Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got rid of popups with Symantec/Anti Malware - Still extremely sluggish


  • Please log in to reply
11 replies to this topic

#1 cobbs

cobbs

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 19 January 2013 - 01:18 PM

Hi,

I came home to a very slow computer with a number of pop-ups all over my screen. It had been running excellent previously. I did a scan with Symantec which removed some viruses. I also ran Malwarebytes and SUPERAntispyware. Both of these programs also removed a number of viruses. The pop-ups are now gone, but my computer is still very sluggish and mostly in-operable and I don't know what to do next.

Thanks for taking the time to help!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 AM

Posted 19 January 2013 - 03:38 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 cobbs

cobbs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 20 January 2013 - 03:35 PM

Below are the first two logs. I ran the ESET online scanner. I could not find how to export the list, but it reported no threats.

Sorry this took so long, but as you can tell by the aswMBR log, the computer is running very slow, often taking 4-5 minutes to respond to a mouse click.

Thanks for the help!

16:34:51.0736 7816 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:34:53.0345 7816 ============================================================
16:34:53.0345 7816 Current date / time: 2013/01/19 16:34:53.0345
16:34:53.0345 7816 SystemInfo:
16:34:53.0345 7816
16:34:53.0345 7816 OS Version: 5.1.2600 ServicePack: 3.0
16:34:53.0345 7816 Product type: Workstation
16:34:53.0345 7816 ComputerName: OFFICE
16:34:53.0408 7816 UserName: Valued Customer
16:34:53.0408 7816 Windows directory: C:\WINDOWS
16:34:53.0408 7816 System windows directory: C:\WINDOWS
16:34:53.0408 7816 Processor architecture: Intel x86
16:34:53.0408 7816 Number of processors: 2
16:34:53.0408 7816 Page size: 0x1000
16:34:53.0408 7816 Boot type: Normal boot
16:34:53.0408 7816 ============================================================
16:35:02.0595 7816 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:35:02.0611 7816 Drive \Device\Harddisk1\DR6 - Size: 0x3A2360000 (14.53 Gb), SectorSize: 0x200, Cylinders: 0x769, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:35:02.0611 7816 ============================================================
16:35:02.0611 7816 \Device\Harddisk0\DR0:
16:35:02.0611 7816 MBR partitions:
16:35:02.0611 7816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x494BBAA8
16:35:02.0611 7816 \Device\Harddisk1\DR6:
16:35:02.0611 7816 MBR partitions:
16:35:02.0611 7816 \Device\Harddisk1\DR6\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D0FB80
16:35:02.0611 7816 ============================================================
16:35:02.0751 7816 C: <-> \Device\Harddisk0\DR0\Partition1
16:35:02.0751 7816 ============================================================
16:35:02.0751 7816 Initialize success
16:35:02.0751 7816 ============================================================
16:35:06.0454 10252 ============================================================
16:35:06.0454 10252 Scan started
16:35:06.0454 10252 Mode: Manual;
16:35:06.0454 10252 ============================================================
16:35:08.0470 10252 ================ Scan system memory ========================
16:35:13.0189 10252 System memory - ok
16:35:13.0189 10252 ================ Scan services =============================
16:35:14.0126 10252 Abiosdsk - ok
16:35:14.0220 10252 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:35:14.0579 10252 abp480n5 - ok
16:35:14.0611 10252 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:35:14.0611 10252 ACPI - ok
16:35:14.0611 10252 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:35:14.0954 10252 ACPIEC - ok
16:35:15.0064 10252 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:35:15.0517 10252 adpu160m - ok
16:35:15.0611 10252 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:35:16.0548 10252 aec - ok
16:35:16.0579 10252 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:35:16.0579 10252 AFD - ok
16:35:16.0595 10252 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:35:17.0423 10252 agp440 - ok
16:35:17.0439 10252 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:35:18.0298 10252 agpCPQ - ok
16:35:18.0314 10252 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:35:18.0923 10252 Aha154x - ok
16:35:18.0986 10252 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:35:19.0423 10252 aic78u2 - ok
16:35:19.0423 10252 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:35:19.0986 10252 aic78xx - ok
16:35:20.0064 10252 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:35:20.0408 10252 Alerter - ok
16:35:20.0439 10252 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:35:21.0095 10252 ALG - ok
16:35:21.0142 10252 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
16:35:46.0048 10252 AliIde - ok
16:35:46.0064 10252 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:35:46.0923 10252 alim1541 - ok
16:35:46.0923 10252 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:35:48.0017 10252 amdagp - ok
16:35:48.0079 10252 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
16:35:48.0486 10252 amsint - ok
16:35:48.0501 10252 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:35:49.0048 10252 AppMgmt - ok
16:35:49.0064 10252 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
16:35:49.0423 10252 asc - ok
16:35:49.0423 10252 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:35:49.0798 10252 asc3350p - ok
16:35:49.0861 10252 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:35:50.0267 10252 asc3550 - ok
16:35:50.0423 10252 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:36:23.0783 10252 aspnet_state - ok
16:36:23.0798 10252 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:36:24.0033 10252 AsyncMac - ok
16:36:24.0111 10252 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:36:24.0126 10252 atapi - ok
16:36:24.0126 10252 Atdisk - ok
16:36:24.0236 10252 [ 9967166608694DC884D69CBB612BA3A3 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:36:24.0236 10252 Ati HotKey Poller - ok
16:36:24.0439 10252 [ 79E69E18960E8013840AF2681C5E77AB ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:36:24.0783 10252 ati2mtag - ok
16:36:24.0814 10252 [ D9BC8892B9440A2551B8148C57AA039E ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
16:36:24.0814 10252 AtiHdmiService - ok
16:36:24.0829 10252 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:36:25.0423 10252 Atmarpc - ok
16:36:25.0454 10252 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:36:25.0454 10252 AudioSrv - ok
16:36:25.0548 10252 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:36:25.0548 10252 audstub - ok
16:36:25.0595 10252 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:36:25.0595 10252 Beep - ok
16:36:25.0642 10252 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:36:25.0689 10252 BITS - ok
16:36:25.0720 10252 [ 32790D68DDCF79C990622564585CA546 ] BlackBox C:\WINDOWS\system32\drivers\BlackBox.sys
16:36:25.0720 10252 BlackBox - ok
16:36:25.0736 10252 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
16:36:25.0736 10252 Browser - ok
16:36:25.0798 10252 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\WINDOWS\system32\DRIVERS\motfilt.sys
16:36:26.0064 10252 BTCFilterService - ok
16:37:05.0548 10252 catchme - ok
16:37:15.0736 10252 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:37:16.0892 10252 cbidf - ok
16:37:17.0017 10252 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:37:17.0017 10252 cbidf2k - ok
16:37:17.0986 10252 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:37:18.0048 10252 ccEvtMgr - ok
16:37:18.0173 10252 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:37:18.0173 10252 ccSetMgr - ok
16:37:18.0361 10252 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:37:19.0423 10252 cd20xrnt - ok
16:37:19.0673 10252 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:37:20.0829 10252 Cdaudio - ok
16:37:20.0939 10252 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:37:20.0939 10252 Cdfs - ok
16:37:21.0158 10252 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:37:21.0158 10252 Cdrom - ok
16:37:21.0423 10252 Changer - ok
16:37:21.0720 10252 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:37:22.0751 10252 CiSvc - ok
16:37:22.0814 10252 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:37:24.0814 10252 ClipSrv - ok
16:37:25.0829 10252 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:38:39.0361 10252 clr_optimization_v2.0.50727_32 - ok
16:38:39.0361 10252 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:38:39.0595 10252 CmdIde - ok
16:38:39.0626 10252 [ C586875ECE5318C6309ED1AB79D0E55F ] COH_Mon C:\WINDOWS\system32\Drivers\COH_Mon.sys
16:38:39.0626 10252 COH_Mon - ok
16:38:39.0626 10252 COMSysApp - ok
16:38:39.0673 10252 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:38:40.0126 10252 Cpqarray - ok
16:38:40.0158 10252 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:38:40.0158 10252 CryptSvc - ok
16:38:40.0392 10252 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:38:40.0861 10252 dac2w2k - ok
16:38:40.0861 10252 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:38:41.0173 10252 dac960nt - ok
16:38:41.0220 10252 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:38:41.0220 10252 DcomLaunch - ok
16:38:41.0267 10252 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:38:41.0267 10252 Dhcp - ok
16:38:41.0314 10252 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:38:41.0314 10252 Disk - ok
16:38:41.0423 10252 dmadmin - ok
16:38:41.0486 10252 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:38:41.0767 10252 dmboot - ok
16:38:41.0767 10252 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:38:41.0767 10252 dmio - ok
16:38:41.0829 10252 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:38:41.0829 10252 dmload - ok
16:38:41.0954 10252 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:38:41.0954 10252 dmserver - ok
16:38:42.0048 10252 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:38:42.0783 10252 DMusic - ok
16:38:42.0861 10252 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:38:42.0861 10252 Dnscache - ok
16:38:42.0986 10252 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
16:38:42.0986 10252 DockLoginService - ok
16:38:43.0017 10252 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:38:43.0673 10252 Dot3svc - ok
16:38:43.0673 10252 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:38:44.0220 10252 dpti2o - ok
16:38:44.0267 10252 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:38:44.0751 10252 drmkaud - ok
16:38:44.0783 10252 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:38:45.0533 10252 EapHost - ok
16:38:45.0611 10252 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:38:45.0736 10252 eeCtrl - ok
16:38:45.0798 10252 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:38:45.0814 10252 EraserUtilRebootDrv - ok
16:38:45.0814 10252 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:38:45.0814 10252 ERSvc - ok
16:38:45.0861 10252 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:38:45.0861 10252 Eventlog - ok
16:38:45.0954 10252 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:38:45.0954 10252 EventSystem - ok
16:38:46.0017 10252 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:38:46.0017 10252 Fastfat - ok
16:38:46.0064 10252 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:38:46.0079 10252 FastUserSwitchingCompatibility - ok
16:38:46.0095 10252 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
16:38:46.0095 10252 Fax - ok
16:38:46.0111 10252 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:38:46.0111 10252 Fdc - ok
16:38:46.0126 10252 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:38:46.0126 10252 Fips - ok
16:38:46.0173 10252 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:38:46.0501 10252 Flpydisk - ok
16:38:46.0517 10252 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:38:46.0517 10252 FltMgr - ok
16:38:46.0611 10252 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:38:47.0861 10252 FontCache3.0.0.0 - ok
16:38:47.0876 10252 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:38:47.0876 10252 Fs_Rec - ok
16:38:47.0908 10252 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:38:47.0908 10252 Ftdisk - ok
16:38:47.0970 10252 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:38:47.0970 10252 Gpc - ok
16:38:47.0986 10252 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:38:47.0986 10252 HDAudBus - ok
16:38:48.0064 10252 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:38:48.0064 10252 helpsvc - ok
16:38:48.0064 10252 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:38:48.0064 10252 HidServ - ok
16:38:48.0142 10252 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:38:48.0173 10252 hidusb - ok
16:38:48.0189 10252 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:38:49.0298 10252 hkmsvc - ok
16:38:49.0548 10252 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
16:38:49.0876 10252 hpn - ok
16:38:49.0908 10252 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:38:49.0954 10252 HTTP - ok
16:38:50.0033 10252 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:38:50.0033 10252 HTTPFilter - ok
16:38:50.0048 10252 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:38:50.0048 10252 i2omgmt - ok
16:38:50.0064 10252 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:38:50.0329 10252 i2omp - ok
16:38:50.0454 10252 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:38:52.0923 10252 idsvc - ok
16:38:52.0939 10252 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:38:52.0939 10252 Imapi - ok
16:38:52.0954 10252 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:38:53.0861 10252 ImapiService - ok
16:38:53.0892 10252 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:38:54.0189 10252 ini910u - ok
16:38:54.0361 10252 [ 2FEB5BF0312E1CB76CD2CAA875CBAA5D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:38:54.0939 10252 IntcAzAudAddService - ok
16:38:54.0970 10252 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:38:55.0314 10252 IntelIde - ok
16:38:55.0392 10252 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:38:55.0392 10252 intelppm - ok
16:38:55.0423 10252 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:38:56.0126 10252 Ip6Fw - ok
16:38:56.0142 10252 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:38:56.0408 10252 IpFilterDriver - ok
16:38:56.0408 10252 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:38:56.0783 10252 IpInIp - ok
