Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A mess of issues


  • This topic is locked This topic is locked
15 replies to this topic

#1 revclyburn

revclyburn

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 17 November 2012 - 01:05 PM

Hello everybody

and thank you for your help in advance. I'm fixing my Pastor's laptop. It had a case of the grandchildren downloading everything in the world. And when the hurricane hit here a couple of weeks ago, it went down and has been messed up since. It initially would not start in any mode, I finally got it to start when another person bought him a recovery disk and restore everything. But the restore erased all of his sermons, which I told the other person it would do. Anyway, after the restore it's been acting really funky and now I'm trying to get it back to normal.

So, let me start with issue number one: empty add/remove folder as well as the program folder. I know they are there because if I browse using run, search doesn't work, I see programs that were installed. I've managed to do somethings by using some of the information here, like REGSVR32 APPWIZ.CPL, etc. that got me control panel back, but a lot of things still don't work when you click on them. Add/remove opens but never migrates anything. And icons on desktop don't work. I can't run Malwarebytes but I can run AVG which found a virus/adware, malware. But that hasn't fixed anything.

Does anybody have any suggestions on what to do next?

I have downloaded SP3, VB6 and mbamfix.bat, I'll try them when I get home. Any help would be appreciated. Ohh, and any program that can restore his sermons (word docs) would be great too.

thanks

RevClyburn

Edited by bloopie, 17 November 2012 - 01:34 PM.
Mod Edit: Moved from XP to AII. ~bloopie


BC AdBot (Login to Remove)

 


#2 griff210

griff210

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:09:22 PM

Posted 17 November 2012 - 02:12 PM

When you boot up is there a hit f11 or something like that for system recovery, if so you can hit that button and restore it back to out of box state. Now if you want to keep the data hook up a usb flash drive or external hdd and when prompted on recovery if you want to back up data hit yes and point it to that device. If there is no recovery option on boot then open windows and go to start, programs, look for hp or whatever brand it is and look for recovery, there is options in windows if the laptop doenst have the option on boot. Good luck and God Bless

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 PM

Posted 18 November 2012 - 05:30 PM

Or
Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.



Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


Please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.



Now...
Please Download

TDSSkiller


Launch it. Click on change parameters-Select TDLFS file system

Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.



Last....
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET

      Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 29 November 2012 - 01:27 PM

Sorry for the delay,

been away for a couple of days, just to much going on here in New Jersey, and I needed a break from that crazee mixed up machine. I will try and run those when I get home today. As always, thank you all for your help.

RevClyburn

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 PM

Posted 29 November 2012 - 02:32 PM

No problem,, Real life comes first. I'm in NJ too soo I know what a mess things have been lately.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 29 November 2012 - 03:50 PM

