Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing Files and Folders


  • Please log in to reply
11 replies to this topic

#1 Wannabe Expert

Wannabe Expert

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 19 October 2012 - 12:19 AM

Hello,
I contracted a virus after clicking on navigation links in a website advertised via Amazon Local Deals. After I closed the suspect browser tab, my entire browser closed of its own accord. And then, shortly after restarting the browser, I received approximately 20 'System Alert' type popups (with exclamation points in a yellow triangle icons) and one 'System Error' type popup with an icon similar to a red stop sign. Additionally, I received one more popup that had two button options on it. When I right clicked on it, the 'Close' option was greyed out, and only 'Move' was available. Unfortunately I did not save the text of any of these popups as I (stupidly) thought that just running MalwareBytes would identify and correct the problem.

Around the time I received the problem popups, some files and folders on my desktop disappeared. Additionally most (but not all) of my files and folders within 'My Documents' have disappeared. However when looking at the folder attributes, there are more files/folders listed than what is visible. However, the 'hidden' attribute is not checked.

So I had MalwareBytes on my desktop and updated to a recent database (although when I ran the program later I received another warning that the db was still out of date by 20 days, which I ignored). Additionally, after the db update I had to restart my machine, and during the startup process I saw a blue windows screen that said 'Please wait...' (which I normally don't see), and then the OS completed loading. My scan by MalwareBytes did not identify any problem files or registry entries, etc.

Please let me know how I should proceed, and thank you very much in advance for your time and assistance in this matter!

Computer: Dell Latitude E6500
OS: Windows XP SP3

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 19 October 2012 - 05:48 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Wannabe Expert

Wannabe Expert
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 27 October 2012 - 08:21 PM

Narenxp,

Thanks for the reply and I'm sorry for the delay in my response.

I followed your instructions, but was unable to run either TDSSKiller or aswMBR. When I click the executables to run them, nothing happens. I also tried re-naming the files and running them, but the result was still the same.

I was able to run ESET Online Scanner, and the results are as follows:
<file_location>/VeohWebPlayerSetup_eng.exe    multiple threats cleaned by deleting - quarantined

Please note that I do believe I downloaded that player a while back, but did not end up installing it due to other things I read about it.

I also tried re-running TDSSKiller and aswMBR after the ESET Online Scanner completion, but the result was still the same as above.

Thanks in advance for any further suggestions you may have.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 28 October 2012 - 03:30 AM

You should be able to launch TDSSkiller and aswmbr now.

Edited by narenxp, 23 November 2012 - 06:38 PM.


#5 Wannabe Expert

Wannabe Expert
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 23 November 2012 - 06:28 PM

Ok thanks narenxp - that definitely did the trick!

Below please find the logs from the requested scans. Note that I ran TDSSKiller twice, as it found something the first time.