16:38:56.0798 10252 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:38:57.0486 10252 IpNat - ok
16:38:57.0939 10252 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:38:57.0939 10252 IPSec - ok
16:38:58.0126 10252 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:38:58.0564 10252 IRENUM - ok
16:38:58.0579 10252 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:38:58.0579 10252 isapnp - ok
16:38:58.0704 10252 [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:38:58.0829 10252 JavaQuickStarterService - ok
16:38:58.0845 10252 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:38:58.0845 10252 Kbdclass - ok
16:38:58.0845 10252 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:38:58.0845 10252 kbdhid - ok
16:38:58.0861 10252 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:38:58.0876 10252 kmixer - ok
16:38:58.0939 10252 [ F127EDAFEFE416643BB9C183FBE8C1F8 ] KORGUMDS C:\WINDOWS\system32\Drivers\KORGUMDS.SYS
16:38:59.0376 10252 KORGUMDS - ok
16:38:59.0392 10252 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:38:59.0392 10252 KSecDD - ok
16:38:59.0470 10252 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:38:59.0470 10252 LanmanServer - ok
16:38:59.0517 10252 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:38:59.0517 10252 lanmanworkstation - ok
16:38:59.0517 10252 lbrtfdc - ok
16:38:59.0658 10252 [ CB5D13966F74D7F000724A907F614193 ] libusb0 C:\WINDOWS\system32\DRIVERS\libusb0.sys
16:39:12.0298 10252 libusb0 - ok
16:39:14.0001 10252 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
16:39:14.0064 10252 LiveUpdate - ok
16:39:14.0204 10252 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:39:14.0204 10252 LmHosts - ok
16:39:14.0548 10252 McShield - ok
16:39:14.0814 10252 McSysmon - ok
16:39:16.0673 10252 [ 165C8881EFC3AE4EA01CCCE7735BE68E ] MediaMall Server C:\Program Files\MediaMall\MediaMallServer.exe
16:39:16.0829 10252 MediaMall Server - ok
16:39:16.0954 10252 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:39:32.0220 10252 Messenger - ok
16:39:33.0376 10252 Microsoft SharePoint Workspace Audit Service - ok
16:39:33.0517 10252 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:39:33.0517 10252 mnmdd - ok
16:39:33.0814 10252 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:39:36.0564 10252 mnmsrvc - ok
16:39:36.0673 10252 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:39:38.0611 10252 Modem - ok
16:39:38.0720 10252 [ 7B8D7BB9AE3AE9CD133BBC5AA91DD3CC ] motccgp C:\WINDOWS\system32\DRIVERS\motccgp.sys
16:39:39.0736 10252 motccgp - ok
16:39:39.0798 10252 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
16:39:40.0986 10252 motccgpfl - ok
16:39:41.0189 10252 [ C3B0FD4F463E90B3917FF6CCEA853BB6 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
16:39:42.0283 10252 motmodem - ok
16:39:42.0564 10252 [ 36AC4DECEAE4226A5B5DD038C49658E1 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
16:39:42.0611 10252 MotoHelper - ok
16:39:42.0783 10252 [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\WINDOWS\system32\DRIVERS\motswch.sys
16:39:44.0126 10252 MotoSwitchService - ok
16:39:44.0267 10252 [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
16:39:45.0564 10252 Motousbnet - ok
16:39:45.0751 10252 [ 2136CCA3D1BF7C0248E5366B1A6C24E3 ] motusbdevice C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
16:40:06.0251 10252 motusbdevice - ok
16:40:06.0658 10252 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:40:06.0658 10252 Mouclass - ok
16:40:06.0954 10252 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:40:06.0954 10252 mouhid - ok
16:40:07.0095 10252 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:40:07.0095 10252 MountMgr - ok
16:40:07.0392 10252 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:40:40.0501 10252 MozillaMaintenance - ok
16:40:40.0798 10252 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:40:42.0079 10252 mraid35x - ok
16:40:42.0283 10252 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:40:42.0345 10252 MRxDAV - ok
16:40:42.0564 10252 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:40:42.0564 10252 MRxSmb - ok
16:40:42.0751 10252 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:40:44.0126 10252 MSDTC - ok
16:40:44.0470 10252 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:40:44.0470 10252 Msfs - ok
16:40:44.0579 10252 MSIServer - ok
16:40:44.0845 10252 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:40:45.0986 10252 MSKSSRV - ok
16:40:46.0111 10252 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:40:47.0048 10252 MSPCLOCK - ok
16:40:47.0142 10252 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:40:48.0033 10252 MSPQM - ok
16:40:48.0376 10252 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:40:48.0376 10252 mssmbios - ok
16:40:48.0626 10252 [ 00C7B2306F1CA5389A1AC6D1DF9C2E25 ] msvad_simple C:\WINDOWS\system32\drivers\povrtdev.sys
16:40:48.0626 10252 msvad_simple - ok
16:40:48.0876 10252 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:40:48.0876 10252 Mup - ok
16:40:49.0079 10252 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:40:52.0298 10252 napagent - ok
16:40:52.0626 10252 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130117.025\NAVENG.SYS
16:40:52.0626 10252 NAVENG - ok
16:40:53.0361 10252 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130117.025\NAVEX15.SYS
16:40:53.0423 10252 NAVEX15 - ok
16:40:53.0673 10252 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:40:53.0736 10252 NDIS - ok
16:40:53.0892 10252 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:40:53.0892 10252 NdisTapi - ok
16:40:54.0048 10252 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:40:54.0048 10252 Ndisuio - ok
16:40:54.0267 10252 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:40:54.0267 10252 NdisWan - ok
16:40:54.0517 10252 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:40:54.0517 10252 NDProxy - ok
16:40:54.0876 10252 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:40:54.0876 10252 NetBIOS - ok
16:40:55.0126 10252 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:40:55.0126 10252 NetBT - ok
16:40:55.0408 10252 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:41:15.0095 10252 NetDDE - ok
16:41:15.0236 10252 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:41:15.0236 10252 NetDDEdsdm - ok
16:41:15.0548 10252 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:41:15.0548 10252 Netlogon - ok
16:41:15.0829 10252 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:41:15.0970 10252 Netman - ok
16:41:16.0204 10252 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:41:26.0736 10252 NetTcpPortSharing - ok
16:41:26.0892 10252 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:41:27.0142 10252 Nla - ok
16:41:27.0251 10252 [ 590168F80BEBC75CAF9EC7006A77C9B4 ] NovacomD C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
16:41:27.0267 10252 NovacomD - ok
16:41:27.0579 10252 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:41:27.0579 10252 Npfs - ok
16:41:27.0876 10252 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:41:28.0251 10252 Ntfs - ok
16:41:28.0501 10252 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:41:28.0564 10252 NtLmSsp - ok
16:41:28.0908 10252 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:41:35.0892 10252 NtmsSvc - ok
16:41:35.0954 10252 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:41:35.0954 10252 Null - ok
16:41:36.0142 10252 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:41:37.0204 10252 NwlnkFlt - ok
16:41:37.0251 10252 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:41:38.0345 10252 NwlnkFwd - ok
16:41:38.0611 10252 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:03.0236 10252 ose - ok
16:43:05.0329 10252 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:43:32.0517 10252 osppsvc - ok
16:43:32.0876 10252 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:43:35.0579 10252 Parport - ok
16:43:35.0704 10252 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:43:35.0720 10252 PartMgr - ok
16:43:35.0908 10252 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:43:36.0954 10252 ParVdm - ok
16:43:37.0017 10252 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:43:37.0033 10252 PCI - ok
16:43:37.0204 10252 PCIDump - ok
16:43:37.0595 10252 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:43:37.0595 10252 PCIIde - ok
16:43:37.0892 10252 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:43:40.0501 10252 Pcmcia - ok
16:43:40.0611 10252 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
16:43:40.0611 10252 pcouffin - ok
16:43:40.0876 10252 PDCOMP - ok
16:43:41.0064 10252 PDFRAME - ok
16:43:41.0501 10252 PDRELI - ok
16:43:41.0704 10252 PDRFRAME - ok
16:43:41.0845 10252 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
16:43:42.0970 10252 perc2 - ok
16:43:43.0064 10252 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:44:08.0033 10252 perc2hib - ok
16:44:08.0595 10252 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:44:08.0611 10252 PlugPlay - ok
16:44:08.0861 10252 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:44:08.0861 10252 PolicyAgent - ok
16:44:09.0142 10252 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:44:09.0142 10252 PptpMiniport - ok
16:44:09.0423 10252 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:44:09.0423 10252 ProtectedStorage - ok
16:44:09.0736 10252 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:44:09.0829 10252 PSched - ok
16:44:10.0173 10252 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:44:10.0173 10252 Ptilink - ok
16:44:10.0454 10252 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:44:10.0454 10252 PxHelp20 - ok
16:44:10.0798 10252 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:44:11.0595 10252 ql1080 - ok
16:44:11.0689 10252 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:44:12.0251 10252 Ql10wnt - ok
16:44:12.0314 10252 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:44:12.0720 10252 ql12160 - ok
16:44:12.0720 10252 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:44:12.0986 10252 ql1240 - ok
16:44:13.0001 10252 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:44:13.0361 10252 ql1280 - ok
16:44:13.0361 10252 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:44:13.0361 10252 RasAcd - ok
16:44:13.0470 10252 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:44:14.0079 10252 RasAuto - ok
16:44:14.0111 10252 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:44:14.0111 10252 Rasl2tp - ok
16:44:14.0126 10252 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:44:14.0173 10252 RasMan - ok
16:44:14.0173 10252 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:44:14.0173 10252 RasPppoe - ok
16:44:14.0236 10252 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:44:14.0236 10252 Raspti - ok
16:44:14.0283 10252 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:44:14.0283 10252 Rdbss - ok
16:44:14.0298 10252 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:44:14.0298 10252 RDPCDD - ok
16:44:14.0361 10252 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:44:14.0361 10252 rdpdr - ok
16:44:14.0454 10252 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:44:15.0204 10252 RDPWD - ok
16:44:15.0439 10252 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:44:16.0189 10252 RDSessMgr - ok
16:44:16.0189 10252 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:44:16.0189 10252 redbook - ok
16:44:16.0267 10252 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:44:16.0876 10252 RemoteAccess - ok
16:44:16.0939 10252 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:44:16.0939 10252 RemoteRegistry - ok
16:44:16.0986 10252 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:44:17.0673 10252 RpcLocator - ok
16:44:17.0689 10252 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:44:17.0689 10252 RpcSs - ok
16:44:17.0783 10252 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:44:37.0970 10252 RSVP - ok
16:44:38.0001 10252 [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:44:38.0001 10252 RTLE8023xp - ok
16:44:38.0048 10252 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:44:38.0064 10252 SamSs - ok
16:44:38.0158 10252 [ 4BFBB868C869A4F8486D4C36849D59CF ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:44:39.0954 10252 SASDIFSV - ok
16:44:39.0970 10252 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:44:39.0970 10252 SASKUTIL - ok
16:44:39.0986 10252 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:44:40.0579 10252 SCardSvr - ok
16:44:40.0658 10252 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:44:40.0658 10252 Schedule - ok
16:44:40.0736 10252 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:44:41.0111 10252 Secdrv - ok
16:44:41.0173 10252 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:44:41.0173 10252 seclogon - ok
16:44:41.0173 10252 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:44:41.0173 10252 SENS - ok
16:44:41.0298 10252 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
16:44:41.0986 10252 Serial - ok
16:44:42.0048 10252 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:44:42.0439 10252 Sfloppy - ok
16:44:42.0486 10252 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:44:42.0486 10252 ShellHWDetection - ok
16:44:42.0595 10252 Simbad - ok
16:44:42.0658 10252 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:44:43.0408 10252 sisagp - ok
16:44:43.0908 10252 [ A58C1A086D9C09C6572C948F22CC0E94 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
16:44:43.0923 10252 SmcService - ok
16:44:44.0033 10252 [ D2C222441255131E29DE351475F98F6D ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
16:45:19.0892 10252 SNAC - ok
16:45:19.0986 10252 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:45:23.0079 10252 Sparrow - ok
16:45:23.0283 10252 [ E621BB5839CF45FA477F48092EDD2B40 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
16:45:24.0204 10252 SPBBCDrv - ok
16:45:24.0298 10252 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:45:24.0673 10252 splitter - ok
16:45:24.0673 10252 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:45:24.0673 10252 Spooler - ok
16:45:24.0814 10252 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:45:24.0814 10252 sr - ok
16:45:24.0970 10252 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:45:24.0970 10252 srservice - ok
16:45:25.0048 10252 [ 2ABF82C8452AB0B9FFC74A2D5DA91989 ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
16:45:25.0048 10252 SRTSP - ok
16:45:25.0204 10252 [ E2F9E5887BEA5BD8784D337E06EDA31B ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
16:45:26.0173 10252 SRTSPL - ok
16:45:26.0251 10252 [ 3B974C158FABD910186F98DF8D3E23F3 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
