:56:47.0448 2244 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys
09:56:47.0448 2244 atapi - ok
09:56:47.0499 2244 Atdisk - ok
09:56:47.0589 2244 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
09:56:47.0589 2244 Atmarpc - ok
09:56:47.0669 2244 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\windows\System32\audiosrv.dll
09:56:47.0669 2244 AudioSrv - ok
09:56:47.0759 2244 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys
09:56:47.0759 2244 audstub - ok
09:56:48.0099 2244 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\windows\system32\DRIVERS\bcmwl5.sys
09:56:48.0109 2244 BCM43XX - ok
09:56:48.0210 2244 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys
09:56:48.0210 2244 Beep - ok
09:56:48.0330 2244 [ A40A990E37F6688012C5AD2AF2568116 ] BKNDIS5 C:\PROGRA~1\Belkin\F5D9050\BKNDIS5.SYS
09:56:48.0330 2244 BKNDIS5 - ok
09:56:48.0620 2244 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:56:48.0630 2244 Bonjour Service - ok
09:56:48.0710 2244 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\windows\System32\browser.dll
09:56:48.0720 2244 Browser - ok
09:56:48.0810 2244 [ 9060FA1F3EE5C1100AB1D358C3B0996B ] CBEN5 C:\windows\system32\DRIVERS\cben5.sys
09:56:48.0810 2244 CBEN5 - ok
09:56:48.0901 2244 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys
09:56:48.0911 2244 cbidf2k - ok
09:56:48.0971 2244 cd20xrnt - ok
09:56:49.0031 2244 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys
09:56:49.0031 2244 Cdaudio - ok
09:56:49.0141 2244 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys
09:56:49.0141 2244 Cdfs - ok
09:56:49.0241 2244 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys
09:56:49.0241 2244 Cdrom - ok
09:56:49.0291 2244 Changer - ok
09:56:49.0371 2244 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\windows\system32\cisvc.exe
09:56:49.0371 2244 CiSvc - ok
09:56:49.0451 2244 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\windows\system32\clipsrv.exe
09:56:49.0451 2244 ClipSrv - ok
09:56:49.0521 2244 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
09:56:49.0521 2244 CmBatt - ok
09:56:49.0552 2244 CmdIde - ok
09:56:49.0602 2244 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
09:56:49.0602 2244 Compbatt - ok
09:56:49.0652 2244 COMSysApp - ok
09:56:49.0722 2244 Cpqarray - ok
09:56:49.0802 2244 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\windows\System32\cryptsvc.dll
09:56:49.0802 2244 CryptSvc - ok
09:56:49.0842 2244 dac2w2k - ok
09:56:49.0892 2244 dac960nt - ok
09:56:50.0112 2244 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\windows\system32\rpcss.dll
09:56:50.0122 2244 DcomLaunch - ok
09:56:50.0202 2244 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll
09:56:50.0212 2244 Dhcp - ok
09:56:50.0263 2244 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys
09:56:50.0263 2244 Disk - ok
09:56:50.0303 2244 dmadmin - ok
09:56:50.0673 2244 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\windows\system32\drivers\dmboot.sys
09:56:50.0683 2244 dmboot - ok
09:56:50.0783 2244 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\windows\system32\drivers\dmio.sys
09:56:50.0793 2244 dmio - ok
09:56:50.0863 2244 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys
09:56:50.0873 2244 dmload - ok
09:56:50.0964 2244 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\windows\System32\dmserver.dll
09:56:50.0964 2244 dmserver - ok
09:56:51.0074 2244 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys
09:56:51.0074 2244 DMusic - ok
09:56:51.0184 2244 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\windows\System32\dnsrslvr.dll
09:56:51.0184 2244 Dnscache - ok
09:56:51.0284 2244 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\windows\System32\dot3svc.dll
09:56:51.0284 2244 Dot3svc - ok
09:56:51.0314 2244 dpti2o - ok
09:56:51.0394 2244 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
09:56:51.0394 2244 drmkaud - ok
09:56:51.0454 2244 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\windows\System32\eapsvc.dll
09:56:51.0454 2244 EapHost - ok
09:56:51.0554 2244 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\windows\system32\DRIVERS\el90xbc5.sys
09:56:51.0554 2244 EL90XBC - ok
09:56:51.0604 2244 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\windows\System32\ersvc.dll
09:56:51.0604 2244 ERSvc - ok
09:56:51.0705 2244 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\windows\system32\services.exe
09:56:51.0715 2244 Eventlog - ok
09:56:51.0885 2244 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:56:51.0895 2244 EventSystem - ok
09:56:52.0015 2244 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys
09:56:52.0015 2244 Fastfat - ok
09:56:52.0105 2244 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
09:56:52.0115 2244 FastUserSwitchingCompatibility - ok
09:56:52.0155 2244 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\DRIVERS\fdc.sys
09:56:52.0155 2244 Fdc - ok
09:56:52.0205 2244 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\windows\system32\drivers\Fips.sys
09:56:52.0205 2244 Fips - ok
09:56:52.0255 2244 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\drivers\Flpydisk.sys
09:56:52.0255 2244 Flpydisk - ok
09:56:52.0386 2244 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
09:56:52.0396 2244 FltMgr - ok
09:56:52.0436 2244 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
09:56:52.0436 2244 Fs_Rec - ok
09:56:52.0516 2244 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
09:56:52.0516 2244 Ftdisk - ok
09:56:52.0606 2244 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:56:52.0606 2244 GEARAspiWDM - ok
09:56:52.0676 2244 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys
09:56:52.0676 2244 Gpc - ok
09:56:52.0816 2244 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:56:52.0816 2244 helpsvc - ok
09:56:52.0846 2244 HidServ - ok
09:56:52.0926 2244 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
09:56:52.0926 2244 HidUsb - ok
09:56:53.0006 2244 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\windows\System32\kmsvc.dll
09:56:53.0006 2244 hkmsvc - ok
09:56:53.0057 2244 hpn - ok
09:56:53.0157 2244 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\windows\system32\DRIVERS\HPZid412.sys
09:56:53.0157 2244 HPZid412 - ok
09:56:53.0227 2244 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\windows\system32\DRIVERS\HPZipr12.sys
09:56:53.0227 2244 HPZipr12 - ok
09:56:53.0297 2244 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\windows\system32\DRIVERS\HPZius12.sys
09:56:53.0307 2244 HPZius12 - ok
