Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Horrible Google Redirect Virus


  • Please log in to reply
9 replies to this topic

#1 CaptainComedy

CaptainComedy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 20 October 2012 - 12:28 PM

I just can't get rid of this thing, and it's giving me untold amounts of grief. This is the worst virus I have ever gotten to date, and I just can't clean it from my system!

I'm gonna quote another post here, because he was in a similar position as I am in now.

I've tried:
TDSSKiller (won't open; renamed, still wont open, even with run as admin)
FixTDSS (same problem as above)
RKiller (to try and solve the problems with opening)

Full scan with MalwareBytes results in a clean report, but I still get redirected 90% of the time when clicking Google links. Incidentally (?) I also can't turn my Windows firewall on, because I get the error "due to an unidentified problem, windows cannot display the firewall settings." I'll work on that after I fix the redirector, because I think it'll eventually redirect me to some site that'll download worse viruses. Help!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:58 AM

Posted 20 October 2012 - 12:37 PM

Download Listparts from here

For 32 bit

List parts 32

For 64 bit

List parts 64

Launch it,click on SCAN,post the log

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 CaptainComedy

CaptainComedy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 20 October 2012 - 05:23 PM

ListParts by Farbar Version: 16-10-2012
Ran by James (administrator) on 20-10-2012 at 13:43:15
Windows XP (X86)
Running From: C:\Documents and Settings\James\My Documents\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 80%
Total physical RAM: 1014.11 MB
Available physical RAM: 198.73 MB
Total Pagefile: 1941.63 MB
Available Pagefile: 799.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.2 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:15.99 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 1024 KB
Partition 2 Unknown 24 KB 466 GB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 466 GB Healthy Boot
======================================================================================================

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.
======================================================================================================

****** End Of Log ******












And here's ESET's



C:\Documents and Settings\James\Local Settings\Temp\tXvXUmceqXrVfo.exe a variant of Win32/Kryptik.ANCH trojan cleaned by deleting - quarantined
C:\Documents and Settings\James\Local Settings\Temp\ICReinstall\cnet2_flashdigger_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\James\Local Settings\Temp\ICReinstall\cnet_office-convert-pdf-to-jpg-jpeg-tiff-free_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\James\My Documents\Downloads\cnet_office-convert-pdf-to-jpg-jpeg-tiff-free_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\SplitCam\ToolBar\sctb.exe Win32/Somoto application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:58 AM

Posted 20 October 2012 - 05:26 PM

You should be able to launch TDSSkiller and ASWMBR.Post the logs in your reply.

Edited by narenxp, 20 October 2012 - 09:33 PM.


#5 CaptainComedy

CaptainComedy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 20 October 2012 - 07:09 PM

Not sure what ASWMBR is, but my TDSS Killer log follows. After the first reboot my computer was incredibly slow, so much so that I couldn't get the log to open up so I could copy and paste it. I rebooted again and things seem to be working normally. I'll refrain from clicking any Google links until you tell me it's safe.