16:45:26.0251 10252 SRTSPX - ok
16:45:26.0283 10252 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:45:26.0298 10252 Srv - ok
16:45:26.0314 10252 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:45:26.0314 10252 SSDPSRV - ok
16:45:26.0361 10252 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
16:45:26.0361 10252 StillCam - ok
16:45:26.0408 10252 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:45:26.0408 10252 stisvc - ok
16:45:26.0470 10252 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:45:28.0908 10252 stllssvr - ok
16:45:28.0908 10252 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:45:28.0908 10252 swenum - ok
16:45:28.0986 10252 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:45:28.0986 10252 swmidi - ok
16:45:29.0001 10252 SwPrv - ok
16:45:29.0345 10252 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
16:45:29.0361 10252 Symantec AntiVirus - ok
16:45:29.0439 10252 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
16:45:29.0845 10252 symc810 - ok
16:45:29.0861 10252 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:45:30.0220 10252 symc8xx - ok
16:45:30.0283 10252 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:45:30.0579 10252 SymEvent - ok
16:45:30.0595 10252 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
16:45:30.0595 10252 SYMREDRV - ok
16:45:30.0689 10252 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
16:45:30.0689 10252 SYMTDI - ok
16:45:30.0689 10252 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:45:31.0095 10252 sym_hi - ok
16:45:31.0111 10252 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:45:31.0533 10252 sym_u3 - ok
16:45:31.0579 10252 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:45:31.0579 10252 sysaudio - ok
16:45:31.0908 10252 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:45:32.0517 10252 SysmonLog - ok
16:45:32.0533 10252 [ 1295B1DA3E2A2C24C7D176F6E97AFBD1 ] SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
16:45:32.0533 10252 SysPlant - ok
16:45:32.0611 10252 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:45:32.0611 10252 TapiSrv - ok
16:45:32.0658 10252 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:45:32.0658 10252 Tcpip - ok
16:45:32.0783 10252 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:45:33.0158 10252 TDPIPE - ok
16:45:33.0158 10252 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:45:33.0533 10252 TDTCP - ok
16:45:33.0861 10252 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
16:45:33.0876 10252 TeamViewer7 - ok
16:45:33.0908 10252 [ 1DE2E1357552A79F39BFF003A11C533E ] Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys
16:45:33.0908 10252 Teefer2 - ok
16:45:33.0986 10252 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:45:33.0986 10252 TermDD - ok
16:45:33.0986 10252 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:45:33.0986 10252 TermService - ok
16:45:34.0001 10252 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:45:34.0001 10252 Themes - ok
16:45:34.0017 10252 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:45:34.0595 10252 TlntSvr - ok
16:45:34.0642 10252 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
16:45:34.0923 10252 TosIde - ok
16:45:34.0954 10252 [ 8F7F06EDE2C6B8767B5C7DE3A4118BD3 ] TPkd C:\WINDOWS\system32\drivers\TPkd.sys
16:45:34.0954 10252 TPkd - ok
16:45:34.0954 10252 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:45:34.0954 10252 TrkWks - ok
16:45:34.0986 10252 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:45:35.0611 10252 Udfs - ok
16:45:35.0673 10252 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
16:45:36.0001 10252 ultra - ok
16:45:36.0001 10252 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:45:36.0001 10252 Update - ok
16:45:36.0048 10252 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:45:36.0048 10252 upnphost - ok
16:45:36.0048 10252 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:45:36.0298 10252 UPS - ok
16:45:36.0361 10252 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:45:37.0033 10252 usbaudio - ok
16:45:37.0095 10252 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:45:37.0111 10252 usbccgp - ok
16:45:37.0142 10252 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:45:37.0142 10252 usbehci - ok
16:45:37.0158 10252 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:45:37.0158 10252 usbhub - ok
16:45:37.0204 10252 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:45:37.0564 10252 usbscan - ok
16:45:37.0595 10252 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
16:45:38.0345 10252 usbser - ok
16:45:38.0454 10252 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:45:38.0454 10252 USBSTOR - ok
16:45:38.0501 10252 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:45:38.0501 10252 usbuhci - ok
16:45:38.0501 10252 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:45:38.0501 10252 VgaSave - ok
16:45:38.0517 10252 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:45:58.0658 10252 viaagp - ok
16:45:58.0673 10252 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
16:45:59.0095 10252 ViaIde - ok
16:45:59.0173 10252 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:45:59.0173 10252 VolSnap - ok
16:45:59.0220 10252 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:45:59.0408 10252 VSS - ok
16:45:59.0470 10252 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
16:45:59.0517 10252 w32time - ok
16:45:59.0533 10252 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:45:59.0533 10252 Wanarp - ok
16:45:59.0579 10252 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
16:46:00.0454 10252 Wdf01000 - ok
16:46:00.0454 10252 WDICA - ok
16:46:00.0470 10252 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:46:00.0470 10252 wdmaud - ok
16:46:00.0548 10252 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:46:00.0548 10252 WebClient - ok
16:46:00.0642 10252 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:46:00.0642 10252 winmgmt - ok
16:46:00.0689 10252 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:46:01.0611 10252 WinUSB - ok
16:46:01.0626 10252 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:46:02.0283 10252 WmdmPmSN - ok
16:46:02.0376 10252 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:46:02.0376 10252 Wmi - ok
16:46:02.0454 10252 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:46:07.0861 10252 WmiApSrv - ok
16:46:07.0970 10252 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:46:07.0970 10252 WMPNetworkSvc - ok
16:46:07.0986 10252 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:46:09.0267 10252 WpdUsb - ok
16:46:09.0298 10252 [ C1620EBB375D3B02E31FD311C44FEDEB ] WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys
16:46:09.0861 10252 WPS - ok
16:46:09.0876 10252 [ C306D2037EC147C7C663994F12B87F1E ] WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys
16:46:09.0876 10252 WpsHelper - ok
16:46:09.0986 10252 WSearch - ok
16:46:10.0111 10252 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:46:10.0111 10252 WudfPf - ok
16:46:10.0189 10252 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:46:11.0204 10252 WudfRd - ok
16:46:11.0236 10252 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:46:11.0236 10252 WudfSvc - ok
16:46:11.0283 10252 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:46:11.0283 10252 WZCSVC - ok
16:46:11.0345 10252 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:46:12.0001 10252 xmlprov - ok
16:46:12.0001 10252 ================ Scan global ===============================
16:46:12.0033 10252 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:46:12.0079 10252 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
16:46:12.0142 10252 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
16:46:12.0158 10252 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:46:12.0158 10252 [Global] - ok
16:46:12.0158 10252 ================ Scan MBR ==================================
16:46:12.0204 10252 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:46:14.0095 10252 \Device\Harddisk0\DR0 - ok
16:46:14.0126 10252 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR6
16:46:17.0642 10252 \Device\Harddisk1\DR6 - ok
16:46:17.0658 10252 ================ Scan VBR ==================================
16:46:17.0658 10252 [ E2616A9587A6048ED1B5B2B3A05C4E6C ] \Device\Harddisk0\DR0\Partition1
16:46:17.0658 10252 \Device\Harddisk0\DR0\Partition1 - ok
16:46:17.0829 10252 [ BC67C2B6CA0B0907B364024E6B72FA63 ] \Device\Harddisk1\DR6\Partition1
16:46:17.0829 10252 \Device\Harddisk1\DR6\Partition1 - ok
16:46:17.0861 10252 ============================================================
16:46:17.0861 10252 Scan finished
16:46:17.0861 10252 ============================================================
16:46:17.0876 11820 Detected object count: 0
16:46:17.0876 11820 Actual detected object count: 0
17:15:35.0954 10388 ============================================================
17:15:35.0954 10388 Scan started
17:15:35.0954 10388 Mode: Manual; TDLFS;
17:15:35.0954 10388 ============================================================
17:15:36.0392 10388 ================ Scan system memory ========================
17:15:37.0658 10388 System memory - ok
17:15:37.0658 10388 ================ Scan services =============================
17:15:38.0064 10388 Abiosdsk - ok
17:15:38.0095 10388 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:15:38.0095 10388 abp480n5 - ok
17:15:38.0126 10388 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:15:38.0126 10388 ACPI - ok
17:15:38.0173 10388 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:15:38.0173 10388 ACPIEC - ok
17:15:38.0189 10388 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:15:38.0189 10388 adpu160m - ok
17:15:38.0267 10388 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:15:38.0267 10388 aec - ok
17:15:38.0314 10388 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:15:38.0314 10388 AFD - ok
17:15:38.0329 10388 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:15:38.0329 10388 agp440 - ok
17:15:38.0345 10388 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:15:38.0345 10388 agpCPQ - ok
17:15:38.0345 10388 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:15:38.0345 10388 Aha154x - ok
17:15:38.0345 10388 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:15:38.0345 10388 aic78u2 - ok
17:15:38.0361 10388 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:15:38.0361 10388 aic78xx - ok
17:15:38.0501 10388 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:15:38.0501 10388 Alerter - ok
17:15:38.0517 10388 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:15:38.0517 10388 ALG - ok
17:15:38.0533 10388 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
17:15:38.0533 10388 AliIde - ok
17:15:38.0595 10388 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:15:38.0595 10388 alim1541 - ok
17:15:38.0611 10388 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:15:38.0611 10388 amdagp - ok
17:15:38.0611 10388 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
17:15:38.0611 10388 amsint - ok
17:15:38.0626 10388 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:15:38.0626 10388 AppMgmt - ok
17:15:38.0658 10388 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
17:15:38.0658 10388 asc - ok
17:15:38.0720 10388 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:15:38.0720 10388 asc3350p - ok
17:15:38.0783 10388 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:15:38.0783 10388 asc3550 - ok
17:15:38.0829 10388 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:15:38.0829 10388 aspnet_state - ok
17:15:38.0845 10388 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:15:38.0845 10388 AsyncMac - ok
17:15:38.0876 10388 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:15:38.0876 10388 atapi - ok
17:15:38.0876 10388 Atdisk - ok
17:15:38.0908 10388 [ 9967166608694DC884D69CBB612BA3A3 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:15:38.0908 10388 Ati HotKey Poller - ok
17:15:39.0079 10388 [ 79E69E18960E8013840AF2681C5E77AB ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:15:39.0095 10388 ati2mtag - ok
17:15:39.0142 10388 [ D9BC8892B9440A2551B8148C57AA039E ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
17:15:39.0142 10388 AtiHdmiService - ok
17:15:39.0158 10388 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:15:39.0158 10388 Atmarpc - ok
17:15:39.0158 10388 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:15:39.0158 10388 AudioSrv - ok
17:15:39.0173 10388 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:15:39.0173 10388 audstub - ok
17:15:39.0189 10388 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:15:39.0189 10388 Beep - ok
17:15:39.0236 10388 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:15:39.0236 10388 BITS - ok
17:15:39.0298 10388 [ 32790D68DDCF79C990622564585CA546 ] BlackBox C:\WINDOWS\system32\drivers\BlackBox.sys
17:15:39.0298 10388 BlackBox - ok
17:15:39.0314 10388 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
17:15:39.0314 10388 Browser - ok
17:15:39.0345 10388 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\WINDOWS\system32\DRIVERS\motfilt.sys
17:15:39.0345 10388 BTCFilterService - ok
17:16:05.0736 10388 catchme - ok
17:16:11.0423 10388 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:16:11.0454 10388 cbidf - ok
17:16:11.0579 10388 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:16:11.0579 10388 cbidf2k - ok
17:16:12.0204 10388 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
17:16:12.0236 10388 ccEvtMgr - ok
17:16:12.0486 10388 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
17:16:12.0486 10388 ccSetMgr - ok
17:16:12.0751 10388 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:16:12.0751 10388 cd20xrnt - ok
17:16:13.0173 10388 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:16:13.0173 10388 Cdaudio - ok
17:16:13.0501 10388 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:16:13.0501 10388 Cdfs - ok
17:16:18.0908 10388 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:16:18.0908 10388 Cdrom - ok
17:16:19.0173 10388 Changer - ok
17:16:19.0501 10388 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:16:19.0501 10388 CiSvc - ok
17:16:19.0736 10388 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:16:19.0767 10388 ClipSrv - ok
17:16:20.0642 10388 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:20.0767 10388 clr_optimization_v2.0.50727_32 - ok
17:16:20.0939 10388 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:16:20.0939 10388 CmdIde - ok
17:16:21.0111 10388 [ C586875ECE5318C6309ED1AB79D0E55F ] COH_Mon C:\WINDOWS\system32\Drivers\COH_Mon.sys