09:56:53.0467 2244 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys
09:56:53.0477 2244 HTTP - ok
09:56:53.0537 2244 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\windows\System32\w3ssl.dll
09:56:53.0547 2244 HTTPFilter - ok
09:56:53.0577 2244 i2omgmt - ok
09:56:53.0627 2244 i2omp - ok
09:56:53.0728 2244 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
09:56:53.0728 2244 i8042prt - ok
09:56:53.0768 2244 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys
09:56:53.0768 2244 Imapi - ok
09:56:53.0888 2244 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\windows\system32\imapi.exe
09:56:53.0888 2244 ImapiService - ok
09:56:53.0938 2244 ini910u - ok
09:56:54.0018 2244 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\windows\system32\DRIVERS\intelide.sys
09:56:54.0018 2244 IntelIde - ok
09:56:54.0078 2244 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
09:56:54.0078 2244 intelppm - ok
09:56:54.0148 2244 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys
09:56:54.0148 2244 Ip6Fw - ok
09:56:54.0218 2244 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
09:56:54.0218 2244 IpFilterDriver - ok
09:56:54.0288 2244 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys
09:56:54.0288 2244 IpInIp - ok
09:56:54.0398 2244 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys
09:56:54.0408 2244 IpNat - ok
09:56:54.0789 2244 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:56:54.0809 2244 iPod Service - ok
09:56:54.0899 2244 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys
09:56:54.0899 2244 IPSec - ok
09:56:54.0969 2244 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys
09:56:54.0969 2244 IRENUM - ok
09:56:55.0059 2244 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
09:56:55.0059 2244 isapnp - ok
09:56:55.0190 2244 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:56:55.0200 2244 JavaQuickStarterService - ok
09:56:55.0280 2244 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
09:56:55.0280 2244 Kbdclass - ok
09:56:55.0380 2244 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys
09:56:55.0390 2244 kmixer - ok
09:56:55.0490 2244 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys
09:56:55.0500 2244 KSecDD - ok
09:56:55.0590 2244 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\windows\System32\srvsvc.dll
09:56:55.0590 2244 lanmanserver - ok
09:56:55.0710 2244 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll
09:56:55.0710 2244 lanmanworkstation - ok
09:56:55.0740 2244 lbrtfdc - ok
09:56:55.0861 2244 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\windows\System32\lmhsvc.dll
09:56:55.0861 2244 LmHosts - ok
09:56:55.0911 2244 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\windows\System32\msgsvc.dll
09:56:55.0911 2244 Messenger - ok
09:56:55.0971 2244 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys
09:56:55.0971 2244 mnmdd - ok
09:56:56.0051 2244 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:56:56.0051 2244 mnmsrvc - ok
09:56:56.0151 2244 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\windows\system32\drivers\Modem.sys
09:56:56.0151 2244 Modem - ok
09:56:56.0211 2244 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys
09:56:56.0211 2244 Mouclass - ok
09:56:56.0291 2244 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys
09:56:56.0291 2244 MountMgr - ok
09:56:56.0441 2244 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:56:56.0441 2244 MozillaMaintenance - ok
09:56:56.0491 2244 mraid35x - ok
09:56:56.0632 2244 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
09:56:56.0632 2244 MRxDAV - ok
09:56:56.0872 2244 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
09:56:56.0882 2244 MRxSmb - ok
09:56:56.0952 2244 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:56:56.0952 2244 MSDTC - ok
09:56:57.0002 2244 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys
09:56:57.0012 2244 Msfs - ok
09:56:57.0042 2244 MSIServer - ok
09:56:57.0102 2244 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
09:56:57.0102 2244 MSKSSRV - ok
09:56:57.0152 2244 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
09:56:57.0152 2244 MSPCLOCK - ok
09:56:57.0182 2244 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys
09:56:57.0182 2244 MSPQM - ok
09:56:57.0263 2244 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
09:56:57.0263 2244 mssmbios - ok
09:56:57.0343 2244 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys
09:56:57.0353 2244 Mup - ok
09:56:57.0503 2244 [ 0102140028FAD045756796E1C685D695 ] napagent C:\windows\System32\qagentrt.dll
09:56:57.0513 2244 napagent - ok
09:56:57.0653 2244 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys
09:56:57.0653 2244 NDIS - ok
09:56:57.0723 2244 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
09:56:57.0723 2244 NdisTapi - ok
09:56:57.0813 2244 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
09:56:57.0813 2244 Ndisuio - ok
09:56:57.0893 2244 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
09:56:57.0904 2244 NdisWan - ok
09:56:57.0984 2244 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys
09:56:57.0984 2244 NDProxy - ok
09:56:58.0064 2244 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
09:56:58.0064 2244 NetBIOS - ok
09:56:58.0184 2244 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys
09:56:58.0194 2244 NetBT - ok
09:56:58.0304 2244 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\windows\system32\netdde.exe
09:56:58.0324 2244 NetDDE - ok
09:56:58.0384 2244 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\windows\system32\netdde.exe
09:56:58.0394 2244 NetDDEdsdm - ok
09:56:58.0524 2244 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\windows\system32\lsass.exe
09:56:58.0524 2244 Netlogon - ok
09:56:58.0665 2244 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\windows\System32\netman.dll
09:56:58.0675 2244 Netman - ok
09:56:58.0765 2244 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\windows\system32\DRIVERS\nic1394.sys
09:56:58.0775 2244 NIC1394 - ok
09:56:58.0925 2244 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\windows\System32\mswsock.dll
09:56:58.0935 2244 Nla - ok
09:56:59.0005 2244 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys
09:56:59.0005 2244 Npfs - ok
09:56:59.0255 2244 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
09:56:59.0265 2244 Ntfs - ok
09:56:59.0296 2244 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\windows\system32\lsass.exe
09:56:59.0296 2244 NtLmSsp - ok
09:56:59.0546 2244 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\windows\system32\ntmssvc.dll