15:46:01.0546 1492 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:46:03.0546 1492 ============================================================
15:46:03.0546 1492 Current date / time: 2012/11/29 15:46:03.0546
15:46:03.0546 1492 SystemInfo:
15:46:03.0546 1492
15:46:03.0546 1492 OS Version: 5.1.2600 ServicePack: 2.0
15:46:03.0546 1492 Product type: Workstation
15:46:03.0546 1492 ComputerName: PC110012138911
15:46:03.0546 1492 UserName: Rev. Evans
15:46:03.0546 1492 Windows directory: C:\WINDOWS
15:46:03.0546 1492 System windows directory: C:\WINDOWS
15:46:03.0546 1492 Processor architecture: Intel x86
15:46:03.0546 1492 Number of processors: 1
15:46:03.0546 1492 Page size: 0x1000
15:46:03.0546 1492 Boot type: Safe boot with network
15:46:03.0546 1492 ============================================================
15:46:04.0125 1492 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:46:04.0125 1492 ============================================================
15:46:04.0125 1492 \Device\Harddisk0\DR0:
15:46:04.0125 1492 MBR partitions:
15:46:04.0125 1492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA10188E
15:46:04.0125 1492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xA10578E, BlocksNum 0x17499F0
15:46:04.0125 1492 ============================================================
15:46:04.0140 1492 C: <-> \Device\Harddisk0\DR0\Partition1
15:46:04.0156 1492 D: <-> \Device\Harddisk0\DR0\Partition2
15:46:04.0156 1492 ============================================================
15:46:04.0156 1492 Initialize success
15:46:04.0156 1492 ============================================================
15:46:18.0640 0576 ============================================================
15:46:18.0640 0576 Scan started
15:46:18.0640 0576 Mode: Manual; TDLFS;
15:46:18.0640 0576 ============================================================
15:46:18.0875 0576 ================ Scan system memory ========================
15:46:18.0875 0576 System memory - ok
15:46:18.0890 0576 ================ Scan services =============================
15:46:19.0250 0576 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
15:46:19.0250 0576 Aavmker4 - ok
15:46:19.0281 0576 Abiosdsk - ok
15:46:19.0312 0576 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:46:19.0312 0576 abp480n5 - ok
15:46:19.0343 0576 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:46:19.0343 0576 ACPI - ok
15:46:19.0375 0576 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:46:19.0375 0576 ACPIEC - ok
15:46:19.0484 0576 [ 746742588C07DB53731143229E2EE450 ] AddFiltr C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
15:46:19.0484 0576 AddFiltr - ok
15:46:19.0578 0576 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:46:19.0578 0576 AdobeFlashPlayerUpdateSvc - ok
15:46:19.0640 0576 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:46:19.0640 0576 adpu160m - ok
15:46:19.0671 0576 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:46:19.0671 0576 aec - ok
15:46:19.0718 0576 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:46:19.0718 0576 AFD - ok
15:46:19.0750 0576 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:46:19.0750 0576 agp440 - ok
15:46:19.0781 0576 [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:46:19.0781 0576 agpCPQ - ok
15:46:19.0796 0576 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:46:19.0796 0576 Aha154x - ok
15:46:19.0812 0576 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:46:19.0812 0576 aic78u2 - ok
15:46:19.0828 0576 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:46:19.0828 0576 aic78xx - ok
15:46:19.0890 0576 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:46:19.0890 0576 Alerter - ok
15:46:19.0921 0576 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
15:46:19.0921 0576 ALG - ok
15:46:19.0937 0576 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:46:19.0937 0576 AliIde - ok
15:46:19.0968 0576 [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:46:19.0968 0576 alim1541 - ok
15:46:20.0000 0576 [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:46:20.0000 0576 amdagp - ok
15:46:20.0046 0576 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:46:20.0046 0576 amsint - ok
15:46:20.0078 0576 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:46:20.0078 0576 AppMgmt - ok
15:46:20.0109 0576 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:46:20.0109 0576 Arp1394 - ok
15:46:20.0125 0576 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:46:20.0125 0576 asc - ok
15:46:20.0140 0576 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:46:20.0140 0576 asc3350p - ok
15:46:20.0156 0576 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:46:20.0156 0576 asc3550 - ok
15:46:20.0312 0576 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:46:20.0312 0576 aspnet_state - ok
15:46:20.0359 0576 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:46:20.0359 0576 aswFsBlk - ok
15:46:20.0375 0576 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
15:46:20.0375 0576 aswMon2 - ok
15:46:20.0390 0576 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
15:46:20.0390 0576 aswRdr - ok
15:46:20.0484 0576 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
15:46:20.0500 0576 aswSnx - ok
15:46:20.0531 0576 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
15:46:20.0531 0576 aswSP - ok
15:46:20.0562 0576 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
15:46:20.0562 0576 aswTdi - ok
15:46:20.0578 0576 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:46:20.0578 0576 AsyncMac - ok
15:46:20.0609 0576 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:20.0609 0576 atapi - ok
15:46:20.0625 0576 Atdisk - ok
15:46:20.0671 0576 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:46:20.0671 0576 Atmarpc - ok
15:46:20.0734 0576 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:46:20.0734 0576 AudioSrv - ok
15:46:20.0765 0576 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:46:20.0765 0576 audstub - ok
15:46:20.0843 0576 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
15:46:20.0843 0576 avast! Antivirus - ok
15:46:21.0109 0576 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
15:46:21.0171 0576 AVGIDSAgent - ok
15:46:21.0234 0576 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
15:46:21.0234 0576 AVGIDSDriver - ok
15:46:21.0265 0576 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
15:46:21.0265 0576 AVGIDSHX - ok
15:46:21.0281 0576 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
15:46:21.0281 0576 AVGIDSShim - ok
15:46:21.0312 0576 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:46:21.0312 0576 Avgldx86 - ok
15:46:21.0328 0576 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
15:46:21.0328 0576 Avglogx - ok
15:46:21.0359 0576 [ 6C7C00B8DD22B4343B47FED148387057 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:46:21.0359 0576 Avgmfx86 - ok
15:46:21.0375 0576 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:46:21.0375 0576 Avgrkx86 - ok
15:46:21.0421 0576 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:46:21.0421 0576 Avgtdix - ok
15:46:21.0453 0576 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
15:46:21.0468 0576 avgwd - ok