17:16:21.0111 10388 COH_Mon - ok
17:16:21.0345 10388 COMSysApp - ok
17:16:21.0814 10388 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:16:21.0814 10388 Cpqarray - ok
17:16:22.0033 10388 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:16:22.0033 10388 CryptSvc - ok
17:16:22.0251 10388 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:16:22.0251 10388 dac2w2k - ok
17:16:22.0470 10388 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:16:22.0470 10388 dac960nt - ok
17:16:22.0767 10388 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:16:22.0767 10388 DcomLaunch - ok
17:16:22.0923 10388 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:16:22.0923 10388 Dhcp - ok
17:16:23.0142 10388 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:16:23.0142 10388 Disk - ok
17:16:23.0376 10388 dmadmin - ok
17:16:23.0642 10388 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:16:23.0642 10388 dmboot - ok
17:16:23.0986 10388 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:16:23.0986 10388 dmio - ok
17:16:24.0298 10388 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:16:24.0298 10388 dmload - ok
17:16:24.0673 10388 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:16:24.0673 10388 dmserver - ok
17:16:24.0970 10388 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:16:24.0970 10388 DMusic - ok
17:16:25.0204 10388 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:16:25.0204 10388 Dnscache - ok
17:16:25.0486 10388 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:16:25.0486 10388 DockLoginService - ok
17:16:25.0861 10388 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:16:25.0861 10388 Dot3svc - ok
17:16:26.0220 10388 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:16:26.0220 10388 dpti2o - ok
17:16:26.0517 10388 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:16:26.0517 10388 drmkaud - ok
17:16:26.0751 10388 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:16:26.0751 10388 EapHost - ok
17:16:26.0908 10388 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:16:26.0908 10388 eeCtrl - ok
17:16:27.0220 10388 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:16:27.0220 10388 EraserUtilRebootDrv - ok
17:16:27.0501 10388 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:16:27.0501 10388 ERSvc - ok
17:16:27.0845 10388 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:16:27.0845 10388 Eventlog - ok
17:16:28.0064 10388 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:16:28.0064 10388 EventSystem - ok
17:16:28.0236 10388 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:16:28.0236 10388 Fastfat - ok
17:16:28.0564 10388 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:16:28.0564 10388 FastUserSwitchingCompatibility - ok
17:16:28.0845 10388 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
17:16:28.0876 10388 Fax - ok
17:16:29.0126 10388 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:16:29.0126 10388 Fdc - ok
17:16:29.0470 10388 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:16:29.0470 10388 Fips - ok
17:16:29.0829 10388 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:16:29.0829 10388 Flpydisk - ok
17:16:30.0064 10388 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:16:30.0064 10388 FltMgr - ok
17:16:30.0423 10388 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:16:30.0423 10388 FontCache3.0.0.0 - ok
17:16:30.0673 10388 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:16:30.0673 10388 Fs_Rec - ok
17:16:31.0079 10388 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:16:31.0079 10388 Ftdisk - ok
17:16:31.0251 10388 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:16:31.0251 10388 Gpc - ok
17:16:31.0564 10388 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:16:31.0564 10388 HDAudBus - ok
17:16:31.0861 10388 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:16:31.0861 10388 helpsvc - ok
17:16:32.0142 10388 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:16:32.0142 10388 HidServ - ok
17:16:32.0392 10388 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:16:32.0392 10388 hidusb - ok
17:16:32.0673 10388 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:16:32.0673 10388 hkmsvc - ok
17:16:32.0892 10388 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
17:16:32.0908 10388 hpn - ok
17:16:33.0173 10388 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:16:33.0173 10388 HTTP - ok
17:16:33.0439 10388 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:16:33.0439 10388 HTTPFilter - ok
17:16:33.0564 10388 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
17:16:33.0564 10388 i2omgmt - ok
17:16:33.0861 10388 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:16:33.0861 10388 i2omp - ok
17:16:34.0486 10388 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:16:34.0517 10388 idsvc - ok
17:16:34.0658 10388 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:16:34.0658 10388 Imapi - ok
17:16:34.0923 10388 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:16:35.0033 10388 ImapiService - ok
17:16:35.0392 10388 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:16:35.0392 10388 ini910u - ok
17:16:36.0861 10388 [ 2FEB5BF0312E1CB76CD2CAA875CBAA5D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:16:36.0939 10388 IntcAzAudAddService - ok
17:16:37.0220 10388 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:16:37.0220 10388 IntelIde - ok
17:16:37.0548 10388 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:16:37.0548 10388 intelppm - ok
17:16:37.0845 10388 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:16:37.0861 10388 Ip6Fw - ok
17:16:38.0173 10388 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:16:38.0173 10388 IpFilterDriver - ok
17:16:38.0408 10388 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:16:38.0408 10388 IpInIp - ok
17:16:38.0673 10388 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:16:38.0673 10388 IpNat - ok
17:16:38.0986 10388 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:16:38.0986 10388 IPSec - ok
17:16:39.0204 10388 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:16:39.0204 10388 IRENUM - ok
17:16:39.0470 10388 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:16:39.0486 10388 isapnp - ok
17:16:39.0861 10388 [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
17:16:39.0861 10388 JavaQuickStarterService - ok
17:16:40.0064 10388 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:16:40.0064 10388 Kbdclass - ok
17:16:40.0314 10388 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:16:40.0314 10388 kbdhid - ok
17:16:40.0564 10388 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:16:40.0564 10388 kmixer - ok
17:16:40.0892 10388 [ F127EDAFEFE416643BB9C183FBE8C1F8 ] KORGUMDS C:\WINDOWS\system32\Drivers\KORGUMDS.SYS
17:16:40.0892 10388 KORGUMDS - ok
17:16:41.0001 10388 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:16:41.0001 10388 KSecDD - ok
17:16:41.0267 10388 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
17:16:41.0267 10388 LanmanServer - ok
17:16:41.0501 10388 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:16:41.0501 10388 lanmanworkstation - ok
17:16:41.0751 10388 lbrtfdc - ok
17:16:42.0236 10388 [ CB5D13966F74D7F000724A907F614193 ] libusb0 C:\WINDOWS\system32\DRIVERS\libusb0.sys
17:16:42.0236 10388 libusb0 - ok
17:16:43.0439 10388 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:16:43.0517 10388 LiveUpdate - ok
17:16:43.0595 10388 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:16:43.0595 10388 LmHosts - ok
17:16:43.0689 10388 McShield - ok
17:16:43.0970 10388 McSysmon - ok
17:16:44.0829 10388 [ 165C8881EFC3AE4EA01CCCE7735BE68E ] MediaMall Server C:\Program Files\MediaMall\MediaMallServer.exe
17:16:44.0861 10388 MediaMall Server - ok
17:16:45.0142 10388 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:16:45.0142 10388 Messenger - ok
17:16:45.0861 10388 Microsoft SharePoint Workspace Audit Service - ok
17:16:46.0001 10388 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:16:46.0001 10388 mnmdd - ok
17:16:46.0158 10388 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:16:46.0158 10388 mnmsrvc - ok
17:16:46.0392 10388 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:16:46.0392 10388 Modem - ok
17:16:46.0658 10388 [ 7B8D7BB9AE3AE9CD133BBC5AA91DD3CC ] motccgp C:\WINDOWS\system32\DRIVERS\motccgp.sys
17:16:46.0658 10388 motccgp - ok
17:16:46.0939 10388 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
17:16:46.0939 10388 motccgpfl - ok
17:16:47.0267 10388 [ C3B0FD4F463E90B3917FF6CCEA853BB6 ] motmodem C:\WINDOWS\system32\DRIVERS\motmodem.sys
17:16:47.0267 10388 motmodem - ok
17:16:47.0517 10388 [ 36AC4DECEAE4226A5B5DD038C49658E1 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
17:16:47.0533 10388 MotoHelper - ok
17:16:47.0736 10388 [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\WINDOWS\system32\DRIVERS\motswch.sys
17:16:47.0736 10388 MotoSwitchService - ok
17:16:47.0908 10388 [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
17:16:47.0908 10388 Motousbnet - ok
17:16:48.0189 10388 [ 2136CCA3D1BF7C0248E5366B1A6C24E3 ] motusbdevice C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
17:16:48.0189 10388 motusbdevice - ok
17:16:48.0439 10388 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:16:48.0439 10388 Mouclass - ok
17:16:48.0673 10388 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:16:48.0673 10388 mouhid - ok
17:16:48.0923 10388 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:16:48.0923 10388 MountMgr - ok
17:16:49.0251 10388 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:16:49.0267 10388 MozillaMaintenance - ok
17:16:49.0548 10388 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:16:49.0548 10388 mraid35x - ok
17:16:49.0845 10388 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:16:49.0845 10388 MRxDAV - ok
17:16:50.0189 10388 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:16:50.0189 10388 MRxSmb - ok
17:16:50.0454 10388 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:16:50.0454 10388 MSDTC - ok
17:16:50.0626 10388 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:16:50.0626 10388 Msfs - ok
17:16:50.0861 10388 MSIServer - ok
17:16:51.0126 10388 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:16:51.0126 10388 MSKSSRV - ok
17:16:51.0470 10388 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:16:51.0470 10388 MSPCLOCK - ok
17:16:51.0720 10388 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:16:51.0720 10388 MSPQM - ok
17:16:52.0079 10388 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:16:52.0079 10388 mssmbios - ok
17:16:52.0329 10388 [ 00C7B2306F1CA5389A1AC6D1DF9C2E25 ] msvad_simple C:\WINDOWS\system32\drivers\povrtdev.sys
17:16:52.0329 10388 msvad_simple - ok
17:16:52.0579 10388 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:16:52.0579 10388 Mup - ok
17:16:52.0892 10388 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:16:52.0892 10388 napagent - ok
17:16:53.0126 10388 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130117.025\NAVENG.SYS
17:16:53.0126 10388 NAVENG - ok
17:16:53.0470 10388 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130117.025\NAVEX15.SYS
17:16:53.0501 10388 NAVEX15 - ok
17:16:53.0689 10388 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:16:53.0720 10388 NDIS - ok
17:16:53.0861 10388 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:16:53.0861 10388 NdisTapi - ok
17:16:54.0142 10388 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:16:54.0142 10388 Ndisuio - ok
17:16:54.0470 10388 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:16:54.0470 10388 NdisWan - ok
17:16:54.0939 10388 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:16:54.0939 10388 NDProxy - ok
17:16:55.0204 10388 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:16:55.0204 10388 NetBIOS - ok
17:16:55.0470 10388 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:16:55.0470 10388 NetBT - ok
17:16:55.0689 10388 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:16:55.0704 10388 NetDDE - ok
17:16:55.0970 10388 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:16:55.0970 10388 NetDDEdsdm - ok
17:16:56.0220 10388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:16:56.0220 10388 Netlogon - ok
17:16:56.0533 10388 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:16:56.0533 10388 Netman - ok
17:16:56.0814 10388 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:16:56.0814 10388 NetTcpPortSharing - ok
17:16:57.0126 10388 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:16:57.0126 10388 Nla - ok
17:16:57.0423 10388 [ 590168F80BEBC75CAF9EC7006A77C9B4 ] NovacomD C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
17:16:57.0423 10388 NovacomD - ok
17:16:57.0611 10388 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:16:57.0611 10388 Npfs - ok
17:16:57.0892 10388 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:16:57.0908 10388 Ntfs - ok
17:16:58.0017 10388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:16:58.0017 10388 NtLmSsp - ok
17:16:58.0142 10388 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:16:58.0142 10388 NtmsSvc - ok
17:16:58.0283 10388 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:16:58.0283 10388 Null - ok
17:16:58.0423 10388 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:16:58.0439 10388 NwlnkFlt - ok
17:16:58.0673 10388 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:16:58.0673 10388 NwlnkFwd - ok
17:16:59.0111 10388 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:16:59.0111 10388 ose - ok
17:17:00.0814 10388 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:17:00.0861 10388 osppsvc - ok
17:17:01.0158 10388 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:17:01.0158 10388 Parport - ok
17:17:01.0392 10388 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:17:01.0392 10388 PartMgr - ok
17:17:01.0704 10388 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:17:01.0704 10388 ParVdm - ok
17:17:01.0954 10388 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:17:01.0954 10388 PCI - ok
17:17:02.0298 10388 PCIDump - ok
17:17:02.0642 10388 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:17:02.0642 10388 PCIIde - ok
17:17:02.0939 10388 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:17:02.0939 10388 Pcmcia - ok
17:17:03.0204 10388 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
17:17:03.0204 10388 pcouffin - ok
17:17:03.0439 10388 PDCOMP - ok
17:17:03.0658 10388 PDFRAME - ok
17:17:04.0017 10388 PDRELI - ok
17:17:04.0329 10388 PDRFRAME - ok
17:17:04.0720 10388 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
17:17:04.0720 10388 perc2 - ok
17:17:05.0079 10388 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:17:05.0079 10388 perc2hib - ok