09:56:59.0556 2244 NtmsSvc - ok
09:56:59.0626 2244 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys
09:56:59.0626 2244 Null - ok
09:56:59.0726 2244 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
09:56:59.0726 2244 NwlnkFlt - ok
09:56:59.0776 2244 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
09:56:59.0776 2244 NwlnkFwd - ok
09:56:59.0866 2244 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
09:56:59.0866 2244 ohci1394 - ok
09:56:59.0906 2244 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\windows\system32\DRIVERS\omci.sys
09:56:59.0906 2244 omci - ok
09:56:59.0966 2244 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\windows\system32\DRIVERS\parport.sys
09:56:59.0976 2244 Parport - ok
09:57:00.0027 2244 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys
09:57:00.0027 2244 PartMgr - ok
09:57:00.0097 2244 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys
09:57:00.0097 2244 ParVdm - ok
09:57:00.0167 2244 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\windows\system32\DRIVERS\pci.sys
09:57:00.0177 2244 PCI - ok
09:57:00.0217 2244 PCIDump - ok
09:57:00.0267 2244 PCIIde - ok
09:57:00.0377 2244 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
09:57:00.0377 2244 Pcmcia - ok
09:57:00.0427 2244 PDCOMP - ok
09:57:00.0487 2244 PDFRAME - ok
09:57:00.0527 2244 PDRELI - ok
09:57:00.0587 2244 PDRFRAME - ok
09:57:00.0627 2244 perc2 - ok
09:57:00.0677 2244 perc2hib - ok
09:57:00.0978 2244 PEVSystemStart - ok
09:57:01.0068 2244 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\windows\system32\services.exe
09:57:01.0098 2244 PlugPlay - ok
09:57:01.0178 2244 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
09:57:01.0188 2244 Pml Driver HPZ12 - ok
09:57:01.0218 2244 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\windows\system32\lsass.exe
09:57:01.0218 2244 PolicyAgent - ok
09:57:01.0318 2244 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
09:57:01.0318 2244 PptpMiniport - ok
09:57:01.0348 2244 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe
09:57:01.0348 2244 ProtectedStorage - ok
09:57:01.0419 2244 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys
09:57:01.0419 2244 PSched - ok
09:57:01.0499 2244 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys
09:57:01.0499 2244 Ptilink - ok
09:57:01.0529 2244 ql1080 - ok
09:57:01.0569 2244 Ql10wnt - ok
09:57:01.0619 2244 ql12160 - ok
09:57:01.0649 2244 ql1240 - ok
09:57:01.0689 2244 ql1280 - ok
09:57:01.0759 2244 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
09:57:01.0759 2244 RasAcd - ok
09:57:01.0859 2244 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\windows\System32\rasauto.dll
09:57:01.0859 2244 RasAuto - ok
09:57:01.0919 2244 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
09:57:01.0919 2244 Rasl2tp - ok
09:57:02.0059 2244 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\windows\System32\rasmans.dll
09:57:02.0059 2244 RasMan - ok
09:57:02.0120 2244 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
09:57:02.0130 2244 RasPppoe - ok
09:57:02.0160 2244 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys
09:57:02.0160 2244 Raspti - ok
09:57:02.0250 2244 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys
09:57:02.0260 2244 Rdbss - ok
09:57:02.0300 2244 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
09:57:02.0300 2244 RDPCDD - ok
09:57:02.0480 2244 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
09:57:02.0490 2244 RDPWD - ok
09:57:02.0570 2244 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:57:02.0580 2244 RDSessMgr - ok
09:57:02.0660 2244 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\windows\system32\DRIVERS\redbook.sys
09:57:02.0660 2244 redbook - ok
09:57:02.0730 2244 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\windows\System32\mprdim.dll
09:57:02.0740 2244 RemoteAccess - ok
09:57:02.0851 2244 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\windows\system32\locator.exe
09:57:02.0851 2244 RpcLocator - ok
09:57:03.0071 2244 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\windows\system32\rpcss.dll
09:57:03.0081 2244 RpcSs - ok
09:57:03.0211 2244 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\windows\system32\rsvp.exe
09:57:03.0211 2244 RSVP - ok
09:57:03.0381 2244 [ 7436BFD3A542CF6FF55097200031B293 ] RT73 C:\windows\system32\DRIVERS\rt73.sys
09:57:03.0391 2244 RT73 - ok
09:57:03.0462 2244 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\windows\system32\lsass.exe
09:57:03.0462 2244 SamSs - ok
09:57:03.0572 2244 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\windows\System32\SCardSvr.exe
09:57:03.0572 2244 SCardSvr - ok
09:57:03.0702 2244 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\windows\system32\schedsvc.dll
09:57:03.0702 2244 Schedule - ok
09:57:03.0812 2244 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys
09:57:03.0812 2244 Secdrv - ok
09:57:03.0892 2244 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\windows\System32\seclogon.dll
09:57:03.0902 2244 seclogon - ok
09:57:03.0952 2244 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\windows\system32\sens.dll
09:57:03.0962 2244 SENS - ok
09:57:04.0002 2244 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\windows\system32\DRIVERS\serenum.sys
09:57:04.0002 2244 serenum - ok
09:57:04.0102 2244 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\windows\system32\DRIVERS\serial.sys
09:57:04.0102 2244 Serial - ok
09:57:04.0163 2244 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys
09:57:04.0163 2244 Sfloppy - ok
09:57:04.0273 2244 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:57:04.0283 2244 ShellHWDetection - ok
09:57:04.0323 2244 Simbad - ok
09:57:04.0363 2244 Sparrow - ok
09:57:04.0403 2244 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys
09:57:04.0403 2244 splitter - ok
09:57:04.0493 2244 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe
09:57:04.0503 2244 Spooler - ok
09:57:04.0593 2244 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\windows\system32\DRIVERS\sr.sys
09:57:04.0593 2244 sr - ok
09:57:04.0703 2244 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\windows\system32\srsvc.dll
09:57:04.0713 2244 srservice - ok
09:57:04.0914 2244 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys
09:57:04.0924 2244 Srv - ok
09:57:05.0024 2244 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
09:57:05.0034 2244 SSDPSRV - ok
09:57:05.0234 2244 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\windows\system32\wiaservc.dll