19:02:14.0500 1980  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:02:14.0843 1980  ============================================================
19:02:14.0843 1980  Current date / time: 2012/10/20 19:02:14.0843
19:02:14.0843 1980  SystemInfo:
19:02:14.0843 1980  
19:02:14.0843 1980  OS Version: 5.1.2600 ServicePack: 2.0
19:02:14.0843 1980  Product type: Workstation
19:02:14.0843 1980  ComputerName: JAMESLAPPYTOP
19:02:14.0843 1980  UserName: James
19:02:14.0843 1980  Windows directory: C:\WINDOWS
19:02:14.0843 1980  System windows directory: C:\WINDOWS
19:02:14.0843 1980  Processor architecture: Intel x86
19:02:14.0843 1980  Number of processors: 2
19:02:14.0843 1980  Page size: 0x1000
19:02:14.0843 1980  Boot type: Normal boot
19:02:14.0843 1980  ============================================================
19:02:19.0718 1980  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:02:19.0750 1980  Drive \Device\Harddisk1\DR3 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:02:19.0765 1980  ============================================================
19:02:19.0765 1980  \Device\Harddisk0\DR0:
19:02:19.0781 1980  MBR partitions:
19:02:19.0781 1980  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385800
19:02:19.0781 1980  \Device\Harddisk1\DR3:
19:02:19.0781 1980  MBR partitions:
19:02:19.0781 1980  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
19:02:19.0781 1980  ============================================================
19:02:19.0843 1980  C: <-> \Device\Harddisk0\DR0\Partition1
19:02:19.0875 1980  F: <-> \Device\Harddisk1\DR3\Partition1
19:02:19.0875 1980  ============================================================
19:02:19.0875 1980  Initialize success
19:02:19.0875 1980  ============================================================
19:02:23.0781 4172  ============================================================
19:02:23.0796 4172  Scan started
19:02:23.0796 4172  Mode: Manual; 
19:02:23.0796 4172  ============================================================
19:02:27.0265 4172  ================ Scan system memory ========================
19:02:27.0281 4172  System memory - ok
19:02:27.0281 4172  ================ Scan services =============================
19:02:27.0625 4172  [ 86D7B1E70661D754685B9AC6D749AAE5 ] 61883           C:\WINDOWS\system32\DRIVERS\61883.sys
19:02:27.0703 4172  61883 - ok
19:02:27.0718 4172  Abiosdsk - ok
19:02:27.0718 4172  abp480n5 - ok
19:02:27.0796 4172  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:02:28.0015 4172  ACPI - ok
19:02:28.0140 4172  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:02:28.0140 4172  ACPIEC - ok
19:02:28.0187 4172  [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs            C:\WINDOWS\system32\drivers\adfs.sys
19:02:28.0328 4172  adfs - ok
19:02:28.0343 4172  adpu160m - ok
19:02:28.0421 4172  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:02:28.0625 4172  aec - ok
19:02:28.0718 4172  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:02:28.0734 4172  AFD - ok
19:02:28.0750 4172  Aha154x - ok
19:02:28.0750 4172  aic78u2 - ok
19:02:28.0765 4172  aic78xx - ok
19:02:28.0859 4172  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:02:29.0000 4172  Alerter - ok
19:02:29.0078 4172  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\WINDOWS\System32\alg.exe
19:02:29.0078 4172  ALG - ok
19:02:29.0093 4172  AliIde - ok
19:02:29.0109 4172  AMService - ok
19:02:29.0125 4172  amsint - ok
19:02:29.0359 4172  [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:02:29.0359 4172  AntiVirSchedulerService - ok
19:02:29.0468 4172  [ DF5A3016052755C910A206058B4A1729 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:02:29.0484 4172  AntiVirService - ok
19:02:29.0625 4172  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:02:29.0640 4172  Apple Mobile Device - ok
19:02:29.0734 4172  [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:02:29.0843 4172  AppMgmt - ok
19:02:29.0906 4172  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:02:30.0000 4172  Arp1394 - ok
19:02:30.0015 4172  asc - ok
19:02:30.0031 4172  asc3350p - ok
19:02:30.0046 4172  asc3550 - ok
19:02:30.0250 4172  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:02:30.0375 4172  aspnet_state - ok
19:02:30.0421 4172  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:02:30.0546 4172  AsyncMac - ok
19:02:30.0593 4172  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:02:30.0593 4172  atapi - ok
19:02:30.0609 4172  Atdisk - ok
19:02:30.0671 4172  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:02:30.0734 4172  Atmarpc - ok
19:02:30.0812 4172  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:02:30.0812 4172  AudioSrv - ok
19:02:30.0843 4172  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:02:30.0843 4172  audstub - ok
19:02:30.0906 4172  [ 87C223ADB8F7596B31CAAE3C67B16DDD ] Avc             C:\WINDOWS\system32\DRIVERS\avc.sys
19:02:30.0937 4172  Avc - ok
19:02:31.0046 4172  [ 867D73A2E43B2DDAF0B0263F88E217AC ] AVCSTRM         C:\WINDOWS\system32\DRIVERS\avcstrm.sys
19:02:31.0125 4172  AVCSTRM - ok
19:02:31.0218 4172  [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio           C:\Program Files\Avira\AntiVir Desktop\avgio.sys
19:02:31.0296 4172  avgio - ok
19:02:31.0406 4172  [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:02:31.0593 4172  avgntflt - ok
19:02:31.0656 4172  [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:02:31.0765 4172  avipbb - ok
19:02:31.0906 4172  [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:02:32.0000 4172  BCM43XX - ok
19:02:32.0125 4172  [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:02:32.0250 4172  bcm4sbxp - ok
19:02:32.0328 4172  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:02:32.0359 4172  Beep - ok
19:02:32.0484 4172  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:02:32.0546 4172  Bonjour Service - ok
19:02:32.0609 4172  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\WINDOWS\System32\browser.dll
19:02:32.0734 4172  Browser - ok
19:02:32.0828 4172  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:02:32.0875 4172  cbidf2k - ok
19:02:32.0968 4172  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:02:33.0078 4172  CCDECODE - ok
19:02:33.0093 4172  cd20xrnt - ok
19:02:33.0203 4172  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:02:33.0343 4172  Cdaudio - ok
19:02:33.0421 4172  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:02:33.0609 4172  Cdfs - ok
19:02:33.0671 4172  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:02:33.0750 4172  Cdrom - ok
19:02:33.0843 4172  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
19:02:33.0921 4172  cercsr6 - ok
19:02:33.0937 4172  Changer - ok
19:02:34.0031 4172  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:02:34.0031 4172  CiSvc - ok
19:02:34.0062 4172  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:02:34.0078 4172  ClipSrv - ok
19:02:34.0187 4172  [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:02:34.0453 4172  clr_optimization_v2.0.50727_32 - ok
19:02:34.0515 4172  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:02:34.0718 4172  clr_optimization_v4.0.30319_32 - ok
19:02:34.0812 4172  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:02:34.0875 4172  CmBatt - ok
19:02:34.0890 4172  CmdIde - ok
19:02:34.0953 4172  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:02:34.0968 4172  Compbatt - ok
19:02:34.0968 4172  COMSysApp - ok
19:02:35.0015 4172  Cpqarray - ok
19:02:35.0093 4172  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:02:35.0093 4172  CryptSvc - ok
19:02:35.0109 4172  CrystalSysInfo - ok
19:02:35.0125 4172  dac2w2k - ok
19:02:35.0140 4172  dac960nt - ok
19:02:35.0250 4172  [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:02:35.0390 4172  DcomLaunch - ok
19:02:35.0468 4172  [ 292E9EC82DF08CBDD1CC51D963F38248 ] DefragFS        C:\WINDOWS\system32\drivers\DefragFS.sys
19:02:35.0484 4172  DefragFS - ok
19:02:35.0562 4172  [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:02:35.0562 4172  Dhcp - ok
19:02:35.0640 4172  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:02:35.0640 4172  Disk - ok
19:02:35.0656 4172  dmadmin - ok
19:02:35.0781 4172  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:02:35.0953 4172  dmboot - ok
19:02:36.0031 4172  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:02:36.0031 4172  dmio - ok
19:02:36.0125 4172  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:02:36.0171 4172  dmload - ok
19:02:36.0250 4172  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:02:36.0250 4172  dmserver - ok
19:02:36.0281 4172  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:02:36.0390 4172  DMusic - ok
19:02:36.0468 4172  [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:02:36.0546 4172  Dnscache - ok
19:02:36.0562 4172  dpti2o - ok
19:02:36.0640 4172  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:02:36.0718 4172  drmkaud - ok
19:02:36.0796 4172  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:02:36.0812 4172  ERSvc - ok
19:02:36.0859 4172  [ 4712531AB7A01B7EE059853CA17D39BD ] Eventlog        C:\WINDOWS\system32\services.exe
19:02:36.0859 4172  Eventlog - ok
19:02:36.0953 4172  [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem     C:\WINDOWS\system32\es.dll
19:02:36.0968 4172  EventSystem - ok
19:02:37.0093 4172  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:02:37.0093 4172  Fastfat - ok
19:02:37.0171 4172  [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:02:37.0187 4172  FastUserSwitchingCompatibility - ok
19:02:37.0281 4172  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
19:02:37.0375 4172  Fdc - ok
19:02:37.0453 4172  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:02:37.0500 4172  Fips - ok
19:02:37.0625 4172  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:02:37.0656 4172  FLEXnet Licensing Service - ok
19:02:37.0734 4172  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:02:37.0859 4172  Flpydisk - ok
19:02:37.0937 4172  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:02:37.0953 4172  FltMgr - ok
19:02:38.0093 4172  [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:02:38.0109 4172  FontCache3.0.0.0 - ok
19:02:38.0218 4172  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:02:38.0218 4172  Fs_Rec - ok
19:02:38.0250 4172  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:02:38.0281 4172  Ftdisk - ok
19:02:38.0375 4172  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:02:38.0375 4172  GEARAspiWDM - ok
19:02:38.0375 4172  GenericMount - ok
19:02:38.0421 4172  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:02:38.0562 4172  Gpc - ok
19:02:38.0609 4172  [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:02:38.0718 4172  HDAudBus - ok
19:02:38.0859 4172  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:02:38.0906 4172  helpsvc - ok
19:02:39.0000 4172  [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ         C:\WINDOWS\System32\hidserv.dll
19:02:39.0000 4172  HidServ - ok
19:02:39.0062 4172  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:02:39.0062 4172  HidUsb - ok
19:02:39.0062 4172  hpn - ok
19:02:39.0156 4172  [ B1526810210980BED9D22315946C919D ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:02:39.0281 4172  HSFHWAZL - ok
19:02:39.0375 4172  [ DDBD528E60F5961C142A490DC4EA7780 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:02:39.0640 4172  HSF_DPV - ok
19:02:40.0531 4172  hSONYPVh - ok
19:02:40.0859 4172  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:02:40.0859 4172  HTTP - ok
19:02:40.0937 4172  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:02:40.0953 4172  HTTPFilter - ok
19:02:40.0968 4172  i2omgmt - ok
19:02:41.0000 4172  i2omp - ok
19:02:41.0062 4172  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:02:41.0125 4172  i8042prt - ok
19:02:41.0390 4172  [ 200CCA76CD0E0F7EEC78FA56C29B4D67 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:02:41.0703 4172  ialm - ok
19:02:41.0890 4172  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:02:41.0890 4172  IDriverT - ok
19:02:42.0140 4172  [ E7CC3AEAED9893A88876744CD439F76C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:02:42.0609 4172  idsvc - ok
19:02:42.0718 4172  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:02:42.0781 4172  Imapi - ok
19:02:42.0859 4172  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:02:42.0859 4172  ImapiService - ok
19:02:42.0890 4172  ini910u - ok
19:02:42.0906 4172  IntelIde - ok
19:02:42.0984 4172  [ 279FB78702454DFF2BB445F238C048D2 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:02:42.0984 4172  intelppm - ok
19:02:43.0000 4172  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:02:43.0015 4172  Ip6Fw - ok
19:02:43.0125 4172  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:02:43.0156 4172  IpFilterDriver - ok