17:17:05.0814 10388 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:17:05.0814 10388 PlugPlay - ok
17:17:05.0908 10388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:17:05.0908 10388 PolicyAgent - ok
17:17:06.0001 10388 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:17:06.0001 10388 PptpMiniport - ok
17:17:06.0189 10388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:17:06.0189 10388 ProtectedStorage - ok
17:17:06.0283 10388 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:17:06.0283 10388 PSched - ok
17:17:06.0533 10388 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:17:06.0533 10388 Ptilink - ok
17:17:06.0751 10388 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:17:06.0751 10388 PxHelp20 - ok
17:17:06.0970 10388 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:17:06.0970 10388 ql1080 - ok
17:17:07.0111 10388 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:17:07.0111 10388 Ql10wnt - ok
17:17:07.0345 10388 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:17:07.0345 10388 ql12160 - ok
17:17:07.0658 10388 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:17:07.0658 10388 ql1240 - ok
17:17:07.0970 10388 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:17:07.0970 10388 ql1280 - ok
17:17:08.0189 10388 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:17:08.0189 10388 RasAcd - ok
17:17:08.0439 10388 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:17:08.0439 10388 RasAuto - ok
17:17:08.0783 10388 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:17:08.0783 10388 Rasl2tp - ok
17:17:09.0033 10388 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:17:09.0033 10388 RasMan - ok
17:17:09.0267 10388 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:17:09.0267 10388 RasPppoe - ok
17:17:09.0533 10388 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:17:09.0533 10388 Raspti - ok
17:17:09.0767 10388 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:17:09.0767 10388 Rdbss - ok
17:17:10.0033 10388 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:17:10.0033 10388 RDPCDD - ok
17:17:10.0329 10388 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:17:10.0329 10388 rdpdr - ok
17:17:10.0861 10388 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:17:10.0861 10388 RDPWD - ok
17:17:11.0173 10388 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:17:11.0173 10388 RDSessMgr - ok
17:17:11.0486 10388 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:17:11.0486 10388 redbook - ok
17:17:11.0673 10388 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:17:11.0673 10388 RemoteAccess - ok
17:17:11.0798 10388 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:17:11.0798 10388 RemoteRegistry - ok
17:17:12.0064 10388 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:17:12.0064 10388 RpcLocator - ok
17:17:12.0439 10388 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:17:12.0439 10388 RpcSs - ok
17:17:12.0798 10388 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:17:12.0798 10388 RSVP - ok
17:17:12.0986 10388 [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:17:12.0986 10388 RTLE8023xp - ok
17:17:13.0173 10388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:17:13.0173 10388 SamSs - ok
17:17:13.0361 10388 [ 4BFBB868C869A4F8486D4C36849D59CF ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:17:13.0361 10388 SASDIFSV - ok
17:17:13.0626 10388 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:17:13.0626 10388 SASKUTIL - ok
17:17:13.0876 10388 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:17:13.0876 10388 SCardSvr - ok
17:17:14.0142 10388 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:17:14.0142 10388 Schedule - ok
17:17:14.0267 10388 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:17:14.0267 10388 Secdrv - ok
17:17:14.0579 10388 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:17:14.0595 10388 seclogon - ok
17:17:14.0845 10388 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:17:14.0845 10388 SENS - ok
17:17:15.0095 10388 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:17:15.0095 10388 Serial - ok
17:17:15.0798 10388 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:17:15.0798 10388 Sfloppy - ok
17:17:16.0189 10388 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:17:16.0189 10388 ShellHWDetection - ok
17:17:16.0470 10388 Simbad - ok
17:17:16.0720 10388 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:17:16.0720 10388 sisagp - ok
17:17:17.0986 10388 [ A58C1A086D9C09C6572C948F22CC0E94 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
17:17:18.0017 10388 SmcService - ok
17:17:18.0345 10388 [ D2C222441255131E29DE351475F98F6D ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
17:17:18.0345 10388 SNAC - ok
17:17:18.0548 10388 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:17:18.0548 10388 Sparrow - ok
17:17:18.0923 10388 [ E621BB5839CF45FA477F48092EDD2B40 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:17:18.0923 10388 SPBBCDrv - ok
17:17:19.0126 10388 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:17:19.0126 10388 splitter - ok
17:17:19.0423 10388 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:17:19.0423 10388 Spooler - ok
17:17:19.0689 10388 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:17:19.0689 10388 sr - ok
17:17:20.0033 10388 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:17:20.0033 10388 srservice - ok
17:17:20.0251 10388 [ 2ABF82C8452AB0B9FFC74A2D5DA91989 ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
17:17:20.0251 10388 SRTSP - ok
17:17:20.0689 10388 [ E2F9E5887BEA5BD8784D337E06EDA31B ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
17:17:20.0689 10388 SRTSPL - ok
17:17:20.0829 10388 [ 3B974C158FABD910186F98DF8D3E23F3 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
17:17:20.0829 10388 SRTSPX - ok
17:17:21.0111 10388 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:17:21.0111 10388 Srv - ok
17:17:21.0314 10388 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:17:21.0314 10388 SSDPSRV - ok
17:17:21.0595 10388 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
17:17:21.0595 10388 StillCam - ok
17:17:21.0892 10388 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:17:21.0892 10388 stisvc - ok
17:17:22.0376 10388 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
17:17:22.0376 10388 stllssvr - ok
17:17:22.0658 10388 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:17:22.0658 10388 swenum - ok
17:17:22.0986 10388 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:17:22.0986 10388 swmidi - ok
17:17:23.0376 10388 SwPrv - ok
17:17:24.0345 10388 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
17:17:24.0439 10388 Symantec AntiVirus - ok
17:17:24.0736 10388 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
17:17:24.0767 10388 symc810 - ok
17:17:25.0017 10388 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:17:25.0017 10388 symc8xx - ok
17:17:25.0267 10388 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:17:25.0267 10388 SymEvent - ok
17:17:25.0689 10388 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17:17:25.0689 10388 SYMREDRV - ok
17:17:25.0923 10388 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
17:17:25.0923 10388 SYMTDI - ok
17:17:26.0033 10388 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:17:26.0033 10388 sym_hi - ok
17:17:26.0189 10388 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:17:26.0189 10388 sym_u3 - ok
17:17:26.0517 10388 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:17:26.0517 10388 sysaudio - ok
17:17:26.0798 10388 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:17:26.0798 10388 SysmonLog - ok
17:17:26.0986 10388 [ 1295B1DA3E2A2C24C7D176F6E97AFBD1 ] SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
17:17:26.0986 10388 SysPlant - ok
17:17:27.0314 10388 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:17:27.0314 10388 TapiSrv - ok
17:17:27.0470 10388 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:17:27.0470 10388 Tcpip - ok
17:17:27.0720 10388 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:17:27.0720 10388 TDPIPE - ok
17:17:28.0033 10388 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:17:28.0033 10388 TDTCP - ok
17:17:29.0079 10388 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
17:17:29.0111 10388 TeamViewer7 - ok
17:17:29.0423 10388 [ 1DE2E1357552A79F39BFF003A11C533E ] Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys
17:17:29.0423 10388 Teefer2 - ok
17:17:29.0720 10388 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:17:29.0720 10388 TermDD - ok
17:17:29.0923 10388 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:17:29.0923 10388 TermService - ok
17:17:30.0220 10388 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:17:30.0220 10388 Themes - ok
17:17:30.0392 10388 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:17:30.0408 10388 TlntSvr - ok
17:17:30.0673 10388 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
17:17:30.0673 10388 TosIde - ok
17:17:30.0829 10388 [ 8F7F06EDE2C6B8767B5C7DE3A4118BD3 ] TPkd C:\WINDOWS\system32\drivers\TPkd.sys
17:17:30.0829 10388 TPkd - ok
17:17:31.0095 10388 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:17:31.0095 10388 TrkWks - ok
17:17:31.0408 10388 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:17:31.0408 10388 Udfs - ok
17:17:31.0986 10388 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
17:17:31.0986 10388 ultra - ok
17:17:32.0095 10388 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:17:32.0126 10388 Update - ok
17:17:32.0376 10388 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:17:32.0376 10388 upnphost - ok
17:17:32.0611 10388 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:17:32.0611 10388 UPS - ok
17:17:32.0845 10388 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
17:17:32.0845 10388 usbaudio - ok
17:17:33.0095 10388 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:17:33.0095 10388 usbccgp - ok
17:17:33.0361 10388 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:17:33.0361 10388 usbehci - ok
17:17:33.0517 10388 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:17:33.0517 10388 usbhub - ok
17:17:33.0704 10388 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:17:33.0704 10388 usbscan - ok
17:17:34.0017 10388 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
17:17:34.0017 10388 usbser - ok
17:17:34.0329 10388 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:17:34.0329 10388 USBSTOR - ok
17:17:34.0720 10388 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:17:34.0720 10388 usbuhci - ok
17:17:34.0908 10388 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:17:34.0908 10388 VgaSave - ok
17:17:35.0220 10388 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:17:35.0220 10388 viaagp - ok
17:17:35.0345 10388 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:17:35.0345 10388 ViaIde - ok
17:17:35.0564 10388 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:17:35.0564 10388 VolSnap - ok
17:17:35.0783 10388 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:17:35.0783 10388 VSS - ok
17:17:36.0017 10388 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
17:17:36.0017 10388 w32time - ok
17:17:36.0329 10388 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:17:36.0329 10388 Wanarp - ok
17:17:36.0861 10388 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
17:17:36.0892 10388 Wdf01000 - ok
17:17:36.0986 10388 WDICA - ok
17:17:37.0470 10388 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:17:37.0470 10388 wdmaud - ok
17:17:37.0704 10388 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:17:37.0704 10388 WebClient - ok
17:17:38.0267 10388 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:17:38.0298 10388 winmgmt - ok
17:17:38.0861 10388 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
17:17:38.0861 10388 WinUSB - ok
17:17:39.0126 10388 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:17:39.0126 10388 WmdmPmSN - ok
17:17:39.0439 10388 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:17:39.0454 10388 Wmi - ok
17:17:39.0720 10388 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:17:39.0720 10388 WmiApSrv - ok
17:17:40.0095 10388 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:17:40.0126 10388 WMPNetworkSvc - ok
17:17:40.0251 10388 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:17:40.0251 10388 WpdUsb - ok
17:17:40.0611 10388 [ C1620EBB375D3B02E31FD311C44FEDEB ] WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys
17:17:40.0611 10388 WPS - ok
17:17:40.0783 10388 [ C306D2037EC147C7C663994F12B87F1E ] WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys
17:17:40.0783 10388 WpsHelper - ok
17:17:41.0204 10388 WSearch - ok
17:17:41.0704 10388 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:17:41.0704 10388 WudfPf - ok
17:17:42.0126 10388 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:17:42.0126 10388 WudfRd - ok
17:17:42.0486 10388 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:17:42.0486 10388 WudfSvc - ok
17:17:42.0720 10388 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:17:42.0720 10388 WZCSVC - ok
17:17:43.0017 10388 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:17:43.0017 10388 xmlprov - ok
17:17:43.0314 10388 ================ Scan global ===============================
17:17:43.0454 10388 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:17:43.0595 10388 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
17:17:43.0783 10388 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
17:17:43.0954 10388 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:17:43.0954 10388 [Global] - ok
17:17:44.0048 10388 ================ Scan MBR ==================================
17:17:44.0158 10388 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:18:08.0033 10388 \Device\Harddisk0\DR0 - ok
17:18:08.0314 10388 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR6
17:18:12.0439 10388 \Device\Harddisk1\DR6 - ok
17:18:12.0439 10388 ================ Scan VBR ==================================
17:18:12.0533 10388 [ E2616A9587A6048ED1B5B2B3A05C4E6C ] \Device\Harddisk0\DR0\Partition1
17:18:12.0564 10388 \Device\Harddisk0\DR0\Partition1 - ok
17:18:12.0736 10388 [ BC67C2B6CA0B0907B364024E6B72FA63 ] \Device\Harddisk1\DR6\Partition1
17:18:12.0736 10388 \Device\Harddisk1\DR6\Partition1 - ok
17:18:12.0829 10388 ============================================================
17:18:12.0829 10388 Scan finished
17:18:12.0829 10388 ============================================================
17:18:13.0126 5864 Detected object count: 0
17:18:13.0126 5864 Actual detected object count: 0