09:57:05.0244 2244 stisvc - ok
09:57:05.0344 2244 [ 21017E14E92B65F157AE30BE7BADAF5E ] StreamSurge C:\windows\system32\DRIVERS\ss.sys
09:57:05.0344 2244 StreamSurge - ok
09:57:05.0424 2244 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys
09:57:05.0424 2244 swenum - ok
09:57:05.0534 2244 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys
09:57:05.0534 2244 swmidi - ok
09:57:05.0585 2244 SwPrv - ok
09:57:05.0655 2244 symc810 - ok
09:57:05.0705 2244 symc8xx - ok
09:57:05.0755 2244 sym_hi - ok
09:57:05.0805 2244 sym_u3 - ok
09:57:05.0875 2244 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys
09:57:05.0875 2244 sysaudio - ok
09:57:05.0955 2244 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\windows\system32\smlogsvc.exe
09:57:05.0965 2244 SysmonLog - ok
09:57:06.0105 2244 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\windows\System32\tapisrv.dll
09:57:06.0105 2244 TapiSrv - ok
09:57:06.0276 2244 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys
09:57:06.0286 2244 Tcpip - ok
09:57:06.0336 2244 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys
09:57:06.0336 2244 TDPIPE - ok
09:57:06.0386 2244 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys
09:57:06.0386 2244 TDTCP - ok
09:57:06.0436 2244 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys
09:57:06.0436 2244 TermDD - ok
09:57:06.0626 2244 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\windows\System32\termsrv.dll
09:57:06.0626 2244 TermService - ok
09:57:06.0746 2244 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\windows\System32\shsvcs.dll
09:57:06.0746 2244 Themes - ok
09:57:06.0816 2244 TosIde - ok
09:57:06.0916 2244 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\windows\system32\trkwks.dll
09:57:06.0926 2244 TrkWks - ok
09:57:07.0057 2244 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys
09:57:07.0057 2244 Udfs - ok
09:57:07.0107 2244 ultra - ok
09:57:07.0337 2244 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys
09:57:07.0337 2244 Update - ok
09:57:07.0467 2244 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\windows\System32\upnphost.dll
09:57:07.0477 2244 upnphost - ok
09:57:07.0537 2244 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\windows\System32\ups.exe
09:57:07.0537 2244 UPS - ok
09:57:07.0607 2244 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
09:57:07.0607 2244 USBAAPL - ok
09:57:07.0708 2244 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
09:57:07.0708 2244 usbaudio - ok
09:57:07.0768 2244 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
09:57:07.0768 2244 usbccgp - ok
09:57:07.0818 2244 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
09:57:07.0818 2244 usbhub - ok
09:57:07.0868 2244 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
09:57:07.0868 2244 usbprint - ok
09:57:07.0928 2244 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
09:57:07.0928 2244 usbscan - ok
09:57:07.0978 2244 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
09:57:07.0978 2244 USBSTOR - ok
09:57:08.0058 2244 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
09:57:08.0058 2244 usbuhci - ok
09:57:08.0098 2244 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys
09:57:08.0098 2244 VgaSave - ok
09:57:08.0138 2244 ViaIde - ok
09:57:08.0218 2244 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys
09:57:08.0218 2244 VolSnap - ok
09:57:08.0399 2244 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\windows\System32\vssvc.exe
09:57:08.0409 2244 VSS - ok
09:57:08.0539 2244 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\windows\system32\w32time.dll
09:57:08.0549 2244 W32Time - ok
09:57:08.0659 2244 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
09:57:08.0659 2244 Wanarp - ok
09:57:08.0699 2244 WDICA - ok
09:57:08.0799 2244 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys
09:57:08.0799 2244 wdmaud - ok
09:57:08.0879 2244 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\windows\System32\webclnt.dll
09:57:08.0889 2244 WebClient - ok
09:57:09.0040 2244 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll
09:57:09.0040 2244 winmgmt - ok
09:57:09.0150 2244 wltrysvc - ok
09:57:09.0260 2244 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
09:57:09.0260 2244 WmdmPmSN - ok
09:57:09.0410 2244 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:57:09.0420 2244 WmiApSrv - ok
09:57:09.0480 2244 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys
09:57:09.0480 2244 WS2IFSL - ok
09:57:09.0590 2244 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\windows\system32\wscsvc.dll
09:57:09.0590 2244 wscsvc - ok
09:57:09.0630 2244 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:57:09.0630 2244 wuauserv - ok
09:57:09.0901 2244 [ E189A58938E5E1EA269D73AAD84C9311 ] wwSecSvc C:\WINDOWS\system32\wwSecure.exe
09:57:09.0921 2244 wwSecSvc - ok
09:57:10.0191 2244 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\windows\System32\wzcsvc.dll
09:57:10.0201 2244 WZCSVC - ok
09:57:10.0321 2244 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\windows\System32\xmlprov.dll
09:57:10.0321 2244 xmlprov - ok
09:57:10.0482 2244 ================ Scan global ===============================
09:57:10.0572 2244 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll
09:57:10.0732 2244 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
09:57:10.0872 2244 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
09:57:10.0952 2244 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe
09:57:10.0952 2244 [Global] - ok
09:57:10.0982 2244 ================ Scan MBR ==================================
09:57:11.0052 2244 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:57:11.0553 2244 \Device\Harddisk0\DR0 - ok
09:57:11.0623 2244 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR2
09:57:14.0497 2244 \Device\Harddisk1\DR2 - ok
09:57:14.0517 2244 ================ Scan VBR ==================================
09:57:14.0588 2244 [ 5A4D9C3B9A20DE0BD2A42A0364CA87FB ] \Device\Harddisk0\DR0\Partition1
09:57:14.0598 2244 \Device\Harddisk0\DR0\Partition1 - ok
09:57:14.0648 2244 [ 7DE3F07E772FF2813C6A2B1BD0D1682E ] \Device\Harddisk1\DR2\Partition1
09:57:14.0658 2244 \Device\Harddisk1\DR2\Partition1 - ok
09:57:14.0658 2244 ============================================================
09:57:14.0658 2244 Scan finished
09:57:14.0658 2244 ============================================================
09:57:14.0728 2236 Detected object count: 0
09:57:14.0728 2236 Actual detected object count: 0
10:29:14.0278 3500 Deinitialize success