19:02:43.0187 4172  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:02:43.0281 4172  IpInIp - ok
19:02:43.0359 4172  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:02:43.0437 4172  IpNat - ok
19:02:43.0578 4172  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:02:43.0656 4172  iPod Service - ok
19:02:43.0781 4172  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:02:43.0781 4172  IPSec - ok
19:02:43.0828 4172  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:02:43.0921 4172  IRENUM - ok
19:02:44.0031 4172  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:02:44.0031 4172  isapnp - ok
19:02:44.0140 4172  [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
19:02:44.0171 4172  JavaQuickStarterService - ok
19:02:44.0265 4172  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:02:44.0296 4172  Kbdclass - ok
19:02:44.0375 4172  [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:02:44.0421 4172  kbdhid - ok
19:02:44.0500 4172  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:02:44.0500 4172  kmixer - ok
19:02:44.0625 4172  [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:02:44.0625 4172  KSecDD - ok
19:02:44.0671 4172  [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:02:44.0718 4172  lanmanserver - ok
19:02:44.0796 4172  [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:02:44.0812 4172  lanmanworkstation - ok
19:02:44.0828 4172  Lavasoft Kernexplorer - ok
19:02:44.0843 4172  lbrtfdc - ok
19:02:44.0937 4172  [ E2F1DCF4A68CC6CF694FBFBA1842F4CD ] libusb0         C:\WINDOWS\system32\drivers\libusb0.sys
19:02:44.0937 4172  libusb0 - ok
19:02:45.0000 4172  [ 8B4B572753419FE601220526205F9455 ] libusbd         C:\WINDOWS\system32\libusbd-nt.exe
19:02:45.0000 4172  libusbd - ok
19:02:45.0093 4172  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:02:45.0156 4172  LmHosts - ok
19:02:45.0250 4172  [ 70FDDB07469C5503E8AE35F4AAEDAE94 ] LoopBeMidi1     C:\WINDOWS\system32\drivers\loopbe1.sys
19:02:45.0359 4172  LoopBeMidi1 - ok
19:02:45.0375 4172  ManyCam - ok
19:02:45.0468 4172  [ 6B5D093711EADD77C789B0150DC4879C ] MA_CMIDI        C:\WINDOWS\system32\drivers\ma_cmidi.sys
19:02:45.0562 4172  MA_CMIDI - ok
19:02:45.0640 4172  [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus          C:\WINDOWS\system32\DRIVERS\mcdbus.sys
19:02:45.0750 4172  mcdbus - ok
19:02:45.0890 4172  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:02:45.0953 4172  mdmxsdk - ok
19:02:46.0078 4172  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:02:46.0171 4172  Messenger - ok
19:02:46.0328 4172  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:02:46.0484 4172  Microsoft Office Groove Audit Service - ok
19:02:46.0531 4172  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:02:46.0546 4172  mnmdd - ok
19:02:46.0640 4172  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:02:46.0656 4172  mnmsrvc - ok
19:02:46.0703 4172  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:02:46.0828 4172  Modem - ok
19:02:46.0875 4172  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:02:47.0015 4172  Mouclass - ok
19:02:47.0078 4172  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:02:47.0187 4172  mouhid - ok
19:02:47.0218 4172  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:02:47.0234 4172  MountMgr - ok
19:02:47.0343 4172  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:02:47.0359 4172  MozillaMaintenance - ok
19:02:47.0375 4172  mraid35x - ok
19:02:47.0390 4172  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:02:47.0546 4172  MRxDAV - ok
19:02:47.0640 4172  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:02:47.0781 4172  MRxSmb - ok
19:02:47.0875 4172  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:02:47.0875 4172  MSDTC - ok
19:02:48.0031 4172  [ 6DD721DFD2648F3F6D5808B5BA6CB095 ] MSDV            C:\WINDOWS\system32\DRIVERS\msdv.sys
19:02:48.0046 4172  MSDV - ok
19:02:48.0078 4172  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:02:48.0078 4172  Msfs - ok
19:02:48.0078 4172  MSIServer - ok
19:02:48.0187 4172  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:02:48.0234 4172  MSKSSRV - ok
19:02:48.0296 4172  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:02:48.0312 4172  MSPCLOCK - ok
19:02:48.0375 4172  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:02:48.0421 4172  MSPQM - ok
19:02:48.0484 4172  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:02:48.0484 4172  mssmbios - ok
19:02:48.0578 4172  [ 74A538DEADE5EA5F9762F488C7904127 ] MSTAPE          C:\WINDOWS\system32\DRIVERS\mstape.sys
19:02:48.0625 4172  MSTAPE - ok
19:02:48.0718 4172  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
19:02:48.0796 4172  MSTEE - ok
19:02:48.0875 4172  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:02:48.0890 4172  Mup - ok
19:02:48.0953 4172  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:02:49.0062 4172  NABTSFEC - ok
19:02:49.0234 4172  [ 72DD381229BCA8961E826BA73AFE60BC ] NACAgent        C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
19:02:49.0343 4172  NACAgent - ok
19:02:49.0421 4172  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:02:49.0421 4172  NDIS - ok
19:02:49.0468 4172  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:02:49.0562 4172  NdisIP - ok
19:02:49.0625 4172  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:02:49.0703 4172  NdisTapi - ok
19:02:49.0796 4172  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:02:49.0796 4172  Ndisuio - ok
19:02:49.0843 4172  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:02:49.0984 4172  NdisWan - ok
19:02:50.0078 4172  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:02:50.0140 4172  NDProxy - ok
19:02:50.0203 4172  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:02:50.0203 4172  NetBIOS - ok
19:02:50.0234 4172  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:02:50.0453 4172  NetBT - ok
19:02:50.0593 4172  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:02:50.0718 4172  NetDDE - ok
19:02:50.0718 4172  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:02:50.0734 4172  NetDDEdsdm - ok
19:02:50.0828 4172  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:02:50.0828 4172  Netlogon - ok
19:02:50.0859 4172  [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman          C:\WINDOWS\System32\netman.dll
19:02:50.0875 4172  Netman - ok
19:02:50.0953 4172  [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:02:51.0125 4172  NetTcpPortSharing - ok
19:02:51.0234 4172  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:02:51.0281 4172  NIC1394 - ok
19:02:51.0421 4172  [ 097722F235A1FB698BF9234E01B52637 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:02:51.0437 4172  Nla - ok
19:02:51.0515 4172  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:02:51.0515 4172  Npfs - ok
19:02:51.0562 4172  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:02:51.0593 4172  Ntfs - ok
19:02:51.0640 4172  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:02:51.0656 4172  NtLmSsp - ok
19:02:51.0687 4172  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:02:51.0828 4172  NtmsSvc - ok
19:02:51.0890 4172  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:02:51.0968 4172  Null - ok
19:02:52.0000 4172  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:02:52.0156 4172  NwlnkFlt - ok
19:02:52.0187 4172  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:02:52.0250 4172  NwlnkFwd - ok
19:02:52.0421 4172  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:02:52.0453 4172  odserv - ok
19:02:52.0515 4172  [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:02:52.0531 4172  ohci1394 - ok
19:02:52.0562 4172  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:02:52.0718 4172  ose - ok
19:02:52.0828 4172  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
19:02:52.0875 4172  Parport - ok
19:02:52.0906 4172  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:02:52.0921 4172  PartMgr - ok
19:02:53.0015 4172  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:02:53.0046 4172  ParVdm - ok
19:02:53.0078 4172  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:02:53.0078 4172  PCI - ok
19:02:53.0093 4172  PCIDump - ok
19:02:53.0156 4172  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:02:53.0156 4172  PCIIde - ok
19:02:53.0203 4172  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:02:53.0203 4172  Pcmcia - ok
19:02:53.0359 4172  [ 96513824281F718DF711E04D363059F1 ] PDAgent         C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
19:02:53.0390 4172  PDAgent - ok
19:02:53.0406 4172  PDCOMP - ok
19:02:53.0484 4172  [ 615AA92539B09FC1FE8ED373C31C5D20 ] PDEngine        C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
19:02:53.0515 4172  PDEngine - ok
19:02:53.0531 4172  PDFRAME - ok
19:02:53.0546 4172  PDRELI - ok
19:02:53.0546 4172  PDRFRAME - ok
19:02:53.0562 4172  perc2 - ok
19:02:53.0578 4172  perc2hib - ok
19:02:53.0843 4172  [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart  C:\ComboFix\pev.3XE
19:02:53.0906 4172  PEVSystemStart - ok
19:02:53.0968 4172  [ 4712531AB7A01B7EE059853CA17D39BD ] PlugPlay        C:\WINDOWS\system32\services.exe
19:02:54.0000 4172  PlugPlay - ok
19:02:54.0031 4172  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:02:54.0031 4172  PolicyAgent - ok
19:02:54.0062 4172  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:02:54.0218 4172  PptpMiniport - ok
19:02:54.0234 4172  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:02:54.0234 4172  ProtectedStorage - ok
19:02:54.0265 4172  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:02:54.0390 4172  PSched - ok
19:02:54.0421 4172  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:02:54.0468 4172  Ptilink - ok
19:02:54.0468 4172  ql1080 - ok
19:02:54.0484 4172  Ql10wnt - ok
19:02:54.0500 4172  ql12160 - ok
19:02:54.0515 4172  ql1240 - ok
19:02:54.0531 4172  ql1280 - ok
19:02:54.0609 4172  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:02:54.0671 4172  RasAcd - ok
19:02:54.0781 4172  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:02:54.0828 4172  RasAuto - ok
19:02:54.0859 4172  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:02:55.0000 4172  Rasl2tp - ok
19:02:55.0031 4172  [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:02:55.0062 4172  RasMan - ok
19:02:55.0109 4172  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:02:55.0171 4172  RasPppoe - ok
19:02:55.0218 4172  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:02:55.0328 4172  Raspti - ok
19:02:55.0390 4172  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:02:55.0406 4172  Rdbss - ok
19:02:55.0468 4172  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:02:55.0500 4172  RDPCDD - ok
19:02:55.0625 4172  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:02:55.0734 4172  rdpdr - ok
19:02:55.0843 4172  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:02:55.0906 4172  RDPWD - ok
19:02:56.0000 4172  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:02:56.0000 4172  RDSessMgr - ok
19:02:56.0046 4172  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:02:56.0125 4172  redbook - ok
19:02:56.0265 4172  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:02:56.0328 4172  RemoteAccess - ok
19:02:56.0437 4172  [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:02:56.0515 4172  RemoteRegistry - ok
19:02:56.0625 4172  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:02:56.0640 4172  RpcLocator - ok
19:02:56.0765 4172  [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:02:56.0812 4172  RpcSs - ok
19:02:56.0906 4172  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:02:56.0906 4172  RSVP - ok
19:02:56.0953 4172  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:02:56.0953 4172  SamSs - ok
19:02:57.0078 4172  [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:02:57.0140 4172  SASDIFSV - ok
19:02:57.0203 4172  [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM         C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
19:02:57.0250 4172  SASENUM - ok
19:02:57.0328 4172  [ 67D2688756DD304AF655349BAAD82BFF ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:02:57.0421 4172  SASKUTIL - ok
19:02:57.0546 4172  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:02:57.0562 4172  SCardSvr - ok
19:02:57.0625 4172  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:02:57.0640 4172  Schedule - ok
19:02:57.0703 4172  [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:02:57.0765 4172  sdbus - ok
19:02:57.0843 4172  [ 314A998B1732C1ACD6B6459EC9961AD8 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:02:57.0875 4172  Secdrv - ok
19:02:57.0921 4172  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:02:57.0937 4172  seclogon - ok
19:02:58.0000 4172  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\WINDOWS\system32\sens.dll