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-20 00:55:26
-----------------------------
00:55:26.408 OS Version: Windows 5.1.2600 Service Pack 3
00:55:26.408 Number of processors: 2 586 0x170A
00:55:26.439 ComputerName: OFFICE UserName:
00:57:58.626 Initialize success
01:04:29.892 AVAST engine defs: 13011901
01:05:10.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
01:05:10.954 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
01:05:10.954 Disk 1 \Device\Harddisk1\DR6 -> \Device\00000096
01:05:10.954 Disk 1 Vendor: Size: 610480MB BusType: 0
01:05:11.001 Disk 0 MBR read successfully
01:05:11.001 Disk 0 MBR scan
01:05:11.189 Disk 0 Windows XP default MBR code
01:05:11.189 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
01:05:11.345 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600439 MB offset 81920
01:05:11.486 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 1229791815
01:05:11.673 Disk 0 scanning sectors +1250258625
01:05:11.923 Disk 0 scanning C:\WINDOWS\system32\drivers
01:06:43.017 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\MBR.dat"
01:06:43.158 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-20 00:55:26
-----------------------------
00:55:26.408 OS Version: Windows 5.1.2600 Service Pack 3
00:55:26.408 Number of processors: 2 586 0x170A
00:55:26.439 ComputerName: OFFICE UserName:
00:57:58.626 Initialize success
01:04:29.892 AVAST engine defs: 13011901
01:05:10.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
01:05:10.954 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
01:05:10.954 Disk 1 \Device\Harddisk1\DR6 -> \Device\00000096
01:05:10.954 Disk 1 Vendor: Size: 610480MB BusType: 0
01:05:11.001 Disk 0 MBR read successfully
01:05:11.001 Disk 0 MBR scan
01:05:11.189 Disk 0 Windows XP default MBR code
01:05:11.189 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
01:05:11.345 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600439 MB offset 81920
01:05:11.486 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 1229791815
01:05:11.673 Disk 0 scanning sectors +1250258625
01:05:11.923 Disk 0 scanning C:\WINDOWS\system32\drivers
01:06:43.017 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\MBR.dat"
01:06:43.158 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\aswMBR.txt"
01:07:07.095 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\MBR.dat"
01:07:07.220 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-20 00:55:26
-----------------------------
00:55:26.408 OS Version: Windows 5.1.2600 Service Pack 3
00:55:26.408 Number of processors: 2 586 0x170A
00:55:26.439 ComputerName: OFFICE UserName:
00:57:58.626 Initialize success
01:04:29.892 AVAST engine defs: 13011901
01:05:10.954 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
01:05:10.954 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
01:05:10.954 Disk 1 \Device\Harddisk1\DR6 -> \Device\00000096
01:05:10.954 Disk 1 Vendor: Size: 610480MB BusType: 0
01:05:11.001 Disk 0 MBR read successfully
01:05:11.001 Disk 0 MBR scan
01:05:11.189 Disk 0 Windows XP default MBR code
01:05:11.189 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
01:05:11.345 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 600439 MB offset 81920
01:05:11.486 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 1229791815
01:05:11.673 Disk 0 scanning sectors +1250258625
01:05:11.923 Disk 0 scanning C:\WINDOWS\system32\drivers
01:06:43.017 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\MBR.dat"
01:06:43.158 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\aswMBR.txt"
01:07:07.095 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\MBR.dat"
01:07:07.220 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\aswMBR.txt"
01:12:09.564 Service scanning
01:26:05.454 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
01:26:51.892 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
01:28:34.267 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
01:28:34.595 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
01:29:45.079 Modules scanning
01:30:05.658 Disk 0 trace - called modules:
01:30:05.689 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS BlackBox.sys
01:30:05.689 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad16ab8]
01:30:05.689 3 CLASSPNP.SYS[f74d7fd7] -> nt!IofCallDriver -> \Device\00000077[0x8ad373b8]
01:30:05.704 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8ad4bd98]
01:30:15.126 AVAST engine scan C:\WINDOWS
01:44:46.158 AVAST engine scan C:\WINDOWS\system32
04:27:04.048 AVAST engine scan C:\WINDOWS\system32\drivers
04:46:32.095 AVAST engine scan C:\Documents and Settings\Valued Customer
06:01:40.095 File: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\YahooPartnerToolbar\nyojwqgn.dll **INFECTED** Win32:Malware-gen
08:09:07.486 File: C:\Documents and Settings\Valued Customer\Local Settings\temp\nsc38C2.tmp\qpqmovvp.dll **INFECTED** Win32:Tracur-JK [Trj]
08:09:13.533 File: C:\Documents and Settings\Valued Customer\Local Settings\temp\nsp1F48.tmp\thzjijqd.dll **INFECTED** Win32:Tracur-JQ [Trj]
08:09:45.486 File: C:\Documents and Settings\Valued Customer\Local Settings\temp\nsw3B52.tmp\wwpjyhxd.dll **INFECTED** Win32:Tracur-JK [Trj]
11:30:57.392 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\MBR.dat"
11:30:57.517 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\My Documents\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 AM