aswmbr

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-13 09:57:39
-----------------------------
09:57:39.593 OS Version: Windows 5.1.2600 Service Pack 3
09:57:39.593 Number of processors: 1 586 0x204
09:57:39.593 ComputerName: U1-C63792EBF3A7 UserName: U1
09:57:40.895 Initialize success
10:07:04.566 AVAST engine defs: 12101300
10:07:41.920 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:07:41.950 Disk 0 Vendor: TOSHIBA_MK6025GAS KA200K Size: 57231MB BusType: 3
10:07:41.980 Disk 1 \Device\Harddisk1\DR2 -> \Device\00000081
10:07:42.010 Disk 1 Vendor: Size: 57231MB BusType: 0
10:07:42.280 Disk 0 MBR read successfully
10:07:42.310 Disk 0 MBR scan
10:07:42.480 Disk 0 Windows XP default MBR code
10:07:42.520 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
10:07:42.570 Disk 0 scanning sectors +117210240
10:07:42.661 Disk 0 scanning C:\windows\system32\drivers
10:08:15.498 Service scanning
10:08:54.314 Modules scanning
10:09:14.292 Disk 0 trace - called modules:
10:09:14.483 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
10:09:14.633 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f56ab8]
10:09:14.793 3 CLASSPNP.SYS[f7658fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f43d98]
10:09:16.195 AVAST engine scan C:\windows
10:09:27.311 AVAST engine scan C:\windows\system32
10:15:54.989 File: C:\windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
10:16:59.551 AVAST engine scan C:\windows\system32\drivers
10:17:37.406 AVAST engine scan C:\Documents and Settings\U1
10:26:51.723 AVAST engine scan C:\Documents and Settings\All Users
10:27:29.237 Scan finished successfully
10:28:33.609 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
10:28:33.700 The log file has been saved successfully to "F:\aswMBR.txt"


eset

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\New Folder\New Folder\New Folder\b\gusetup.exe probably a variant of Win32/ELEX application cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PYJQ7CJ\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\U1\desktop\clean\gusetup.exe probably a variant of Win32/ELEX application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:32 PM

Posted 13 October 2012 - 12:06 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 tim876

tim876
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 13 October 2012 - 08:23 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by U1 (administrator) on 13-10-2012 at 17:07:48
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



127.0.0.1 localhost
127.0.0.1 http://www.democraticunderground.com

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Belkin Wireless G Plus MIMO USB Network Adapter = Wireless Network Connection 2 (Connected)
3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) = Local Area Connection (Media disconnected)
Xircom CardBus Ethernet 100 + Modem 56 (Ethernet Interface) = Local Area Connection 2 (Media disconnected)
Broadcom 802.11g Network Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : u1-c63792ebf3a7

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.actdsltmp



Ethernet adapter Wireless Network Connection 3:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter

Physical Address. . . . . . . . . : 00-0B-7D-19-11-A7



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Xircom CardBus Ethernet 100 + Modem 56 (Ethernet Interface)

Physical Address. . . . . . . . . : 00-10-A4-8A-D4-56



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)

Physical Address. . . . . . . . . : 00-06-5B-B8-EA-CE



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . : domain.actdsltmp

Description . . . . . . . . . . . : Belkin Wireless G Plus MIMO USB Network Adapter #2

Physical Address. . . . . . . . . : 00-11-50-E3-19-AE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.29

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

205.171.3.65

Lease Obtained. . . . . . . . . . : Saturday, October 13, 2012 12:53:51 PM

Lease Expires . . . . . . . . . . : Sunday, October 14, 2012 12:53:51 PM

Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.225.41, 74.125.225.46, 74.125.225.32, 74.125.225.33
74.125.225.34, 74.125.225.35, 74.125.225.36, 74.125.225.37, 74.125.225.38
74.125.225.39, 74.125.225.40



Pinging google.com [74.125.225.46] with 32 bytes of data:



Reply from 74.125.225.46: bytes=32 time=71ms TTL=57

Reply from 74.125.225.46: bytes=32 time=57ms TTL=57



Ping statistics for 74.125.225.46:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 57ms, Maximum = 71ms, Average = 64ms

Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=180ms TTL=53

Reply from 98.139.183.24: bytes=32 time=178ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 178ms, Maximum = 180ms, Average = 179ms

Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0b 7d 19 11 a7 ...... Broadcom 802.11g Network Adapter - Packet Scheduler Miniport
0x3 ...00 10 a4 8a d4 56 ...... Xircom CardBus Ethernet 100 + Modem 56 (Ethernet Interface) - Packet Scheduler Miniport
0x4 ...00 06 5b b8 ea ce ...... 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) - Packet Scheduler Miniport
0x10006 ...00 11 50 e3 19 ae ...... Belkin Wireless G Plus MIMO USB Network Adapter #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.29 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.29 192.168.0.29 20
192.168.0.0 255.255.255.0 192.168.0.29 192.168.0.29 30
192.168.0.29 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.0.255 255.255.255.255 192.168.0.29 192.168.0.29 30
224.0.0.0 240.0.0.0 192.168.0.29 192.168.0.29 30
255.255.255.255 255.255.255.255 192.168.0.29 192.168.0.29 1
255.255.255.255 255.255.255.255 192.168.0.29 3 1
255.255.255.255 255.255.255.255 192.168.0.29 4 1
255.255.255.255 255.255.255.255 192.168.0.29 2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/12/2012 01:52:35 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.