  • TDSS Killer
    11:31:40.0109 1868  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    11:31:40.0125 1868  ============================================================
    11:31:40.0125 1868  Current date / time: 2012/11/03 11:31:40.0125
    11:31:40.0125 1868  SystemInfo:
    11:31:40.0125 1868  
    11:31:40.0125 1868  OS Version: 5.1.2600 ServicePack: 3.0
    11:31:40.0125 1868  Product type: Workstation
    11:31:40.0125 1868  ComputerName: <computerName>
    11:31:40.0125 1868  UserName: <user_name>
    11:31:40.0125 1868  Windows directory: C:\WINDOWS
    11:31:40.0125 1868  System windows directory: C:\WINDOWS
    11:31:40.0125 1868  Processor architecture: Intel x86
    11:31:40.0125 1868  Number of processors: 2
    11:31:40.0125 1868  Page size: 0x1000
    11:31:40.0125 1868  Boot type: Normal boot
    11:31:40.0125 1868  ============================================================
    11:31:40.0890 1868  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    11:31:40.0890 1868  ============================================================
    11:31:40.0890 1868  \Device\Harddisk0\DR0:
    11:31:40.0890 1868  MBR partitions:
    11:31:40.0890 1868  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x56496, BlocksNum 0x129C262B
    11:31:40.0890 1868  ============================================================
    11:31:40.0937 1868  C: <-> \Device\Harddisk0\DR0\Partition1
    11:31:40.0937 1868  ============================================================
    11:31:40.0937 1868  Initialize success
    11:31:40.0937 1868  ============================================================
    11:31:56.0171 5384  ============================================================
    11:31:56.0171 5384  Scan started
    11:31:56.0171 5384  Mode: Manual; 
    11:31:56.0171 5384  ============================================================
    11:31:56.0296 5384  ================ Scan system memory ========================
    11:31:57.0171 5384  System memory - ok
    11:31:57.0171 5384  ================ Scan services =============================
    11:31:57.0328 5384  Abiosdsk - ok
    11:31:57.0375 5384  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    11:31:57.0390 5384  abp480n5 - ok
    11:31:57.0421 5384  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
    11:31:57.0421 5384  ACPI - ok
    11:31:57.0421 5384  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    11:31:57.0437 5384  ACPIEC - ok
    11:31:57.0453 5384  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    11:31:57.0484 5384  adpu160m - ok
    11:31:57.0531 5384  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
    11:31:57.0531 5384  aec - ok
    11:31:57.0546 5384  [ 20F078136F3BDC4C0405C0527B769303 ] AESTAud         C:\WINDOWS\system32\drivers\AESTAud.sys
    11:31:57.0562 5384  AESTAud - ok
    11:31:57.0578 5384  [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
    11:31:57.0593 5384  AFD - ok
    11:31:57.0609 5384  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
    11:31:57.0625 5384  agp440 - ok
    11:31:57.0625 5384  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    11:31:57.0640 5384  agpCPQ - ok
    11:31:57.0656 5384  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
    11:31:57.0656 5384  Aha154x - ok
    11:31:57.0671 5384  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    11:31:57.0687 5384  aic78u2 - ok
    11:31:57.0687 5384  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    11:31:57.0703 5384  aic78xx - ok
    11:31:57.0734 5384  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
    11:31:57.0750 5384  Alerter - ok
    11:31:57.0781 5384  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
    11:31:57.0812 5384  ALG - ok
    11:31:57.0828 5384  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
    11:31:57.0828 5384  AliIde - ok
    11:31:57.0843 5384  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
    11:31:57.0843 5384  alim1541 - ok
    11:31:57.0859 5384  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
    11:31:57.0859 5384  amdagp - ok
    11:31:57.0875 5384  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
    11:31:57.0875 5384  amsint - ok
    11:31:57.0906 5384  [ B83F9DA84F7079451C1C6A4A2F140920 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    11:31:57.0921 5384  ApfiltrService - ok
    11:31:57.0937 5384  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
    11:31:57.0968 5384  AppMgmt - ok
    11:31:58.0000 5384  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
    11:31:58.0000 5384  Arp1394 - ok
    11:31:58.0000 5384  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
    11:31:58.0015 5384  asc - ok
    11:31:58.0046 5384  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    11:31:58.0062 5384  asc3350p - ok
    11:31:58.0062 5384  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
    11:31:58.0062 5384  asc3550 - ok
    11:31:58.0203 5384  [ 9AD6EF4D591211A93848103368125B41 ] ASFAgent        C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    11:31:58.0234 5384  ASFAgent - ok
    11:31:58.0343 5384  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    11:31:58.0390 5384  aspnet_state - ok
    11:31:58.0421 5384  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    11:31:58.0421 5384  AsyncMac - ok
    11:31:58.0468 5384  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
    11:31:58.0484 5384  atapi - ok
    11:31:58.0484 5384  Atdisk - ok
    11:31:58.0515 5384  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    11:31:58.0515 5384  Atmarpc - ok
    11:31:58.0578 5384  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
    11:31:58.0578 5384  AudioSrv - ok
    11:31:58.0625 5384  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
    11:31:58.0640 5384  audstub - ok
    11:31:58.0687 5384  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
    11:31:58.0687 5384  Beep - ok
    11:31:58.0765 5384  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
    11:31:58.0812 5384  BITS - ok
    11:31:58.0843 5384  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
    11:31:58.0843 5384  Browser - ok
    11:31:58.0937 5384  [ 81A395AAB3C606D5F1667CC5FC02B3D2 ] buttonsvc32     C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    11:31:58.0984 5384  buttonsvc32 - ok
    11:31:58.0984 5384  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    11:31:58.0984 5384  cbidf - ok
    11:31:59.0000 5384  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
    11:31:59.0000 5384  cbidf2k - ok
    11:31:59.0046 5384  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    11:31:59.0062 5384  CCDECODE - ok
    11:31:59.0125 5384  [ 73A35AD810CB750367CC01564A44B0E7 ] ccEvtMgr        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    11:31:59.0125 5384  ccEvtMgr - ok
    11:31:59.0140 5384  [ 5E32D63B71495A8EDA09F05BD153A537 ] ccSetMgr        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    11:31:59.0140 5384  ccSetMgr - ok
    11:31:59.0171 5384  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    11:31:59.0187 5384  cd20xrnt - ok
    11:31:59.0218 5384  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
    11:31:59.0234 5384  Cdaudio - ok
    11:31:59.0234 5384  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
    11:31:59.0250 5384  Cdfs - ok
    11:31:59.0296 5384  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
    11:31:59.0296 5384  Cdrom - ok
    11:31:59.0312 5384  Changer - ok
    11:31:59.0328 5384  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
    11:31:59.0328 5384  CiSvc - ok
    11:31:59.0359 5384  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
    11:31:59.0375 5384  ClipSrv - ok
    11:31:59.0468 5384  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:31:59.0562 5384  clr_optimization_v2.0.50727_32 - ok
    11:31:59.0593 5384  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:31:59.0718 5384  clr_optimization_v4.0.30319_32 - ok
    11:31:59.0750 5384  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    11:31:59.0750 5384  CmBatt - ok
    11:31:59.0796 5384  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
    11:31:59.0796 5384  CmdIde - ok
    11:31:59.0843 5384  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
    11:31:59.0843 5384  Compbatt - ok
    11:31:59.0843 5384  COMSysApp - ok
    11:31:59.0875 5384  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    11:31:59.0875 5384  Cpqarray - ok
    11:31:59.0921 5384  [ 3A7FDF41F09DEB037E9F89E23724ED48 ] CP_OMDRV        C:\WINDOWS\system32\drivers\omdrv.sys
    11:31:59.0921 5384  CP_OMDRV - ok
    11:32:00.0000 5384  [ 85D37EFA93B2267AB6ABF8A54735AB22 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    11:32:00.0078 5384  Credential Vault Host Control Service - ok
    11:32:00.0078 5384  [ 97CCCE5D6E54A044636A6C7552FA59E5 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    11:32:00.0093 5384  Credential Vault Host Storage - ok
    11:32:00.0140 5384  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
    11:32:00.0156 5384  CryptSvc - ok
    11:32:00.0218 5384  [ A95D9B8D882ADF93EF40D7DC9B9BB508 ] cvusbdrv        C:\WINDOWS\system32\Drivers\cvusbdrv.sys
    11:32:00.0218 5384  cvusbdrv - ok
    11:32:00.0250 5384  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    11:32:00.0265 5384  dac2w2k - ok
    11:32:00.0265 5384  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    11:32:00.0281 5384  dac960nt - ok
    11:32:00.0328 5384  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
    11:32:00.0328 5384  DcomLaunch - ok
    11:32:00.0375 5384  [ 6125CB19708C94169880346E42B00AB0 ] dcpsysmgrsvc    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    11:32:00.0406 5384  dcpsysmgrsvc - ok
    11:32:00.0484 5384  [ 7F7EFCC3EF73160147B27A8270B4CB9E ] DefWatch        C:\Program Files\Symantec AntiVirus\DefWatch.exe
    11:32:00.0484 5384  DefWatch - ok
    11:32:00.0500 5384  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
    11:32:00.0500 5384  Dhcp - ok
    11:32:00.0546 5384  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
    11:32:00.0546 5384  Disk - ok
    11:32:00.0546 5384  dmadmin - ok
    11:32:00.0593 5384  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
    11:32:00.0625 5384  dmboot - ok
    11:32:00.0640 5384  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
    11:32:00.0640 5384  dmio - ok
    11:32:00.0640 5384  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
    11:32:00.0656 5384  dmload - ok
    11:32:00.0687 5384  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
    11:32:00.0687 5384  dmserver - ok
    11:32:00.0734 5384  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
    11:32:00.0750 5384  DMusic - ok
    11:32:00.0765 5384  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
    11:32:00.0765 5384  Dnscache - ok
    11:32:00.0812 5384  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
    11:32:00.0828 5384  Dot3svc - ok
    11:32:00.0859 5384  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    11:32:00.0875 5384  dpti2o - ok
    11:32:00.0890 5384  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
    11:32:00.0890 5384  drmkaud - ok
    11:32:00.0921 5384  [ 4823163C246868863D41A2F5EE06A21E ] dsNcAdpt        C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
    11:32:00.0921 5384  dsNcAdpt - ok
    11:32:00.0953 5384  [ EBC46AF271C30A46F7AED2BF1B63E946 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    11:32:00.0984 5384  dsNcService - ok
    11:32:01.0000 5384  [ 10CBD2B278CE365B41DE378632CB5DDB ] e1yexpress      C:\WINDOWS\system32\DRIVERS\e1y5132.sys
    11:32:01.0000 5384  e1yexpress - ok
    11:32:01.0015 5384  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
    11:32:01.0031 5384  EapHost - ok
    11:32:01.0093 5384  [ 96BCD90ED9235A21629EFFDE5E941FB1 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    11:32:01.0109 5384  eeCtrl - ok
    11:32:01.0140 5384  [ 392C86F6B45C0BC696C32C27F51E749F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    11:32:01.0140 5384  EraserUtilRebootDrv - ok
    11:32:01.0187 5384  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
    11:32:01.0187 5384  ERSvc - ok
    11:32:01.0250 5384  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
    11:32:01.0265 5384  Eventlog - ok
    11:32:01.0328 5384  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
    11:32:01.0343 5384  EventSystem - ok
    11:32:01.0453 5384  [ 87A32636C84555525700E623662E34D9 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    11:32:01.0500 5384  EvtEng - ok
    11:32:01.0546 5384  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
    11:32:01.0546 5384  Fastfat - ok
    11:32:01.0609 5384  [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    11:32:01.0609 5384  FastUserSwitchingCompatibility - ok
    11:32:01.0625 5384  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
    11:32:01.0656 5384  Fax - ok
    11:32:01.0671 5384  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
    11:32:01.0671 5384  Fdc - ok
    11:32:01.0687 5384  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
    11:32:01.0703 5384  Fips - ok
    11:32:01.0703 5384  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
    11:32:01.0703 5384  Flpydisk - ok
    11:32:01.0718 5384  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    11:32:01.0734 5384  FltMgr - ok
    11:32:01.0859 5384  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    11:32:01.0859 5384  FontCache3.0.0.0 - ok
    11:32:01.0875 5384  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
    11:32:01.0875 5384  Fs_Rec - ok
    11:32:01.0906 5384  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    11:32:01.0906 5384  Ftdisk - ok
    11:32:02.0062 5384  [ 25D5AB4A726CD457325513A91C33B50B ] FW1             C:\WINDOWS\system32\DRIVERS\fw.sys
    11:32:02.0125 5384  FW1 - ok
    11:32:02.0125 5384  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
    11:32:02.0140 5384  Gpc - ok
    11:32:02.0156 5384  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    11:32:02.0156 5384  HDAudBus - ok
    11:32:02.0171 5384  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    11:32:02.0171 5384  helpsvc - ok
    11:32:02.0203 5384  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
    11:32:02.0218 5384  HidServ - ok
    11:32:02.0250 5384  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
    11:32:02.0250 5384  hidusb - ok
    11:32:02.0265 5384  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
    11:32:02.0281 5384  hkmsvc - ok
    11:32:02.0296 5384  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
    11:32:02.0312 5384  hpn - ok
    11:32:02.0406 5384  [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    11:32:02.0421 5384  hpqcxs08 - ok
    11:32:02.0500 5384  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    11:32:02.0500 5384  hpqddsvc - ok
    11:32:02.0531 5384  [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    11:32:02.0546 5384  HPSLPSVC - ok
    11:32:02.0609 5384  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    11:32:02.0609 5384  HPZid412 - ok
    11:32:02.0671 5384  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    11:32:02.0687 5384  HPZipr12 - ok
    11:32:02.0687 5384  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    11:32:02.0687 5384  HPZius12 - ok
    11:32:02.0750 5384  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
    11:32:02.0750 5384  HTTP - ok
    11:32:02.0781 5384  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
    11:32:02.0781 5384  HTTPFilter - ok
    11:32:02.0812 5384  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
    11:32:02.0812 5384  i2omgmt - ok
    11:32:02.0843 5384  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
    11:32:02.0859 5384  i2omp - ok
    11:32:02.0890 5384  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    11:32:02.0890 5384  i8042prt - ok
    11:32:02.0984 5384  [ F79525634B192F5A18DE503568F94EF3 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    11:32:03.0015 5384  IAANTMON - ok
    11:32:03.0062 5384  [ BAABB0301949774A66B955C65319635A ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
    11:32:03.0062 5384  iaStor - ok
    11:32:03.0171 5384  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    11:32:03.0171 5384  IDriverT - ok
    11:32:03.0265 5384  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    11:32:03.0328 5384  idsvc - ok
    11:32:03.0375 5384  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
    11:32:03.0375 5384  Imapi - ok
    11:32:03.0437 5384  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
    11:32:03.0437 5384  ImapiService - ok
    11:32:03.0468 5384  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
    11:32:03.0484 5384  ini910u - ok
    11:32:03.0500 5384  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
    11:32:03.0500 5384  IntelIde - ok
    11:32:03.0531 5384  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
    11:32:03.0531 5384  intelppm - ok
    11:32:03.0531 5384  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    11:32:03.0546 5384  Ip6Fw - ok
    11:32:03.0546 5384  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    11:32:03.0562 5384  IpFilterDriver - ok
    11:32:03.0562 5384  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
    11:32:03.0578 5384  IpInIp - ok
    11:32:03.0593 5384  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
    11:32:03.0593 5384  IpNat - ok
    11:32:03.0609 5384  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
    11:32:03.0625 5384  IPSec - ok
    11:32:03.0625 5384  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
    11:32:03.0625 5384  IRENUM - ok
    11:32:03.0687 5384  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
    11:32:03.0687 5384  isapnp - ok
    11:32:03.0750 5384  [ 890369AED0DDE1A98F09F7DC239CA2BD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    11:32:03.0765 5384  JavaQuickStarterService - ok
    11:32:03.0765 5384  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    11:32:03.0781 5384  Kbdclass - ok
    11:32:03.0796 5384  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    11:32:03.0796 5384  kbdhid - ok
    11:32:03.0843 5384  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
    11:32:03.0859 5384  kmixer - ok
    11:32:03.0890 5384  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
    11:32:03.0890 5384  KSecDD - ok
    11:32:03.0937 5384  [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
    11:32:03.0937 5384  LanmanServer - ok
    11:32:03.0953 5384  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    11:32:03.0968 5384  lanmanworkstation - ok
    11:32:03.0968 5384  lbrtfdc - ok
    11:32:04.0125 5384  [ 7C63055BFB959199EEEF366BBBE56456 ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    11:32:04.0234 5384  LiveUpdate - ok
    11:32:04.0281 5384  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
    11:32:04.0281 5384  LmHosts - ok
    11:32:04.0312 5384  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
    11:32:04.0328 5384  Messenger - ok
    11:32:04.0343 5384  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
    11:32:04.0343 5384  mnmdd - ok
    11:32:04.0375 5384  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
    11:32:04.0390 5384  mnmsrvc - ok
    11:32:04.0437 5384  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
    11:32:04.0437 5384  Modem - ok
    11:32:04.0500 5384  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
    11:32:04.0500 5384  Mouclass - ok
    11:32:04.0515 5384  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
    11:32:04.0515 5384  mouhid - ok
    11:32:04.0531 5384  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
    11:32:04.0531 5384  MountMgr - ok
    11:32:04.0593 5384  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    11:32:04.0609 5384  MozillaMaintenance - ok
    11:32:04.0640 5384  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    11:32:04.0656 5384  mraid35x - ok
    11:32:04.0656 5384  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    11:32:04.0671 5384  MRxDAV - ok
    11:32:04.0718 5384  [ 421F7B922CEC5A5F340E7574A98F7B7C ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    11:32:04.0718 5384  MRxSmb - ok
    11:32:04.0734 5384  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
    11:32:04.0734 5384  MSDTC - ok
    11:32:04.0750 5384  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
    11:32:04.0750 5384  Msfs - ok
    11:32:04.0750 5384  MSIServer - ok
    11:32:04.0765 5384  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
    11:32:04.0765 5384  MSKSSRV - ok
    11:32:04.0796 5384  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    11:32:04.0796 5384  MSPCLOCK - ok
    11:32:04.0828 5384  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
    11:32:04.0828 5384  MSPQM - ok
    11:32:04.0843 5384  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    11:32:04.0843 5384  mssmbios - ok
    11:32:04.0859 5384  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
    11:32:04.0859 5384  MSTEE - ok
    11:32:04.0859 5384  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
    11:32:04.0875 5384  Mup - ok
    11:32:04.0875 5384  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    11:32:04.0890 5384  NABTSFEC - ok
    11:32:04.0937 5384  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
    11:32:04.0968 5384  napagent - ok
    11:32:05.0062 5384  [ 7EEA0E2634FDE3C645C9A6D424825261 ] NAVENG          C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100225.006\naveng.sys
    11:32:05.0078 5384  NAVENG - ok
    11:32:05.0109 5384  [ 83C4DB2927A4E871CBF2078B6EED1BEB ] NAVEX15         C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100225.006\navex15.sys
    11:32:05.0125 5384  NAVEX15 - ok
    11:32:05.0140 5384  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
    11:32:05.0140 5384  NDIS - ok
    11:32:05.0156 5384  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    11:32:05.0156 5384  NdisIP - ok
    11:32:05.0171 5384  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    11:32:05.0171 5384  NdisTapi - ok
    11:32:05.0171 5384  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    11:32:05.0187 5384  Ndisuio - ok
    11:32:05.0187 5384  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    11:32:05.0203 5384  NdisWan - ok
    11:32:05.0203 5384  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
    11:32:05.0203 5384  NDProxy - ok
    11:32:05.0234 5384  [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    11:32:05.0250 5384  Net Driver HPZ12 - ok
    11:32:05.0250 5384  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
    11:32:05.0265 5384  NetBIOS - ok
    11:32:05.0281 5384  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
    11:32:05.0296 5384  NetBT - ok
    11:32:05.0328 5384  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
    11:32:05.0343 5384  NetDDE - ok
    11:32:05.0359 5384  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
    11:32:05.0359 5384  NetDDEdsdm - ok
    11:32:05.0390 5384  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
    11:32:05.0390 5384  Netlogon - ok
    11:32:05.0453 5384  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
    11:32:05.0468 5384  Netman - ok
    11:32:05.0546 5384  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    11:32:05.0609 5384  NetTcpPortSharing - ok
    11:32:05.0734 5384  [ A3B69ACD14051AE87AB9E1823A508B6D ] NETw5x32        C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
    11:32:05.0843 5384  NETw5x32 - ok
    11:32:05.0859 5384  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
    11:32:05.0859 5384  NIC1394 - ok
    11:32:05.0921 5384  [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla             C:\WINDOWS\System32\mswsock.dll
    11:32:05.0921 5384  Nla - ok
    11:32:05.0921 5384  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
    11:32:05.0937 5384  Npfs - ok
    11:32:06.0000 5384  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
    11:32:06.0078 5384  Ntfs - ok
    11:32:06.0093 5384  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
    11:32:06.0093 5384  NtLmSsp - ok
    11:32:06.0156 5384  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
    11:32:06.0187 5384  NtmsSvc - ok
    11:32:06.0203 5384  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
    11:32:06.0203 5384  Null - ok
    11:32:06.0390 5384  [ 25167771F5AFAD71808B0080FE4F2312 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    11:32:06.0562 5384  nv - ok
    11:32:06.0625 5384  [ 6D409284F20E21C613FD697C0640F760 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
    11:32:06.0656 5384  NVSvc - ok
    11:32:06.0656 5384  NvtSp50 - ok
    11:32:06.0671 5384  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    11:32:06.0671 5384  NwlnkFlt - ok
    11:32:06.0687 5384  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    11:32:06.0687 5384  NwlnkFwd - ok
    11:32:06.0703 5384  [ EC528056B89D15755ABB624E55949E44 ] OA001Afx        C:\WINDOWS\system32\Drivers\OA001Afx.sys
    11:32:06.0718 5384  OA001Afx - ok
    11:32:06.0750 5384  [ A015DD2BA6009C8BDD00A6C431302D06 ] OA001Ufd        C:\WINDOWS\system32\DRIVERS\OA001Ufd.sys
    11:32:06.0750 5384  OA001Ufd - ok
    11:32:06.0796 5384  [ 438FFCB55B8CE39B0BC71AFC0A059835 ] OA001Vid        C:\WINDOWS\system32\DRIVERS\OA001Vid.sys
    11:32:06.0812 5384  OA001Vid - ok
    11:32:06.0968 5384  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:32:07.0000 5384  odserv - ok
    11:32:07.0062 5384  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    11:32:07.0062 5384  ohci1394 - ok
    11:32:07.0125 5384  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:32:07.0140 5384  ose - ok
    11:32:07.0187 5384  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
    11:32:07.0203 5384  Parport - ok
    11:32:07.0218 5384  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
    11:32:07.0218 5384  PartMgr - ok
    11:32:07.0250 5384  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
    11:32:07.0250 5384  ParVdm - ok
    11:32:07.0281 5384  [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV          C:\WINDOWS\system32\DRIVERS\PBADRV.sys
    11:32:07.0296 5384  PBADRV - ok
    11:32:07.0328 5384  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
    11:32:07.0328 5384  PCI - ok
    11:32:07.0328 5384  PCIDump - ok
    11:32:07.0343 5384  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
    11:32:07.0359 5384  PCIIde - ok
    11:32:07.0359 5384  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    11:32:07.0359 5384  Pcmcia - ok
    11:32:07.0375 5384  PDCOMP - ok
    11:32:07.0375 5384  PDFRAME - ok
    11:32:07.0375 5384  PDRELI - ok
    11:32:07.0375 5384  PDRFRAME - ok
    11:32:07.0390 5384  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
    11:32:07.0406 5384  perc2 - ok
    11:32:07.0421 5384  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    11:32:07.0421 5384  perc2hib - ok
    11:32:07.0453 5384  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
    11:32:07.0453 5384  PlugPlay - ok
    11:32:07.0484 5384  [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    11:32:07.0500 5384  Pml Driver HPZ12 - ok
    11:32:07.0500 5384  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
    11:32:07.0500 5384  PolicyAgent - ok
    11:32:07.0515 5384  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
    11:32:07.0515 5384  PptpMiniport - ok
    11:32:07.0515 5384  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    11:32:07.0515 5384  ProtectedStorage - ok
    11:32:07.0531 5384  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
    11:32:07.0531 5384  PSched - ok
    11:32:07.0531 5384  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
    11:32:07.0546 5384  Ptilink - ok
    11:32:07.0578 5384  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
    11:32:07.0593 5384  ql1080 - ok
    11:32:07.0593 5384  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    11:32:07.0609 5384  Ql10wnt - ok
    11:32:07.0609 5384  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
    11:32:07.0625 5384  ql12160 - ok
    11:32:07.0625 5384  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
    11:32:07.0640 5384  ql1240 - ok
    11:32:07.0640 5384  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
    11:32:07.0656 5384  ql1280 - ok
    11:32:07.0687 5384  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
    11:32:07.0687 5384  RasAcd - ok
    11:32:07.0750 5384  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
    11:32:07.0750 5384  RasAuto - ok
    11:32:07.0765 5384  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    11:32:07.0765 5384  Rasl2tp - ok
    11:32:07.0781 5384  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
    11:32:07.0796 5384  RasMan - ok
    11:32:07.0796 5384  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    11:32:07.0812 5384  RasPppoe - ok
    11:32:07.0812 5384  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
    11:32:07.0812 5384  Raspti - ok
    11:32:07.0828 5384  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
    11:32:07.0828 5384  Rdbss - ok
    11:32:07.0843 5384  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    11:32:07.0843 5384  RDPCDD - ok
    11:32:07.0843 5384  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    11:32:07.0859 5384  rdpdr - ok
    11:32:07.0875 5384  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
    11:32:07.0875 5384  RDPWD - ok
    11:32:07.0937 5384  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
    11:32:07.0937 5384  RDSessMgr - ok
    11:32:07.0953 5384  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
    11:32:07.0953 5384  redbook - ok
    11:32:08.0031 5384  [ D1875727D04EAE948F139022DCAD3D47 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    11:32:08.0062 5384  RegSrvc - ok
    11:32:08.0109 5384  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
    11:32:08.0125 5384  RemoteAccess - ok
    11:32:08.0156 5384  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
    11:32:08.0171 5384  RemoteRegistry - ok
    11:32:08.0234 5384  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    11:32:08.0234 5384  rimmptsk - ok
    11:32:08.0250 5384  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
    11:32:08.0250 5384  RpcLocator - ok
    11:32:08.0265 5384  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
    11:32:08.0265 5384  RpcSs - ok
    11:32:08.0296 5384  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
    11:32:08.0296 5384  RSVP - ok
    11:32:08.0328 5384  [ 8B4459365C254196F498A3CBC2898DBB ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    11:32:08.0390 5384  S24EventMonitor - ok
    11:32:08.0406 5384  [ 87940243EA2AD3EBE274F5409C5E9072 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
    11:32:08.0406 5384  s24trans - ok
    11:32:08.0421 5384  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
    11:32:08.0421 5384  SamSs - ok
    11:32:08.0453 5384  [ 92554F1D5037033146501F72C74B4D9F ] SavRoam         C:\Program Files\Symantec AntiVirus\SavRoam.exe
    11:32:08.0453 5384  SavRoam - ok
    11:32:08.0515 5384  [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT           C:\Program Files\Symantec AntiVirus\savrt.sys
    11:32:08.0515 5384  SAVRT - ok
    11:32:08.0515 5384  [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL        C:\Program Files\Symantec AntiVirus\Savrtpel.sys
    11:32:08.0531 5384  SAVRTPEL - ok
    11:32:08.0531 5384  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
    11:32:08.0546 5384  SCardSvr - ok
    11:32:08.0562 5384  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
    11:32:08.0640 5384  Schedule - ok
    11:32:08.0703 5384  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
    11:32:08.0703 5384  sdbus - ok
    11:32:08.0828 5384  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    11:32:08.0859 5384  SeaPort - ok
    11:32:08.0875 5384  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
    11:32:08.0875 5384  Secdrv - ok
    11:32:08.0890 5384  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
    11:32:08.0906 5384  seclogon - ok
    11:32:09.0015 5384  [ 27D53CD650CC77123FAF2F07023DABC7 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    11:32:09.0046 5384  SecureStorageService - ok
    11:32:09.0062 5384  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
    11:32:09.0062 5384  SENS - ok
    11:32:09.0078 5384  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
    11:32:09.0093 5384  Serenum - ok
    11:32:09.0093 5384  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
    11:32:09.0109 5384  Serial - ok
    11:32:09.0125 5384  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    11:32:09.0125 5384  Sfloppy - ok
    11:32:09.0171 5384  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
    11:32:09.0203 5384  SharedAccess - ok
    11:32:09.0218 5384  [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    11:32:09.0234 5384  ShellHWDetection - ok
    11:32:09.0234 5384  Simbad - ok
    11:32:09.0265 5384  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
    11:32:09.0265 5384  sisagp - ok
    11:32:09.0296 5384  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
    11:32:09.0296 5384  SLIP - ok
    11:32:09.0343 5384  [ B0BF6833849BFA70F42E1E22DEE476F8 ] SMManager       C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    11:32:09.0359 5384  SMManager - ok
    11:32:09.0421 5384  [ 213C7EB70A762AFDBB095E3535E8545C ] SNDSrvc         C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    11:32:09.0453 5384  SNDSrvc - ok
    11:32:09.0515 5384  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
    11:32:09.0515 5384  Sparrow - ok
    11:32:09.0546 5384  [ 60053E9C1FC4F6887C296C19CB825244 ] SPBBCDrv        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    11:32:09.0562 5384  SPBBCDrv - ok
    11:32:09.0609 5384  [ 8A09AB7A1FD856ACC469BD0CD4E98351 ] SPBBCSvc        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    11:32:09.0625 5384  SPBBCSvc - ok
    11:32:09.0687 5384  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
    11:32:09.0703 5384  splitter - ok
    11:32:09.0734 5384  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler         C:\WINDOWS\system32\spoolsv.exe
    11:32:09.0750 5384  Spooler - ok
    11:32:09.0781 5384  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
    11:32:09.0796 5384  sr - ok
    11:32:09.0812 5384  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
    11:32:09.0843 5384  srservice - ok
    11:32:09.0859 5384  [ 89220B427890AA1DFFD1A02648AE51C3 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
    11:32:09.0875 5384  Srv - ok
    11:32:09.0921 5384  [ 2020432F97DB48A250039357B6750F86 ] SR_Service      C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    11:32:09.0921 5384  SR_Service - ok
    11:32:09.0921 5384  [ 76103F039013735B0572C61A82760CF6 ] SR_WatchDog     C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    11:32:09.0921 5384  SR_WatchDog - ok
    11:32:09.0953 5384  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
    11:32:09.0968 5384  SSDPSRV - ok
    11:32:09.0984 5384  [ CB2449150A5EA17CAA0B94363D9440CC ] STacSV          c:\drivers\audio\r205445\stacsv.exe
    11:32:10.0000 5384  STacSV - ok
    11:32:10.0046 5384  [ 886C708C91DB573656D64C626468D707 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
    11:32:10.0062 5384  STHDA - ok
    11:32:10.0125 5384  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
    11:32:10.0125 5384  StillCam - ok
    11:32:10.0140 5384  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
    11:32:10.0171 5384  stisvc - ok
    11:32:10.0171 5384  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    11:32:10.0187 5384  streamip - ok
    11:32:10.0203 5384  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
    11:32:10.0203 5384  swenum - ok
    11:32:10.0265 5384  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
    11:32:10.0265 5384  swmidi - ok
    11:32:10.0265 5384  SwPrv - ok
    11:32:10.0359 5384  [ 7AC1FCCC7976857AAC3906D45A81D77B ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    11:32:10.0390 5384  Symantec AntiVirus - ok
    11:32:10.0468 5384  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
    11:32:10.0468 5384  symc810 - ok
    11:32:10.0500 5384  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    11:32:10.0515 5384  symc8xx - ok
    11:32:10.0515 5384  [ 49B20B430A4F219173F823536944474A ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    11:32:10.0515 5384  SymEvent - ok
    11:32:10.0546 5384  [ E919F0922248A826964428F479A3DC24 ] SYMREDRV        C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    11:32:10.0546 5384  SYMREDRV - ok
    11:32:10.0578 5384  [ C177D5A655AF572C456EC977582B9BC0 ] SYMTDI          C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    11:32:10.0593 5384  SYMTDI - ok
    11:32:10.0593 5384  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    11:32:10.0609 5384  sym_hi - ok
    11:32:10.0609 5384  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    11:32:10.0625 5384  sym_u3 - ok
    11:32:10.0687 5384  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
    11:32:10.0687 5384  sysaudio - ok
    11:32:10.0750 5384  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
    11:32:10.0750 5384  SysmonLog - ok
    11:32:10.0781 5384  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
    11:32:10.0781 5384  TapiSrv - ok
    11:32:10.0812 5384  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
    11:32:10.0812 5384  Tcpip - ok
    11:32:10.0906 5384  [ 69F1A38A6DBFE682491CB61A596662E3 ] tcsd_win32.exe  C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    11:32:10.0953 5384  tcsd_win32.exe - ok
    11:32:11.0031 5384  [ B6CAE7741ADDCE1D57B65E015751A274 ] TdmService      C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    11:32:11.0078 5384  TdmService - ok
    11:32:11.0125 5384  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
    11:32:11.0140 5384  TDPIPE - ok
    11:32:11.0156 5384  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
    11:32:11.0156 5384  TDTCP - ok
    11:32:11.0203 5384  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
    11:32:11.0203 5384  TermDD - ok
    11:32:11.0234 5384  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
    11:32:11.0250 5384  TermService - ok
    11:32:11.0265 5384  [ 1926899BF9FFE2602B63074971700412 ] Themes          C:\WINDOWS\System32\shsvcs.dll
    11:32:11.0265 5384  Themes - ok
    11:32:11.0296 5384  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
    11:32:11.0312 5384  TlntSvr - ok
    11:32:11.0343 5384  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
    11:32:11.0359 5384  TosIde - ok
    11:32:11.0359 5384  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
    11:32:11.0375 5384  TrkWks - ok
    11:32:11.0421 5384  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
    11:32:11.0421 5384  Udfs - ok
    11:32:11.0468 5384  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
    11:32:11.0484 5384  ultra - ok
    11:32:11.0500 5384  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
    11:32:11.0578 5384  Update - ok
    11:32:11.0640 5384  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
    11:32:11.0671 5384  upnphost - ok
    11:32:11.0687 5384  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
    11:32:11.0687 5384  UPS - ok
    11:32:11.0750 5384  [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    11:32:11.0750 5384  usbccgp - ok
    11:32:11.0828 5384  [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID         C:\WINDOWS\system32\DRIVERS\usbccid.sys
    11:32:11.0828 5384  USBCCID - ok
    11:32:11.0843 5384  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
    11:32:11.0859 5384  usbehci - ok
    11:32:11.0859 5384  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
    11:32:11.0875 5384  usbhub - ok
    11:32:11.0921 5384  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
    11:32:11.0921 5384  usbprint - ok
    11:32:12.0000 5384  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
    11:32:12.0000 5384  usbscan - ok
    11:32:12.0062 5384  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    11:32:12.0062 5384  USBSTOR - ok
    11:32:12.0078 5384  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    11:32:12.0078 5384  usbuhci - ok
    11:32:12.0140 5384  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
    11:32:12.0140 5384  usbvideo - ok
    11:32:12.0171 5384  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
    11:32:12.0187 5384  VgaSave - ok
    11:32:12.0203 5384  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
    11:32:12.0218 5384  viaagp - ok
    11:32:12.0250 5384  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
    11:32:12.0250 5384  ViaIde - ok
    11:32:12.0296 5384  [ 0670C3B1890CED2CE0B4A21EC61DFD7B ] VNASC           C:\WINDOWS\system32\DRIVERS\vnasc.sys
    11:32:12.0296 5384  VNASC - ok
    11:32:12.0343 5384  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
    11:32:12.0343 5384  VolSnap - ok
    11:32:12.0406 5384  [ 51D31E8BBF861EBBA5923EF44D106A2F ] VPN-1           C:\WINDOWS\System32\drivers\vpn.sys
    11:32:12.0406 5384  VPN-1 - ok
    11:32:12.0484 5384  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
    11:32:12.0500 5384  VSS - ok
    11:32:12.0515 5384  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
    11:32:12.0531 5384  w32time - ok
    11:32:12.0546 5384  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
    11:32:12.0546 5384  Wanarp - ok
    11:32:12.0609 5384  [ FC2606083F35DB9C497D6BA9F554D22C ] WavxDMgr        C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
    11:32:12.0625 5384  WavxDMgr - ok
    11:32:12.0640 5384  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    11:32:12.0656 5384  Wdf01000 - ok
    11:32:12.0656 5384  WDICA - ok
    11:32:12.0703 5384  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
    11:32:12.0718 5384  wdmaud - ok
    11:32:12.0718 5384  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
    11:32:12.0734 5384  WebClient - ok
    11:32:12.0843 5384  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
    11:32:12.0843 5384  winmgmt - ok
    11:32:12.0906 5384  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
    11:32:12.0906 5384  WmdmPmSN - ok
    11:32:12.0984 5384  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
    11:32:13.0000 5384  Wmi - ok
    11:32:13.0031 5384  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    11:32:13.0031 5384  WmiAcpi - ok
    11:32:13.0062 5384  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
    11:32:13.0078 5384  WmiApSrv - ok
    11:32:13.0203 5384  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    11:32:13.0265 5384  WPFFontCache_v0400 - ok
    11:32:13.0312 5384  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
    11:32:13.0328 5384  wscsvc - ok
    11:32:13.0328 5384  WSearch - ok
    11:32:13.0375 5384  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    11:32:13.0375 5384  WSTCODEC - ok
    11:32:13.0453 5384  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
    11:32:13.0453 5384  WZCSVC - ok
    11:32:13.0468 5384  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
    11:32:13.0468 5384  xmlprov - ok
    11:32:13.0484 5384  ================ Scan global ===============================
    11:32:13.0531 5384  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    11:32:13.0562 5384  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
    11:32:13.0593 5384  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
    11:32:13.0625 5384  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    11:32:13.0625 5384  [Global] - ok
    11:32:13.0625 5384  ================ Scan MBR ==================================
    11:32:13.0656 5384  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    11:32:13.0656 5384  Suspicious mbr (Forged): \Device\Harddisk0\DR0
    11:32:13.0687 5384  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
    11:32:13.0687 5384  \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
    11:32:13.0687 5384  ================ Scan VBR ==================================
    11:32:13.0718 5384  [ 526942283F5192E333DA972B7AAB3646 ] \Device\Harddisk0\DR0\Partition1
    11:32:13.0718 5384  \Device\Harddisk0\DR0\Partition1 - ok
    11:32:13.0718 5384  ============================================================
    11:32:13.0718 5384  Scan finished
    11:32:13.0718 5384  ============================================================
    11:32:13.0734 5376  Detected object count: 1
    11:32:13.0734 5376  Actual detected object count: 1
    11:32:50.0453 5376  \Device\Harddisk0\DR0\# - copied to quarantine
    11:32:50.0453 5376  \Device\Harddisk0\DR0 - copied to quarantine
    11:32:50.0593 5376  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
    11:32:50.0593 5376  \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
    11:32:50.0609 5376  \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
    11:32:50.0609 5376  \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
    11:32:50.0609 5376  \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
    11:32:50.0609 5376  \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
    11:32:50.0625 5376  \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
    11:32:50.0640 5376  \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
    11:32:50.0640 5376  \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
    11:32:50.0656 5376  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    11:32:50.0656 5376  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    11:32:50.0687 5376  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    11:32:50.0703 5376  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    11:32:50.0703 5376  \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
    11:32:50.0718 5376  \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
    11:32:50.0718 5376  \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
    11:32:50.0750 5376  \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
    11:32:50.0750 5376  \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
    11:32:50.0750 5376  \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
    11:32:50.0765 5376  \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
    11:32:50.0859 5376  \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
    11:32:50.0921 5376  \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
    11:32:50.0937 5376  \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
    11:32:50.0953 5376  \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
    11:32:50.0968 5376  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
    11:32:51.0015 5376  \Device\Harddisk0\DR0 - ok
    11:32:51.0015 5376  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure 
    11:33:04.0781 5336  Deinitialize success
    