15:46:21.0531 0576 [ 114234FAFEC7060392195170E1C4D45E ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:46:21.0531 0576 BCM43XX - ok
15:46:21.0562 0576 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:46:21.0562 0576 Beep - ok
15:46:21.0625 0576 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
15:46:21.0625 0576 BITS - ok
15:46:21.0687 0576 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
15:46:21.0687 0576 Browser - ok
15:46:21.0750 0576 [ 4272BAB9291D26DA5AC913BC79C3CE85 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
15:46:21.0750 0576 BTWUSB - ok
15:46:21.0765 0576 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:46:21.0781 0576 cbidf - ok
15:46:21.0796 0576 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:46:21.0796 0576 cbidf2k - ok
15:46:21.0812 0576 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:46:21.0812 0576 cd20xrnt - ok
15:46:21.0843 0576 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:46:21.0843 0576 Cdaudio - ok
15:46:21.0859 0576 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:46:21.0859 0576 Cdfs - ok
15:46:21.0890 0576 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:46:21.0890 0576 Cdrom - ok
15:46:21.0906 0576 Changer - ok
15:46:21.0968 0576 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:46:21.0968 0576 CiSvc - ok
15:46:22.0000 0576 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:46:22.0000 0576 ClipSrv - ok
15:46:22.0031 0576 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:46:22.0031 0576 clr_optimization_v2.0.50727_32 - ok
15:46:22.0078 0576 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:46:22.0078 0576 CmBatt - ok
15:46:22.0109 0576 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:46:22.0109 0576 CmdIde - ok
15:46:22.0140 0576 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:46:22.0140 0576 Compbatt - ok
15:46:22.0171 0576 COMSysApp - ok
15:46:22.0218 0576 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:46:22.0218 0576 Cpqarray - ok
15:46:22.0281 0576 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:46:22.0281 0576 CryptSvc - ok
15:46:22.0312 0576 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:46:22.0312 0576 dac2w2k - ok
15:46:22.0328 0576 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:46:22.0328 0576 dac960nt - ok
15:46:22.0390 0576 [ C8061F289E000703E7672916B7FE1571 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:46:22.0390 0576 DcomLaunch - ok
15:46:22.0531 0576 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Documents and Settings\Rev. Evans\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
15:46:22.0531 0576 DefaultTabUpdate - ok
15:46:22.0562 0576 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:46:22.0578 0576 Dhcp - ok
15:46:22.0609 0576 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:46:22.0609 0576 Disk - ok
15:46:22.0625 0576 dmadmin - ok
15:46:22.0687 0576 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:46:22.0687 0576 dmboot - ok
15:46:22.0718 0576 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:46:22.0718 0576 dmio - ok
15:46:22.0750 0576 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:46:22.0750 0576 dmload - ok
15:46:22.0765 0576 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
15:46:22.0765 0576 dmserver - ok
15:46:22.0781 0576 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:46:22.0796 0576 DMusic - ok
15:46:22.0796 0576 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:46:22.0796 0576 Dnscache - ok
15:46:22.0828 0576 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:46:22.0828 0576 dpti2o - ok
15:46:22.0843 0576 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:46:22.0843 0576 drmkaud - ok
15:46:22.0875 0576 [ 83403675CAB29E7A4B885B11E7C855D8 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:46:22.0875 0576 E100B - ok
15:46:22.0906 0576 [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
15:46:22.0906 0576 eabfiltr - ok
15:46:22.0921 0576 [ 231F4547AE1E4B3E60ECA66C3A96D218 ] eabusb C:\WINDOWS\system32\DRIVERS\eabusb.sys
15:46:22.0921 0576 eabusb - ok
15:46:23.0031 0576 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
15:46:23.0031 0576 ehRecvr - ok
15:46:23.0078 0576 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
15:46:23.0078 0576 ehSched - ok
15:46:23.0109 0576 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:46:23.0109 0576 ERSvc - ok
15:46:23.0171 0576 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
15:46:23.0171 0576 Eventlog - ok
15:46:23.0203 0576 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll
15:46:23.0203 0576 EventSystem - ok
15:46:23.0250 0576 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:46:23.0250 0576 Fastfat - ok
15:46:23.0296 0576 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:46:23.0296 0576 FastUserSwitchingCompatibility - ok
15:46:23.0328 0576 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:46:23.0328 0576 Fdc - ok
15:46:23.0343 0576 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:46:23.0343 0576 Fips - ok
15:46:23.0375 0576 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:46:23.0375 0576 Flpydisk - ok
15:46:23.0406 0576 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:46:23.0406 0576 FltMgr - ok
15:46:23.0421 0576 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:46:23.0421 0576 Fs_Rec - ok
15:46:23.0453 0576 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:46:23.0453 0576 Ftdisk - ok
15:46:23.0484 0576 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:46:23.0484 0576 Gpc - ok
15:46:23.0593 0576 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:46:23.0593 0576 gupdate - ok
15:46:23.0609 0576 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:46:23.0625 0576 gupdatem - ok
15:46:23.0656 0576 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:46:23.0656 0576 gusvc - ok
15:46:23.0703 0576 [ 4D4D97671C63C3AF869B3518E6054204 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
15:46:23.0703 0576 HBtnKey - ok
15:46:23.0734 0576 [ 2A6E9A118DA2DD0439551A7EB3A8F65E ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys
15:46:23.0750 0576 HdAudAddService - ok
15:46:23.0781 0576 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:46:23.0781 0576 HDAudBus - ok
15:46:23.0843 0576 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:46:23.0843 0576 helpsvc - ok
15:46:23.0859 0576 HidServ - ok
15:46:23.0906 0576 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:46:23.0906 0576 HidUsb - ok
15:46:23.0968 0576 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:46:23.0968 0576 hpn - ok
15:46:24.0015 0576 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:46:24.0031 0576 hpqwmiex - ok
15:46:24.0062 0576 [ 448C0FD272FE1B80046F4767DB21EB8D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:46:24.0062 0576 HSFHWAZL - ok
15:46:24.0125 0576 [ 2715A27DE9C17BDBAF6D6C79989A7B12 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:46:24.0125 0576 HSF_DPV - ok
15:46:24.0171 0576 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:46:24.0171 0576 HTTP - ok
15:46:24.0218 0576 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:46:24.0218 0576 HTTPFilter - ok