Error: (10/12/2012 01:48:34 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.

Error: (10/12/2012 01:47:49 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.

Error: (10/12/2012 01:46:25 PM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.

Error: (10/12/2012 01:40:14 PM) (Source: MsiInstaller) (User: U1-C63792EBF3A7)U1-C63792EBF3A7
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (10/12/2012 01:40:11 PM) (Source: MsiInstaller) (User: U1-C63792EBF3A7)U1-C63792EBF3A7
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.

Error: (10/12/2012 11:45:14 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.

Error: (10/12/2012 11:44:07 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.

Error: (10/12/2012 11:11:07 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.

Error: (10/12/2012 11:04:24 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.


System errors:
=============
Error: (10/13/2012 04:47:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/13/2012 04:46:59 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/13/2012 01:02:01 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/13/2012 01:01:53 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/13/2012 01:01:44 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/13/2012 01:01:36 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/13/2012 01:01:27 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/13/2012 01:01:19 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/13/2012 01:01:10 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/13/2012 01:01:02 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================
Error: (10/12/2012 01:52:35 PM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (10/12/2012 01:48:34 PM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (10/12/2012 01:47:49 PM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (10/12/2012 01:46:25 PM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (10/12/2012 01:40:14 PM) (Source: MsiInstaller)(User: U1-C63792EBF3A7)U1-C63792EBF3A7
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)

Error: (10/12/2012 01:40:11 PM) (Source: MsiInstaller)(User: U1-C63792EBF3A7)U1-C63792EBF3A7
Description: Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data.(NULL)(NULL)(NULL)

Error: (10/12/2012 11:45:14 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (10/12/2012 11:44:07 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (10/12/2012 11:11:07 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (10/12/2012 11:04:24 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office 2000 Standard -- Error 1706. No valid source could be found for product Microsoft Office 2000 Standard. The Windows installer cannot continue.(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

1310 (Version: 43.0.217.000)
1310_Help (Version: 43.0.217.000)
1310Tour (Version: 43.0.217.000)
1310Trb (Version: 43.0.217.000)
1Dial Web Accelerator
AAA Map'n'Go 7.0
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader 9 (Version: 9.0.0)
Advanced SystemCare 5 (Version: 5.2.0)
AiO_Scan (Version: 43.0.217.000)
AiOSoftware (Version: 43.0.217.000)
AirPort (Version: 4.2.0.11)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Belkin Wireless G Plus MIMO USB Network Adapter
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Network Adapter (Version: 4.100.15.5)
Broadcom Driver v4.170.25.12_Foxconn Installation Program (Version: 4.170.25.12)
BufferChm (Version: 43.1.5.000)
CCleaner (Version: 3.20)
Copy (Version: 43.1.5.000)
CreativeProjects (Version: 43.1.5.000)
CreativeProjectsTemplates (Version: 43.1.5.000)
CueTour (Version: 43.1.5.000)
Dell TrueMobile GPRS Modem Manager (Version: 1.13.15)
Destinations (Version: 43.1.5.000)
Director (Version: 43.1.5.000)
DocProc (Version: 4.0.0.0)
DocumentViewer (Version: 43.0.217.000)
ESET Online Scanner v3
Fax (Version: 43.0.217.000)
Glary Utilities 2.46.0.1518 (Version: 2.46.0.1518)
Google Chrome (Version: 22.0.1229.94)
HitmanPro 3.6 (Version: 3.6.2.171)
HP Diagnostic Assistant (Version: 1.0.0.0)
HP Image Zone 4.2 (Version: 4.2)
HP PSC & OfficeJet 4.2
HP Software Update (Version: 2.0.39.20040212)
HPSystemDiagnostics (Version: 1.5.0.0)
InstantShare (Version: 4.0.0.40)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Standard (Version: 9.00.2720)
Microsoft Office Professional
Microsoft Silverlight (Version: 5.1.10411.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Overland (Version: 2.1.5)
PhotoGallery (Version: 43.1.5.000)
PrintScreen (Version: 43.1.5.000)
ProductContext (Version: 43.0.217.000)
QFolder (Version: 1.00.0000)
QuickProjects (Version: 43.1.5.000)
QuickTime (Version: 7.71.80.42)
Readme (Version: 43.0.217.000)
Scan (Version: 4.1.0.0)
SkinsHP1 (Version: 43.1.5.000)
Sophos Virus Removal Tool (Version: 2.1)
TrayApp (Version: 43.1.5.000)
Unload (Version: 4.0.0)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Ver 1.2.0
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 43.1.5.000)
Window Washer
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 1023.43 MB
Available physical RAM: 778.32 MB
Total Pagefile: 2464.34 MB
Available Pagefile: 2307.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.55 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:55.89 GB) (Free:43.87 GB) NTFS