  • TDSS Killer (scan 2 - post reboot)
    11:35:40.0265 2896  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    11:35:40.0437 2896  ============================================================
    11:35:40.0437 2896  Current date / time: 2012/11/03 11:35:40.0437
    11:35:40.0437 2896  SystemInfo:
    11:35:40.0437 2896  
    11:35:40.0437 2896  OS Version: 5.1.2600 ServicePack: 3.0
    11:35:40.0437 2896  Product type: Workstation
    11:35:40.0437 2896  ComputerName: <ComputerName>
    11:35:40.0437 2896  UserName: <user_name>
    11:35:40.0437 2896  Windows directory: C:\WINDOWS
    11:35:40.0437 2896  System windows directory: C:\WINDOWS
    11:35:40.0437 2896  Processor architecture: Intel x86
    11:35:40.0437 2896  Number of processors: 2
    11:35:40.0437 2896  Page size: 0x1000
    11:35:40.0437 2896  Boot type: Normal boot
    11:35:40.0437 2896  ============================================================
    11:35:40.0937 2896  BG loaded
    11:35:42.0437 2896  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    11:35:42.0453 2896  ============================================================
    11:35:42.0453 2896  \Device\Harddisk0\DR0:
    11:35:42.0453 2896  MBR partitions:
    11:35:42.0453 2896  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x56496, BlocksNum 0x129C262B
    11:35:42.0453 2896  ============================================================
    11:35:42.0562 2896  C: <-> \Device\Harddisk0\DR0\Partition1
    11:35:42.0562 2896  ============================================================
    11:35:42.0562 2896  Initialize success
    11:35:42.0562 2896  ============================================================
    11:36:07.0218 4364  ============================================================
    11:36:07.0218 4364  Scan started
    11:36:07.0218 4364  Mode: Manual; 
    11:36:07.0218 4364  ============================================================
    11:36:09.0093 4364  ================ Scan system memory ========================
    11:36:09.0093 4364  Scan interrupted by user!
    11:36:09.0093 4364  ================ Scan services =============================
    11:36:09.0093 4364  Scan interrupted by user!
    11:36:09.0093 4364  ================ Scan global ===============================
    11:36:09.0093 4364  Scan interrupted by user!
    11:36:09.0093 4364  ================ Scan MBR ==================================
    11:36:09.0093 4364  Scan interrupted by user!
    11:36:09.0093 4364  ================ Scan VBR ==================================
    11:36:09.0093 4364  Scan interrupted by user!
    11:36:09.0093 4364  ============================================================
    11:36:09.0093 4364  Scan finished
    11:36:09.0093 4364  ============================================================
    11:36:09.0109 4356  Detected object count: 0
    11:36:09.0109 4356  Actual detected object count: 0
    11:36:14.0687 4944  ============================================================
    11:36:14.0687 4944  Scan started
    11:36:14.0687 4944  Mode: Manual; 
    11:36:14.0687 4944  ============================================================
    11:36:15.0671 4944  ================ Scan system memory ========================
    11:36:15.0671 4944  Scan interrupted by user!
    11:36:15.0671 4944  ================ Scan services =============================
    11:36:15.0671 4944  Scan interrupted by user!
    11:36:15.0671 4944  ================ Scan global ===============================
    11:36:15.0671 4944  Scan interrupted by user!
    11:36:15.0671 4944  ================ Scan MBR ==================================
    11:36:15.0671 4944  Scan interrupted by user!
    11:36:15.0671 4944  ================ Scan VBR ==================================
    11:36:15.0671 4944  Scan interrupted by user!
    11:36:15.0671 4944  ============================================================
    11:36:15.0671 4944  Scan finished
    11:36:15.0671 4944  ============================================================
    11:36:15.0687 4936  Detected object count: 0
    11:36:15.0687 4936  Actual detected object count: 0
    11:37:05.0468 6032  ============================================================
    11:37:05.0468 6032  Scan started
    11:37:05.0468 6032  Mode: Manual; TDLFS; 
    11:37:05.0468 6032  ============================================================
    11:37:05.0625 6032  ================ Scan system memory ========================
    11:37:06.0546 6032  System memory - ok
    11:37:06.0546 6032  ================ Scan services =============================
    11:37:06.0671 6032  Abiosdsk - ok
    11:37:06.0703 6032  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    11:37:06.0718 6032  abp480n5 - ok
    11:37:06.0750 6032  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
    11:37:06.0765 6032  ACPI - ok
    11:37:06.0765 6032  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    11:37:06.0765 6032  ACPIEC - ok
    11:37:06.0812 6032  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    11:37:06.0828 6032  adpu160m - ok
    11:37:06.0875 6032  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
    11:37:06.0875 6032  aec - ok
    11:37:06.0890 6032  [ 20F078136F3BDC4C0405C0527B769303 ] AESTAud         C:\WINDOWS\system32\drivers\AESTAud.sys
    11:37:06.0906 6032  AESTAud - ok
    11:37:06.0953 6032  [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
    11:37:06.0968 6032  AFD - ok
    11:37:06.0968 6032  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
    11:37:06.0984 6032  agp440 - ok
    11:37:06.0984 6032  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    11:37:07.0000 6032  agpCPQ - ok
    11:37:07.0000 6032  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
    11:37:07.0000 6032  Aha154x - ok
    11:37:07.0031 6032  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    11:37:07.0046 6032  aic78u2 - ok
    11:37:07.0046 6032  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    11:37:07.0062 6032  aic78xx - ok
    11:37:07.0093 6032  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
    11:37:07.0109 6032  Alerter - ok
    11:37:07.0140 6032  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
    11:37:07.0171 6032  ALG - ok
    11:37:07.0187 6032  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
    11:37:07.0187 6032  AliIde - ok
    11:37:07.0203 6032  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
    11:37:07.0218 6032  alim1541 - ok
    11:37:07.0218 6032  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
    11:37:07.0234 6032  amdagp - ok
    11:37:07.0234 6032  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
    11:37:07.0234 6032  amsint - ok
    11:37:07.0281 6032  [ B83F9DA84F7079451C1C6A4A2F140920 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    11:37:07.0281 6032  ApfiltrService - ok
    11:37:07.0296 6032  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
    11:37:07.0343 6032  AppMgmt - ok
    11:37:07.0390 6032  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
    11:37:07.0390 6032  Arp1394 - ok
    11:37:07.0390 6032  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
    11:37:07.0406 6032  asc - ok
    11:37:07.0437 6032  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    11:37:07.0437 6032  asc3350p - ok
    11:37:07.0453 6032  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
    11:37:07.0453 6032  asc3550 - ok
    11:37:07.0593 6032  [ 9AD6EF4D591211A93848103368125B41 ] ASFAgent        C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    11:37:07.0609 6032  ASFAgent - ok
    11:37:07.0703 6032  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    11:37:07.0750 6032  aspnet_state - ok
    11:37:07.0781 6032  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    11:37:07.0796 6032  AsyncMac - ok
    11:37:07.0843 6032  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
    11:37:07.0859 6032  atapi - ok
    11:37:07.0859 6032  Atdisk - ok
    11:37:07.0890 6032  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    11:37:07.0906 6032  Atmarpc - ok
    11:37:07.0953 6032  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
    11:37:07.0953 6032  AudioSrv - ok
    11:37:07.0968 6032  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
    11:37:07.0968 6032  audstub - ok
    11:37:07.0984 6032  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
    11:37:07.0984 6032  Beep - ok
    11:37:08.0046 6032  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
    11:37:08.0109 6032  BITS - ok
    11:37:08.0140 6032  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
    11:37:08.0140 6032  Browser - ok
    11:37:08.0234 6032  [ 81A395AAB3C606D5F1667CC5FC02B3D2 ] buttonsvc32     C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    11:37:08.0265 6032  buttonsvc32 - ok
    11:37:08.0265 6032  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    11:37:08.0281 6032  cbidf - ok
    11:37:08.0281 6032  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
    11:37:08.0281 6032  cbidf2k - ok
    11:37:08.0328 6032  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    11:37:08.0343 6032  CCDECODE - ok
    11:37:08.0421 6032  [ 73A35AD810CB750367CC01564A44B0E7 ] ccEvtMgr        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    11:37:08.0421 6032  ccEvtMgr - ok
    11:37:08.0437 6032  [ 5E32D63B71495A8EDA09F05BD153A537 ] ccSetMgr        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    11:37:08.0437 6032  ccSetMgr - ok
    11:37:08.0468 6032  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    11:37:08.0468 6032  cd20xrnt - ok
    11:37:08.0500 6032  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
    11:37:08.0500 6032  Cdaudio - ok
    11:37:08.0515 6032  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
    11:37:08.0515 6032  Cdfs - ok
    11:37:08.0578 6032  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
    11:37:08.0578 6032  Cdrom - ok
    11:37:08.0578 6032  Changer - ok
    11:37:08.0593 6032  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
    11:37:08.0609 6032  CiSvc - ok
    11:37:08.0625 6032  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
    11:37:08.0640 6032  ClipSrv - ok
    11:37:08.0734 6032  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:37:08.0828 6032  clr_optimization_v2.0.50727_32 - ok
    11:37:08.0859 6032  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:37:08.0968 6032  clr_optimization_v4.0.30319_32 - ok
    11:37:09.0000 6032  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    11:37:09.0015 6032  CmBatt - ok
    11:37:09.0046 6032  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
    11:37:09.0046 6032  CmdIde - ok
    11:37:09.0078 6032  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
    11:37:09.0078 6032  Compbatt - ok
    11:37:09.0078 6032  COMSysApp - ok
    11:37:09.0109 6032  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    11:37:09.0140 6032  Cpqarray - ok
    11:37:09.0171 6032  [ 3A7FDF41F09DEB037E9F89E23724ED48 ] CP_OMDRV        C:\WINDOWS\system32\drivers\omdrv.sys
    11:37:09.0171 6032  CP_OMDRV - ok
    11:37:09.0234 6032  [ 85D37EFA93B2267AB6ABF8A54735AB22 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    11:37:09.0265 6032  Credential Vault Host Control Service - ok
    11:37:09.0265 6032  [ 97CCCE5D6E54A044636A6C7552FA59E5 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    11:37:09.0281 6032  Credential Vault Host Storage - ok
    11:37:09.0328 6032  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
    11:37:09.0328 6032  CryptSvc - ok
    11:37:09.0375 6032  [ A95D9B8D882ADF93EF40D7DC9B9BB508 ] cvusbdrv        C:\WINDOWS\system32\Drivers\cvusbdrv.sys
    11:37:09.0390 6032  cvusbdrv - ok
    11:37:09.0421 6032  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    11:37:09.0437 6032  dac2w2k - ok
    11:37:09.0437 6032  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    11:37:09.0453 6032  dac960nt - ok
    11:37:09.0484 6032  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
    11:37:09.0500 6032  DcomLaunch - ok
    11:37:09.0531 6032  [ 6125CB19708C94169880346E42B00AB0 ] dcpsysmgrsvc    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    11:37:09.0578 6032  dcpsysmgrsvc - ok
    11:37:09.0671 6032  [ 7F7EFCC3EF73160147B27A8270B4CB9E ] DefWatch        C:\Program Files\Symantec AntiVirus\DefWatch.exe
    11:37:09.0687 6032  DefWatch - ok
    11:37:09.0703 6032  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
    11:37:09.0718 6032  Dhcp - ok
    11:37:09.0734 6032  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
    11:37:09.0750 6032  Disk - ok
    11:37:09.0750 6032  dmadmin - ok
    11:37:09.0765 6032  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
    11:37:09.0828 6032  dmboot - ok
    11:37:09.0828 6032  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
    11:37:09.0843 6032  dmio - ok
    11:37:09.0843 6032  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
    11:37:09.0859 6032  dmload - ok
    11:37:09.0890 6032  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
    11:37:09.0906 6032  dmserver - ok
    11:37:09.0953 6032  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
    11:37:09.0968 6032  DMusic - ok
    11:37:09.0968 6032  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
    11:37:09.0968 6032  Dnscache - ok
    11:37:10.0000 6032  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
    11:37:10.0031 6032  Dot3svc - ok
    11:37:10.0046 6032  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    11:37:10.0062 6032  dpti2o - ok
    11:37:10.0078 6032  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
    11:37:10.0093 6032  drmkaud - ok
    11:37:10.0125 6032  [ 4823163C246868863D41A2F5EE06A21E ] dsNcAdpt        C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
    11:37:10.0125 6032  dsNcAdpt - ok
    11:37:10.0140 6032  [ EBC46AF271C30A46F7AED2BF1B63E946 ] dsNcService     C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    11:37:10.0171 6032  dsNcService - ok
    11:37:10.0187 6032  [ 10CBD2B278CE365B41DE378632CB5DDB ] e1yexpress      C:\WINDOWS\system32\DRIVERS\e1y5132.sys
    11:37:10.0203 6032  e1yexpress - ok
    11:37:10.0250 6032  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
    11:37:10.0250 6032  EapHost - ok
    11:37:10.0312 6032  [ 96BCD90ED9235A21629EFFDE5E941FB1 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    11:37:10.0328 6032  eeCtrl - ok
    11:37:10.0343 6032  [ 392C86F6B45C0BC696C32C27F51E749F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    11:37:10.0359 6032  EraserUtilRebootDrv - ok
    11:37:10.0390 6032  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
    11:37:10.0390 6032  ERSvc - ok
    11:37:10.0453 6032  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
    11:37:10.0468 6032  Eventlog - ok
    11:37:10.0515 6032  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
    11:37:10.0531 6032  EventSystem - ok
    11:37:10.0609 6032  [ 87A32636C84555525700E623662E34D9 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    11:37:10.0640 6032  EvtEng - ok
    11:37:10.0687 6032  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
    11:37:10.0703 6032  Fastfat - ok
    11:37:10.0750 6032  [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    11:37:10.0765 6032  FastUserSwitchingCompatibility - ok
    11:37:10.0781 6032  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
    11:37:10.0796 6032  Fax - ok
    11:37:10.0812 6032  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
    11:37:10.0812 6032  Fdc - ok
    11:37:10.0828 6032  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
    11:37:10.0828 6032  Fips - ok
    11:37:10.0828 6032  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
    11:37:10.0843 6032  Flpydisk - ok
    11:37:10.0859 6032  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    11:37:10.0859 6032  FltMgr - ok
    11:37:10.0968 6032  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    11:37:10.0984 6032  FontCache3.0.0.0 - ok
    11:37:11.0031 6032  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
    11:37:11.0031 6032  Fs_Rec - ok
    11:37:11.0062 6032  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    11:37:11.0078 6032  Ftdisk - ok
    11:37:11.0156 6032  [ 25D5AB4A726CD457325513A91C33B50B ] FW1             C:\WINDOWS\system32\DRIVERS\fw.sys
    11:37:11.0171 6032  FW1 - ok
    11:37:11.0187 6032  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
    11:37:11.0187 6032  Gpc - ok
    11:37:11.0203 6032  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    11:37:11.0203 6032  HDAudBus - ok
    11:37:11.0234 6032  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    11:37:11.0234 6032  helpsvc - ok
    11:37:11.0234 6032  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
    11:37:11.0250 6032  HidServ - ok
    11:37:11.0265 6032  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
    11:37:11.0265 6032  hidusb - ok
    11:37:11.0328 6032  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
    11:37:11.0343 6032  hkmsvc - ok
    11:37:11.0359 6032  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
    11:37:11.0375 6032  hpn - ok
    11:37:11.0468 6032  [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    11:37:11.0468 6032  hpqcxs08 - ok
    11:37:11.0515 6032  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    11:37:11.0531 6032  hpqddsvc - ok
    11:37:11.0562 6032  [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    11:37:11.0562 6032  HPSLPSVC - ok
    11:37:11.0578 6032  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    11:37:11.0578 6032  HPZid412 - ok
    11:37:11.0578 6032  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    11:37:11.0593 6032  HPZipr12 - ok
    11:37:11.0656 6032  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    11:37:11.0656 6032  HPZius12 - ok
    11:37:11.0703 6032  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
    11:37:11.0718 6032  HTTP - ok
    11:37:11.0718 6032  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
    11:37:11.0734 6032  HTTPFilter - ok
    11:37:11.0750 6032  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
    11:37:11.0750 6032  i2omgmt - ok
    11:37:11.0781 6032  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
    11:37:11.0796 6032  i2omp - ok
    11:37:11.0828 6032  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    11:37:11.0828 6032  i8042prt - ok
    11:37:11.0921 6032  [ F79525634B192F5A18DE503568F94EF3 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    11:37:11.0937 6032  IAANTMON - ok
    11:37:12.0000 6032  [ BAABB0301949774A66B955C65319635A ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
    11:37:12.0000 6032  iaStor - ok
    11:37:12.0093 6032  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    11:37:12.0109 6032  IDriverT - ok
    11:37:12.0187 6032  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    11:37:12.0234 6032  idsvc - ok
    11:37:12.0281 6032  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
    11:37:12.0281 6032  Imapi - ok
    11:37:12.0359 6032  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
    11:37:12.0359 6032  ImapiService - ok
    11:37:12.0359 6032  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
    11:37:12.0375 6032  ini910u - ok
    11:37:12.0375 6032  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
    11:37:12.0375 6032  IntelIde - ok
    11:37:12.0421 6032  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
    11:37:12.0437 6032  intelppm - ok
    11:37:12.0437 6032  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    11:37:12.0453 6032  Ip6Fw - ok
    11:37:12.0453 6032  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    11:37:12.0468 6032  IpFilterDriver - ok
    11:37:12.0468 6032  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
    11:37:12.0484 6032  IpInIp - ok
    11:37:12.0500 6032  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
    11:37:12.0500 6032  IpNat - ok
    11:37:12.0515 6032  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
    11:37:12.0515 6032  IPSec - ok
    11:37:12.0531 6032  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
    11:37:12.0531 6032  IRENUM - ok
    11:37:12.0593 6032  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
    11:37:12.0593 6032  isapnp - ok
    11:37:12.0687 6032  [ 890369AED0DDE1A98F09F7DC239CA2BD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    11:37:12.0703 6032  JavaQuickStarterService - ok
    11:37:12.0703 6032  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    11:37:12.0718 6032  Kbdclass - ok
    11:37:12.0718 6032  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    11:37:12.0734 6032  kbdhid - ok
    11:37:12.0750 6032  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
    11:37:12.0750 6032  kmixer - ok
    11:37:12.0781 6032  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
    11:37:12.0781 6032  KSecDD - ok
    11:37:12.0828 6032  [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
    11:37:12.0843 6032  LanmanServer - ok
    11:37:12.0890 6032  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    11:37:12.0890 6032  lanmanworkstation - ok
    11:37:12.0890 6032  lbrtfdc - ok
    11:37:13.0046 6032  [ 7C63055BFB959199EEEF366BBBE56456 ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    11:37:13.0140 6032  LiveUpdate - ok
    11:37:13.0187 6032  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
    11:37:13.0187 6032  LmHosts - ok
    11:37:13.0234 6032  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
    11:37:13.0250 6032  Messenger - ok
    11:37:13.0265 6032  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
    11:37:13.0265 6032  mnmdd - ok
    11:37:13.0296 6032  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
    11:37:13.0296 6032  mnmsrvc - ok
    11:37:13.0312 6032  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
    11:37:13.0312 6032  Modem - ok
    11:37:13.0359 6032  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
    11:37:13.0375 6032  Mouclass - ok
    11:37:13.0375 6032  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
    11:37:13.0390 6032  mouhid - ok
    11:37:13.0390 6032  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
    11:37:13.0406 6032  MountMgr - ok
    11:37:13.0515 6032  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    11:37:13.0531 6032  MozillaMaintenance - ok
    11:37:13.0562 6032  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    11:37:13.0578 6032  mraid35x - ok
    11:37:13.0578 6032  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    11:37:13.0593 6032  MRxDAV - ok
    11:37:13.0640 6032  [ 421F7B922CEC5A5F340E7574A98F7B7C ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    11:37:13.0640 6032  MRxSmb - ok
    11:37:13.0656 6032  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
    11:37:13.0656 6032  MSDTC - ok
    11:37:13.0671 6032  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
    11:37:13.0671 6032  Msfs - ok
    11:37:13.0671 6032  MSIServer - ok
    11:37:13.0671 6032  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
    11:37:13.0687 6032  MSKSSRV - ok
    11:37:13.0703 6032  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    11:37:13.0718 6032  MSPCLOCK - ok
    11:37:13.0750 6032  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
    11:37:13.0750 6032  MSPQM - ok
    11:37:13.0812 6032  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    11:37:13.0812 6032  mssmbios - ok
    11:37:13.0828 6032  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
    11:37:13.0828 6032  MSTEE - ok
    11:37:13.0843 6032  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
    11:37:13.0843 6032  Mup - ok
    11:37:13.0843 6032  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    11:37:13.0859 6032  NABTSFEC - ok
    11:37:13.0921 6032  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
    11:37:13.0937 6032  napagent - ok
    11:37:14.0046 6032  [ 7EEA0E2634FDE3C645C9A6D424825261 ] NAVENG          C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100225.006\naveng.sys
    11:37:14.0046 6032  NAVENG - ok
    11:37:14.0140 6032  [ 83C4DB2927A4E871CBF2078B6EED1BEB ] NAVEX15         C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100225.006\navex15.sys
    11:37:14.0156 6032  NAVEX15 - ok
    11:37:14.0171 6032  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
    11:37:14.0187 6032  NDIS - ok
    11:37:14.0187 6032  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    11:37:14.0187 6032  NdisIP - ok
    11:37:14.0203 6032  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    11:37:14.0203 6032  NdisTapi - ok
    11:37:14.0250 6032  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    11:37:14.0265 6032  Ndisuio - ok
    11:37:14.0265 6032  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    11:37:14.0281 6032  NdisWan - ok
    11:37:14.0281 6032  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
    11:37:14.0281 6032  NDProxy - ok
    11:37:14.0312 6032  [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    11:37:14.0312 6032  Net Driver HPZ12 - ok
    11:37:14.0312 6032  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
    11:37:14.0328 6032  NetBIOS - ok
    11:37:14.0359 6032  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
    11:37:14.0359 6032  NetBT - ok
    11:37:14.0390 6032  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
    11:37:14.0421 6032  NetDDE - ok
    11:37:14.0421 6032  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
    11:37:14.0421 6032  NetDDEdsdm - ok
    11:37:14.0453 6032  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
    11:37:14.0468 6032  Netlogon - ok
    11:37:14.0531 6032  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
    11:37:14.0531 6032  Netman - ok
    11:37:14.0593 6032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    11:37:14.0640 6032  NetTcpPortSharing - ok
    11:37:14.0750 6032  [ A3B69ACD14051AE87AB9E1823A508B6D ] NETw5x32        C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
    11:37:14.0781 6032  NETw5x32 - ok
    11:37:14.0781 6032  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
    11:37:14.0796 6032  NIC1394 - ok
    11:37:14.0859 6032  [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla             C:\WINDOWS\System32\mswsock.dll
    11:37:14.0859 6032  Nla - ok
    11:37:14.0906 6032  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
    11:37:14.0921 6032  Npfs - ok
    11:37:14.0953 6032  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
    11:37:14.0984 6032  Ntfs - ok
    11:37:15.0000 6032  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
    11:37:15.0000 6032  NtLmSsp - ok
    11:37:15.0031 6032  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
    11:37:15.0046 6032  NtmsSvc - ok
    11:37:15.0062 6032  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
    11:37:15.0078 6032  Null - ok
    11:37:15.0265 6032  [ 25167771F5AFAD71808B0080FE4F2312 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    11:37:15.0296 6032  nv - ok
    11:37:15.0312 6032  [ 6D409284F20E21C613FD697C0640F760 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
    11:37:15.0328 6032  NVSvc - ok
    11:37:15.0328 6032  NvtSp50 - ok
    11:37:15.0343 6032  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    11:37:15.0343 6032  NwlnkFlt - ok
    11:37:15.0359 6032  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    11:37:15.0359 6032  NwlnkFwd - ok
    11:37:15.0375 6032  [ EC528056B89D15755ABB624E55949E44 ] OA001Afx        C:\WINDOWS\system32\Drivers\OA001Afx.sys
    11:37:15.0390 6032  OA001Afx - ok
    11:37:15.0421 6032  [ A015DD2BA6009C8BDD00A6C431302D06 ] OA001Ufd        C:\WINDOWS\system32\DRIVERS\OA001Ufd.sys
    11:37:15.0421 6032  OA001Ufd - ok
    11:37:15.0453 6032  [ 438FFCB55B8CE39B0BC71AFC0A059835 ] OA001Vid        C:\WINDOWS\system32\DRIVERS\OA001Vid.sys
    11:37:15.0468 6032  OA001Vid - ok
    11:37:15.0625 6032  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:37:15.0656 6032  odserv - ok
    11:37:15.0718 6032  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    11:37:15.0718 6032  ohci1394 - ok
    11:37:15.0750 6032  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:37:15.0765 6032  ose - ok
    11:37:15.0796 6032  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
    11:37:15.0812 6032  Parport - ok
    11:37:15.0812 6032  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
    11:37:15.0828 6032  PartMgr - ok
    11:37:15.0843 6032  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
    11:37:15.0859 6032  ParVdm - ok
    11:37:15.0859 6032  [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV          C:\WINDOWS\system32\DRIVERS\PBADRV.sys
    11:37:15.0875 6032  PBADRV - ok
    11:37:15.0875 6032  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
    11:37:15.0890 6032  PCI - ok
    11:37:15.0890 6032  PCIDump - ok
    11:37:15.0906 6032  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
    11:37:15.0906 6032  PCIIde - ok
    11:37:15.0921 6032  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    11:37:15.0921 6032  Pcmcia - ok
    11:37:15.0921 6032  PDCOMP - ok
    11:37:15.0921 6032  PDFRAME - ok
    11:37:15.0937 6032  PDRELI - ok
    11:37:15.0937 6032  PDRFRAME - ok
    11:37:15.0937 6032  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
    11:37:15.0953 6032  perc2 - ok
    11:37:15.0953 6032  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    11:37:15.0953 6032  perc2hib - ok
    11:37:15.0984 6032  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
    11:37:15.0984 6032  PlugPlay - ok
    11:37:16.0000 6032  [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    11:37:16.0015 6032  Pml Driver HPZ12 - ok
    11:37:16.0015 6032  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
    11:37:16.0015 6032  PolicyAgent - ok
    11:37:16.0031 6032  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
    11:37:16.0031 6032  PptpMiniport - ok
    11:37:16.0031 6032  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    11:37:16.0031 6032  ProtectedStorage - ok
    11:37:16.0046 6032  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
    11:37:16.0046 6032  PSched - ok
    11:37:16.0046 6032  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
    11:37:16.0062 6032  Ptilink - ok
    11:37:16.0078 6032  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
    11:37:16.0078 6032  ql1080 - ok
    11:37:16.0078 6032  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    11:37:16.0093 6032  Ql10wnt - ok
    11:37:16.0109 6032  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
    11:37:16.0109 6032  ql12160 - ok
    11:37:16.0125 6032  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
    11:37:16.0140 6032  ql1240 - ok
    11:37:16.0140 6032  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
    11:37:16.0156 6032  ql1280 - ok
    11:37:16.0187 6032  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
    11:37:16.0187 6032  RasAcd - ok
    11:37:16.0250 6032  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
    11:37:16.0250 6032  RasAuto - ok
    11:37:16.0250 6032  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    11:37:16.0265 6032  Rasl2tp - ok
    11:37:16.0281 6032  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
    11:37:16.0296 6032  RasMan - ok
    11:37:16.0296 6032  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    11:37:16.0296 6032  RasPppoe - ok
    11:37:16.0312 6032  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
    11:37:16.0312 6032  Raspti - ok
    11:37:16.0328 6032  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
    11:37:16.0328 6032  Rdbss - ok
    11:37:16.0343 6032  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    11:37:16.0343 6032  RDPCDD - ok
    11:37:16.0343 6032  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    11:37:16.0359 6032  rdpdr - ok
    11:37:16.0390 6032  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
    11:37:16.0390 6032  RDPWD - ok
    11:37:16.0453 6032  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
    11:37:16.0453 6032  RDSessMgr - ok
    11:37:16.0468 6032  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
    11:37:16.0468 6032  redbook - ok
    11:37:16.0578 6032  [ D1875727D04EAE948F139022DCAD3D47 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    11:37:16.0609 6032  RegSrvc - ok
    11:37:16.0671 6032  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
    11:37:16.0687 6032  RemoteAccess - ok
    11:37:16.0734 6032  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
    11:37:16.0750 6032  RemoteRegistry - ok
    11:37:16.0812 6032  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    11:37:16.0812 6032  rimmptsk - ok
    11:37:16.0828 6032  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
    11:37:16.0843 6032  RpcLocator - ok
    11:37:16.0921 6032  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
    11:37:16.0937 6032  RpcSs - ok
    11:37:16.0953 6032  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
    11:37:16.0953 6032  RSVP - ok
    11:37:17.0015 6032  [ 8B4459365C254196F498A3CBC2898DBB ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    11:37:17.0031 6032  S24EventMonitor - ok
    11:37:17.0046 6032  [ 87940243EA2AD3EBE274F5409C5E9072 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
    11:37:17.0046 6032  s24trans - ok
    11:37:17.0062 6032  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
    11:37:17.0062 6032  SamSs - ok
    11:37:17.0078 6032  [ 92554F1D5037033146501F72C74B4D9F ] SavRoam         C:\Program Files\Symantec AntiVirus\SavRoam.exe
    11:37:17.0093 6032  SavRoam - ok
    11:37:17.0140 6032  [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT           C:\Program Files\Symantec AntiVirus\savrt.sys
    11:37:17.0140 6032  SAVRT - ok
    11:37:17.0140 6032  [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL        C:\Program Files\Symantec AntiVirus\Savrtpel.sys
    11:37:17.0156 6032  SAVRTPEL - ok
    11:37:17.0171 6032  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
    11:37:17.0171 6032  SCardSvr - ok
    11:37:17.0187 6032  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
    11:37:17.0218 6032  Schedule - ok
    11:37:17.0265 6032  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
    11:37:17.0265 6032  sdbus - ok
    11:37:17.0359 6032  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    11:37:17.0375 6032  SeaPort - ok
    11:37:17.0390 6032  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
    11:37:17.0390 6032  Secdrv - ok
    11:37:17.0421 6032  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
    11:37:17.0421 6032  seclogon - ok
    11:37:17.0562 6032  [ 27D53CD650CC77123FAF2F07023DABC7 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    11:37:17.0640 6032  SecureStorageService - ok
    11:37:17.0656 6032  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
    11:37:17.0671 6032  SENS - ok
    11:37:17.0671 6032  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
    11:37:17.0687 6032  Serenum - ok
    11:37:17.0703 6032  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
    11:37:17.0703 6032  Serial - ok
    11:37:17.0718 6032  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    11:37:17.0734 6032  Sfloppy - ok
    11:37:17.0781 6032  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
    11:37:17.0796 6032  SharedAccess - ok
    11:37:17.0812 6032  [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    11:37:17.0812 6032  ShellHWDetection - ok
    11:37:17.0812 6032  Simbad - ok
    11:37:17.0843 6032  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
    11:37:17.0859 6032  sisagp - ok
    11:37:17.0875 6032  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
    11:37:17.0890 6032  SLIP - ok
    11:37:17.0984 6032  [ B0BF6833849BFA70F42E1E22DEE476F8 ] SMManager       C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    11:37:18.0000 6032  SMManager - ok
    11:37:18.0046 6032  [ 213C7EB70A762AFDBB095E3535E8545C ] SNDSrvc         C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    11:37:18.0078 6032  SNDSrvc - ok
    11:37:18.0125 6032  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
    11:37:18.0140 6032  Sparrow - ok
    11:37:18.0156 6032  [ 60053E9C1FC4F6887C296C19CB825244 ] SPBBCDrv        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    11:37:18.0171 6032  SPBBCDrv - ok
    11:37:18.0218 6032  [ 8A09AB7A1FD856ACC469BD0CD4E98351 ] SPBBCSvc        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    11:37:18.0250 6032  SPBBCSvc - ok
    11:37:18.0312 6032  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
    11:37:18.0312 6032  splitter - ok
    11:37:18.0343 6032  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler         C:\WINDOWS\system32\spoolsv.exe
    11:37:18.0359 6032  Spooler - ok
    11:37:18.0375 6032  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
    11:37:18.0390 6032  sr - ok
    11:37:18.0406 6032  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
    11:37:18.0421 6032  srservice - ok
    11:37:18.0484 6032  [ 89220B427890AA1DFFD1A02648AE51C3 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
    11:37:18.0484 6032  Srv - ok
    11:37:18.0546 6032  [ 2020432F97DB48A250039357B6750F86 ] SR_Service      C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    11:37:18.0546 6032  SR_Service - ok
    11:37:18.0562 6032  [ 76103F039013735B0572C61A82760CF6 ] SR_WatchDog     C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
    11:37:18.0562 6032  SR_WatchDog - ok
    11:37:18.0593 6032  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
    11:37:18.0593 6032  SSDPSRV - ok
    11:37:18.0609 6032  [ CB2449150A5EA17CAA0B94363D9440CC ] STacSV          c:\drivers\audio\r205445\stacsv.exe
    11:37:18.0625 6032  STacSV - ok
    11:37:18.0687 6032  [ 886C708C91DB573656D64C626468D707 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
    11:37:18.0703 6032  STHDA - ok
    11:37:18.0750 6032  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
    11:37:18.0750 6032  StillCam - ok
    11:37:18.0765 6032  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
    11:37:18.0781 6032  stisvc - ok
    11:37:18.0796 6032  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    11:37:18.0796 6032  streamip - ok
    11:37:18.0812 6032  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
    11:37:18.0812 6032  swenum - ok
    11:37:18.0875 6032  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
    11:37:18.0875 6032  swmidi - ok
    11:37:18.0890 6032  SwPrv - ok
    11:37:18.0968 6032  [ 7AC1FCCC7976857AAC3906D45A81D77B ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    11:37:19.0000 6032  Symantec AntiVirus - ok
    11:37:19.0031 6032  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
    11:37:19.0031 6032  symc810 - ok
    11:37:19.0062 6032  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    11:37:19.0078 6032  symc8xx - ok
    11:37:19.0078 6032  [ 49B20B430A4F219173F823536944474A ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    11:37:19.0078 6032  SymEvent - ok
    11:37:19.0109 6032  [ E919F0922248A826964428F479A3DC24 ] SYMREDRV        C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    11:37:19.0109 6032  SYMREDRV - ok
    11:37:19.0156 6032  [ C177D5A655AF572C456EC977582B9BC0 ] SYMTDI          C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    11:37:19.0171 6032  SYMTDI - ok
    11:37:19.0171 6032  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    11:37:19.0187 6032  sym_hi - ok
    11:37:19.0187 6032  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    11:37:19.0203 6032  sym_u3 - ok
    11:37:19.0234 6032  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
    11:37:19.0250 6032  sysaudio - ok
    11:37:19.0296 6032  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
    11:37:19.0312 6032  SysmonLog - ok
    11:37:19.0359 6032  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
    11:37:19.0359 6032  TapiSrv - ok
    11:37:19.0390 6032  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
    11:37:19.0390 6032  Tcpip - ok
    11:37:19.0484 6032  [ 69F1A38A6DBFE682491CB61A596662E3 ] tcsd_win32.exe  C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    11:37:19.0515 6032  tcsd_win32.exe - ok
    11:37:19.0687 6032  [ B6CAE7741ADDCE1D57B65E015751A274 ] TdmService      C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    11:37:19.0703 6032  TdmService - ok
    11:37:19.0781 6032  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
    11:37:19.0796 6032  TDPIPE - ok
    11:37:19.0843 6032  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
    11:37:19.0843 6032  TDTCP - ok
    11:37:19.0859 6032  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
    11:37:19.0875 6032  TermDD - ok
    11:37:19.0921 6032  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
    11:37:19.0937 6032  TermService - ok
    11:37:19.0968 6032  [ 1926899BF9FFE2602B63074971700412 ] Themes          C:\WINDOWS\System32\shsvcs.dll
    11:37:19.0968 6032  Themes - ok
    11:37:20.0031 6032  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
    11:37:20.0046 6032  TlntSvr - ok
    11:37:20.0078 6032  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
    11:37:20.0078 6032  TosIde - ok
    11:37:20.0078 6032  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
    11:37:20.0093 6032  TrkWks - ok
    11:37:20.0109 6032  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
    11:37:20.0140 6032  Udfs - ok
    11:37:20.0218 6032  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
    11:37:20.0234 6032  ultra - ok
    11:37:20.0265 6032  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
    11:37:20.0281 6032  Update - ok
    11:37:20.0296 6032  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
    11:37:20.0343 6032  upnphost - ok
    11:37:20.0390 6032  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
    11:37:20.0406 6032  UPS - ok
    11:37:20.0468 6032  [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    11:37:20.0484 6032  usbccgp - ok
    11:37:20.0546 6032  [ 6B5E4D5E6E5ECD6ACD14AED59768CE5C ] USBCCID         C:\WINDOWS\system32\DRIVERS\usbccid.sys
    11:37:20.0546 6032  USBCCID - ok
    11:37:20.0593 6032  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
    11:37:20.0593 6032  usbehci - ok
    11:37:20.0593 6032  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
    11:37:20.0609 6032  usbhub - ok
    11:37:20.0656 6032  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
    11:37:20.0656 6032  usbprint - ok
    11:37:20.0718 6032  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
    11:37:20.0750 6032  usbscan - ok
    11:37:20.0828 6032  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    11:37:20.0828 6032  USBSTOR - ok
    11:37:20.0859 6032  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    11:37:20.0875 6032  usbuhci - ok
    11:37:20.0921 6032  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
    11:37:20.0921 6032  usbvideo - ok
    11:37:20.0968 6032  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
    11:37:20.0968 6032  VgaSave - ok
    11:37:21.0015 6032  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
    11:37:21.0046 6032  viaagp - ok
    11:37:21.0046 6032  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
    11:37:21.0062 6032  ViaIde - ok
    11:37:21.0125 6032  [ 0670C3B1890CED2CE0B4A21EC61DFD7B ] VNASC           C:\WINDOWS\system32\DRIVERS\vnasc.sys
    11:37:21.0125 6032  VNASC - ok
    11:37:21.0171 6032  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
    11:37:21.0187 6032  VolSnap - ok
    11:37:21.0312 6032  [ 51D31E8BBF861EBBA5923EF44D106A2F ] VPN-1           C:\WINDOWS\System32\drivers\vpn.sys
    11:37:21.0328 6032  VPN-1 - ok
    11:37:21.0437 6032  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
    11:37:21.0453 6032  VSS - ok
    11:37:21.0546 6032  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
    11:37:21.0593 6032  w32time - ok
    11:37:21.0625 6032  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
    11:37:21.0625 6032  Wanarp - ok
    11:37:21.0765 6032  [ FC2606083F35DB9C497D6BA9F554D22C ] WavxDMgr        C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
    11:37:21.0781 6032  WavxDMgr - ok
    11:37:21.0875 6032  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    11:37:21.0890 6032  Wdf01000 - ok
    11:37:21.0890 6032  WDICA - ok
    11:37:21.0937 6032  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
    11:37:21.0953 6032  wdmaud - ok
    11:37:22.0000 6032  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
    11:37:22.0015 6032  WebClient - ok
    11:37:22.0125 6032  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
    11:37:22.0140 6032  winmgmt - ok
    11:37:22.0203 6032  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
    11:37:22.0203 6032  WmdmPmSN - ok
    11:37:22.0281 6032  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
    11:37:22.0281 6032  Wmi - ok
    11:37:22.0328 6032  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    11:37:22.0343 6032  WmiAcpi - ok
    11:37:22.0359 6032  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
    11:37:22.0359 6032  WmiApSrv - ok
    11:37:22.0484 6032  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    11:37:22.0531 6032  WPFFontCache_v0400 - ok
    11:37:22.0578 6032  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
    11:37:22.0578 6032  wscsvc - ok
    11:37:22.0578 6032  WSearch - ok
    11:37:22.0640 6032  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    11:37:22.0640 6032  WSTCODEC - ok
    11:37:22.0718 6032  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
    11:37:22.0718 6032  WZCSVC - ok
    11:37:22.0718 6032  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
    11:37:22.0734 6032  xmlprov - ok
    11:37:22.0750 6032  ================ Scan global ===============================
    11:37:22.0796 6032  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    11:37:22.0828 6032  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
    11:37:22.0843 6032  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
    11:37:22.0890 6032  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    11:37:22.0890 6032  [Global] - ok
    11:37:22.0890 6032  ================ Scan MBR ==================================
    11:37:22.0921 6032  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    11:37:23.0359 6032  \Device\Harddisk0\DR0 - ok
    11:37:23.0359 6032  ================ Scan VBR ==================================
    11:37:23.0359 6032  [ 526942283F5192E333DA972B7AAB3646 ] \Device\Harddisk0\DR0\Partition1
    11:37:23.0375 6032  \Device\Harddisk0\DR0\Partition1 - ok
    11:37:23.0375 6032  ============================================================
    11:37:23.0375 6032  Scan finished
    11:37:23.0375 6032  ============================================================
    11:37:23.0375 6024  Detected object count: 0
    11:37:23.0375 6024  Actual detected object count: 0
    11:41:32.0125 3388  Deinitialize success
    