19:02:58.0000 4172  SENS - ok
19:02:58.0046 4172  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
19:02:58.0109 4172  Serial - ok
19:02:58.0203 4172  [ 1D9F1BEC651815741F088A8FB88E17EE ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
19:02:58.0234 4172  sffdisk - ok
19:02:58.0328 4172  [ 586499FD312FFD7F78553F408E71682E ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
19:02:58.0437 4172  sffp_sd - ok
19:02:58.0468 4172  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:02:58.0578 4172  Sfloppy - ok
19:02:58.0640 4172  [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:02:58.0640 4172  ShellHWDetection - ok
19:02:58.0656 4172  Simbad - ok
19:02:58.0765 4172  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:02:58.0812 4172  SLIP - ok
19:02:58.0843 4172  Sparrow - ok
19:02:59.0031 4172  [ FF10A385061128C9134E5288E709E4B0 ] SplashtopRemoteService C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
19:02:59.0078 4172  SplashtopRemoteService - ok
19:02:59.0093 4172  SPLITCAM - ok
19:02:59.0187 4172  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:02:59.0187 4172  splitter - ok
19:02:59.0203 4172  [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:02:59.0218 4172  Spooler - ok
19:02:59.0343 4172  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:02:59.0343 4172  sr - ok
19:02:59.0406 4172  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:02:59.0453 4172  srservice - ok
19:02:59.0562 4172  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:02:59.0593 4172  Srv - ok
19:02:59.0703 4172  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:02:59.0796 4172  SSDPSRV - ok
19:02:59.0890 4172  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:02:59.0953 4172  ssmdrv - ok
19:03:00.0109 4172  [ 1CFA4A1F3C7BB4C8F299E00428EB8677 ] SSUService      C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
19:03:00.0125 4172  SSUService - ok
19:03:00.0250 4172  [ 951801DFB54D86F611F0AF47825476F9 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
19:03:00.0484 4172  STHDA - ok
19:03:00.0546 4172  [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:03:00.0546 4172  stisvc - ok
19:03:00.0593 4172  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:03:00.0593 4172  streamip - ok
19:03:00.0625 4172  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:03:00.0687 4172  swenum - ok
19:03:00.0734 4172  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:03:00.0765 4172  swmidi - ok
19:03:00.0781 4172  SwPrv - ok
19:03:00.0796 4172  symc810 - ok
19:03:00.0812 4172  symc8xx - ok
19:03:00.0812 4172  sym_hi - ok
19:03:00.0828 4172  sym_u3 - ok
19:03:00.0890 4172  [ 936CD58395D36659BB798B961EF7357F ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:03:00.0937 4172  SynTP - ok
19:03:01.0015 4172  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:03:01.0093 4172  sysaudio - ok
19:03:01.0156 4172  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:03:01.0171 4172  SysmonLog - ok
19:03:02.0765 4172  [ C9D5FA17200768EF92538F1F95735A2E ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
19:03:03.0046 4172  TabletServicePen - ok
19:03:03.0171 4172  [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:03:03.0203 4172  TapiSrv - ok
19:03:03.0312 4172  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:03:03.0500 4172  Tcpip - ok
19:03:03.0562 4172  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:03:03.0640 4172  TDPIPE - ok
19:03:03.0671 4172  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:03:03.0687 4172  TDTCP - ok
19:03:03.0750 4172  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:03:03.0796 4172  TermDD - ok
19:03:03.0921 4172  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:03:03.0921 4172  TermService - ok
19:03:03.0984 4172  [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:03:04.0000 4172  Themes - ok
19:03:04.0078 4172  [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:03:04.0093 4172  TlntSvr - ok
19:03:04.0109 4172  TosIde - ok
19:03:04.0250 4172  [ 8D83C60DE67C2DB212452D8EBE7CA196 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
19:03:04.0281 4172  TouchServicePen - ok
19:03:04.0421 4172  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:03:04.0421 4172  TrkWks - ok
19:03:04.0546 4172  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:03:04.0546 4172  Udfs - ok
19:03:04.0656 4172  [ 16264D4A7F052A7CC516B23E00B14213 ] UimBus          C:\WINDOWS\system32\DRIVERS\UimBus.sys
19:03:04.0828 4172  UimBus - ok
19:03:04.0921 4172  [ 811E4296913821CE402B9E6629740350 ] Uim_IM          C:\WINDOWS\system32\Drivers\Uim_IM.sys
19:03:05.0031 4172  Uim_IM - ok
19:03:05.0109 4172  [ 679B92294C3CBB4BCFC40AA1C8521062 ] UKS11LDR        C:\WINDOWS\system32\drivers\uks11ldr.sys
19:03:05.0109 4172  UKS11LDR - ok
19:03:05.0140 4172  ultra - ok
19:03:05.0234 4172  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
19:03:05.0234 4172  UMWdf - ok
19:03:05.0296 4172  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:03:05.0453 4172  Update - ok
19:03:05.0546 4172  [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:03:05.0687 4172  upnphost - ok
19:03:05.0718 4172  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\WINDOWS\System32\ups.exe
19:03:05.0734 4172  UPS - ok
19:03:05.0828 4172  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
19:03:05.0921 4172  USBAAPL - ok
19:03:06.0031 4172  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
19:03:06.0078 4172  usbaudio - ok
19:03:06.0171 4172  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:03:06.0171 4172  usbccgp - ok
19:03:06.0218 4172  [ 708579B01FED227AADB393CB0C3B4A2C ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:03:06.0218 4172  usbehci - ok
19:03:06.0312 4172  [ ACE960E54148821E8E48F5D191562C28 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:03:06.0359 4172  usbhub - ok
19:03:06.0468 4172  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:03:06.0515 4172  usbscan - ok
19:03:06.0656 4172  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:03:06.0656 4172  USBSTOR - ok
19:03:06.0703 4172  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:03:06.0703 4172  usbuhci - ok
19:03:06.0843 4172  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
19:03:06.0843 4172  usbvideo - ok
19:03:06.0890 4172  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:03:07.0000 4172  VgaSave - ok
19:03:07.0015 4172  ViaIde - ok
19:03:07.0062 4172  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:03:07.0078 4172  VolSnap - ok
19:03:07.0156 4172  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\WINDOWS\System32\vssvc.exe
19:03:07.0171 4172  VSS - ok
19:03:07.0187 4172  W32Serv - ok
19:03:07.0328 4172  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
19:03:07.0343 4172  W32Time - ok
19:03:07.0468 4172  [ F24EE97511FB901189E11CBBD51605BA ] wacmoumonitor   C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
19:03:07.0468 4172  wacmoumonitor - ok
19:03:07.0515 4172  [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
19:03:07.0562 4172  wacommousefilter - ok
19:03:07.0656 4172  [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid       C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
19:03:07.0656 4172  wacomvhid - ok
19:03:07.0687 4172  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:03:07.0812 4172  Wanarp - ok
19:03:07.0921 4172  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
19:03:08.0046 4172  Wdf01000 - ok
19:03:08.0062 4172  WDICA - ok
19:03:08.0125 4172  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:03:08.0125 4172  wdmaud - ok
19:03:08.0171 4172  [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:03:08.0296 4172  WebClient - ok
19:03:08.0421 4172  [ 96AFF1738271755A39B52EEF7E35F98F ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:03:08.0546 4172  winachsf - ok
19:03:08.0703 4172  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:03:08.0718 4172  winmgmt - ok
19:03:08.0750 4172  wltrysvc - ok
19:03:08.0796 4172  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:03:09.0109 4172  WmdmPmSN - ok
19:03:09.0156 4172  [ E8E57B0F9EB03D1AABEC28D550C75116 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:03:09.0187 4172  Wmi - ok
19:03:09.0250 4172  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:03:09.0265 4172  WmiAcpi - ok
19:03:09.0359 4172  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:03:09.0375 4172  WmiApSrv - ok
19:03:09.0437 4172  [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
19:03:09.0453 4172  WpdUsb - ok
19:03:09.0937 4172  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:03:09.0968 4172  WPFFontCache_v0400 - ok
19:03:10.0062 4172  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:03:10.0109 4172  WS2IFSL - ok
19:03:10.0125 4172  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:03:10.0140 4172  WSTCODEC - ok
19:03:10.0218 4172  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:03:10.0296 4172  WZCSVC - ok
19:03:10.0359 4172  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:03:10.0437 4172  xmlprov - ok
19:03:10.0484 4172  ================ Scan global ===============================
19:03:10.0562 4172  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
19:03:10.0687 4172  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
19:03:10.0718 4172  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
19:03:10.0781 4172  [ 4712531AB7A01B7EE059853CA17D39BD ] C:\WINDOWS\system32\services.exe
19:03:10.0781 4172  [Global] - ok
19:03:10.0781 4172  ================ Scan MBR ==================================
19:03:10.0890 4172  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:03:10.0890 4172  Suspicious mbr (NoAccess): \Device\Harddisk0\DR0
19:03:10.0921 4172  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
19:03:10.0921 4172  \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
19:03:10.0953 4172  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
19:03:10.0968 4172  \Device\Harddisk1\DR3 - ok
19:03:10.0968 4172  ================ Scan VBR ==================================
19:03:11.0015 4172  [ 272293983AC3216402EFB8D21609DEF6 ] \Device\Harddisk0\DR0\Partition1
19:03:11.0031 4172  \Device\Harddisk0\DR0\Partition1 - ok
19:03:11.0031 4172  [ 88D4D6BF121381C1CFEA1B29A66B31E5 ] \Device\Harddisk1\DR3\Partition1
19:03:11.0046 4172  \Device\Harddisk1\DR3\Partition1 - ok
19:03:11.0046 4172  ============================================================
19:03:11.0046 4172  Scan finished
19:03:11.0046 4172  ============================================================
19:03:11.0062 4164  Detected object count: 1
19:03:11.0062 4164  Actual detected object count: 1
19:04:11.0968 4164  \Device\Harddisk0\DR0\# - copied to quarantine
19:04:12.0000 4164  \Device\Harddisk0\DR0 - copied to quarantine
19:04:12.0437 4164  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
19:04:12.0531 4164  \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
19:04:12.0843 4164  \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
19:04:12.0859 4164  \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
19:04:12.0890 4164  \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
19:04:12.0937 4164  \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
19:04:13.0015 4164  \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
19:04:13.0109 4164  \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
19:04:13.0171 4164  \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
19:04:13.0250 4164  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:04:13.0343 4164  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:04:13.0718 4164  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:04:13.0796 4164  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:04:13.0953 4164  \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
19:04:14.0078 4164  \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
19:04:14.0250 4164  \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
19:04:14.0359 4164  \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
19:04:14.0484 4164  \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
19:04:14.0578 4164  \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
19:04:14.0640 4164  \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
19:04:14.0734 4164  \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
19:04:14.0859 4164  \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
19:04:15.0171 4164  \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
19:04:15.0296 4164  \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
19:04:15.0968 4164  \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
19:04:16.0500 4164  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
19:04:16.0531 4164  \Device\Harddisk0\DR0 - ok
19:04:16.0609 4164  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure 
19:04:32.0781 0472  Deinitialize success