15:46:24.0234 0576 [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:46:24.0234 0576 i2omgmt - ok
15:46:24.0265 0576 [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:46:24.0265 0576 i2omp - ok
15:46:24.0296 0576 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:46:24.0296 0576 i8042prt - ok
15:46:24.0359 0576 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:46:24.0375 0576 ialm - ok
15:46:24.0421 0576 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:46:24.0437 0576 iaStor - ok
15:46:24.0531 0576 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:46:24.0531 0576 IDriverT - ok
15:46:24.0578 0576 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:46:24.0578 0576 Imapi - ok
15:46:24.0625 0576 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:46:24.0625 0576 ImapiService - ok
15:46:24.0671 0576 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:46:24.0671 0576 ini910u - ok
15:46:24.0703 0576 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:46:24.0703 0576 IntelIde - ok
15:46:24.0734 0576 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:46:24.0734 0576 intelppm - ok
15:46:24.0765 0576 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:46:24.0765 0576 Ip6Fw - ok
15:46:24.0781 0576 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:46:24.0781 0576 IpFilterDriver - ok
15:46:24.0796 0576 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:46:24.0796 0576 IpInIp - ok
15:46:24.0828 0576 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:46:24.0828 0576 IpNat - ok
15:46:24.0859 0576 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:46:24.0875 0576 IPSec - ok
15:46:24.0890 0576 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:46:24.0890 0576 IRENUM - ok
15:46:24.0921 0576 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:46:24.0921 0576 isapnp - ok
15:46:25.0031 0576 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:46:25.0031 0576 JavaQuickStarterService - ok
15:46:25.0046 0576 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:46:25.0046 0576 Kbdclass - ok
15:46:25.0078 0576 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:46:25.0078 0576 kbdhid - ok
15:46:25.0109 0576 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:46:25.0125 0576 kmixer - ok
15:46:25.0156 0576 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:46:25.0156 0576 KSecDD - ok
15:46:25.0218 0576 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:46:25.0218 0576 lanmanserver - ok
15:46:25.0281 0576 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:46:25.0281 0576 lanmanworkstation - ok
15:46:25.0296 0576 lbrtfdc - ok
15:46:25.0375 0576 [ 86E8BCAA91FC2ACFACD99CF2BF9F1F47 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:46:25.0375 0576 LightScribeService - ok
15:46:25.0406 0576 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:46:25.0406 0576 LmHosts - ok
15:46:25.0453 0576 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
15:46:25.0453 0576 MBAMSwissArmy - ok
15:46:25.0500 0576 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
15:46:25.0500 0576 McrdSvc - ok
15:46:25.0562 0576 [ 74F4372AF97A587ECEC527EC34955712 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:46:25.0562 0576 mdmxsdk - ok
15:46:25.0640 0576 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:46:25.0640 0576 Messenger - ok
15:46:25.0656 0576 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
15:46:25.0656 0576 MHN - ok
15:46:25.0703 0576 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:46:25.0703 0576 MHNDRV - ok
15:46:25.0734 0576 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:46:25.0734 0576 mnmdd - ok
15:46:25.0750 0576 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:46:25.0750 0576 mnmsrvc - ok
15:46:25.0781 0576 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:46:25.0781 0576 Modem - ok
15:46:25.0796 0576 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:46:25.0796 0576 Mouclass - ok
15:46:25.0828 0576 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:46:25.0828 0576 mouhid - ok
15:46:25.0859 0576 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:46:25.0859 0576 MountMgr - ok
15:46:25.0906 0576 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:46:25.0906 0576 MozillaMaintenance - ok
15:46:25.0921 0576 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:46:25.0921 0576 mraid35x - ok
15:46:25.0937 0576 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:46:25.0937 0576 MRxDAV - ok
15:46:25.0984 0576 [ 5DDC9A1B2EB5A4BF010CE8C019A18C1F ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:46:26.0000 0576 MRxSmb - ok
15:46:26.0015 0576 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:46:26.0015 0576 MSDTC - ok
15:46:26.0031 0576 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:46:26.0031 0576 Msfs - ok
15:46:26.0046 0576 MSIServer - ok
15:46:26.0078 0576 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:46:26.0078 0576 MSKSSRV - ok
15:46:26.0093 0576 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:46:26.0093 0576 MSPCLOCK - ok
15:46:26.0109 0576 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:46:26.0109 0576 MSPQM - ok
15:46:26.0156 0576 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:46:26.0156 0576 mssmbios - ok
15:46:26.0171 0576 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:46:26.0171 0576 Mup - ok
15:46:26.0187 0576 [ AA898F84D2B59129FB92E143A2C73434 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:46:26.0187 0576 NDIS - ok
15:46:26.0218 0576 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:46:26.0218 0576 NdisTapi - ok
15:46:26.0234 0576 [ EEFA1CE63805D2145978621BE5C6D955 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:46:26.0234 0576 Ndisuio - ok
15:46:26.0250 0576 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:46:26.0250 0576 NdisWan - ok
15:46:26.0281 0576 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:46:26.0281 0576 NDProxy - ok
15:46:26.0296 0576 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:46:26.0296 0576 NetBIOS - ok
15:46:26.0328 0576 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:46:26.0328 0576 NetBT - ok
15:46:26.0375 0576 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
15:46:26.0375 0576 NetDDE - ok
15:46:26.0390 0576 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:46:26.0390 0576 NetDDEdsdm - ok
15:46:26.0437 0576 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:46:26.0437 0576 Netlogon - ok
15:46:26.0484 0576 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
15:46:26.0484 0576 Netman - ok
15:46:26.0531 0576 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:46:26.0531 0576 NIC1394 - ok
15:46:26.0593 0576 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
15:46:26.0593 0576 Nla - ok
15:46:26.0640 0576 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:46:26.0640 0576 Npfs - ok
15:46:26.0687 0576 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:46:26.0703 0576 Ntfs - ok
15:46:26.0718 0576 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:46:26.0718 0576 NtLmSsp - ok
15:46:26.0765 0576 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:46:26.0765 0576 NtmsSvc - ok
15:46:26.0796 0576 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:46:26.0796 0576 Null - ok