Posted 20 January 2013 - 04:55 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 cobbs

cobbs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 24 January 2013 - 04:45 PM

Took forever, but here ya go!

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.21.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Valued Customer :: OFFICE [administrator]

1/21/2013 5:50:13 PM
MBAM-log-2013-01-23 (14-29-10).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 366801
Time elapsed: 1 day(s), 15 hour(s), 30 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\Valued Customer\wgsdgsdgdsgsd.exe (Trojan.Tracur.ED) -> No action taken.
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52\645201b4-5299cd83 (Trojan.Tracur.ED) -> No action taken.
C:\Documents and Settings\Valued Customer\Local Settings\temp\nsc38C2.tmp\qpqmovvp.dll (Trojan.Labedo) -> No action taken.

(end)


MiniToolBox by Farbar Version:10-01-2013
Ran by Valued Customer (administrator) on 23-01-2013 at 14:33:00
Running from "E:\Bleeping Computer\New Folder1"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : OFFICE Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : mc.at.cox.netEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : mc.at.cox.net Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC Physical Address. . . . . . . . . : 00-25-64-82-A1-AE Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.124 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 68.105.28.12 68.105.29.12 68.105.28.11 Lease Obtained. . . . . . . . . . : Wednesday, January 23, 2013 10:34:49 AM Lease Expires . . . . . . . . . . : Thursday, January 24, 2013 10:34:49 AMServer: cdns2.cox.net
Address: 68.105.28.12

Name: google.com
Addresses: 74.125.225.228, 74.125.225.229, 74.125.225.230, 74.125.225.231
74.125.225.232, 74.125.225.233, 74.125.225.238, 74.125.225.224, 74.125.225.225
74.125.225.226, 74.125.225.227

Pinging google.com [173.194.46.1] with 32 bytes of data:Reply from 173.194.46.1: bytes=32 time=76ms TTL=51Reply from 173.194.46.1: bytes=32 time=67ms TTL=51Ping statistics for 173.194.46.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 67ms, Maximum = 76ms, Average = 71msServer: cdns2.cox.net
Address: 68.105.28.12

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=164ms TTL=52Reply from 98.139.183.24: bytes=32 time=273ms TTL=52Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 164ms, Maximum = 273ms, Average = 218msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 25 64 82 a1 ae ...... Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC - Teefer2 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.124 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.124 192.168.1.124 20
192.168.1.124 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.124 192.168.1.124 20
224.0.0.0 240.0.0.0 192.168.1.124 192.168.1.124 20
255.255.255.255 255.255.255.255 192.168.1.124 192.168.1.124 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/23/2013 03:40:33 AM) (Source: Symantec AntiVirus) (User: )
Description: TruScan has generated an error: code 9: description: Heuristic Scan or Load Failure

Error: (01/23/2013 02:42:55 AM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/23/2013 00:40:46 AM) (Source: Symantec AntiVirus) (User: )
Description: TruScan has generated an error: code 9: description: Heuristic Scan or Load Failure

Error: (01/22/2013 02:41:49 AM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/21/2013 06:59:50 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.6000.17106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/21/2013 10:01:12 AM) (Source: Symantec AntiVirus) (User: )
Description: TruScan has generated an error: code 9: description: Heuristic Scan or Load Failure

Error: (01/21/2013 05:01:08 AM) (Source: Symantec AntiVirus) (User: )
Description: TruScan has generated an error: code 9: description: Heuristic Scan or Load Failure

Error: (01/21/2013 02:48:03 AM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/21/2013 00:01:05 AM) (Source: Symantec AntiVirus) (User: )
Description: TruScan has generated an error: code 9: description: Heuristic Scan or Load Failure

Error: (01/20/2013 09:01:13 PM) (Source: Symantec AntiVirus) (User: )
Description: TruScan has generated an error: code 9: description: Heuristic Scan or Load Failure


System errors:
=============
Error: (01/23/2013 02:55:16 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MediaMall Server service.

Error: (01/23/2013 02:42:54 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%1053

Error: (01/23/2013 02:42:53 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

Error: (01/23/2013 02:42:52 AM) (Source: DCOM) (User: OFFICE)
Description: DCOM got error "%%1053" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (01/22/2013 04:12:46 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MediaMall Server service.

Error: (01/22/2013 02:41:49 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%1053

Error: (01/22/2013 02:41:48 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

Error: (01/22/2013 02:41:47 AM) (Source: DCOM) (User: OFFICE)
Description: DCOM got error "%%1053" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

Error: (01/21/2013 10:38:09 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (01/21/2013 02:48:03 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
ATI Catalyst Control Center (Version: 2.009.0213.2137)
ATI Display Driver (Version: 8.59-090213a-076426C-Dell)
BitTorrent
BMW Diagnostic Head Emulator (Version: 1.2)
Brother MFL-Pro Suite MFC-490CW (Version: 1.1.5.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0213.2138.38808)
Catalyst Control Center Graphics Full Existing (Version: 2009.0213.2138.38808)
Catalyst Control Center Graphics Full New (Version: 2009.0213.2138.38808)
Catalyst Control Center Graphics Light (Version: 2009.0213.2138.38808)
Catalyst Control Center Graphics Previews Common (Version: 2009.0213.2138.38808)
Catalyst Control Center Localization All (Version: 2009.0213.2138.38808)
ccc-core-preinstall (Version: 2009.0213.2138.38808)
ccc-core-static (Version: 2009.0213.2138.38808)
ccc-utility (Version: 2009.0213.2138.38808)
CCC Help Chinese Standard (Version: 2009.0213.2137.38808)
CCC Help Chinese Traditional (Version: 2009.0213.2137.38808)
CCC Help English (Version: 2009.0213.2137.38808)
CCC Help French (Version: 2009.0213.2137.38808)
CCC Help German (Version: 2009.0213.2137.38808)
CCC Help Hungarian (Version: 2009.0213.2137.38808)
CCC Help Italian (Version: 2009.0213.2137.38808)
CCC Help Japanese (Version: 2009.0213.2137.38808)
CCC Help Korean (Version: 2009.0213.2137.38808)
CCC Help Portuguese (Version: 2009.0213.2137.38808)
CCC Help Spanish (Version: 2009.0213.2137.38808)
CCC Help Turkish (Version: 2009.0213.2137.38808)
Choice Guard (Version: 1.2.87.0)
Cisco Connect (Version: 1.3.11069.2)
ConvertXtoDVD 3.5.2.137 (Version: 3.5.2.137)
Dell Dock (Version: 2.0.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell System Restore (Version: 2.00.0000)
Dropbox (Version: 1.6.13)
DVD Shrink 3.2
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
FLAC To MP3 V4.0.4
Fotosizer 1.27 (Version: 1.27)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
JBidwatcher 2.5
Juice 2.2 (Version: 2.2)
KORG USB-MIDI Driver Tools for Windows (Version: 1.12.0106)
Live 7.0.3
Live 8.2.2
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Max 5.1.9 (Version: 135.1.9)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.50826.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.4763.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WinUsb 1.0
MotoHelper 2.0.24 Driver 4.7.1 (Version: 2.0.24)
MotoHelper MergeModules (Version: 1.0.0)
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1)
Mozilla Firefox (3.6.28) (Version: 3.6.28 (en-US))
Mozilla Maintenance Service (Version: 18.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
NewsLeecher v4.0 Final
Novacomd (Version: 1.0.0.76)
PaperPort Image Printer (Version: 1.00.0000)
PlayOn (Version: 3.5.11)
PowerDVD (Version: 8.1)
Realtek High Definition Audio Driver
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
ScanSoft PaperPort 11 (Version: 11.1.0000)
SixaxisPairTool 0.1 (Version: 0.1)
Skins (Version: 2009.0213.2138.38808)
Sony Sound Forge 7.0 (Version: 7.0.214)
Spotify (Version: 0.8.5.1333.g822e0de8)
SUPERAntiSpyware (Version: 4.55.1000)
Symantec Endpoint Protection (Version: 11.0.5002.333)
TeamViewer 7 (Version: 7.0.13989)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
Verizon V CAST Media Manager
Virtual DJ - Atomix Productions
VLC media player 2.0.0 (Version: 2.0.0)
Vuze (Version: 4.8)
Vuze Remote Toolbar (Version: 6.8.5.1)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (Version: 10/09/2009 1.0.1)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
WinRAR archiver
Xilisoft AVI to DVD Converter (Version: 3.0.45.0807)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 3070.98 MB
Available physical RAM: 1765.05 MB
Total Pagefile: 4956.37 MB
Available Pagefile: 3614.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879.94 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:586.37 GB) (Free:266.93 GB) NTFS
3 Drive e: (KINGSTON) (Removable) (Total:14.53 GB) (Free:12.07 GB) FAT32

========================= Users: ========================================

User accounts for \\OFFICE

Administrator Guest HelpAssistant
SUPPORT_388945a0 Valued Customer

========================= Restore Points ==================================

17-10-2012 02:45:02 System Checkpoint
18-10-2012 03:12:17 System Checkpoint
19-10-2012 04:00:18 System Checkpoint
20-10-2012 04:48:17 System Checkpoint
21-10-2012 05:36:17 System Checkpoint
22-10-2012 05:36:36 System Checkpoint
23-10-2012 06:48:17 System Checkpoint
24-10-2012 07:36:18 System Checkpoint
25-10-2012 07:48:48 System Checkpoint
26-10-2012 08:00:17 System Checkpoint
27-10-2012 08:11:03 System Checkpoint
28-10-2012 09:24:17 System Checkpoint
29-10-2012 09:46:09 System Checkpoint
30-10-2012 09:58:09 System Checkpoint
31-10-2012 10:59:14 System Checkpoint
01-11-2012 11:46:09 System Checkpoint
02-11-2012 12:05:25 System Checkpoint
03-11-2012 13:22:10 System Checkpoint
04-11-2012 14:34:10 System Checkpoint
05-11-2012 14:47:54 System Checkpoint
06-11-2012 15:21:55 System Checkpoint
07-11-2012 15:47:55 System Checkpoint
08-11-2012 15:57:54 System Checkpoint
09-11-2012 16:02:24 System Checkpoint
10-11-2012 16:24:24 System Checkpoint
11-11-2012 18:25:13 System Checkpoint
12-11-2012 18:40:50 System Checkpoint
13-11-2012 19:43:59 System Checkpoint
14-11-2012 20:52:50 System Checkpoint
15-11-2012 22:04:50 System Checkpoint
16-11-2012 22:41:56 System Checkpoint
17-11-2012 22:54:51 System Checkpoint
19-11-2012 02:55:01 System Checkpoint
20-11-2012 04:04:15 System Checkpoint
21-11-2012 04:52:44 System Checkpoint
22-11-2012 05:40:43 System Checkpoint
23-11-2012 06:40:42 System Checkpoint
24-11-2012 08:41:13 System Checkpoint
25-11-2012 10:04:43 System Checkpoint
26-11-2012 11:04:36 System Checkpoint
27-11-2012 11:40:36 System Checkpoint
28-11-2012 12:40:36 System Checkpoint
29-11-2012 12:52:36 System Checkpoint
30-11-2012 13:04:36 System Checkpoint
01-12-2012 13:24:52 System Checkpoint
02-12-2012 14:28:36 System Checkpoint
03-12-2012 15:16:31 System Checkpoint
04-12-2012 15:40:31 System Checkpoint
05-12-2012 16:04:31 System Checkpoint
06-12-2012 16:16:32 System Checkpoint
07-12-2012 16:40:31 System Checkpoint
08-12-2012 17:14:05 System Checkpoint
09-12-2012 18:59:09 System Checkpoint
10-12-2012 19:11:21 System Checkpoint
11-12-2012 20:13:19 System Checkpoint
12-12-2012 20:37:20 System Checkpoint
14-12-2012 14:54:11 System Checkpoint
15-12-2012 15:01:19 System Checkpoint
16-12-2012 15:13:20 System Checkpoint
17-12-2012 16:13:10 System Checkpoint
18-12-2012 17:13:04 System Checkpoint
18-12-2012 17:59:19 Removed Vuze Remote Toolbar v6.6.
19-12-2012 19:08:17 System Checkpoint
20-12-2012 19:13:04 System Checkpoint
21-12-2012 19:39:18 System Checkpoint
22-12-2012 20:01:05 System Checkpoint
23-12-2012 21:13:04 System Checkpoint
24-12-2012 22:13:04 System Checkpoint
25-12-2012 23:12:55 System Checkpoint
27-12-2012 00:00:54 System Checkpoint
28-12-2012 00:48:55 System Checkpoint
29-12-2012 01:05:05 System Checkpoint
30-12-2012 01:24:55 System Checkpoint
31-12-2012 02:24:55 System Checkpoint
01-01-2013 03:12:52 System Checkpoint
02-01-2013 04:12:48 System Checkpoint
03-01-2013 05:00:48 System Checkpoint
04-01-2013 05:36:47 System Checkpoint
05-01-2013 06:12:24 System Checkpoint
06-01-2013 07:12:48 System Checkpoint
07-01-2013 08:24:48 System Checkpoint
08-01-2013 09:24:44 System Checkpoint
09-01-2013 10:12:42 System Checkpoint
10-01-2013 11:12:43 System Checkpoint
11-01-2013 11:36:43 System Checkpoint
12-01-2013 13:14:58 System Checkpoint
14-01-2013 00:02:18 System Checkpoint