  • aswMBR
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-03 11:41:34
    -----------------------------
    11:41:34.515    OS Version: Windows 5.1.2600 Service Pack 3
    11:41:34.515    Number of processors: 2 586 0x170A
    11:41:34.515    ComputerName: <ComputerName>  UserName: <some_user>
    11:41:35.250    Initialize success
    11:51:13.062    AVAST engine defs: 12110300
    11:51:47.640    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:51:47.640    Disk 0 Vendor: ST916041 0002 Size: 152627MB BusType: 8
    11:51:47.703    Disk 0 MBR read successfully
    11:51:47.703    Disk 0 MBR scan
    11:51:47.718    Disk 0 Windows VISTA default MBR code
    11:51:47.734    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      172 MB offset 63
    11:51:47.750    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152452 MB offset 353430
    11:51:47.750    Disk 0 scanning sectors +312576705
    11:51:47.859    Disk 0 scanning C:\WINDOWS\system32\drivers
    11:51:59.390    Service scanning
    11:52:21.125    Modules scanning
    11:52:26.187    Disk 0 trace - called modules:
    11:52:26.218    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
    11:52:26.218    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa21868]
    11:52:26.531    3 CLASSPNP.SYS[ba8e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b03d028]
    11:52:33.640    AVAST engine scan C:\WINDOWS
    11:52:44.515    AVAST engine scan C:\WINDOWS\system32
    11:56:08.718    AVAST engine scan C:\WINDOWS\system32\drivers
    11:56:26.734    AVAST engine scan C:\Documents and Settings\<user_name>
    12:04:55.312    AVAST engine scan C:\Documents and Settings\All Users
    12:06:00.156    Scan finished successfully
    12:09:13.562    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\<user_name>\My Documents\MBR.dat"
    12:09:13.562    The log file has been saved successfully to "C:\Documents and Settings\<user_name>\My Documents\aswMBR_0.9.9.1665_2012_11_03.txt"
    