15:46:26.0828 0576 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:46:26.0828 0576 NwlnkFlt - ok
15:46:26.0843 0576 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:46:26.0843 0576 NwlnkFwd - ok
15:46:26.0875 0576 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:46:26.0875 0576 ohci1394 - ok
15:46:26.0921 0576 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:46:26.0921 0576 ose - ok
15:46:26.0968 0576 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
15:46:26.0968 0576 Parport - ok
15:46:26.0984 0576 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:46:26.0984 0576 PartMgr - ok
15:46:27.0015 0576 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:46:27.0015 0576 ParVdm - ok
15:46:27.0031 0576 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:46:27.0031 0576 PCI - ok
15:46:27.0046 0576 PCIDump - ok
15:46:27.0062 0576 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:46:27.0062 0576 PCIIde - ok
15:46:27.0078 0576 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:46:27.0078 0576 Pcmcia - ok
15:46:27.0093 0576 PDCOMP - ok
15:46:27.0125 0576 PDFRAME - ok
15:46:27.0140 0576 PDRELI - ok
15:46:27.0156 0576 PDRFRAME - ok
15:46:27.0187 0576 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:46:27.0187 0576 perc2 - ok
15:46:27.0203 0576 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:46:27.0203 0576 perc2hib - ok
15:46:27.0281 0576 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
15:46:27.0281 0576 PlugPlay - ok
15:46:27.0296 0576 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:46:27.0296 0576 PolicyAgent - ok
15:46:27.0328 0576 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:46:27.0328 0576 PptpMiniport - ok
15:46:27.0359 0576 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:46:27.0359 0576 ProtectedStorage - ok
15:46:27.0375 0576 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:46:27.0375 0576 PSched - ok
15:46:27.0390 0576 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:46:27.0390 0576 Ptilink - ok
15:46:27.0421 0576 PxHelp20 - ok
15:46:27.0453 0576 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:46:27.0453 0576 ql1080 - ok
15:46:27.0468 0576 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:46:27.0484 0576 Ql10wnt - ok
15:46:27.0500 0576 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:46:27.0500 0576 ql12160 - ok
15:46:27.0515 0576 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:46:27.0515 0576 ql1240 - ok
15:46:27.0531 0576 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:46:27.0531 0576 ql1280 - ok
15:46:27.0562 0576 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:46:27.0562 0576 RasAcd - ok
15:46:27.0593 0576 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:46:27.0593 0576 RasAuto - ok
15:46:27.0640 0576 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:46:27.0640 0576 Rasl2tp - ok
15:46:27.0671 0576 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:46:27.0687 0576 RasMan - ok
15:46:27.0703 0576 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:46:27.0703 0576 RasPppoe - ok
15:46:27.0718 0576 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:46:27.0718 0576 Raspti - ok
15:46:27.0750 0576 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:46:27.0750 0576 Rdbss - ok
15:46:27.0781 0576 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:46:27.0781 0576 RDPCDD - ok
15:46:27.0843 0576 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:46:27.0843 0576 rdpdr - ok
15:46:27.0890 0576 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:46:27.0890 0576 RDPWD - ok
15:46:27.0953 0576 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:46:27.0953 0576 RDSessMgr - ok
15:46:27.0984 0576 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:46:27.0984 0576 redbook - ok
15:46:28.0031 0576 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:46:28.0031 0576 RemoteAccess - ok
15:46:28.0062 0576 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:46:28.0062 0576 RemoteRegistry - ok
15:46:28.0078 0576 [ 7A6648B61661B1421FFAB762E391E33F ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:46:28.0078 0576 rimmptsk - ok
15:46:28.0093 0576 [ D0A35B7670AA3558EAAB483F64446496 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:46:28.0109 0576 rimsptsk - ok
15:46:28.0140 0576 [ 3AC17802740C3A4764DC9750E92E6233 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:46:28.0156 0576 rismxdp - ok
15:46:28.0187 0576 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
15:46:28.0187 0576 RpcLocator - ok
15:46:28.0250 0576 [ C8061F289E000703E7672916B7FE1571 ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:46:28.0250 0576 RpcSs - ok
15:46:28.0265 0576 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:46:28.0265 0576 RSVP - ok
15:46:28.0296 0576 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:46:28.0296 0576 rtl8139 - ok
15:46:28.0328 0576 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
15:46:28.0328 0576 SamSs - ok
15:46:28.0359 0576 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:46:28.0359 0576 SCardSvr - ok
15:46:28.0390 0576 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:46:28.0390 0576 Schedule - ok
15:46:28.0406 0576 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:46:28.0406 0576 sdbus - ok
15:46:28.0421 0576 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:46:28.0421 0576 Secdrv - ok
15:46:28.0453 0576 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
15:46:28.0453 0576 seclogon - ok
15:46:28.0468 0576 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
15:46:28.0468 0576 SENS - ok
15:46:28.0500 0576 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
15:46:28.0500 0576 Serial - ok
15:46:28.0546 0576 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:46:28.0546 0576 Sfloppy - ok
15:46:28.0578 0576 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:46:28.0578 0576 SharedAccess - ok
15:46:28.0609 0576 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:46:28.0609 0576 ShellHWDetection - ok
15:46:28.0625 0576 Simbad - ok
15:46:28.0656 0576 [ 732D859B286DA692119F286B21A2A114 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:46:28.0656 0576 sisagp - ok
15:46:28.0671 0576 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:46:28.0671 0576 Sparrow - ok
15:46:28.0703 0576 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:46:28.0703 0576 splitter - ok
15:46:28.0734 0576 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:46:28.0734 0576 Spooler - ok
15:46:28.0750 0576 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:46:28.0750 0576 sr - ok
15:46:28.0765 0576 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
15:46:28.0765 0576 srservice - ok
15:46:28.0812 0576 [ 553007ECCE7F6565BBE645BEB66D3B69 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:46:28.0812 0576 Srv - ok
15:46:28.0843 0576 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:46:28.0843 0576 SSDPSRV - ok
15:46:28.0906 0576 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:46:28.0921 0576 stisvc - ok
15:46:28.0937 0576 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:46:28.0937 0576 swenum - ok