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:58 AM

Posted 20 October 2012 - 09:34 PM

Run TDSSkiller again and post the clean log

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 CaptainComedy

CaptainComedy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 21 October 2012 - 04:54 AM

TDSS Killer Log

22:36:42.0750 2816  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:36:43.0562 2816  ============================================================
22:36:43.0562 2816  Current date / time: 2012/10/20 22:36:43.0562
22:36:43.0562 2816  SystemInfo:
22:36:43.0562 2816  
22:36:43.0562 2816  OS Version: 5.1.2600 ServicePack: 2.0
22:36:43.0562 2816  Product type: Workstation
22:36:43.0562 2816  ComputerName: JAMESLAPPYTOP
22:36:43.0562 2816  UserName: James
22:36:43.0562 2816  Windows directory: C:\WINDOWS
22:36:43.0562 2816  System windows directory: C:\WINDOWS
22:36:43.0562 2816  Processor architecture: Intel x86
22:36:43.0562 2816  Number of processors: 2
22:36:43.0562 2816  Page size: 0x1000
22:36:43.0562 2816  Boot type: Normal boot
22:36:43.0562 2816  ============================================================
22:36:48.0890 2816  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:36:48.0984 2816  Drive \Device\Harddisk1\DR2 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:36:54.0859 2816  ============================================================
22:36:54.0859 2816  \Device\Harddisk0\DR0:
22:36:54.0859 2816  MBR partitions:
22:36:54.0859 2816  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385800
22:36:54.0859 2816  \Device\Harddisk1\DR2:
22:36:54.0859 2816  MBR partitions:
22:36:54.0859 2816  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
22:36:54.0859 2816  ============================================================
22:36:54.0906 2816  C: <-> \Device\Harddisk0\DR0\Partition1
22:36:54.0937 2816  F: <-> \Device\Harddisk1\DR2\Partition1
22:36:54.0953 2816  ============================================================
22:36:54.0953 2816  Initialize success
22:36:54.0953 2816  ============================================================
22:37:12.0828 3824  ============================================================
22:37:12.0828 3824  Scan started
22:37:12.0828 3824  Mode: Manual; 
22:37:12.0828 3824  ============================================================
22:37:15.0203 3824  ================ Scan system memory ========================
22:37:15.0203 3824  System memory - ok
22:37:15.0203 3824  ================ Scan services =============================
22:37:15.0421 3824  [ 86D7B1E70661D754685B9AC6D749AAE5 ] 61883           C:\WINDOWS\system32\DRIVERS\61883.sys
22:37:15.0468 3824  61883 - ok
22:37:15.0484 3824  Abiosdsk - ok
22:37:15.0484 3824  abp480n5 - ok
22:37:15.0546 3824  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:37:15.0546 3824  ACPI - ok
22:37:15.0593 3824  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
22:37:15.0656 3824  ACPIEC - ok
22:37:15.0687 3824  [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs            C:\WINDOWS\system32\drivers\adfs.sys
22:37:15.0750 3824  adfs - ok
22:37:15.0750 3824  adpu160m - ok
22:37:15.0812 3824  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
22:37:15.0890 3824  aec - ok
22:37:15.0937 3824  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
22:37:16.0031 3824  AFD - ok
22:37:16.0031 3824  Aha154x - ok
22:37:16.0046 3824  aic78u2 - ok
22:37:16.0062 3824  aic78xx - ok
22:37:16.0109 3824  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
22:37:16.0203 3824  Alerter - ok
22:37:16.0234 3824  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\WINDOWS\System32\alg.exe
22:37:16.0234 3824  ALG - ok
22:37:16.0234 3824  AliIde - ok
22:37:16.0250 3824  AMService - ok
22:37:16.0265 3824  amsint - ok
22:37:16.0453 3824  [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:37:16.0531 3824  AntiVirSchedulerService - ok
22:37:16.0609 3824  [ DF5A3016052755C910A206058B4A1729 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:37:16.0718 3824  AntiVirService - ok
22:37:16.0843 3824  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:37:16.0921 3824  Apple Mobile Device - ok
22:37:16.0984 3824  [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
22:37:17.0031 3824  AppMgmt - ok
22:37:17.0062 3824  [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:37:17.0125 3824  Arp1394 - ok
22:37:17.0140 3824  asc - ok
22:37:17.0140 3824  asc3350p - ok
22:37:17.0156 3824  asc3550 - ok
22:37:17.0343 3824  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:37:17.0390 3824  aspnet_state - ok
22:37:17.0421 3824  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:37:17.0453 3824  AsyncMac - ok
22:37:17.0500 3824  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
22:37:17.0500 3824  atapi - ok
22:37:17.0500 3824  Atdisk - ok
22:37:17.0562 3824  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:37:17.0609 3824  Atmarpc - ok
22:37:17.0640 3824  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
22:37:17.0703 3824  AudioSrv - ok
22:37:17.0750 3824  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
22:37:17.0781 3824  audstub - ok
22:37:17.0812 3824  [ 87C223ADB8F7596B31CAAE3C67B16DDD ] Avc             C:\WINDOWS\system32\DRIVERS\avc.sys
22:37:17.0843 3824  Avc - ok
22:37:17.0875 3824  [ 867D73A2E43B2DDAF0B0263F88E217AC ] AVCSTRM         C:\WINDOWS\system32\DRIVERS\avcstrm.sys
22:37:17.0906 3824  AVCSTRM - ok
22:37:17.0953 3824  [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio           C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:37:17.0984 3824  avgio - ok
22:37:18.0046 3824  [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:37:18.0093 3824  avgntflt - ok
22:37:18.0140 3824  [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:37:18.0187 3824  avipbb - ok
22:37:18.0265 3824  [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:37:18.0281 3824  BCM43XX - ok
22:37:18.0328 3824  [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
22:37:18.0375 3824  bcm4sbxp - ok
22:37:18.0437 3824  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:37:18.0468 3824  Beep - ok
22:37:18.0531 3824  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:37:18.0593 3824  Bonjour Service - ok
22:37:18.0656 3824  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\WINDOWS\System32\browser.dll
22:37:18.0703 3824  Browser - ok
22:37:18.0750 3824  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
22:37:18.0796 3824  cbidf2k - ok
22:37:18.0875 3824  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:37:18.0906 3824  CCDECODE - ok
22:37:18.0906 3824  cd20xrnt - ok
22:37:18.0968 3824  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
22:37:19.0046 3824  Cdaudio - ok
22:37:19.0078 3824  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
22:37:19.0156 3824  Cdfs - ok
22:37:19.0203 3824  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:37:19.0250 3824  Cdrom - ok
22:37:19.0296 3824  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
22:37:19.0343 3824  cercsr6 - ok
22:37:19.0359 3824  Changer - ok
22:37:19.0390 3824  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
22:37:19.0390 3824  CiSvc - ok
22:37:19.0390 3824  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
22:37:19.0390 3824  ClipSrv - ok
22:37:19.0484 3824  [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:37:19.0609 3824  clr_optimization_v2.0.50727_32 - ok
22:37:19.0671 3824  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:37:19.0890 3824  clr_optimization_v4.0.30319_32 - ok
22:37:19.0953 3824  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:37:19.0968 3824  CmBatt - ok
22:37:19.0984 3824  CmdIde - ok
22:37:20.0000 3824  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:37:20.0031 3824  Compbatt - ok
22:37:20.0046 3824  COMSysApp - ok
22:37:20.0062 3824  Cpqarray - ok
22:37:20.0109 3824  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
22:37:20.0140 3824  CryptSvc - ok
22:37:20.0156 3824  CrystalSysInfo - ok
22:37:20.0156 3824  dac2w2k - ok
22:37:20.0171 3824  dac960nt - ok
22:37:20.0234 3824  [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:37:20.0359 3824  DcomLaunch - ok
22:37:20.0406 3824  [ 292E9EC82DF08CBDD1CC51D963F38248 ] DefragFS        C:\WINDOWS\system32\drivers\DefragFS.sys
22:37:20.0468 3824  DefragFS - ok
22:37:20.0531 3824  [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
22:37:20.0531 3824  Dhcp - ok
22:37:20.0546 3824  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
22:37:20.0609 3824  Disk - ok
22:37:20.0609 3824  dmadmin - ok
22:37:20.0687 3824  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
22:37:20.0796 3824  dmboot - ok
22:37:20.0828 3824  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
22:37:20.0859 3824  dmio - ok
22:37:20.0906 3824  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
22:37:20.0937 3824  dmload - ok
22:37:20.0968 3824  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\WINDOWS\System32\dmserver.dll
22:37:21.0000 3824  dmserver - ok
22:37:21.0062 3824  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
22:37:21.0109 3824  DMusic - ok
22:37:21.0156 3824  [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:37:21.0203 3824  Dnscache - ok
22:37:21.0203 3824  dpti2o - ok
22:37:21.0265 3824  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:37:21.0296 3824  drmkaud - ok
22:37:21.0328 3824  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\WINDOWS\System32\ersvc.dll
22:37:21.0359 3824  ERSvc - ok
22:37:21.0406 3824  [ 4712531AB7A01B7EE059853CA17D39BD ] Eventlog        C:\WINDOWS\system32\services.exe
22:37:21.0406 3824  Eventlog - ok
22:37:21.0484 3824  [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem     C:\WINDOWS\system32\es.dll
22:37:21.0546 3824  EventSystem - ok
22:37:21.0593 3824  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
22:37:21.0640 3824  Fastfat - ok
22:37:21.0687 3824  [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:37:21.0781 3824  FastUserSwitchingCompatibility - ok
22:37:21.0875 3824  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
22:37:21.0890 3824  Fdc - ok
22:37:21.0921 3824  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
22:37:21.0984 3824  Fips - ok
22:37:22.0046 3824  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:37:22.0125 3824  FLEXnet Licensing Service - ok
22:37:22.0156 3824  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
22:37:22.0171 3824  Flpydisk - ok
22:37:22.0234 3824  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:37:22.0281 3824  FltMgr - ok
22:37:22.0406 3824  [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:37:22.0406 3824  FontCache3.0.0.0 - ok
22:37:22.0437 3824  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:37:22.0484 3824  Fs_Rec - ok
22:37:22.0500 3824  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:37:22.0531 3824  Ftdisk - ok
22:37:22.0593 3824  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:37:22.0625 3824  GEARAspiWDM - ok
22:37:22.0625 3824  GenericMount - ok
22:37:22.0656 3824  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:37:22.0718 3824  Gpc - ok
22:37:22.0765 3824  [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:37:22.0781 3824  HDAudBus - ok
22:37:22.0890 3824  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:37:22.0937 3824  helpsvc - ok
22:37:22.0984 3824  [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ         C:\WINDOWS\System32\hidserv.dll
22:37:23.0031 3824  HidServ - ok
22:37:23.0078 3824  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:37:23.0109 3824  HidUsb - ok
22:37:23.0109 3824  hpn - ok
22:37:23.0171 3824  [ B1526810210980BED9D22315946C919D ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:37:23.0218 3824  HSFHWAZL - ok
22:37:23.0281 3824  [ DDBD528E60F5961C142A490DC4EA7780 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:37:23.0375 3824  HSF_DPV - ok
22:37:23.0875 3824  hSONYPVh - ok
22:37:24.0078 3824  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
22:37:24.0093 3824  HTTP - ok
22:37:24.0140 3824  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
22:37:24.0156 3824  HTTPFilter - ok
22:37:24.0156 3824  i2omgmt - ok
22:37:24.0171 3824  i2omp - ok
22:37:24.0218 3824  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:37:24.0250 3824  i8042prt - ok
22:37:24.0437 3824  [ 200CCA76CD0E0F7EEC78FA56C29B4D67 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:37:24.0703 3824  ialm - ok
22:37:24.0859 3824  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:37:24.0937 3824  IDriverT - ok
22:37:25.0125 3824  [ E7CC3AEAED9893A88876744CD439F76C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:37:25.0312 3824  idsvc - ok
22:37:25.0375 3824  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
22:37:25.0406 3824  Imapi - ok
22:37:25.0437 3824  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
22:37:25.0437 3824  ImapiService - ok
22:37:25.0453 3824  ini910u - ok
22:37:25.0468 3824  IntelIde - ok
22:37:25.0500 3824  [ 279FB78702454DFF2BB445F238C048D2 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:37:25.0500 3824  intelppm - ok
22:37:25.0515 3824  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:37:25.0562 3824  Ip6Fw - ok
22:37:25.0609 3824  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:37:25.0656 3824  IpFilterDriver - ok
22:37:25.0687 3824  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:37:25.0718 3824  IpInIp - ok
22:37:25.0750 3824  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:37:25.0796 3824  IpNat - ok
22:37:25.0875 3824  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:37:25.0953 3824  iPod Service - ok
22:37:26.0000 3824  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:37:26.0046 3824  IPSec - ok
22:37:26.0093 3824  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
22:37:26.0125 3824  IRENUM - ok
22:37:26.0171 3824  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:37:26.0234 3824  isapnp - ok
22:37:26.0328 3824  [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
22:37:26.0421 3824  JavaQuickStarterService - ok
22:37:26.0500 3824  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:37:26.0531 3824  Kbdclass - ok
22:37:26.0578 3824  [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:37:26.0609 3824  kbdhid - ok
22:37:26.0640 3824  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
22:37:26.0656 3824  kmixer - ok
22:37:26.0671 3824  [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
22:37:26.0718 3824  KSecDD - ok
22:37:26.0765 3824  [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
22:37:26.0812 3824  lanmanserver - ok
22:37:26.0875 3824  [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:37:26.0921 3824  lanmanworkstation - ok
22:37:26.0921 3824  Lavasoft Kernexplorer - ok
22:37:26.0937 3824  lbrtfdc - ok
22:37:27.0000 3824  [ E2F1DCF4A68CC6CF694FBFBA1842F4CD ] libusb0         C:\WINDOWS\system32\drivers\libusb0.sys
22:37:27.0031 3824  libusb0 - ok
22:37:27.0062 3824  [ 8B4B572753419FE601220526205F9455 ] libusbd         C:\WINDOWS\system32\libusbd-nt.exe
22:37:27.0078 3824  libusbd - ok
22:37:27.0109 3824  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
22:37:27.0156 3824  LmHosts - ok
22:37:27.0203 3824  [ 70FDDB07469C5503E8AE35F4AAEDAE94 ] LoopBeMidi1     C:\WINDOWS\system32\drivers\loopbe1.sys
22:37:27.0234 3824  LoopBeMidi1 - ok
22:37:27.0234 3824  ManyCam - ok
22:37:27.0296 3824  [ 6B5D093711EADD77C789B0150DC4879C ] MA_CMIDI        C:\WINDOWS\system32\drivers\ma_cmidi.sys
22:37:27.0343 3824  MA_CMIDI - ok
22:37:27.0390 3824  [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus          C:\WINDOWS\system32\DRIVERS\mcdbus.sys
22:37:27.0421 3824  mcdbus - ok
22:37:27.0484 3824  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:37:27.0500 3824  mdmxsdk - ok
22:37:27.0546 3824  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
22:37:27.0593 3824  Messenger - ok
22:37:27.0703 3824  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:37:27.0750 3824  Microsoft Office Groove Audit Service - ok
22:37:27.0812 3824  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
22:37:27.0843 3824  mnmdd - ok
22:37:27.0906 3824  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
22:37:27.0906 3824  mnmsrvc - ok
22:37:27.0953 3824  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
22:37:27.0953 3824  Modem - ok
22:37:28.0000 3824  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:37:28.0031 3824  Mouclass - ok
22:37:28.0093 3824  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:37:28.0125 3824  mouhid - ok
22:37:28.0156 3824  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
22:37:28.0203 3824  MountMgr - ok
22:37:28.0296 3824  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:37:28.0296 3824  MozillaMaintenance - ok
22:37:28.0296 3824  mraid35x - ok
22:37:28.0312 3824  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:37:28.0375 3824  MRxDAV - ok
22:37:28.0437 3824  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:37:28.0515 3824  MRxSmb - ok
22:37:28.0562 3824  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
22:37:28.0562 3824  MSDTC - ok
22:37:28.0640 3824  [ 6DD721DFD2648F3F6D5808B5BA6CB095 ] MSDV            C:\WINDOWS\system32\DRIVERS\msdv.sys
22:37:28.0687 3824  MSDV - ok
22:37:28.0718 3824  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:37:28.0750 3824  Msfs - ok
22:37:28.0765 3824  MSIServer - ok
22:37:28.0812 3824  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:37:28.0859 3824  MSKSSRV - ok
22:37:28.0906 3824  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:37:28.0937 3824  MSPCLOCK - ok
22:37:28.0968 3824  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:37:29.0000 3824  MSPQM - ok
22:37:29.0062 3824  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:37:29.0062 3824  mssmbios - ok
22:37:29.0109 3824  [ 74A538DEADE5EA5F9762F488C7904127 ] MSTAPE          C:\WINDOWS\system32\DRIVERS\mstape.sys
22:37:29.0140 3824  MSTAPE - ok
22:37:29.0187 3824  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:37:29.0218 3824  MSTEE - ok
22:37:29.0250 3824  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
22:37:29.0296 3824  Mup - ok
22:37:29.0343 3824  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:37:29.0375 3824  NABTSFEC - ok
22:37:29.0500 3824  [ 72DD381229BCA8961E826BA73AFE60BC ] NACAgent        C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
22:37:29.0687 3824  NACAgent - ok