========================= Users: ========================================

User accounts for \\U1-C63792EBF3A7

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 U1

========================= Restore Points ==================================

16-07-2012 03:46:29 System Checkpoint
17-07-2012 03:18:23 Installed Microsoft Fix it 50530
18-07-2012 06:49:19 System Checkpoint
19-07-2012 20:23:26 System Checkpoint
21-07-2012 00:00:16 System Checkpoint
22-07-2012 00:46:07 System Checkpoint
23-07-2012 00:59:46 System Checkpoint
24-07-2012 01:59:42 System Checkpoint
25-07-2012 02:59:36 System Checkpoint
21-08-2012 20:42:55 System Checkpoint
21-08-2012 22:19:29 Software Distribution Service 3.0
22-08-2012 04:29:12 Software Distribution Service 3.0
23-08-2012 16:41:37 System Checkpoint
26-08-2012 18:16:26 System Checkpoint
27-08-2012 19:01:29 System Checkpoint
28-08-2012 19:16:26 System Checkpoint
29-08-2012 19:43:55 System Checkpoint
30-08-2012 21:50:57 System Checkpoint
31-08-2012 22:01:36 System Checkpoint
01-09-2012 22:44:29 System Checkpoint
02-09-2012 23:33:02 System Checkpoint
03-09-2012 23:36:32 System Checkpoint
04-09-2012 23:48:05 System Checkpoint
05-09-2012 23:50:56 System Checkpoint
07-09-2012 00:51:29 System Checkpoint
08-09-2012 02:00:39 System Checkpoint
09-09-2012 02:37:10 System Checkpoint
10-09-2012 03:31:23 System Checkpoint
11-09-2012 04:31:17 System Checkpoint
13-09-2012 04:20:56 System Checkpoint
13-09-2012 04:30:44 Software Distribution Service 3.0
14-09-2012 15:55:18 System Checkpoint
15-09-2012 17:48:11 System Checkpoint
16-09-2012 18:09:44 System Checkpoint
17-09-2012 18:35:47 System Checkpoint
18-09-2012 19:28:40 System Checkpoint
19-09-2012 20:48:55 System Checkpoint
20-09-2012 21:36:18 System Checkpoint
21-09-2012 22:28:26 System Checkpoint
22-09-2012 02:39:45 Software Distribution Service 3.0
22-09-2012 03:34:15 Software Distribution Service 3.0
23-09-2012 13:39:49 System Checkpoint
24-09-2012 17:39:29 System Checkpoint
25-09-2012 18:09:13 System Checkpoint
26-09-2012 18:52:31 System Checkpoint
27-09-2012 19:32:20 System Checkpoint
28-09-2012 20:00:50 System Checkpoint
29-09-2012 20:07:06 System Checkpoint
30-09-2012 20:41:22 System Checkpoint
01-10-2012 21:15:33 System Checkpoint
02-10-2012 22:00:42 System Checkpoint
03-10-2012 23:14:24 System Checkpoint
04-10-2012 23:56:23 System Checkpoint
06-10-2012 02:00:48 System Checkpoint
07-10-2012 02:38:22 System Checkpoint
08-10-2012 03:30:32 System Checkpoint
09-10-2012 03:56:34 System Checkpoint
10-10-2012 04:14:57 System Checkpoint
10-10-2012 21:35:30 Software Distribution Service 3.0
11-10-2012 21:46:21 System Checkpoint
12-10-2012 23:02:07 System Checkpoint

**** End of log ****


Farbar Service Scanner Version: 07-10-2012
Ran by U1 (administrator) on 13-10-2012 at 17:09:05
Running from "C:\Documents and Settings\U1\desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) StreamSurge(9) Tcpip(4)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


Junkware Removal Tool (JRT) by Thisisu
Version: 1.5.5 (10.13.2012)
OS: Microsoft Windows XP x86
Ran by U1 on Sat 10/13/2012 at 17:09:31.17
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Sat 10/13/2012 at 18:14:06.61
End of Report

on adware cleaner, i was warned of unsafe file and did not download

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:32 PM

Posted 13 October 2012 - 08:58 PM

on adware cleaner, i was warned of unsafe file and did not download


Disable your antivirus and download

Post the log along with malwarebytes log

#7 tim876

tim876
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 13 October 2012 - 11:25 PM

# AdwCleaner v2.004 - Logfile created 10/13/2012 at 23:18:32
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : U1 - U1-C63792EBF3A7
# Boot Mode : Normal
# Running from : C:\Documents and Settings\U1\desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\U1\Application Data\Mozilla\Firefox\Profiles\oludu5vi.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Documents and Settings\U1\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1623 octets] - [13/10/2012 23:17:10]
AdwCleaner[S2].txt - [1293 octets] - [13/10/2012 23:18:32]

########## EOF - C:\AdwCleaner[S2].txt - [1353 octets] ##########

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:32 PM

Posted 13 October 2012 - 11:48 PM

Malwarebytes log?

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 tim876

tim876
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 October 2012 - 09:40 AM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.13.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
U1 :: U1-C63792EBF3A7 [administrator]

10/13/2012 12:31:50 PM
mbam-log-2012-10-13 (12-31-50).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262391
Time elapsed: 1 hour(s), 39 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\RECYCLER\S-1-5-18\$8f98e7d68ca4fc11a2e74fa99dc1129f\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$8f98e7d68ca4fc11a2e74fa99dc1129f\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$8f98e7d68ca4fc11a2e74fa99dc1129f\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$8f98e7d68ca4fc11a2e74fa99dc1129f\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$8f98e7d68ca4fc11a2e74fa99dc1129f\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-18\$8f98e7d68ca4fc11a2e74fa99dc1129f\U\80000032.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-507921405-1563985344-1957994488-1004\$8f98e7d68ca4fc11a2e74fa99dc1129f\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{293E03E8-6E6C-4764-AA2B-428C6B409069}\RP73\A0046627.ini (Trojan.0access) -> Quarantined and deleted successfully.
C:\WINDOWS\assembly\GAC\Desktop.ini (Rootkit.0access) -> Quarantined and deleted successfully.