15:46:28.0953 0576 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:46:28.0953 0576 swmidi - ok
15:46:28.0968 0576 SwPrv - ok
15:46:29.0015 0576 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:46:29.0015 0576 symc810 - ok
15:46:29.0031 0576 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:46:29.0031 0576 symc8xx - ok
15:46:29.0062 0576 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:46:29.0062 0576 sym_hi - ok
15:46:29.0078 0576 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:46:29.0078 0576 sym_u3 - ok
15:46:29.0125 0576 [ 369D0626687A968182A9DB40FE8A0905 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:46:29.0125 0576 SynTP - ok
15:46:29.0156 0576 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:46:29.0156 0576 sysaudio - ok
15:46:29.0218 0576 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:46:29.0218 0576 SysmonLog - ok
15:46:29.0250 0576 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:46:29.0265 0576 TapiSrv - ok
15:46:29.0328 0576 [ 583E063FDC888CA30D05C2724B0D7EF4 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:46:29.0328 0576 Tcpip - ok
15:46:29.0359 0576 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:46:29.0359 0576 TDPIPE - ok
15:46:29.0390 0576 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:46:29.0390 0576 TDTCP - ok
15:46:29.0437 0576 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:46:29.0437 0576 TermDD - ok
15:46:29.0468 0576 [ C29A5286E64D97385178452D5F307B98 ] TermService C:\WINDOWS\System32\termsrv.dll
15:46:29.0468 0576 TermService - ok
15:46:29.0500 0576 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:46:29.0500 0576 Themes - ok
15:46:29.0546 0576 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:46:29.0546 0576 TlntSvr - ok
15:46:29.0562 0576 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:46:29.0562 0576 TosIde - ok
15:46:29.0593 0576 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:46:29.0593 0576 TrkWks - ok
15:46:29.0625 0576 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:46:29.0625 0576 Udfs - ok
15:46:29.0656 0576 UIUSys - ok
15:46:29.0687 0576 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:46:29.0687 0576 ultra - ok
15:46:29.0703 0576 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:46:29.0703 0576 Update - ok
15:46:29.0750 0576 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
15:46:29.0750 0576 upnphost - ok
15:46:29.0765 0576 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
15:46:29.0765 0576 UPS - ok
15:46:29.0781 0576 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:46:29.0781 0576 usbehci - ok
15:46:29.0812 0576 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:46:29.0812 0576 usbhub - ok
15:46:29.0875 0576 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:46:29.0875 0576 usbprint - ok
15:46:29.0921 0576 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:46:29.0921 0576 USBSTOR - ok
15:46:29.0953 0576 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:46:29.0953 0576 usbuhci - ok
15:46:29.0968 0576 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:46:29.0968 0576 VgaSave - ok
15:46:30.0000 0576 [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:46:30.0015 0576 viaagp - ok
15:46:30.0046 0576 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:46:30.0046 0576 ViaIde - ok
15:46:30.0062 0576 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:46:30.0062 0576 VolSnap - ok
15:46:30.0140 0576 [ 322AAA3B17E1FC664915350CDDE92EB8 ] Vongo Service C:\Program Files\Vongo\VongoService.exe
15:46:30.0140 0576 Vongo Service - ok
15:46:30.0203 0576 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
15:46:30.0203 0576 VSS - ok
15:46:30.0234 0576 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
15:46:30.0234 0576 W32Time - ok
15:46:30.0343 0576 [ C79918A5BD269035F3A34D157401B9DF ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
15:46:30.0359 0576 w39n51 - ok
15:46:30.0390 0576 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:46:30.0390 0576 Wanarp - ok
15:46:30.0421 0576 WDICA - ok
15:46:30.0453 0576 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:46:30.0453 0576 wdmaud - ok
15:46:30.0500 0576 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
15:46:30.0500 0576 WebClient - ok
15:46:30.0546 0576 [ 7FE372B1AB60736CC67E8EB6F1FB1F5B ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:46:30.0546 0576 winachsf - ok
15:46:30.0656 0576 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:46:30.0656 0576 winmgmt - ok
15:46:30.0734 0576 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:46:30.0734 0576 WmdmPmSN - ok
15:46:30.0796 0576 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
15:46:30.0796 0576 Wmi - ok
15:46:30.0828 0576 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:46:30.0828 0576 WmiAcpi - ok
15:46:30.0906 0576 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:46:30.0906 0576 WmiApSrv - ok
15:46:31.0015 0576 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:46:31.0031 0576 WMPNetworkSvc - ok
15:46:31.0093 0576 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:46:31.0109 0576 wscsvc - ok
15:46:31.0125 0576 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:46:31.0140 0576 wuauserv - ok
15:46:31.0187 0576 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:46:31.0187 0576 WudfPf - ok
15:46:31.0218 0576 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:46:31.0218 0576 WudfRd - ok
15:46:31.0250 0576 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:46:31.0250 0576 WudfSvc - ok
15:46:31.0296 0576 [ 247520EDED53A08AE89EA4FAE04F54D8 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:46:31.0312 0576 WZCSVC - ok
15:46:31.0375 0576 [ BCDC438BF7429772D1AA25233705C585 ] X4HSEx_Pr143 C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys
15:46:31.0375 0576 X4HSEx_Pr143 - ok
15:46:31.0421 0576 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:46:31.0421 0576 xmlprov - ok
15:46:31.0453 0576 ================ Scan global ===============================
15:46:31.0500 0576 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
15:46:31.0531 0576 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
15:46:31.0546 0576 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
15:46:31.0562 0576 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
15:46:31.0562 0576 [Global] - ok
15:46:31.0578 0576 ================ Scan MBR ==================================
15:46:31.0593 0576 [ 665277635DC8BA83DEAE12EADEDB75A0 ] \Device\Harddisk0\DR0
15:46:31.0937 0576 \Device\Harddisk0\DR0 - ok
15:46:31.0953 0576 ================ Scan VBR ==================================
15:46:31.0953 0576 [ 4695A94775E4FD4E5950D690AC512F8F ] \Device\Harddisk0\DR0\Partition1
15:46:31.0953 0576 \Device\Harddisk0\DR0\Partition1 - ok
15:46:31.0984 0576 [ 9D50C402C696597321D7FD71AA21B456 ] \Device\Harddisk0\DR0\Partition2
15:46:31.0984 0576 \Device\Harddisk0\DR0\Partition2 - ok
15:46:31.0984 0576 ============================================================
15:46:31.0984 0576 Scan finished
15:46:31.0984 0576 ============================================================
15:46:32.0015 0544 Detected object count: 0
15:46:32.0015 0544 Actual detected object count: 0