  • ESET
    C:\TDSSKiller_Quarantine\03.11.2012_11.31.40\mbr0000\tdlfs0000\tsk0005.dta	Win32/Olmasco.O trojan	cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.11.2012_11.31.40\mbr0000\tdlfs0000\tsk0006.dta	Win64/Olmasco.Y trojan	cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.11.2012_11.31.40\mbr0000\tdlfs0000\tsk0007.dta	Win32/Olmasco.O trojan	cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.11.2012_11.31.40\mbr0000\tdlfs0000\tsk0008.dta	Win64/Olmasco.X trojan	cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.11.2012_11.31.40\mbr0000\tdlfs0000\tsk0009.dta	probably a variant of Win32/Olmasco.O trojan	cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.11.2012_11.31.40\mbr0000\tdlfs0000\tsk0010.dta	Win64/Olmasco.AA trojan	cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.11.2012_11.31.40\mbr0000\tdlfs0000\tsk0011.dta	Win32/Olmasco.Q trojan	cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.11.2012_11.31.40\mbr0000\tdlfs0000\tsk0012.dta	Win64/Olmasco.X trojan	cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.11.2012_11.31.40\mbr0000\tdlfs0000\tsk0014.dta	Win32/Olmasco.AA trojan	cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.11.2012_11.31.40\mbr0000\tdlfs0000\tsk0015.dta	Win64/Olmasco.Z trojan	cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.11.2012_11.31.40\mbr0000\tdlfs0000\tsk0021.dta	a variant of Win32/Olmarik.AYN trojan	cleaned by deleting - quarantined
    


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 23 November 2012 - 06:38 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 Wannabe Expert

Wannabe Expert
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 27 December 2012 - 12:23 PM

narenxp, again thank you for your help, and please see the requested logs below:

  • MalwareBytes
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    
    Database version: v2012.12.26.11
    
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    <user_name> :: <computer_name> [administrator]
    
    12/26/2012 12:02:28 PM
    mbam-log-2012-12-26 (12-02-28).txt
    
    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 572796
    Time elapsed: 3 hour(s), 48 minute(s), 8 second(s)
    
    Memory Processes Detected: 0
    (No malicious items detected)
    
    Memory Modules Detected: 0
    (No malicious items detected)
    
    Registry Keys Detected: 0
    (No malicious items detected)
    
    Registry Values Detected: 0
    (No malicious items detected)
    
    Registry Data Items Detected: 0
    (No malicious items detected)
    
    Folders Detected: 0
    (No malicious items detected)
    
    Files Detected: 0
    (No malicious items detected)
    
    (end)
    
  • Mini Toolbox
    MiniToolBox by Farbar  Version: 25-11-2012
    Ran by <user_name> (administrator) on 26-12-2012 at 17:08:54
    Running from "C:\Documents and Settings\<user_name>\Desktop\20121126"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ***************************************************************************
    
    ========================= Flush DNS: ===================================
    Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
    ========================= IE Proxy Settings: ============================== 
    
    Proxy is not enabled.
    No Proxy Server is set.
    
    "Reset IE Proxy Settings": IE Proxy Settings were reset.
    
    ========================= FF Proxy Settings: ============================== 
    
    
    "Reset FF Proxy Settings": Firefox Proxy settings were reset.
    