(end)

#10 tim876

tim876
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 October 2012 - 10:06 AM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/14/2012 09:47:30 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\windows\System32\WLTRYSVC.EXE (PID: 1848) [WD-HEUR]
* C:\windows\System32\bcmwltry.exe (PID: 1860) [WD-HEUR]
* C:\WINDOWS\system32\wwSecure.exe (PID: 520) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* SharedAccess [Missing ImagePath]

* BITS [Missing Parameters Key]

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 http://www.democraticunderground.com

Program finished at: 10/14/2012 09:48:57 AM
Execution time: 0 hours(s), 1 minute(s), and 27 seconds(s)

#11 tim876

tim876
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 October 2012 - 10:13 AM

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\u1\local settings\application data\google\update\googleupdate.exe"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Advanced SystemCare" "ASCv5ExtMenu Module" "" "c:\program files\iobit\advanced systemcare 5\ascv5extmenu.dll"
+ "Glary Utilities" "Context Menu Handler" "Glarysoft Ltd" "c:\program files\glary utilities\contexthandler.dll"
+ "Washer" "Window Washer Shredding Shell Extension" "Webroot Software" "c:\program files\common files\webroot shared\shellwash.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Advanced SystemCare" "ASCv5ExtMenu Module" "" "c:\program files\iobit\advanced systemcare 5\ascv5extmenu.dll"
+ "Washer" "Window Washer Shredding Shell Extension" "Webroot Software" "c:\program files\common files\webroot shared\shellwash.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Glary Utilities" "Context Menu Handler" "Glarysoft Ltd" "c:\program files\glary utilities\contexthandler.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "NOW!Imaging" "Imaging Component" "SlipStream Data Inc." "c:\program files\web accelerator\components\nowimaging.dll"
+ "Prefetch" "Prefetch Dynamic Link Library" "SlipStream Data Inc." "c:\program files\web accelerator\prefetch.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "AdobeŽ FlashŽ Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GlaryInitialize.job" "Glary Utilities Initialize" "Glarysoft Ltd" "c:\program files\glary utilities\initialize.exe"
+ "GoogleUpdateTaskUserS-1-5-21-507921405-1563985344-1957994488-1004Core.job" "Google Installer" "Google Inc." "c:\documents and settings\u1\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-507921405-1563985344-1957994488-1004UA.job" "Google Installer" "Google Inc." "c:\documents and settings\u1\local settings\application data\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AdvancedSystemCareService5" "Advanced SystemCare Service" "IObit" "c:\program files\iobit\advanced systemcare 5\ascservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\windows\System32\appmgmts.dll"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "PEVSystemStart" "" "" "File not found: C:\32788R22FWJFW\pev.3XE"
+ "Pml Driver HPZ12" "PML Driver" "HP" "c:\windows\system32\hpzipm12.exe"
+ "wltrysvc" "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant." "" "c:\windows\system32\wltrysvc.exe"
+ "wwSecSvc" "Window Washer Cleaning Service" "Webroot Software, Inc." "c:\windows\system32\wwsecure.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "3CWMCRU" "Modem driver" "3Com, Inc." "c:\windows\system32\drivers\3cwmcru.sys"
+ "ac97intc" "Intel® Integrated Controller Hub Audio Driver" "Intel Corporation" "c:\windows\system32\drivers\ac97intc.sys"
+ "AegisP" "AEGIS Protocol (IEEE 802.1x) v3.4.3.0" "Meetinghouse Data Communications" "c:\windows\system32\drivers\aegisp.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl5.sys"
+ "BKNDIS5" "GTNDIS NDIS 5.0 Protocol Driver" "Gemtek Technology Co." "c:\program files\belkin\f5d9050\bkndis5.sys"
+ "CBEN5" "NDIS 5.X Miniport Driver" "Xircom, Inc." "c:\windows\system32\drivers\cben5.sys"
+ "Changer" "" "" "File not found: C:\windows\System32\Drivers\Changer.sys"
+ "EL90XBC" "3Com EtherLink PCI Driver" "3Com Corporation" "c:\windows\system32\drivers\el90xbc5.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "i2omgmt" "" "" "File not found: C:\windows\System32\Drivers\i2omgmt.sys"
+ "lbrtfdc" "" "" "File not found: C:\windows\System32\Drivers\lbrtfdc.sys"
+ "omci" "OMCI Device Driver" "Dell Inc" "c:\windows\system32\drivers\omci.sys"
+ "PCIDump" "" "" "File not found: C:\windows\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\windows\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\windows\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\windows\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\windows\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "RT73" "Ralink 802.11 USB Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\rt73.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "StreamSurge" "StreamSurge Intermediate Miniport Driver" "WikiTek Inc." "c:\windows\system32\drivers\ss.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "WDICA" "" "" "File not found: C:\windows\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "CinepakŽ Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.LEAD" "" "" "File not found: LCODCCMP.DLL"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "HPOD RunTimeline Filter" "HPODRunTimelineFilter module " "Hewlett-Packard Company" "c:\program files\common files\hp\memories disc\2.0\hpodruntimelinefilter.dll"
+ "IndeoŽ audio software" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "IndeoŽ video 5.10 Compression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "IndeoŽ video 5.10 Decompression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LEAD MCMP/MJPEG Codec" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\program files\common files\hp\memories disc\2.0\leadtools\lcodccmp.dll"
+ "LEAD MCMP/MJPEG Decoder" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\program files\common files\hp\memories disc\2.0\leadtools\lcodccmp.dll"
+ "LEAD Video Color Filter" "LEAD Multimedia Processor Filter" "LEAD Technologies, Inc." "c:\program files\common files\hp\memories disc\2.0\leadtools\lmvclr.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "hpzsnt10" "" "HP" "c:\windows\system32\hpzsnt10.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "Broadcom 802.11 Network Adapter Logon Provider" "Broadcom Corporation" "c:\windows\system32\bcmlogon.dll"

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:32 PM

Posted 14 October 2012 - 10:15 AM

Please run malwarebytes once again and post the clean log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

Any current issues?

Edited by narenxp, 14 October 2012 - 10:15 AM.


#13 tim876

tim876
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 October 2012 - 12:33 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.13.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
U1 :: U1-C63792EBF3A7 [administrator]

10/14/2012 10:42:16 AM
mbam-log-2012-10-14 (10-42-16).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262917
Time elapsed: 1 hour(s), 40 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 tim876

tim876
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 October 2012 - 12:43 PM

Farbar Service Scanner Version: 07-10-2012
Ran by U1 (administrator) on 14-10-2012 at 12:41:52
Running from "C:\Documents and Settings\U1\desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) StreamSurge(9) Tcpip(4)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

#15 tim876

tim876
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 14 October 2012 - 12:48 PM

seems to be working ok




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users