22:37:29.0718 3824  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
22:37:29.0796 3824  NDIS - ok
22:37:29.0812 3824  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:37:29.0859 3824  NdisIP - ok
22:37:29.0906 3824  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:37:29.0921 3824  NdisTapi - ok
22:37:29.0984 3824  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:37:30.0000 3824  Ndisuio - ok
22:37:30.0046 3824  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:37:30.0093 3824  NdisWan - ok
22:37:30.0125 3824  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:37:30.0171 3824  NDProxy - ok
22:37:30.0203 3824  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:37:30.0250 3824  NetBIOS - ok
22:37:30.0281 3824  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:37:30.0328 3824  NetBT - ok
22:37:30.0375 3824  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\WINDOWS\system32\netdde.exe
22:37:30.0437 3824  NetDDE - ok
22:37:30.0437 3824  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
22:37:30.0437 3824  NetDDEdsdm - ok
22:37:30.0500 3824  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:37:30.0500 3824  Netlogon - ok
22:37:30.0531 3824  [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman          C:\WINDOWS\System32\netman.dll
22:37:30.0546 3824  Netman - ok
22:37:30.0578 3824  [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:37:30.0671 3824  NetTcpPortSharing - ok
22:37:30.0703 3824  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:37:30.0703 3824  NIC1394 - ok
22:37:30.0765 3824  [ 097722F235A1FB698BF9234E01B52637 ] Nla             C:\WINDOWS\System32\mswsock.dll
22:37:30.0781 3824  Nla - ok
22:37:30.0812 3824  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:37:30.0859 3824  Npfs - ok
22:37:30.0890 3824  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:37:30.0968 3824  Ntfs - ok
22:37:31.0000 3824  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
22:37:31.0000 3824  NtLmSsp - ok
22:37:31.0046 3824  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
22:37:31.0093 3824  NtmsSvc - ok
22:37:31.0125 3824  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:37:31.0156 3824  Null - ok
22:37:31.0203 3824  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:37:31.0296 3824  NwlnkFlt - ok
22:37:31.0328 3824  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:37:31.0359 3824  NwlnkFwd - ok
22:37:31.0468 3824  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:37:31.0531 3824  odserv - ok
22:37:31.0546 3824  [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:37:31.0546 3824  ohci1394 - ok
22:37:31.0593 3824  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:37:31.0640 3824  ose - ok
22:37:31.0718 3824  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
22:37:31.0750 3824  Parport - ok
22:37:31.0781 3824  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
22:37:31.0828 3824  PartMgr - ok
22:37:31.0875 3824  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
22:37:31.0890 3824  ParVdm - ok
22:37:31.0937 3824  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
22:37:31.0984 3824  PCI - ok
22:37:31.0984 3824  PCIDump - ok
22:37:32.0015 3824  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
22:37:32.0046 3824  PCIIde - ok
22:37:32.0093 3824  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
22:37:32.0140 3824  Pcmcia - ok
22:37:32.0250 3824  [ 96513824281F718DF711E04D363059F1 ] PDAgent         C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
22:37:32.0343 3824  PDAgent - ok
22:37:32.0343 3824  PDCOMP - ok
22:37:32.0406 3824  [ 615AA92539B09FC1FE8ED373C31C5D20 ] PDEngine        C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
22:37:32.0437 3824  PDEngine - ok
22:37:32.0437 3824  PDFRAME - ok
22:37:32.0453 3824  PDRELI - ok
22:37:32.0468 3824  PDRFRAME - ok
22:37:32.0468 3824  perc2 - ok
22:37:32.0484 3824  perc2hib - ok
22:37:32.0500 3824  PEVSystemStart - ok
22:37:32.0546 3824  [ 4712531AB7A01B7EE059853CA17D39BD ] PlugPlay        C:\WINDOWS\system32\services.exe
22:37:32.0546 3824  PlugPlay - ok
22:37:32.0609 3824  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
22:37:32.0609 3824  PolicyAgent - ok
22:37:32.0625 3824  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:37:32.0671 3824  PptpMiniport - ok
22:37:32.0687 3824  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:37:32.0687 3824  ProtectedStorage - ok
22:37:32.0703 3824  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
22:37:32.0750 3824  PSched - ok
22:37:32.0781 3824  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:37:32.0796 3824  Ptilink - ok
22:37:32.0812 3824  ql1080 - ok
22:37:32.0812 3824  Ql10wnt - ok
22:37:32.0828 3824  ql12160 - ok
22:37:32.0828 3824  ql1240 - ok
22:37:32.0843 3824  ql1280 - ok
22:37:32.0890 3824  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:37:32.0906 3824  RasAcd - ok
22:37:32.0953 3824  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:37:32.0984 3824  RasAuto - ok
22:37:33.0015 3824  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:37:33.0046 3824  Rasl2tp - ok
22:37:33.0093 3824  [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:37:33.0109 3824  RasMan - ok
22:37:33.0125 3824  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:37:33.0171 3824  RasPppoe - ok
22:37:33.0187 3824  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
22:37:33.0203 3824  Raspti - ok
22:37:33.0234 3824  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:37:33.0281 3824  Rdbss - ok
22:37:33.0312 3824  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:37:33.0343 3824  RDPCDD - ok
22:37:33.0406 3824  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:37:33.0453 3824  rdpdr - ok
22:37:33.0500 3824  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
22:37:33.0578 3824  RDPWD - ok
22:37:33.0593 3824  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
22:37:33.0609 3824  RDSessMgr - ok
22:37:33.0640 3824  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
22:37:33.0671 3824  redbook - ok
22:37:33.0718 3824  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:37:33.0765 3824  RemoteAccess - ok
22:37:33.0796 3824  [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
22:37:33.0859 3824  RemoteRegistry - ok
22:37:33.0906 3824  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:37:33.0906 3824  RpcLocator - ok
22:37:33.0953 3824  [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
22:37:33.0953 3824  RpcSs - ok
22:37:34.0000 3824  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
22:37:34.0015 3824  RSVP - ok
22:37:34.0031 3824  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:37:34.0046 3824  SamSs - ok
22:37:34.0156 3824  [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:37:34.0187 3824  SASDIFSV - ok
22:37:34.0203 3824  [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM         C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
22:37:34.0250 3824  SASENUM - ok
22:37:34.0281 3824  [ 67D2688756DD304AF655349BAAD82BFF ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:37:34.0328 3824  SASKUTIL - ok
22:37:34.0390 3824  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
22:37:34.0390 3824  SCardSvr - ok
22:37:34.0437 3824  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:37:34.0500 3824  Schedule - ok
22:37:34.0546 3824  [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:37:34.0593 3824  sdbus - ok
22:37:34.0609 3824  [ 314A998B1732C1ACD6B6459EC9961AD8 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:37:34.0640 3824  Secdrv - ok
22:37:34.0671 3824  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\WINDOWS\System32\seclogon.dll
22:37:34.0718 3824  seclogon - ok
22:37:34.0750 3824  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\WINDOWS\system32\sens.dll
22:37:34.0750 3824  SENS - ok
22:37:34.0765 3824  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
22:37:34.0812 3824  Serial - ok
22:37:34.0890 3824  [ 1D9F1BEC651815741F088A8FB88E17EE ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
22:37:34.0921 3824  sffdisk - ok
22:37:34.0953 3824  [ 586499FD312FFD7F78553F408E71682E ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
22:37:34.0984 3824  sffp_sd - ok
22:37:35.0015 3824  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
22:37:35.0062 3824  Sfloppy - ok
22:37:35.0093 3824  [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:37:35.0109 3824  ShellHWDetection - ok
22:37:35.0109 3824  Simbad - ok
22:37:35.0156 3824  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:37:35.0187 3824  SLIP - ok
22:37:35.0218 3824  Sparrow - ok
22:37:35.0328 3824  [ FF10A385061128C9134E5288E709E4B0 ] SplashtopRemoteService C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
22:37:35.0421 3824  SplashtopRemoteService - ok
22:37:35.0437 3824  SPLITCAM - ok
22:37:35.0500 3824  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
22:37:35.0531 3824  splitter - ok
22:37:35.0562 3824  [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
22:37:35.0578 3824  Spooler - ok
22:37:35.0593 3824  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
22:37:35.0640 3824  sr - ok
22:37:35.0656 3824  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
22:37:35.0703 3824  srservice - ok
22:37:35.0750 3824  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:37:35.0781 3824  Srv - ok
22:37:35.0828 3824  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:37:35.0828 3824  SSDPSRV - ok
22:37:35.0859 3824  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:37:35.0890 3824  ssmdrv - ok
22:37:35.0984 3824  [ 1CFA4A1F3C7BB4C8F299E00428EB8677 ] SSUService      C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
22:37:36.0000 3824  SSUService - ok
22:37:36.0078 3824  [ 951801DFB54D86F611F0AF47825476F9 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
22:37:36.0125 3824  STHDA - ok
22:37:36.0156 3824  [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
22:37:36.0218 3824  stisvc - ok
22:37:36.0250 3824  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:37:36.0281 3824  streamip - ok
22:37:36.0312 3824  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
22:37:36.0343 3824  swenum - ok
22:37:36.0406 3824  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
22:37:36.0437 3824  swmidi - ok
22:37:36.0453 3824  SwPrv - ok
22:37:36.0453 3824  symc810 - ok
22:37:36.0468 3824  symc8xx - ok
22:37:36.0484 3824  sym_hi - ok
22:37:36.0484 3824  sym_u3 - ok
22:37:36.0546 3824  [ 936CD58395D36659BB798B961EF7357F ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:37:36.0593 3824  SynTP - ok
22:37:36.0625 3824  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
22:37:36.0656 3824  sysaudio - ok
22:37:36.0718 3824  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
22:37:36.0718 3824  SysmonLog - ok
22:37:37.0000 3824  [ C9D5FA17200768EF92538F1F95735A2E ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
22:37:37.0125 3824  TabletServicePen - ok
22:37:37.0156 3824  [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:37:37.0171 3824  TapiSrv - ok
22:37:37.0218 3824  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:37:37.0281 3824  Tcpip - ok
22:37:37.0328 3824  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
22:37:37.0359 3824  TDPIPE - ok
22:37:37.0375 3824  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
22:37:37.0421 3824  TDTCP - ok
22:37:37.0453 3824  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
22:37:37.0484 3824  TermDD - ok
22:37:37.0578 3824  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\WINDOWS\System32\termsrv.dll
22:37:37.0578 3824  TermService - ok
22:37:37.0625 3824  [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes          C:\WINDOWS\System32\shsvcs.dll
22:37:37.0625 3824  Themes - ok
22:37:37.0671 3824  [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
22:37:37.0671 3824  TlntSvr - ok
22:37:37.0687 3824  TosIde - ok
22:37:37.0765 3824  [ 8D83C60DE67C2DB212452D8EBE7CA196 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
22:37:37.0765 3824  TouchServicePen - ok
22:37:37.0812 3824  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
22:37:37.0859 3824  TrkWks - ok
22:37:37.0890 3824  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
22:37:37.0937 3824  Udfs - ok
22:37:38.0000 3824  [ 16264D4A7F052A7CC516B23E00B14213 ] UimBus          C:\WINDOWS\system32\DRIVERS\UimBus.sys
22:37:38.0046 3824  UimBus - ok
22:37:38.0093 3824  [ 811E4296913821CE402B9E6629740350 ] Uim_IM          C:\WINDOWS\system32\Drivers\Uim_IM.sys
22:37:38.0140 3824  Uim_IM - ok
22:37:38.0187 3824  [ 679B92294C3CBB4BCFC40AA1C8521062 ] UKS11LDR        C:\WINDOWS\system32\drivers\uks11ldr.sys
22:37:38.0218 3824  UKS11LDR - ok
22:37:38.0234 3824  ultra - ok
22:37:38.0265 3824  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
22:37:38.0281 3824  UMWdf - ok
22:37:38.0343 3824  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
22:37:38.0375 3824  Update - ok
22:37:38.0437 3824  [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:37:38.0515 3824  upnphost - ok
22:37:38.0562 3824  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\WINDOWS\System32\ups.exe
22:37:38.0562 3824  UPS - ok
22:37:38.0609 3824  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
22:37:38.0640 3824  USBAAPL - ok
22:37:38.0703 3824  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
22:37:38.0734 3824  usbaudio - ok
22:37:38.0781 3824  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:37:38.0812 3824  usbccgp - ok
22:37:38.0859 3824  [ 708579B01FED227AADB393CB0C3B4A2C ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:37:38.0906 3824  usbehci - ok
22:37:38.0921 3824  [ ACE960E54148821E8E48F5D191562C28 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:37:38.0968 3824  usbhub - ok
22:37:39.0015 3824  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:37:39.0046 3824  usbscan - ok
22:37:39.0093 3824  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:37:39.0125 3824  USBSTOR - ok
22:37:39.0156 3824  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:37:39.0187 3824  usbuhci - ok
22:37:39.0234 3824  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
22:37:39.0265 3824  usbvideo - ok
22:37:39.0296 3824  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
22:37:39.0312 3824  VgaSave - ok
22:37:39.0328 3824  ViaIde - ok
22:37:39.0359 3824  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
22:37:39.0390 3824  VolSnap - ok
22:37:39.0421 3824  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\WINDOWS\System32\vssvc.exe
22:37:39.0437 3824  VSS - ok
22:37:39.0437 3824  W32Serv - ok
22:37:39.0515 3824  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
22:37:39.0578 3824  W32Time - ok
22:37:39.0625 3824  [ F24EE97511FB901189E11CBBD51605BA ] wacmoumonitor   C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
22:37:39.0656 3824  wacmoumonitor - ok
22:37:39.0703 3824  [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
22:37:39.0734 3824  wacommousefilter - ok
22:37:39.0765 3824  [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid       C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
22:37:39.0781 3824  wacomvhid - ok
22:37:39.0796 3824  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:37:39.0828 3824  Wanarp - ok
22:37:39.0890 3824  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
22:37:39.0968 3824  Wdf01000 - ok
22:37:39.0968 3824  WDICA - ok
22:37:40.0000 3824  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
22:37:40.0046 3824  wdmaud - ok
22:37:40.0093 3824  [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:37:40.0156 3824  WebClient - ok
22:37:40.0296 3824  [ 96AFF1738271755A39B52EEF7E35F98F ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:37:40.0375 3824  winachsf - ok
22:37:40.0468 3824  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:37:40.0515 3824  winmgmt - ok
22:37:40.0531 3824  wltrysvc - ok
22:37:40.0562 3824  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
22:37:40.0609 3824  WmdmPmSN - ok
22:37:40.0640 3824  [ E8E57B0F9EB03D1AABEC28D550C75116 ] Wmi             C:\WINDOWS\System32\advapi32.dll
22:37:40.0671 3824  Wmi - ok
22:37:40.0734 3824  [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:37:40.0734 3824  WmiAcpi - ok
22:37:40.0781 3824  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:37:40.0781 3824  WmiApSrv - ok
22:37:40.0843 3824  [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
22:37:40.0890 3824  WpdUsb - ok
22:37:41.0046 3824  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:37:41.0093 3824  WPFFontCache_v0400 - ok
22:37:41.0140 3824  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:37:41.0171 3824  WS2IFSL - ok
22:37:41.0187 3824  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:37:41.0250 3824  WSTCODEC - ok
22:37:41.0296 3824  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
22:37:41.0359 3824  WZCSVC - ok
22:37:41.0406 3824  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
22:37:41.0468 3824  xmlprov - ok
22:37:41.0515 3824  ================ Scan global ===============================
22:37:41.0562 3824  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
22:37:41.0625 3824  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
22:37:41.0703 3824  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
22:37:41.0750 3824  [ 4712531AB7A01B7EE059853CA17D39BD ] C:\WINDOWS\system32\services.exe
22:37:41.0750 3824  [Global] - ok
22:37:41.0750 3824  ================ Scan MBR ==================================
22:37:41.0781 3824  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:37:42.0093 3824  \Device\Harddisk0\DR0 - ok
22:37:42.0093 3824  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
22:37:42.0109 3824  \Device\Harddisk1\DR2 - ok
22:37:42.0109 3824  ================ Scan VBR ==================================
22:37:42.0109 3824  [ 272293983AC3216402EFB8D21609DEF6 ] \Device\Harddisk0\DR0\Partition1
22:37:42.0109 3824  \Device\Harddisk0\DR0\Partition1 - ok
22:37:42.0125 3824  [ 88D4D6BF121381C1CFEA1B29A66B31E5 ] \Device\Harddisk1\DR2\Partition1
22:37:42.0125 3824  \Device\Harddisk1\DR2\Partition1 - ok
22:37:42.0125 3824  ============================================================
22:37:42.0125 3824  Scan finished
22:37:42.0125 3824  ============================================================
22:37:42.0140 1224  Detected object count: 0
22:37:42.0140 1224  Actual detected object count: 0




aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-20 22:43:22
-----------------------------
22:43:22.031    OS Version: Windows 5.1.2600 Service Pack 2
22:43:22.031    Number of processors: 2 586 0xF0D
22:43:22.031    ComputerName: JAMESLAPPYTOP  UserName: James
22:43:24.140    Initialize success
22:51:41.281    AVAST engine defs: 12102001
22:53:03.765    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
22:53:03.765    Disk 0 Vendor: WDC_WD5000BPVT-00HXZT1 01.01A01 Size: 476940MB BusType: 3
22:53:03.796    Disk 0 MBR read successfully
22:53:03.796    Disk 0 MBR scan
22:53:04.171    Disk 0 Windows XP default MBR code
22:53:04.203    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476939 MB offset 2048
22:53:04.343    Disk 0 scanning sectors +976773120
22:53:04.656    Disk 0 scanning C:\WINDOWS\system32\drivers
22:53:30.281    Service scanning
22:54:05.156    Modules scanning
22:54:17.875    Disk 0 trace - called modules:
22:54:17.890    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
22:54:17.906    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d6eab8]
22:54:17.921    3 CLASSPNP.SYS[f759f05b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x86cc3940]
22:54:20.484    AVAST engine scan C:\WINDOWS
22:54:45.890    AVAST engine scan C:\WINDOWS\system32
23:01:16.890    AVAST engine scan C:\WINDOWS\system32\drivers
23:02:03.375    AVAST engine scan C:\Documents and Settings\James
23:47:49.203    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James\Desktop\MBR.dat"
23:47:49.218    The log file has been saved successfully to "C:\Documents and Settings\James\Desktop\aswMBR.txt"
02:54:27.718    AVAST engine scan C:\Documents and Settings\All Users
02:59:42.140    Scan finished successfully
03:04:29.375    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James\Desktop\MBR.dat"
03:04:29.656    The log file has been saved successfully to "C:\Documents and Settings\James\Desktop\aswMBR.txt"




MBAM:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.20.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
James :: JAMESLAPPYTOP [administrator]

10/21/2012 3:38:13 AM
mbam-log-2012-10-21 (03-38-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231250
Time elapsed: 1 hour(s), 19 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Mini toolbox:

MiniToolBox by Farbar  Version: 23-07-2012
Ran by James (administrator) on 21-10-2012 at 05:03:57
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection 2 (Media disconnected)


# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp 
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp 
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : jameslappytop

        Primary Dns Suffix  . . . . . . . : 

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection 2:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

        Physical Address. . . . . . . . . : 00-1C-23-87-09-4A



Ethernet adapter Wireless Network Connection:



        Connection-specific DNS Suffix  . : home

        Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card

        Physical Address. . . . . . . . . : 00-1C-26-23-90-45

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.8

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

        Lease Obtained. . . . . . . . . . : Saturday, October 20, 2012 8:05:02 PM

        Lease Expires . . . . . . . . . . : Sunday, October 21, 2012 8:05:02 PM

Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.228.2, 74.125.228.0, 74.125.228.6, 74.125.228.3
	  74.125.228.1, 74.125.228.14, 74.125.228.4, 74.125.228.9, 74.125.228.7
	  74.125.228.5, 74.125.228.8



Pinging google.com [74.125.228.6] with 32 bytes of data:



Reply from 74.125.228.6: bytes=32 time=16ms TTL=252

Reply from 74.125.228.6: bytes=32 time=17ms TTL=252



Ping statistics for 74.125.228.6:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 16ms, Maximum = 17ms, Average = 16ms

Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=37ms TTL=50

Reply from 98.139.183.24: bytes=32 time=141ms TTL=50



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 37ms, Maximum = 141ms, Average = 89ms

Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    bleepingcomputer.com
Address:  208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c 23 87 09 4a ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x10004 ...00 1c 26 23 90 45 ...... Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.8	  25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1	  1
      169.254.0.0      255.255.0.0      192.168.1.8     192.168.1.8	  20
      192.168.1.0    255.255.255.0      192.168.1.8     192.168.1.8	  25
      192.168.1.8  255.255.255.255        127.0.0.1       127.0.0.1	  25
    192.168.1.255  255.255.255.255      192.168.1.8     192.168.1.8	  25
        224.0.0.0        240.0.0.0      192.168.1.8     192.168.1.8	  25
  255.255.255.255  255.255.255.255      192.168.1.8     192.168.1.8	  1
  255.255.255.255  255.255.255.255      192.168.1.8               2	  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/21/2012 04:54:41 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/21/2012 04:54:41 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/21/2012 04:41:36 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/21/2012 04:41:36 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/21/2012 03:42:41 AM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 3

Error: (10/21/2012 03:22:40 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/21/2012 03:22:40 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/21/2012 02:55:31 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/21/2012 02:55:31 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/21/2012 01:25:39 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (10/21/2012 00:27:19 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/21/2012 00:27:18 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/21/2012 00:27:15 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/21/2012 00:26:56 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (10/20/2012 08:09:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1460

Error: (10/20/2012 08:05:53 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the SplashtopRemoteService service.