    ========================= Hosts content: =================================
    10.10.1.73      <work_url>
    10.10.1.37      <work_url>	<work_url>
    10.10.1.61	<work_url>
    10.10.1.100	<work_url>
    10.11.1.115	<work_url>
    10.10.1.21      <work_url>
    172.18.105.171
    10.10.1.35
    10.11.1.102	<work_url>
    10.11.8.10	
    10.11.1.103
    172.22.6.10    <work_url>
    172.22.6.10    <work_url>
    172.22.6.12    <work_url>
    172.22.6.11    <work_url>
    172.22.6.13    <work_url>
    172.22.6.14    <work_url>
    172.22.6.15    <work_url>
    172.22.6.16    <work_url>
    ######################################
    127.0.0.1       localhost
    127.0.0.1       <work_url>
    
    ========================= IP Configuration: ================================
    
    1394 Net Adapter = 1394 Connection 5 (Connected)
    Intel(R) 82567LM Gigabit Network Connection = Local Area Connection (Media disconnected)
    Intel(R) WiFi Link 5100 AGN = Wireless Network Connection (Media disconnected)
    
    
    # ---------------------------------- 
    # Interface IP Configuration         
    # ---------------------------------- 
    pushd interface ip
    
    
    # Interface IP Configuration for "{4E110C26-D2CE-4CE1-9D50-F3563F554656}"
    
    set address name="{4E110C26-D2CE-4CE1-9D50-F3563F554656}" source=dhcp 
    set dns name="{4E110C26-D2CE-4CE1-9D50-F3563F554656}" source=dhcp register=NONE
    set wins name="{4E110C26-D2CE-4CE1-9D50-F3563F554656}" source=dhcp
    
    # Interface IP Configuration for "Wireless Network Connection"
    
    set address name="Wireless Network Connection" source=dhcp 
    set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
    set wins name="Wireless Network Connection" source=dhcp
    
    # Interface IP Configuration for "Local Area Connection"
    
    set address name="Local Area Connection" source=dhcp 
    set dns name="Local Area Connection" source=dhcp register=PRIMARY
    set wins name="Local Area Connection" source=dhcp
    
    # Interface IP Configuration for "Network Connect Adapter"
    
    set address name="Network Connect Adapter" source=dhcp 
    set dns name="Network Connect Adapter" source=dhcp register=PRIMARY
    set wins name="Network Connect Adapter" source=dhcp
    
    
    popd
    # End of interface IP configuration
    
    
    Windows IP Configuration        Host Name . . . . . . . . . . . . : <computer_name>        Primary Dns Suffix  . . . . . . . : <work_url>        Node Type . . . . . . . . . . . . : Broadcast        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : NoEthernet adapter {4E110C26-D2CE-4CE1-9D50-F3563F554656}:        Media State . . . . . . . . . . . : Media disconnected        Description . . . . . . . . . . . : Check Point Virtual Network Adapter For SecureClient - Packet Scheduler Miniport        Physical Address. . . . . . . . . : 54-55-43-44-52-07Ethernet adapter Wireless Network Connection:        Media State . . . . . . . . . . . : Media disconnected        Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN        Physical Address. . . . . . . . . : 00-22-FB-B2-B3-9EEthernet adapter Local Area Connection:        Media State . . . . . . . . . . . : Media disconnected        Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection        Physical Address. . . . . . . . . : 00-24-E8-AA-EF-1EEthernet adapter Network Connect Adapter:        Media State . . . . . . . . . . . : Media disconnected        Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter - SecuRemote Miniport        Physical Address. . . . . . . . . : 00-FF-C8-E4-14-8AServer:  UnKnown
    Address:  127.0.0.1
    
    Ping request could not find host google.com. Please check the name and try again.Server:  UnKnown
    Address:  127.0.0.1
    
    Ping request could not find host yahoo.com. Please check the name and try again.Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...54 55 43 44 52 07 ...... Check Point Virtual Network Adapter For SecureClient - Packet Scheduler Miniport
    0x3 ...00 22 fb b2 b3 9e ...... Intel(R) WiFi Link 5100 AGN - SecuRemote Miniport
    0x4 ...00 24 e8 aa ef 1e ...... Intel(R) 82567LM Gigabit Network Connection - SecuRemote Miniport
    0x10006 ...00 ff c8 e4 14 8a ...... Juniper Network Connect Virtual Adapter - SecuRemote Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
            127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1	  1
      255.255.255.255  255.255.255.255  255.255.255.255               2	  1
      255.255.255.255  255.255.255.255  255.255.255.255               3	  1
      255.255.255.255  255.255.255.255  255.255.255.255               4	  1
      255.255.255.255  255.255.255.255  255.255.255.255           10006	  1
    ===========================================================================
    Persistent Routes:
      None
    ========================= Winsock entries =====================================
    
    Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
    Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
    Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    
    ========================= Event log errors: ===============================
    
    Application errors:
    ==================
    Error: (12/26/2012 11:58:48 AM) (Source: AutoEnrollment) (User: )
    Description: Automatic certificate enrollment for <domain>\<user_name> failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
      Enrollment will not be performed.
    
    Error: (12/26/2012 11:58:45 AM) (Source: Wave TCG Client Services) (User: )
    Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM
    
    Error: (12/26/2012 11:58:17 AM) (Source: Wave TCG Client Services) (User: )
    Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM
    
    Error: (12/26/2012 11:58:17 AM) (Source: Wave TCG Client Services) (User: )
    Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM
    
    Error: (12/26/2012 11:57:43 AM) (Source: UserInit) (User: )
    Description: Could not execute the following script mapHome.bat. The system cannot find the file specified.
    .
    
    Error: (12/26/2012 11:57:43 AM) (Source: UserInit) (User: )
    Description: Could not execute the following script mapNetwork.vbs. The system cannot find the file specified.
    .
    
    Error: (12/26/2012 11:57:36 AM) (Source: Userenv) (User: NT AUTHORITY)
    Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
    
    Error: (12/26/2012 09:39:49 AM) (Source: AutoEnrollment) (User: )
    Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
      Enrollment will not be performed.
    
    Error: (12/26/2012 09:39:48 AM) (Source: Userenv) (User: NT AUTHORITY)
    Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
    
    Error: (12/18/2012 07:39:04 AM) (Source: Wave TCG Client Services) (User: )
    Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM
    
    
    System errors:
    =============
    Error: (12/26/2012 01:41:20 PM) (Source: NETLOGON) (User: )
    Description: No Domain Controller is available for domain <domain> due to the following: 
    %%1311.
    
    Make sure that the computer is connected to the network and try
    again. If the problem persists, please contact your domain administrator.
    
    Error: (12/26/2012 00:01:19 PM) (Source: W32Time) (User: )
    Description: The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible. 
    No attempt to contact a source will be made for 14 minutes.
    NtpClient has no source of accurate time.
    
    Error: (12/26/2012 11:56:25 AM) (Source: 0) (User: )
    Description: \Device\FW1-->g clock change.
    
    Error: (12/26/2012 11:56:25 AM) (Source: 0) (User: )
    Description: \Device\FW1FW-1: last packet seen 2054 seconds ago, assumin-->
    
    Error: (12/26/2012 09:39:48 AM) (Source: NETLOGON) (User: )
    Description: No Domain Controller is available for domain <domain> due to the following: 
    %%1311.
    
    Make sure that the computer is connected to the network and try
    again. If the problem persists, please contact your domain administrator.
    
    Error: (12/18/2012 07:37:33 AM) (Source: NETLOGON) (User: )
    Description: No Domain Controller is available for domain <domain> due to the following: 
    %%1311.
    
    Make sure that the computer is connected to the network and try
    again. If the problem persists, please contact your domain administrator.
    
    Error: (12/17/2012 05:56:58 PM) (Source: NETLOGON) (User: )
    Description: No Domain Controller is available for domain <domain> due to the following: 
    %%1311.
    
    Make sure that the computer is connected to the network and try
    again. If the problem persists, please contact your domain administrator.
    
    Error: (11/30/2012 10:50:28 AM) (Source: NETLOGON) (User: )
    Description: No Domain Controller is available for domain <domain> due to the following: 
    %%1311.
    
    Make sure that the computer is connected to the network and try
    again. If the problem persists, please contact your domain administrator.
    
    Error: (11/27/2012 09:40:32 PM) (Source: NETLOGON) (User: )
    Description: No Domain Controller is available for domain <domain> due to the following: 
    %%1311.
    
    Make sure that the computer is connected to the network and try
    again. If the problem persists, please contact your domain administrator.
    
    Error: (11/25/2012 00:00:11 PM) (Source: NETLOGON) (User: )
    Description: No Domain Controller is available for domain <domain> due to the following: 
    %%1311.
    
    Make sure that the computer is connected to the network and try
    again. If the problem persists, please contact your domain administrator.
    
    
    Microsoft Office Sessions:
    =========================
    
    =========================== Installed Programs ============================
    
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    32 Bit HP CIO Components Installer (Version: 3.1.1)
    6500_E709_eDocs (Version: 1.00.0000)
    6500_E709_Help (Version: 1.00.0000)
    6500_E709n (Version: 50.0.165.000)
    Adobe AIR (Version: 1.5.0.7220)
    Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
    Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
    Adobe Reader 9.2 (Version: 9.2.0)
    All Day Battery Life Configuration (Version: 1.1.0)
    BioAPI Framework (Version: 1.0.1)
    biolsp patch (Version: 01.00.02.0005)
    bpd_scan (Version: 3.00.0000)
    BPDSoftware (Version: 50.0.165.000)
    BPDSoftware_Ini (Version: 1.00.0000)
    Broadcom USH Host Components (Version: 1.7.208.6)
    BufferChm (Version: 120.0.194.000)
    Check Point VPN-1 SecureClient NGX R60 HFA1
    Choice Guard (Version: 1.2.87.0)
    Crystal Reports Embeddable Designer for IBM Rational Application Developer (Version: 1.0.0)
    DCP32MMWrapper (Version: 1.6.206.15)
    Dell Control Point (Version: 1.6.206.15)
    Dell ControlPoint Connection Manager (Version: 1.2.1)
    Dell ControlPoint Security Manager (Version: 1.6.206.15)
    Dell ControlPoint System Manager (Version: 1.2.00000)
    Dell Embassy Trust Suite by Wave Systems (Version: 03.03.00.015)
    Dell Security Device Driver Pack (Version: 1.02.35)
    Dell Touchpad (Version: 7.2.101.215)
    Dell Webcam Central (Version: 1.01.04)
    Destination Component (Version: 110.0.0.0)
    DeviceDiscovery (Version: 120.0.194.000)
    DocMgr (Version: 120.0.000.000)
    DocProc (Version: 12.0.0.0)
    Document Manager Lite (Version: 06.09.00.082)
    EMBASSY Security Center (Version: 03.09.00.054)
    EMBASSY Security Setup (Version: 03.09.00.062)
    ESC Home Page Plugin (Version: 03.04.00.022)
    ESET Online Scanner v3
    Fax (Version: 120.0.194.000)
    Gemalto (Version: 01.01.00.0000)
    Google Chrome (Version: 22.0.1229.94)
    Google Talk Plugin (Version: 3.10.2.10212)
    GPBaseService2 (Version: 120.0.194.000)
    HP Document Manager 2.0 (Version: 2.0)
    HP Imaging Device Functions 12.0 (Version: 12.0)
    HP Officejet 6500 E709 Series (Version: 12.0)
    HP Smart Web Printing (Version: 4.05)
    HP Solution Center 12.0 (Version: 12.0)
    HPProductAssistant (Version: 120.0.194.000)
    HPSSupply (Version: 120.0.194.000)
    IBM Lotus Sametime Connect 7.5.1 (Version: 7.5.70413)
    IBM Rational Application Developer V6.0
    Integrated Webcam Driver (1.03.02.0919)  
    Intel PROSet Wireless
    Intel(R) Network Connections 13.0.42.0 (Version: 13.0.42.0)
    Intel(R) PRO Alerting Agent (Version: 12.0.3)
    Intel(R) PROSet/Wireless WiFi API (Version: 12.01.2000)
    Intel(R) PROSet/Wireless WiFi Driver (Version: 12.01.2000)
    Intel® Matrix Storage Manager
    J2SE Development Kit 5.0 Update 12 (Version: 1.5.0.120)
    J2SE Runtime Environment 5.0 Update 12 (Version: 1.5.0.120)
    Java DB 10.4.1.3 (Version: 10.4.1.3)
    Java(TM) 6 Update 13 (Version: 6.0.130)
    Java(TM) SE Development Kit 6 Update 13 (Version: 1.6.0.130)
    JProfiler 5.2.3
    JUDE Community 5.5b1
    Juniper Networks Network Connect 5.5.0 (Version: 5.5.0.12491)
    Juniper Networks Secure Meeting 5.5.0 (Version: 5.5.0.12491)
    Junk Mail filter update (Version: 14.0.8050.1202)
    KeePass Password Safe 2.19
    LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.67)
    Lotus Notes 6.5.5 (Version: 6.55.5334)
    Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
    Microsoft .NET Framework 1.1 (Version: 1.1.4322)
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
    Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6012.5000)
    Microsoft Help Viewer 1.0 (Version: 1.0.30319)
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Office Standard 2007 (Version: 12.0.6425.1000)
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
    Microsoft Search Enhancement Pack (Version: 1.3.59.0)
    Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
    Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
    Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
    Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
    Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
    Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
    Mozilla Maintenance Service (Version: 15.0.1)
    MSVCRT (Version: 14.0.1468.721)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
    Network (Version: 120.0.194.000)
    NTRU TCG Software Stack (Version: 2.1.29)
    NVIDIA Drivers
    OCR Software by I.R.I.S. 12.0 (Version: 12.0)
    Preboot Manager (Version: 02.09.00.004)
    Private Information Manager (Version: 06.04.00.042)
    ProductContext (Version: 50.0.165.000)
    Protection Portfolio 1.0 (Version: 1.0)
    Scan (Version: 12.0.0.0)
    Secure Update (Version: 05.07.00.014)
    Security Wizards (Version: 01.07.00.014)
    Segoe UI (Version: 14.0.4327.805)
    Shop for HP Supplies (Version: 12)
    ShoreTel Call Manager (Version: 13.24.2504.0)
    SmartWebPrinting (Version: 120.0.194.000)
    SO32MMWrapper (Version: 1.6.206.15)
    SolutionCenter (Version: 120.0.194.000)
    Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
    Spybot - Search & Destroy (Version: 1.5.2)
    Status (Version: 120.0.194.000)
    Symantec AntiVirus (Version: 10.1.7000.7)
    Toolbox (Version: 120.0.194.000)
    TortoiseSVN 1.5.6.14908 (32 bit) (Version: 1.5.14908)
    TrayApp (Version: 120.0.194.000)
    Trusted Drive Manager (Version: 2.6.1.48)
    tsp patch (Version: 01.00.00.0000)
    UnloadSupport (Version: 11.0.0)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb977719)
    Update for Windows XP (KB898461) (Version: 1)
    Update for Windows XP (KB951618-v2) (Version: 2)
    Update for Windows XP (KB951978) (Version: 1)
    Update for Windows XP (KB955759) (Version: 1)
    Update for Windows XP (KB955839) (Version: 1)
    Update for Windows XP (KB967715) (Version: 1)
    Update for Windows XP (KB968389) (Version: 1)
    Update for Windows XP (KB971737) (Version: 1)
    Update for Windows XP (KB973687) (Version: 1)
    Update for Windows XP (KB973815) (Version: 1)
    Update for Windows XP (KB976749) (Version: 1)
    Update for Windows XP (KB978207) (Version: 1)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
    VLC media player 1.1.11 (Version: 1.1.11)
    Wave Infrastructure Installer (Version: 06.01.52.0015)
    Wave Support Software (Version: 05.10.00.030)
    WebFldrs XP (Version: 9.50.7523)
    WebReg (Version: 120.0.194.000)
    Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5)
    Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
    Windows Live Call (Version: 14.0.8050.1202)
    Windows Live Communications Platform (Version: 14.0.8050.1202)
    Windows Live Essentials (Version: 14.0.8050.1202)
    Windows Live Mail (Version: 14.0.8050.1202)
    Windows Live Messenger (Version: 14.0.8050.1202)
    Windows Live Photo Gallery (Version: 14.0.8051.1204)
    Windows Live Sync (Version: 14.0.8050.1202)
    Windows Live Toolbar (Version: 14.0.8052.1208)
    Windows Live Upload Tool (Version: 14.0.8014.1029)
    Windows Live Writer (Version: 14.0.8050.1202)
    Windows Presentation Foundation (Version: 3.0.6920.0)
    Windows Search 4.0 (Version: 04.00.6001.503)
    WinFF 1.4.2
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0
    XWiki Enterprise
    
    ========================= Memory info: ===================================
    
    Percentage of memory in use: 28%
    Total physical RAM: 3571.83 MB
    Available physical RAM: 2544.51 MB
    Total Pagefile: 3407.43 MB
    Available Pagefile: 2508.81 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1979.59 MB
    
    ========================= Partitions: =====================================
    
    1 Drive c: (OS) (Fixed) (Total:148.88 GB) (Free:96.26 GB) NTFS
    
    ========================= Users: ========================================
    
    User accounts for \\<computer_name>
    
    Administrator            ASPNET                   Guest                    
    HelpAssistant            SUPPORT_388945a0         <work_admin>                  
    
    ========================= Restore Points ==================================
    
    05-10-2012 02:55:01 System Checkpoint
    09-10-2012 01:47:04 System Checkpoint
    12-10-2012 03:55:37 System Checkpoint
    27-10-2012 22:43:59 System Checkpoint
    03-11-2012 20:30:42 System Checkpoint
    25-11-2012 01:08:51 System Checkpoint
    26-12-2012 21:35:36 System Checkpoint
    
    **** End of log ****
    
  • Farbar Service Scanner
    Farbar Service Scanner Version: 09-11-2012
    Ran by <user_name> (administrator) on 26-12-2012 at 17:21:04
    Running from "C:\Documents and Settings\<user_name>\Desktop\20121126"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************
    
    Internet Services:
    ============
    
    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error. Google IP is unreachable
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
    Attempt to access Yahoo.com returned error: Other errors
    
    
    Windows Firewall:
    =============
    
    Firewall Disabled Policy: 
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    
    
    System Restore:
    ============
    
    System Restore Disabled Policy: 
    ========================
    
    
    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.
    
    
    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    
    
    Windows Autoupdate Disabled Policy: 
    ============================
    
    
    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    
    Extra List:
    =======
    FW1(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(9) Tcpip(3) 
    0x09000000040000000100000002000000030000000900000005000000060000000700000008000000
    IpSec Tag value is correct.
    