#7 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 29 November 2012 - 04:03 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-29 15:53:57
-----------------------------
15:53:57.140 OS Version: Windows 5.1.2600 Service Pack 2
15:53:57.140 Number of processors: 1 586 0xE08
15:53:57.140 ComputerName: PC110012138911 UserName: Rev. Evans
15:53:57.765 Initialize success
15:53:59.437 AVAST engine defs: 12111600
15:55:35.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:55:35.593 Disk 0 Vendor: HTS54101 MBZO Size: 95396MB BusType: 3
15:55:35.640 Disk 0 MBR read successfully
15:55:35.656 Disk 0 MBR scan
15:55:36.296 Disk 0 unknown MBR code
15:55:36.328 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 82435 MB offset 63
15:55:36.984 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 11923 MB offset 168843150
15:55:37.171 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 193261950
15:55:37.234 Disk 0 scanning sectors +195366465
15:55:37.593 Disk 0 scanning C:\WINDOWS\system32\drivers
15:55:52.796 Service scanning
15:56:13.687 Modules scanning
15:56:20.125 Disk 0 trace - called modules:
15:56:20.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
15:56:21.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f47030]
15:56:21.031 3 CLASSPNP.SYS[f862405b] -> nt!IofCallDriver -> \Device\00000083[0x82fcf410]
15:56:21.062 5 ACPI.sys[f857a620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x82fe5030]
15:56:21.671 AVAST engine scan C:\WINDOWS
15:56:25.656 AVAST engine scan C:\WINDOWS\system32
15:58:12.250 AVAST engine scan C:\WINDOWS\system32\drivers
15:58:23.890 AVAST engine scan C:\Documents and Settings\Rev. Evans
15:59:40.734 AVAST engine scan C:\Documents and Settings\All Users
16:00:23.718 Scan finished successfully
16:01:14.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rev. Evans\Desktop\MBR.dat"
16:01:14.265 The log file has been saved successfully to "C:\Documents and Settings\Rev. Evans\Desktop\aswMBR.txt"