Error: (10/20/2012 08:05:06 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Acrobat Distiller failed to initialize because a suitable AdobePS Acrobat Distiller driver could not be found.

Error: (10/20/2012 07:14:35 PM) (Source: System Error) (User: )
Description: Error code 000000b8, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.

Error: (10/20/2012 07:12:21 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1460

Error: (10/20/2012 07:09:20 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Acrobat Distiller failed to initialize because a suitable AdobePS Acrobat Distiller driver could not be found.


Microsoft Office Sessions:
=========================
Error: (08/06/2010 03:06:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 368205 seconds with 4560 seconds of active time.  This session ended with a crash.


=========================== Installed Programs ============================

µTorrent (Version: 1.6)
µTorrent (Version: 1.7.7)
3DNA Desktop
Adobe Acrobat 5.0 (Version: 5.0)
Adobe After Effects CS4 (Version: 9)
Adobe After Effects CS4 Presets (Version: 9)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe AIR (Version: 2.7.1.19610)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles AE CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 Professional (Version: 10.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0)
Adobe Media Encoder CS4 Exporter (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe MotionPicture Color Files CS4 (Version: 2.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 9.3 (Version: 9.3.0)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
Adobe SING CS4 (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advanced Renamer (Version: 3.14)
Alarm (Version: 2.0.6)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ARIA Engine v1.0.9.3 (Version: v1.0.9.3)
ASIO4ALL
Audiosurf
AutoUpdate (Version: 1.1)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.707)
Bamboo (Version: 5.2.4-6)
Black & White® 2 (Version: 1.00.0000)
Blender (Version: 2.63-release)
Bonjour (Version: 3.0.0.10)
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.02)
CCleaner (Version: 3.00)
Cisco NAC Agent  (Version: 4.9.0.33)
ColorSchemer Studio 2 (Version: Studio v2.1)
Conexant HDA D330 MDC V.92 Modem
Connect (Version: 1.0.0.1)
CutePDF Writer 2.8
Defraggler (Version: 2.00)
Dell Touchpad (Version: 9.1.18.6)
Dell Wireless WLAN Card (Version: 4.100.15.8)
DiskAid 4.61 (Version: 4.61)
DivX Codec (Version: 6.8.4)
DivX Web Player (Version: 1.4.0)
DVD Architect Pro 5.0 (Version: 5.0.180)
ESET Online Scanner v3
EXIF Date Changer v2.52
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Final Draft (Version: 8.0.0.81)
FL Studio 9
FlashDigger Plus
Fraps (remove only)
Google Chrome (Version: 22.0.1229.94)
Google Talk Plugin (Version: 1.9.2.0)
Google Talk Plugin (Version: 3.9.1.9832)
HandBrake 0.9.5 (Version: 0.9.5)
Hardcore
HHD Software Hex Editor Neo 4.95 (Version: 4.95.3.3464)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
IL Download Manager
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
Imgur Uploader (Version: 1.0.0)
Intel(R) Graphics Media Accelerator Driver
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.1.6.0)
Java(TM) 6 Update 17 (Version: 6.0.170)
Java(TM) 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
kuler (Version: 2.0)
LibUSB-Win32-0.1.10.1 (Version: 0.1.10.1)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 2.0 Service Pack 1 (Version: 2.1.21022)
Microsoft .NET Framework 3.0 Service Pack 1 (Version: 3.1.21022)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 (Version: 3.5.21022)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft 3D Movie Maker 1.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 3.0.50106.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Midnight Club II
mIRC (Version: 7.17)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
Mp3tag v2.45a (Version: v2.45a)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Native Instruments FM8
NVIDIA Drivers
OnLive
Panasonic P2 Drivers (Version: 2.17.0000)
Panasonic P2 Viewer (Version: 3.6.20)
particleIllusion 3.0
PDF Settings CS4 (Version: 9.0)
PerfectDisk 10 Professional (Version: 10.0.124)
Photomatix Pro version 3.2.8Beta4 (Version: 3.2.8Beta4)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
PoiZone
Postal 2 Apocalypse Weekend Expansion Pack
Postal 2 Share The Pain
Project64 1.6 (Version: 1.6)
QuickTime (Version: 7.71.80.42)
Reason 4.0 (Version: 4.0)
Rockstar Deconstructed Black Screen Saver
Rockstar Deconstructed White Screen Saver
Rockstar Drip Clock Screen Saver
Rockstar Fall Screen Saver
Rockstar Light and Shadow Screen Saver
Rockstar Monolith Screen Saver
Rockstar Neon Screen Saver
Sakura
Santa's Secret Valley (Version: 3.0.4)
Sawer
Series II MIDI (Version: 4.3.00)
SigmaTel Audio (Version: 5.10.5210.0)
Skype™ 5.5 (Version: 5.5.124)
Sony Vegas Pro 8.0 (Version: 8.0.217)
Souptoys (Version: 1.6.0.8)
SpeechRedist (Version: 1.0.0)
Splashtop Streamer (Version: 2.0.0.6)
SplitCam (Version: 5.4.3.18)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
Suite Shared Configuration CS4 (Version: 1.0)
SUPERAntiSpyware Free Edition (Version: 4.35.0.1000)
Switch Sound File Converter
The Typing of The Dead
Toxic Biohazard
TrackMania Nations Forever
Trapcode Particular v2
Uncle Julius and the Anywhere Machine (Version: 1.7.3)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB925720) (Version: 1)
Update for Windows XP (KB932823-v3) (Version: 3)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual Similarity Duplicate Image Finder Corporate 4.2.0.1 (Version: 4.2.0.1)
VLC media player 1.0.3 (Version: 1.0.3)
Waves Mercury Bundle (Version: 5.0)
Web Comic Downloader (Version: 2.7.0.0)
WebFldrs XP (Version: 9.50.7523)
WinDirStat 1.1.2
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Hotfix - KB839210 (Version: 1)
Windows XP Hotfix - KB885855 (Version: 20040930.104104)
WinHTTrack Website Copier 3.46-1 (Version: 3.46.1)
WinRAR archiver
Woofy 0.6.2 (Version: 0.6.2)
XML Paper Specification Shared Components Pack 1.0
XnView 1.97.8 (Version: 1.97.8)
xrecode II 1.0.0.184
You Don't Know Jack The Ride

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 1014.11 MB
Available physical RAM: 571.49 MB
Total Pagefile: 2276.29 MB
Available Pagefile: 1650.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.49 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:15.21 GB) NTFS
4 Drive f: () (Fixed) (Total:931.48 GB) (Free:780.13 GB) NTFS

========================= Users: ========================================

User accounts for \\JAMESLAPPYTOP

Administrator            ASPNET                   Guest                    
HelpAssistant            James                    SUPPORT_388945a0         

========================= Restore Points ==================================

15-10-2012 12:55:10 System Checkpoint
16-10-2012 13:47:08 System Checkpoint
18-10-2012 23:18:59 System Checkpoint
20-10-2012 21:23:21 System Checkpoint

**** End of log ****



Farbar:

Farbar Service Scanner Version: 19-10-2012
Ran by James (administrator) on 21-10-2012 at 05:26:48
Running from "C:\Documents and Settings\James\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy: 
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-04 06:00] - [2008-08-14 05:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 06:00] - [2004-08-04 06:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 06:00] - [2008-06-20 06:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 06:00] - [2004-08-04 06:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 06:00] - [2004-08-04 06:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 06:00] - [2004-08-04 06:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 06:00] - [2004-08-04 06:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-11-21 07:21] - [2004-08-04 06:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2009-11-21 07:23] - [2004-08-04 06:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2009-11-21 07:23] - [2004-08-04 06:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 06:00] - [2004-08-04 06:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-11-21 07:21] - [2004-08-04 06:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2009-11-21 07:23] - [2004-08-04 06:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2009-11-21 07:23] - [2004-08-04 06:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 06:00] - [2008-07-07 16:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 06:00] - [2004-08-04 06:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 06:00] - [2004-08-04 06:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 06:00] - [2009-02-09 06:01] - 0401408 ____A (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\system32\services.exe
[2004-08-04 06:00] - [2009-02-06 06:22] - 0110592 ____A (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****


Adware cleaner:

# AdwCleaner v2.005 - Logfile created 10/21/2012 at 05:29:57
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : James - JAMESLAPPYTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\James\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\splashtop
Folder Deleted : C:\Documents and Settings\All Users\Application Data\splashtop
Folder Deleted : C:\Documents and Settings\James\Local Settings\Application Data\splashtop

***** [Registry] *****

Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default 
File : C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\e1lh9ufg.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1260 octets] - [21/10/2012 05:29:57]

########## EOF - C:\AdwCleaner[S2].txt - [1320 octets] ##########


and JRT:

Junkware Removal Tool (JRT) by Thisisu 
Version: 1.8.8 (10.21.2012) 
OS: Microsoft Windows XP x86 
Ran by James on Sun 10/21/2012 at  5:40:24.34 
Blog: http://thisisudax.blogspot.com 
************************************************************** 
 
 
 
 
*** Services: 0 Detections 
 
 
 
*** Registry Values: 0 Detections 
 
 
 
*** Registry Keys: 0 Detections 
 
 
 
*** Files: 0 Detections 
 
 
 
*** Folders: 0 Detections 
 
 
 
*** FireFox detected and repaired 
 
 
 
*** Event Viewer Logs - NOT cleared 
 
 
 
 
 
************************************************************** 
Scan was completed on Sun 10/21/2012 at  5:52:07.82 
End of Report 


Things look good to me. What do you say?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:58 AM

Posted 21 October 2012 - 10:05 AM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 CaptainComedy

CaptainComedy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 21 October 2012 - 10:32 AM

Logs too long to post, they're up here for one day.


http://pastebin.com/iKVaWt4w

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:58 AM

Posted 21 October 2012 - 10:53 AM

Download UNHIDE from here

http://www.bleepingcomputer.com/download/unhide/

Run the tool and this should restore the hidden files

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users