    **** End of log ****
    
  • Adware Cleaner
    # AdwCleaner v2.009 - Logfile created 12/26/2012 at 17:23:16
    # Updated 24/11/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : <user_name> - <computer_name>
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\<user_name>\Desktop\20121126\adwcleaner.exe
    # Option [Delete]
    
    
    ***** [Services] *****
    
    
    ***** [Files / Folders] *****
    
    
    ***** [Registry] *****
    
    
    ***** [Internet Browsers] *****
    
    -\\ Internet Explorer v6.0.2900.5512
    
    [OK] Registry is clean.
    
    *************************
    
    AdwCleaner[S1].txt - [545 octets] - [26/12/2012 17:23:16]
    
    ########## EOF - C:\AdwCleaner[S1].txt - [604 octets] ##########
    
    
  • Junkware Removal Tool
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 3.5.4 (11.26.2012)
    OS: Microsoft Windows XP x86
    Ran by <user_name> on Wed 12/26/2012 at 17:41:39.43
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    
    
    
    ~~~ Services
    
    
    
    ~~~ Registry Values
    
    
    
    ~~~ Registry Keys
    
    
    
    ~~~ Files
    
    
    
    ~~~ Folders
    
    
    
    
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 12/26/2012 at 17:46:38.54
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 28 December 2012 - 01:43 AM

Download UNHIDE from here

http://www.bleepingcomputer.com/download/unhide/dl/6/

Run this tool.This should restore the hidden files and folders

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 Wannabe Expert

Wannabe Expert
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 30 December 2012 - 02:57 PM

narenxp, please see the requested logs below.

  • RKILL
    Rkill 2.4.5 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
     http://www.bleepingcomputer.com/forums/topic308364.html
    
    Program started at: 12/28/2012 01:18:30 PM in x86 mode.
    Windows Version: Microsoft Windows XP Service Pack 3
    
    Checking for Windows services to stop:
    
     * No malware services found to stop.
    
    Checking for processes to terminate:
    
     * No malware processes found to kill.
    
    Checking Registry for malware related settings:
    
     * No issues found in the Registry.
    
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    
    Performing miscellaneous checks:
    
     * Windows Firewall Disabled
    
       [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
       "EnableFirewall" = dword:00000000
    
     * SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html
    
    Checking Windows Service Integrity: 
    
     * Security Center (wscsvc) is not Running.
       Startup Type set to: Automatic
    
     * wuauserv [Missing Service]
    
    Searching for Missing Digital Signatures: 
    
     * No issues found.
    
    Checking HOSTS File: 
    
     * HOSTS file entries found: 
    
      127.0.0.1       localhost
      127.0.0.1       <work_server>
      10.10.1.73      <work_server>
      10.10.1.37      <work_server>	<work_server>
      10.10.1.61	<work_server>
      10.10.1.100	<work_server>
      10.11.1.115	<work_server>
      10.10.1.21      <work_server>
      172.18.105.171
      10.10.1.35
      10.11.1.102	<work_server>
      10.11.8.10	
      10.11.1.103
      172.22.6.10    <work_server>
      172.22.6.10    <work_server>
      172.22.6.12    <work_server>
      172.22.6.11    <work_server>
      172.22.6.13    <work_server>
      172.22.6.14    <work_server>
      172.22.6.15    <work_server>
    
      20 out of 21 HOSTS entries shown.
      Please review HOSTS file for further entries.
    
    Program finished at: 12/28/2012 01:18:54 PM
    Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)
    