#8 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 29 November 2012 - 05:57 PM

C:\Documents and Settings\Rev. Evans\Local Settings\Temp\ICReinstall_setup_7zip.exe a variant of Win32/InstallCore.AG application cleaned by deleting - quarantined
C:\Documents and Settings\Rev. Evans\Local Settings\Temp\is691223201\3639090_Setup.DAT a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Documents and Settings\Rev. Evans\My Documents\Downloads\dl.php a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Documents and Settings\Rev. Evans\My Documents\Downloads\jZipSetup-r100-w.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Documents and Settings\Rev. Evans\My Documents\Downloads\setup_7zip.exe a variant of Win32/InstallCore.AG application cleaned by deleting - quarantined
C:\Documents and Settings\Rev. Evans\My Documents\Downloads\winzip.exe a variant of Win32/InstallCore.AL application cleaned by deleting - quarantined
C:\Documents and Settings\Rev. Evans\My Documents\Downloads\WinZip170.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Documents and Settings\Rev. Evans\My Documents\Downloads\WinZip1720.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Documents and Settings\Rev. Evans\My Documents\Downloads\wzsysutil.exe Win32/OpenCandy application deleted - quarantined

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 PM

Posted 29 November 2012 - 07:41 PM

Hello, there is a possible MBR rootkit..
Lets check for and confirm the MBR (Master Boot Record) rootkit.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.


Also please run... ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Is add/ remove still empty?

Edited by boopme, 29 November 2012 - 07:44 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 30 November 2012 - 12:19 PM

Will do, again once I get home. I have to put that computer on remote access so I can run things like this
while I'm at work, lol. Know of any good programs that allow you to do that, I have Logmein and teamviewer, not sure if I can do that with them. I've been trying to run a web browser app from my job off a laptop, but it's not working, at least I don't see it. Any ideas?

RevClyburn

Oh and I love your scripture verse, 2 Timothy 4:3. Very true now days.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 PM

Posted 30 November 2012 - 01:59 PM

I am pretty sure LogMeIn Hamachi will allow that.

Yep, That's why its there as it is most appropriate nowa days..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 30 November 2012 - 07:07 PM

# AdwCleaner v2.010 - Logfile created 11/30/2012 at 19:02:11
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Rev. Evans - PC110012138911
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Rev. Evans\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Rev. Evans\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Deleted on reboot : C:\Documents and Settings\Rev. Evans\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
File Deleted : C:\Documents and Settings\All Users\Desktop\eBay.lnk
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\Rev. Evans\Application Data\DefaultTab
Folder Deleted : C:\Program Files\DefaultTab

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\CompeteInc
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Rev. Evans\Application Data\Mozilla\Firefox\Profiles\6xfb52qk.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\h68h17m9.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Rev. Evans\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5147 octets] - [30/11/2012 19:02:11]

########## EOF - C:\AdwCleaner[S1].txt - [5207 octets] ##########

#13 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 30 November 2012 - 07:16 PM

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!


Had to run it by double click, the other way came back empty, is that how it was suppose to be?

#14 revclyburn

revclyburn
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 30 November 2012 - 07:18 PM

And yes, add/remove programs is still empty will not migrate

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 PM

Posted 30 November 2012 - 08:13 PM

OK, we will need to get a deeper look and some specific tools... Make a neew topic with te guide below.
Mentiion the possible MBR Rootkit issue..and the add/remove

Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.

Include this link back to here...

http://www.bleepingcomputer.com/forums/topic475536.html/page__pid__2909756#top
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users