  • Autoruns
    "HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon"	""	""	""
    + "Shared Drive Mapping 2.0"	""	""	"File not found: \\<work_domain>\SysVol\<work_domain>\Policies\{6B935878-46B5-4E45-B0E6-64AD49565E0E}\User\Scripts\Logon\mapNetwork.vbs"
    + "Shared Drive Mapping 2.0"	""	""	"File not found: \\<work_domain>\SysVol\<work_domain>\Policies\{6B935878-46B5-4E45-B0E6-64AD49565E0E}\User\Scripts\Logon\mapHome.bat"
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"	""	""	""
    + "Adobe ARM"	"Adobe Reader and Acrobat Manager"	"Adobe Systems Incorporated"	"c:\program files\common files\adobe\arm\1.0\adobearm.exe"
    + "Adobe Reader Speed Launcher"	"Adobe Acrobat SpeedLauncher"	"Adobe Systems Incorporated"	"c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
    + "AESTFltr"	"AEFltrs MFC Application"	"Andrea Electronics Corporation"	"c:\windows\system32\aestfltr.exe"
    + "AgwbBmgKcTBiVw.exe"	""	""	"File not found: C:\Documents and Settings\All Users\Application Data\AgwbBmgKcTBiVw.exe"
    + "Apoint"	"Alps Pointing-device Driver"	"Alps Electric Co., Ltd."	"c:\program files\delltpad\apoint.exe"
    + "ccApp"	"Symantec User Session"	"Symantec Corporation"	"c:\program files\common files\symantec shared\ccapp.exe"
    + "ChangeTPMAuth"	"ChangeTPMAuth Application"	"Wave Systems Corp."	"c:\program files\wave systems corp\common\changetpmauth.exe"
    + "Dell Webcam Central"	"Dell Webcam Central Application"	"Creative Technology Ltd."	"c:\program files\dell webcam\dell webcam central\webcamdell.exe"
    + "DellConnectionManager"	"Dell.UCM"	"Smith Micro Software, Inc."	"c:\program files\dell\dell controlpoint\connection manager\dell.ucm.exe"
    + "DellControlPoint"	"Dell ControlPoint"	"Dell Inc."	"c:\program files\dell\dell controlpoint\dell.controlpoint.exe"
    + "EmbassySecurityCheck"	"ESC Embassy Security Check"	"Wave Systems Corp."	"c:\program files\wave systems corp\embassy security setup\embassysecuritycheck.exe"
    + "IAAnotif"	"Event Monitor User Notification Tool"	"Intel Corporation"	"c:\program files\intel\intel matrix storage manager\iaanotif.exe"
    + "KeePass 2 PreLoad"	"KeePass"	"Dominik Reichl"	"c:\program files\keepass password safe 2\keepass.exe"
    + "NvCplDaemon"	"NVIDIA Display Properties Extension"	"NVIDIA Corporation"	"c:\windows\system32\nvcpl.dll"
    + "NVHotkey"	"NVIDIA Hotkey Service, Version 176.26"	"NVIDIA Corporation"	"c:\windows\system32\nvhotkey.dll"
    + "NvMediaCenter"	"NVIDIA Media Center Library"	"NVIDIA Corporation"	"c:\windows\system32\nvmctray.dll"
    + "nwiz"	"NVIDIA nView Wizard, Version 111.84 "	"NVIDIA Corporation"	"c:\windows\system32\nwiz.exe"
    + "SecureUpgrade"	"Check For Later Product Line "	"Wave Systems Corp."	"c:\program files\wave systems corp\secureupgrade.exe"
    + "SunJavaUpdateSched"	"Java(TM) Platform SE binary"	"Sun Microsystems, Inc."	"c:\program files\java\jre6\bin\jusched.exe"
    + "SysTrayApp"	"IDT PC Audio"	"IDT, Inc."	"c:\program files\idt\wdm\sttray.exe"
    + "USCService"	"Dell Security Device and Task Status"	"Broadcom Corporation"	"c:\program files\dell\dell controlpoint\security manager\bcmdeviceandtaskstatusservice.exe"
    + "vptray"	"Symantec AntiVirus"	"Symantec Corporation"	"c:\program files\symantec antivirus\vptray.exe"
    + "WavXMgr"	"WavX Document Manager Application"	"Wave Systems Corp."	"c:\program files\wave systems corp\services manager\docmgr\bin\wavxdocmgr.exe"
    "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"	""	""	""
    + "Dell ControlPoint System Manager.lnk"	"DCP System Manager"	"Dell Inc."	"c:\program files\dell\dell controlpoint\system manager\dcpsysmgr.exe"
    + "HP Digital Imaging Monitor.lnk"	"HP Digital Imaging Monitor"	"Hewlett-Packard Co."	"c:\program files\hp\digital imaging\bin\hpqtra08.exe"
    + "Windows Search.lnk"	"Windows Search System Tray"	"Microsoft Corporation"	"c:\program files\windows desktop search\windowssearch.exe"
    "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"	""	""	""
    + "Address Book 6"	"Outlook Express Setup Library"	"Microsoft Corporation"	"c:\program files\outlook express\setup50.exe"
    + "Microsoft Outlook Express 6"	"Outlook Express Setup Library"	"Microsoft Corporation"	"c:\program files\outlook express\setup50.exe"
    "HKCU\Software\Microsoft\Windows\CurrentVersion\Run"	""	""	""
    + "Google Update"	"Google Installer"	"Google Inc."	"c:\documents and settings\<user_name>\local settings\application data\google\update\googleupdate.exe"
    + "ISUSPM"	"Macrovision Software Manager"	"Macrovision Corporation"	"c:\program files\common files\installshield\updateservice\isuspm.exe"
    "HKLM\SOFTWARE\Classes\Protocols\Filter"	""	""	""
    + "text/xml"	"Microsoft Office XML MIME Filter"	"Microsoft Corporation"	"c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
    "HKLM\SOFTWARE\Classes\Protocols\Handler"	""	""	""
    + "livecall"	"Windows Live Messenger Protocol Handler Module"	"Microsoft Corporation"	"c:\program files\windows live\messenger\msgrapp.14.0.8050.1202.dll"
    + "ms-help"	"Microsoft® Help Data Services Module"	"Microsoft Corporation"	"c:\program files\common files\microsoft shared\help\hxds.dll"
    + "msnim"	"Windows Live Messenger Protocol Handler Module"	"Microsoft Corporation"	"c:\program files\windows live\messenger\msgrapp.14.0.8050.1202.dll"
    + "wlmailhtml"	"Windows Live Mail"	"Microsoft Corporation"	"c:\program files\windows live\mail\mailcomm.dll"
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components"	""	""	""
    + "0"	""	""	"File not found: About:Home"
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"	""	""	""
    + "Windows Desktop Search Namespace Manager"	"Windows Search Namespace Manager"	"Microsoft Corporation"	"c:\program files\windows desktop search\msnlnamespacemgr.dll"
    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"	""	""	""
    + "CirrusShellEx"	""	""	"File not found: C:\Program Files\Beyond Compare 3\BCShellEx.dll"
    + "EncryptDocMgr"	"ContextMenuItem Module"	"Wave Systems Corp."	"c:\program files\wave systems corp\services manager\docmgr\bin\contextmenuitem.dll"
    + "LDVPMenu"	"Symantec AntiVirus"	"Symantec Corporation"	"c:\program files\common files\symantec shared\ssc\vpshell2.dll"
    + "TortoiseSVN"	"TortoiseSVN shell extension client"	"http://tortoisesvn.net"	"c:\program files\tortoisesvn\bin\tortoisestub.dll"
    + "WinRAR"	""	""	"c:\program files\winrar\rarext.dll"
    "HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers"	""	""	""
    + "TortoiseSVN"	"TortoiseSVN shell extension client"	"http://tortoisesvn.net"	"c:\program files\tortoisesvn\bin\tortoisestub.dll"
    "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"	""	""	""
    + "MBAMShlExt"	"Malwarebytes Anti-Malware"	"Malwarebytes Corporation"	"c:\program files\malwarebytes' anti-malware\mbamext.dll"
    "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"	""	""	""
    + "CirrusShellEx"	""	""	"File not found: C:\Program Files\Beyond Compare 3\BCShellEx.dll"
    + "EncryptDocMgr"	"ContextMenuItem Module"	"Wave Systems Corp."	"c:\program files\wave systems corp\services manager\docmgr\bin\contextmenuitem.dll"
    + "TortoiseSVN"	"TortoiseSVN shell extension client"	"http://tortoisesvn.net"	"c:\program files\tortoisesvn\bin\tortoisestub.dll"
    + "WinRAR"	""	""	"c:\program files\winrar\rarext.dll"
    "HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"	""	""	""
    + "TortoiseSVN"	"TortoiseSVN shell extension client"	"http://tortoisesvn.net"	"c:\program files\tortoisesvn\bin\tortoisestub.dll"
    + "WinRAR"	""	""	"c:\program files\winrar\rarext.dll"
    "HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers"	""	""	""
    + "TortoiseSVN"	"TortoiseSVN shell extension client"	"http://tortoisesvn.net"	"c:\program files\tortoisesvn\bin\tortoisestub.dll"
    "HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers"	""	""	""
    + "TortoiseSVN"	"TortoiseSVN shell extension client"	"http://tortoisesvn.net"	"c:\program files\tortoisesvn\bin\tortoisestub.dll"
    "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"	""	""	""
    + "00nView"	"NVIDIA Desktop Explorer, Version 111.84 "	"NVIDIA Corporation"	"c:\windows\system32\nvshell.dll"
    + "NvCplDesktopContext"	"NVIDIA Display Properties Extension"	"NVIDIA Corporation"	"c:\windows\system32\nvcpl.dll"
    + "TortoiseSVN"	"TortoiseSVN shell extension client"	"http://tortoisesvn.net"	"c:\program files\tortoisesvn\bin\tortoisestub.dll"
    "HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"	""	""	""
    + "PDF Shell Extension"	"PDF Shell Extension"	"Adobe Systems, Inc."	"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
    + "TortoiseSVN"	"TortoiseSVN shell extension client"	"http://tortoisesvn.net"	"c:\program files\tortoisesvn\bin\tortoisestub.dll"
    "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"	""	""	""
    + "CirrusShellEx"	""	""	"File not found: C:\Program Files\Beyond Compare 3\BCShellEx.dll"
    + "LDVPMenu"	"Symantec AntiVirus"	"Symantec Corporation"	"c:\program files\common files\symantec shared\ssc\vpshell2.dll"
    + "MBAMShlExt"	"Malwarebytes Anti-Malware"	"Malwarebytes Corporation"	"c:\program files\malwarebytes' anti-malware\mbamext.dll"
    + "TortoiseSVN"	"TortoiseSVN shell extension client"	"http://tortoisesvn.net"	"c:\program files\tortoisesvn\bin\tortoisestub.dll"
    + "WinRAR"	""	""	"c:\program files\winrar\rarext.dll"
    "HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"	""	""	""
    + "TortoiseSVN"	"TortoiseSVN shell extension client"	"http://tortoisesvn.net"	"c:\program files\tortoisesvn\bin\tortoisestub.dll"
    + "WinRAR"	""	""	"c:\program files\winrar\rarext.dll"
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"	""	""	""
    + "1TortoiseNormal"	"TortoiseSVN overlay handler shim"	"http://tortoisesvn.net"	"c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
    + "2TortoiseModified"	"TortoiseSVN overlay handler shim"	"http://tortoisesvn.net"	"c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
    + "3TortoiseConflict"	"TortoiseSVN overlay handler shim"	"http://tortoisesvn.net"	"c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
    + "4TortoiseLocked"	"TortoiseSVN overlay handler shim"	"http://tortoisesvn.net"	"c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
    + "5TortoiseReadOnly"	"TortoiseSVN overlay handler shim"	"http://tortoisesvn.net"	"c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
    + "6TortoiseDeleted"	"TortoiseSVN overlay handler shim"	"http://tortoisesvn.net"	"c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
    + "7TortoiseAdded"	"TortoiseSVN overlay handler shim"	"http://tortoisesvn.net"	"c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
    + "8TortoiseIgnored"	"TortoiseSVN overlay handler shim"	"http://tortoisesvn.net"	"c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
    + "9TortoiseUnversioned"	"TortoiseSVN overlay handler shim"	"http://tortoisesvn.net"	"c:\program files\common files\tortoiseoverlays\tortoiseoverlays.dll"
    + "EnabledUnlockedFDEIconOverlay"	"TDM Icon Overlay"	"Wave Systems Corp."	"c:\program files\wave systems corp\trusted drive manager\tdmiconoverlay.dll"
    + "UninitializedFdeIconOverlay"	"TDM Icon Overlay"	"Wave Systems Corp."	"c:\program files\wave systems corp\trusted drive manager\tdmiconoverlay.dll"
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"	""	""	""
    + "Adobe PDF Link Helper"	"Adobe PDF Helper for Internet Explorer"	"Adobe Systems Incorporated"	"c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
    + "HP Print Enhancer"	"HP Smart Web Printing add-on for Internet Explorer"	"Hewlett-Packard Co."	"c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll"
    + "HP Smart BHO Class"	"HP Smart Web Printing add-on for Internet Explorer"	"Hewlett-Packard Co."	"c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
    + "Java(tm) Plug-In 2 SSV Helper"	"Java(TM) Platform SE binary"	"Sun Microsystems, Inc."	"c:\program files\java\jre6\bin\jp2ssv.dll"
    + "JQSIEStartDetectorImpl Class"	"Java(TM) Quick Starter binary"	"Sun Microsystems, Inc."	"c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
    + "Search Helper"	"Search Helper for Internet Explorer"	"Microsoft Corporation"	"c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
    + "Spybot-S&D IE Protection"	"SBSD IE Protection"	"Safer Networking Limited"	"c:\program files\spybot - search & destroy\sdhelper.dll"
    + "SSVHelper Class"	"Java(TM) Platform SE binary"	"Sun Microsystems, Inc."	"c:\program files\java\jre6\bin\ssv.dll"
    + "Windows Live Toolbar Helper"	"Windows Live Toolbar Core"	"Microsoft Corporation"	"c:\program files\windows live\toolbar\wltcore.dll"
    "HKLM\Software\Microsoft\Internet Explorer\Toolbar"	""	""	""
    + "&Windows Live Toolbar"	"Windows Live Toolbar Core"	"Microsoft Corporation"	"c:\program files\windows live\toolbar\wltcore.dll"
    "HKLM\Software\Microsoft\Internet Explorer\Extensions"	""	""	""
    + "&Blog This in Windows Live Writer"	"Windows Live Writer Blog This Extension"	"Microsoft Corporation"	"c:\program files\windows live\writer\writerbrowserextension.dll"
    + "HP Smart Select"	"HP Smart Web Printing add-on for Internet Explorer"	"Hewlett-Packard Co."	"c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
    + "Spybot - Search & Destroy Configuration"	"SBSD IE Protection"	"Safer Networking Limited"	"c:\program files\spybot - search & destroy\sdhelper.dll"
    + "Windows Messenger"	"Windows Messenger"	"Microsoft Corporation"	"c:\program files\messenger\msmsgs.exe"
    "Task Scheduler"	""	""	""
    + "GoogleUpdateTaskUserS-1-5-21-168310524-116488305-928725530-3516Core.job"	"Google Installer"	"Google Inc."	"c:\documents and settings\<user_name>\local settings\application data\google\update\googleupdate.exe"
    + "GoogleUpdateTaskUserS-1-5-21-168310524-116488305-928725530-3516UA.job"	"Google Installer"	"Google Inc."	"c:\documents and settings\<user_name>\local settings\application data\google\update\googleupdate.exe"
    + "WebReg Officejet 6500 E709n Series.job"	"WebReg application"	"Hewlett-Packard Co."	"c:\program files\hp\digital imaging\bin\hpqwrg.exe"
    "HKLM\System\CurrentControlSet\Services"	""	""	""
    + "ASFAgent"	"Provides support for ASF remote manageability, including alert messages sending and remote control operations."	"Intel Corporation"	"c:\program files\intel\asf agent\asfagent.exe"
    + "buttonsvc32"	"This service manages support for the Dell ControlPoint button."	"Dell Inc."	"c:\program files\dell\dell controlpoint\dcpbuttonsvc.exe"
    + "ccEvtMgr"	"Event propagation and logging service"	"Symantec Corporation"	"c:\program files\common files\symantec shared\ccevtmgr.exe"
    + "ccSetMgr"	"Settings storage and management service"	"Symantec Corporation"	"c:\program files\common files\symantec shared\ccsetmgr.exe"
    + "Credential Vault Host Control Service"	"Host Control Service for Fingerprint Processing"	"Broadcom Corporation"	"c:\program files\broadcom corporation\broadcom ush host components\cv\bin\hostcontrolservice.exe"
    + "Credential Vault Host Storage"	"Host Storage Service for Persisting CV Objects into Hard drive"	"Broadcom Corporation"	"c:\program files\broadcom corporation\broadcom ush host components\cv\bin\hoststorageservice.exe"
    + "dcpsysmgrsvc"	"A support service required for the proper operation of Dell ControlPoint System Manager."	"Dell Inc."	"c:\program files\dell\dell controlpoint\system manager\dcpsysmgrsvc.exe"
    + "DefWatch"	"Monitors and maintains virus definitions."	"Symantec Corporation"	"c:\program files\symantec antivirus\defwatch.exe"
    + "dsNcService"	"Manages secure network connections"	"Juniper Networks"	"c:\program files\juniper networks\common files\dsncservice.exe"
    + "EvtEng"	"Manages the event trace messages for all the Intel® PROSet/Wireless Software components."	"Intel(R) Corporation"	"c:\program files\intel\wifi\bin\evteng.exe"
    + "hpqcxs08"	"HP CUE Context Manager Objects"	"Hewlett-Packard Co."	"c:\program files\hp\digital imaging\bin\hpqcxs08.dll"
    + "hpqddsvc"	"This service detects and monitors CUE devices on the system."	"Hewlett-Packard Co."	"c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
    + "HPSLPSVC"	"Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable"	"Hewlett-Packard Co."	"c:\program files\hp\digital imaging\bin\hpslpsvc32.dll"
    + "IAANTMON"	"RAID Monitor"	"Intel Corporation"	"c:\program files\intel\intel matrix storage manager\iaantmon.exe"
    + "IDriverT"	"Provides support for the Running Object Table for InstallShield Drivers"	"Macrovision Corporation"	"c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe"
    + "JavaQuickStarterService"	"Prefetches JRE files for faster startup of Java applets and applications"	"Sun Microsystems, Inc."	"c:\program files\java\jre6\bin\jqs.exe"
    + "LiveUpdate"	"LiveUpdate Core Engine"	"Symantec Corporation"	"c:\program files\symantec\liveupdate\lucomserver_3_2.exe"
    + "MozillaMaintenance"	"The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."	"Mozilla Foundation"	"c:\program files\mozilla maintenance service\maintenanceservice.exe"
    + "Net Driver HPZ12"	"Dot4Net Module"	"Hewlett-Packard"	"c:\windows\system32\hpzinw12.dll"
    + "NVSvc"	"Provides system and desktop level support to the NVIDIA display driver"	"NVIDIA Corporation"	"c:\windows\system32\nvsvc32.exe"
    + "odserv"	"Run portions of Microsoft Office Diagnostics."	"Microsoft Corporation"	"c:\program files\common files\microsoft shared\office12\odserv.exe"
    + "ose"	"Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."	"Microsoft Corporation"	"c:\program files\common files\microsoft shared\source engine\ose.exe"
    + "Pml Driver HPZ12"	"PmlDrv Module"	"Hewlett-Packard"	"c:\windows\system32\hpzipm12.dll"
    + "RegSrvc"	"Provides registry access to all Intel® PROSet/Wireless Software components"	"Intel(R) Corporation"	"c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
    + "S24EventMonitor"	"Wireless Management Service for Intel® PROSet/Wireless WiFi Software"	"Intel(R) Corporation"	"c:\program files\intel\wifi\bin\s24evmon.exe"
    + "SavRoam"	"Symantec AntiVirus Roaming Service"	"symantec"	"c:\program files\symantec antivirus\savroam.exe"
    + "SeaPort"	"Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly."	"Microsoft Corporation"	"c:\program files\microsoft\search enhancement pack\seaport\seaport.exe"
    + "SecureStorageService"	"Secure Storage Service"	"Wave Systems Corp."	"c:\program files\wave systems corp\secure storage manager\securestorageservice.exe"
    + "SMManager"	"SMManager for Dell UCM XP"	"Smith Micro Software, Inc."	"c:\program files\dell\dell controlpoint\connection manager\smmanager.exe"
    + "SNDSrvc"	"Symantec Network Drivers Service"	"Symantec Corporation"	"c:\program files\common files\symantec shared\sndsrvc.exe"
    + "SPBBCSvc"	"Symantec SPBBC"	"Symantec Corporation"	"c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe"
    + "SR_Service"	"SecureClient Service"	"Check Point Software Technologies"	"c:\program files\checkpoint\securemote\bin\sr_service.exe"
    + "SR_WatchDog"	""	"Check Point Software Technologies"	"c:\program files\checkpoint\securemote\bin\sr_watchdog.exe"
    + "STacSV"	"Manages audio jack configurations."	"IDT, Inc."	"c:\drivers\audio\r205445\stacsv.exe"
    + "Symantec AntiVirus"	"Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus."	"Symantec Corporation"	"c:\program files\symantec antivirus\rtvscan.exe"
    + "tcsd_win32.exe"	"TCS service for accessing the TPM"	""	"c:\program files\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"
    + "TdmService"	"Tdm Service"	"Wave Systems Corp."	"c:\program files\wave systems corp\trusted drive manager\tdmservice.exe"
    "HKLM\System\CurrentControlSet\Services"	""	""	""
    + "AESTAud"	"Andrea Audio Driver"	"Andrea Electronics Corporation"	"c:\windows\system32\drivers\aestaud.sys"
    + "ApfiltrService"	"Alps Touch Pad Driver"	"Alps Electric Co., Ltd."	"c:\windows\system32\drivers\apfiltr.sys"
    + "Changer"	""	""	"File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
    + "CP_OMDRV"	""	"Check Point Software Technologies"	"c:\windows\system32\drivers\omdrv.sys"
    + "cvusbdrv"	"Broadcom Credential Vault USB Driver"	"Broadcom Corporation"	"c:\windows\system32\drivers\cvusbdrv.sys"
    + "dsNcAdpt"	"dsNcAdapter"	"Juniper Networks"	"c:\windows\system32\drivers\dsncadpt.sys"
    + "e1yexpress"	"Intel(R) Gigabit Network Connection NDIS 5.1 deserialized driver"	"Intel Corporation"	"c:\windows\system32\drivers\e1y5132.sys"
    + "eeCtrl"	"Symantec Eraser Control Driver"	"Symantec Corporation"	"c:\program files\common files\symantec shared\eengine\eectrl.sys"
    + "EraserUtilRebootDrv"	"Symantec Eraser Utility Driver"	"Symantec Corporation"	"c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
    + "FW1"	""	"Check Point Software Technologies"	"c:\windows\system32\drivers\fw.sys"
    + "HDAudBus"	"High Definition Audio Bus Driver v1.0a"	"Windows (R) Server 2003 DDK provider"	"c:\windows\system32\drivers\hdaudbus.sys"
    + "HPZid412"	"IEEE-1284.4-1999 Driver (Windows 2000)"	"HP"	"c:\windows\system32\drivers\hpzid412.sys"
    + "HPZipr12"	"IEEE-1284.4-1999 Print Class Driver"	"HP"	"c:\windows\system32\drivers\hpzipr12.sys"
    + "HPZius12"	"1284.4<->Usb Datalink Driver (Windows 2000)"	"HP"	"c:\windows\system32\drivers\hpzius12.sys"
    + "iaStor"	"Intel Matrix Storage Manager driver - ia32"	"Intel Corporation"	"c:\windows\system32\drivers\iastor.sys"
    + "lbrtfdc"	""	""	"File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
    + "NAVENG"	"AV Engine"	"Symantec Corporation"	"c:\program files\common files\symantec shared\virusdefs\20100225.006\naveng.sys"
    + "NAVEX15"	"AV Engine"	"Symantec Corporation"	"c:\program files\common files\symantec shared\virusdefs\20100225.006\navex15.sys"
    + "NETw5x32"	"Intel® Wireless WiFi Link Driver"	"Intel Corporation"	"c:\windows\system32\drivers\netw5x32.sys"
    + "nv"	"NVIDIA Compatible Windows 2000 Miniport Driver, Version 176.26 "	"NVIDIA Corporation"	"c:\windows\system32\drivers\nv4_mini.sys"
    + "NvtSp50"	""	""	"File not found: System32\Drivers\NvtSp50.sys"
    + "OA001Afx"	"Advanced Audio FX Driver"	"Creative Technology Ltd."	"c:\windows\system32\drivers\oa001afx.sys"
    + "OA001Ufd"	"Provides a software interface to control effects of Integrated Webcam."	"Creative Technology Ltd."	"c:\windows\system32\drivers\oa001ufd.sys"
    + "OA001Vid"	"Provides a software interface to control Integrated Webcam."	"Creative Technology Ltd."	"c:\windows\system32\drivers\oa001vid.sys"
    + "PBADRV"	"PBADRV"	"Dell Inc"	"c:\windows\system32\drivers\pbadrv.sys"
    + "PCIDump"	""	""	"File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
    + "PDCOMP"	""	""	"File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
    + "PDFRAME"	""	""	"File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
    + "PDRELI"	""	""	"File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
    + "PDRFRAME"	""	""	"File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
    + "Ptilink"	"Direct Parallel Link Driver"	"Parallel Technologies, Inc."	"c:\windows\system32\drivers\ptilink.sys"
    + "rimmptsk"	"RICOH SD Driver"	"REDC"	"c:\windows\system32\drivers\rimmptsk.sys"
    + "s24trans"	"WLAN Transport"	"Intel Corporation"	"c:\windows\system32\drivers\s24trans.sys"
    + "SAVRT"	"AutoProtect"	"Symantec Corporation"	"c:\program files\symantec antivirus\savrt.sys"
    + "SAVRTPEL"	"SAVRTPEL"	"Symantec Corporation"	"c:\program files\symantec antivirus\savrtpel.sys"
    + "Secdrv"	"SafeDisc driver"	"Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."	"c:\windows\system32\drivers\secdrv.sys"
    + "SPBBCDrv"	"SPBBC Driver"	"Symantec Corporation"	"c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys"
    + "STHDA"	"IDT PC Audio"	"IDT, Inc."	"c:\windows\system32\drivers\sthda.sys"
    + "SymEvent"	"Symantec Event Library"	"Symantec Corporation"	"c:\windows\system32\drivers\symevent.sys"
    + "SYMREDRV"	"Redirector Filter Driver"	"Symantec Corporation"	"c:\windows\system32\drivers\symredrv.sys"
    + "SYMTDI"	"Network Dispatch Driver"	"Symantec Corporation"	"c:\windows\system32\drivers\symtdi.sys"
    + "VNASC"	""	"Check Point Software Technologies"	"c:\windows\system32\drivers\vnasc.sys"
    + "VPN-1"	""	"Check Point Software Technologies"	"c:\windows\system32\drivers\vpn.sys"
    + "WavxDMgr"	"Document Manager Driver"	"Wave Systems Corp."	"c:\windows\system32\drivers\wavxdmgr.sys"
    + "WDICA"	""	""	"File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"	""	""	""
    + "msacm.iac2"	"Indeo® audio software"	"Intel Corporation"	"c:\windows\system32\iac25_32.ax"
    + "msacm.l3acm"	"MPEG Layer-3 Audio Codec for MSACM"	"Fraunhofer Institut Integrierte Schaltungen IIS"	"c:\windows\system32\l3codeca.acm"
    + "msacm.sl_anet"	"Audio codec for MS ACM"	"Sipro Lab Telecom Inc."	"c:\windows\system32\sl_anet.acm"
    + "msacm.trspch"	"DSP Group TrueSpeech(TM) Audio Codec for MSACM V3.50"	"DSP GROUP, INC."	"c:\windows\system32\tssoft32.acm"
    + "vidc.cvid"	"Cinepak® Codec"	"Radius Inc."	"c:\windows\system32\iccvid.dll"
    + "vidc.iv31"	""	""	"c:\windows\system32\ir32_32.dll"
    + "vidc.iv32"	""	""	"c:\windows\system32\ir32_32.dll"
    + "vidc.iv41"	"Intel Indeo® Video 4.5"	"Intel Corporation"	"c:\windows\system32\ir41_32.ax"
    + "vidc.iv50"	"Intel Indeo® video 5.10"	"Intel Corporation"	"c:\windows\system32\ir50_32.dll"
    "HKLM\Software\Classes\Filter"	""	""	""
    + "Indeo® video 4.4 Compression Filter"	"Intel Indeo® Video 4.5"	"Intel Corporation"	"c:\windows\system32\ir41_32.ax"
    + "Indeo® video 4.4 Compression Filter"	"Intel Indeo® Video 4.5"	"Intel Corporation"	"c:\windows\system32\ir41_32.ax"
    + "Indeo® video 4.4 Decompression Filter"	"Intel Indeo® Video 4.5"	"Intel Corporation"	"c:\windows\system32\ir41_32.ax"
    + "Indeo® video 4.4 Decompression Filter"	"Intel Indeo® Video 4.5"	"Intel Corporation"	"c:\windows\system32\ir41_32.ax"
    "HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"	""	""	""
    + "9x8Resize"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "ACELP.net Audio Decoder"	"ACELP.net Audio Decoder"	"Sipro Lab Telecom Inc."	"c:\windows\system32\acelpdec.ax"
    + "Allocator Fix"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "Bitmap"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "Capture File Writer"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "Frame Eater"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "Indeo® audio software"	"Indeo® audio software"	"Intel Corporation"	"c:\windows\system32\iac25_32.ax"
    + "Indeo® video 5.10 Compression Filter"	"Intel Indeo® video 5.10"	"Intel Corporation"	"c:\windows\system32\ir50_32.dll"
    + "Indeo® video 5.10 Decompression Filter"	"Intel Indeo® video 5.10"	"Intel Corporation"	"c:\windows\system32\ir50_32.dll"
    + "MPEG Layer-3 Decoder"	"MPEG Layer-3 Audio Decoder"	"Fraunhofer Institut Integrierte Schaltungen IIS"	"c:\windows\system32\l3codecx.ax"
    + "Record Queue"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "Record Queue"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "ShotDetect"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "Stetch"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WIA Stream Snapshot Filter"	"WIA Stream Snapshot Filter"	"MyCompanyName"	"c:\windows\system32\wiasf.ax"
    + "WM VIH2 Fix"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WM VIH2 Fix"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT Audio Analyzer"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT Black Frame Generator"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT DirectX Transform Wrapper"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT DV Extract Filter"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WMT DV Extract Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT FormatConversion"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT Import Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT Interlacer"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT Log Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT MuxDeMux Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT Sample Info Filter"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WMT Sample Info Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT Screen capture Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT Switch Filter"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WMT Switch Filter"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT Virtual Renderer"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WMT Virtual Renderer"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT Virtual Source"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WMT Virtual Source"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    + "WMT Volume"	"Movie Maker Filters"	"Microsoft Corporation"	"c:\program files\movie maker\wmm2filt.dll"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"	""	""	""
    + "ckpNotify"	""	"Check Point Software Technologies"	"c:\windows\system32\ckpnotify.dll"
    + "NavLogon"	"Symantec AntiVirus Logon Notification"	"Symantec Corporation"	"c:\windows\system32\navlogon.dll"
    "HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"	""	""	""
    + "PCL hpf3l082"	"LanguageMonitor"	"Hewlett-Packard Company"	"c:\windows\system32\hpf3l082.dll"
    "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages"	""	""	""
    + "wvauth"	"Authentication Package"	"Wave Systems Corp."	"c:\windows\system32\wvauth.dll"
    "HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order"	""	""	""
    + "IntelNetProvCredMan"	"IntelNetProvCredMan"	"Intel(R) Corporation"	"c:\windows\system32\netprovcredman.dll"
    + "TdmNetworkProvider"	"TDM Network Provider"	"Wave Systems Corp."	"c:\windows\system32\tdmnetworkprovider.dll"
    


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 01 January 2013 - 08:57 AM

Current issues?

#11 Wannabe Expert

Wannabe Expert
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 03 January 2013 - 02:52 PM

Haven't used it much as I was waiting for the all-clear first. You think things are generally good now?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:22 AM

Posted 04 January 2013 - 03:17 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users