**** End of log ****


Farbar Service Scanner Version: 16-01-2013
Ran by Valued Customer (administrator) on 23-01-2013 at 15:41:40
Running from "E:\Bleeping Computer\New Folder1"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(10) Tcpip(3) WPS(11)
0x0A000000040000000100000002000000030000000B0000000A00000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****


# AdwCleaner v2.107 - Logfile created 01/23/2013 at 16:44:54
# Updated 21/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Valued Customer - OFFICE
# Boot Mode : Normal
# Running from : E:\Bleeping Computer\New Folder1\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Valued Customer\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Vuze_Remote
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Vuze_Remote

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Vuze_Remote
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34560874-63A0-46A0-882D-5D7E705ECEB5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60E48186-DEE2-44E9-A4E0-4C52F782A8D0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D5E6B43-AFB3-492C-8456-77E66BA7D55D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\Software\Vuze_Remote
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17106

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-US)

File : C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\6yxxyjce.default-1357957017209\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\17l1eevf.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3761 octets] - [23/01/2013 16:44:54]

########## EOF - C:\AdwCleaner[S1].txt - [3821 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.7 (01.21.2013:1)
OS: Microsoft Windows XP x86
Ran by Valued Customer on Wed 01/23/2013 at 17:06:29.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Val Name Type Value Data
======== ==== ==========
YahooPartnerToolbar REG_SZ Rundll32.exe "C:\Documents and Settings\Valued Customer\Local Settings\Application Data\YahooPartnerToolbar\nyojwqgn.dll",DllUnregisterServer




~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\Valued Customer\Application Data\mozilla\firefox\profiles\6yxxyjce.default-1357957017209\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/23/2013 at 17:14:12.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/23/2013 06:02:59 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/23/2013 06:04:05 PM
Execution time: 0 hours(s), 1 minute(s), and 5 seconds(s)


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "BCSSync" "Microsoft Office 2010 component" "Microsoft Corporation" "c:\program files\microsoft office\office14\bcssync.exe"
+ "ccApp" "Symantec User Session" "Symantec Corporation" "c:\program files\common files\symantec shared\ccapp.exe"
+ "PPort11reminder" "Ereg" "Nuance Communications, Inc." "c:\program files\scansoft\paperport\ereg\ereg.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\documents and settings\valued customer\application data\dropbox\bin\dropbox.exe"
+ "PlayOn Settings.lnk" "PlayOn Settings" "MediaMall Technologies, Inc." "c:\program files\mediamall\settingsmanager.exe"
+ "Shortcut to Juice.exe.lnk" "Juice" "" "c:\program files\juice\juice.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Akamai NetSession Interface" "" "" "File not found: C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Akamai\netsession_win.exe"
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
+ "PlayOn" "PlayOn System Tray Monitor" "MediaMall Technologies, Inc." "c:\program files\mediamall\playon.exe"
+ "Spotify" "Spotify" "Spotify Ltd" "c:\documents and settings\valued customer\application data\spotify\spotify.exe"
+ "Spotify Web Helper" "SpotifyWebHelper" "Spotify Ltd" "c:\documents and settings\valued customer\application data\spotify\data\spotifywebhelper.exe"
+ "YahooPartnerToolbar" "" "" "c:\documents and settings\valued customer\local settings\application data\yahoopartnertoolbar\nyojwqgn.dll"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
+ "Windows Desktop Search Namespace Manager" "Windows Search Namespace Manager" "Microsoft Corporation" "c:\program files\windows desktop search\msnlnamespacemgr.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\valued customer\application data\dropbox\bin\dropboxext.17.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\vpshell2.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\valued customer\application data\dropbox\bin\dropboxext.17.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\valued customer\application data\dropbox\bin\dropboxext.17.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\vpshell2.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\valued customer\application data\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\valued customer\application data\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\valued customer\application data\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\valued customer\application data\dropbox\bin\dropboxext.17.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "MotoHelper MUM.job" "MotoHelperUpdate" "" "c:\program files\motorola\motohelper\motohelperupdate.exe"
+ "MotoHelper Routing.job" "MotoHelperUpdate" "" "c:\program files\motorola\motohelper\motohelperupdate.exe"
+ "MotoHelper Update.job" "MotoHelperUpdate" "" "c:\program files\motorola\motohelper\motohelperupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "ccEvtMgr" "Event propagation and logging service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsvchst.exe"
+ "ccSetMgr" "Settings storage and management service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsvchst.exe"
+ "DockLoginService" "Dock Login Service" "Stardock Corporation" "c:\program files\dell\delldock\docklogin.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jqs.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files\symantec\liveupdate\lucomserver_3_3.exe"
+ "MediaMall Server" "Shares media with PlayOn devices using Universal Plug and Play." "MediaMall Technologies, Inc." "c:\program files\mediamall\mediamallserver.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files\microsoft office\office14\groove.exe"
+ "MotoHelper" "MotoHelper Service" "" "c:\program files\motorola\motohelper\motohelperservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "NovacomD" "Palm Novacom driver" "Palm" "c:\program files\palm, inc\novacomd\x86\novacomd.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "SmcService" "Protects computers from malicious access and enforces security policies." "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\smc.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "Symantec AntiVirus" "Provides virus-scanning for Symantec Endpoint Protection." "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\rtvscan.exe"
+ "TeamViewer7" "TeamViewer Remote Software" "TeamViewer GmbH" "c:\program files\teamviewer\version7\teamviewer_service.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "AtiHdmiService" "Ati High Definition Audio Function Driver" "ATI Research Inc." "c:\windows\system32\drivers\atihdmi.sys"
+ "BlackBox" "" "" "c:\windows\system32\drivers\blackbox.sys"
+ "BTCFilterService" "Motorola Unsafe Removal Filter Driver" "Motorola Inc" "c:\windows\system32\drivers\motfilt.sys"
+ "catchme" "" "" "File not found: C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "COH_Mon" "Confidence Online v6.1 WDM driver (6,1,4,10)" "Symantec Corporation" "c:\windows\system32\drivers\coh_mon.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "KORGUMDS" "KORG USB-MIDI Driver" "KORG INC." "c:\windows\system32\drivers\korgumds.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "libusb0" "LibUSB-Win32 - Kernel Driver" "http://libusb-win32.sourceforge.net" "c:\windows\system32\drivers\libusb0.sys"
+ "MBAMSwissArmy" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbamswissarmy.sys"
+ "motccgp" "Motorola USB Composite Device Driver" "Motorola" "c:\windows\system32\drivers\motccgp.sys"
+ "motccgpfl" "Motorola USB Composite Filter Driver" "Motorola" "c:\windows\system32\drivers\motccgpfl.sys"
+ "motmodem" "Motorola USB Modem and Ports Driver" "Motorola" "c:\windows\system32\drivers\motmodem.sys"
+ "MotoSwitchService" "" "Motorola" "c:\windows\system32\drivers\motswch.sys"
+ "Motousbnet" "Motorola USB Networking Driver" "Motorola" "c:\windows\system32\drivers\motousbnet.sys"
+ "motusbdevice" "Motorola USB Device Driver" "Motorola Inc" "c:\windows\system32\drivers\motusbdevice.sys"
+ "msvad_simple" "PlayOn Virtual Audio Device" "MediaMall Technologies, Inc." "c:\windows\system32\drivers\povrtdev.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20130119.024\naveng.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20130119.024\navex15.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "pcouffin" "low level access layer for CD/DVD/BD devices" "VSO Software" "c:\windows\system32\drivers\pcouffin.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTLE8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtenicxp.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SPBBCDrv" "SPBBC Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtsp.sys"
+ "SRTSPL" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspl.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspx.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent.sys"
+ "SYMREDRV" "Redirector Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symredrv.sys"
+ "SYMTDI" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\symtdi.sys"
+ "Teefer2" "Symantec CMC Firewall Teefer2" "Symantec Corporation" "c:\windows\system32\drivers\teefer2.sys"
+ "TPkd" "InterLok system file" "PACE Anti-Piracy, Inc." "c:\windows\system32\drivers\tpkd.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "WPS" "Symantec CMC Firewall WPS" "Symantec Corporation" "c:\windows\system32\drivers\wpsdrvnt.sys"
+ "WpsHelper" "Symantec Intrusion Detection - WpsHelper" "Symantec Corporation" "c:\windows\system32\drivers\wpshelper.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "midi3" "KORG USB-MIDI Driver" "KORG INC." "c:\windows\system32\korgumdd.drv"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\system32\ff_vfw.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Sony Acoustic Mirror" "Sony Acoustic Mirror" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfmirror.dll"
+ "Sony Acoustic Mirror" "Sony Acoustic Mirror" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfmirror.dll"
+ "Sony Amplitude Modulation" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Amplitude Modulation" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Chorus" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Chorus" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Distortion" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Distortion" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony ExpressFX Amplitude Modulation" "Sony ExpressFX 2 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Amplitude Modulation" "Sony ExpressFX 2 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Chorus" "Sony ExpressFX 2 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Chorus" "Sony ExpressFX 2 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Delay" "Sony ExpressFX 2 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Delay" "Sony ExpressFX 2 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Distortion" "Sony ExpressFX 1" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Distortion" "Sony ExpressFX 1" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Dynamics" "Sony ExpressFX 3 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Dynamics" "Sony ExpressFX 3 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Equalization" "Sony ExpressFX 2 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Equalization" "Sony ExpressFX 2 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Flange/Wah-Wah" "Sony ExpressFX 1" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Flange/Wah-Wah" "Sony ExpressFX 1" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Graphic EQ" "Sony ExpressFX 3 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Graphic EQ" "Sony ExpressFX 3 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Noise Gate" "Sony ExpressFX 3 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Noise Gate" "Sony ExpressFX 3 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Reverb" "Sony ExpressFX 1" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Reverb" "Sony ExpressFX 1" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Stutter" "Sony ExpressFX 1" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Stutter" "Sony ExpressFX 1" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Time Stretch" "Sony ExpressFX 3 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Time Stretch" "Sony ExpressFX 3 " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony Flange/Wah-wah" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Flange/Wah-wah" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Gapper/Snipper" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Gapper/Snipper" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Graphic Dynamics" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Graphic Dynamics" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Graphic EQ" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Graphic EQ" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Multi-Band Dynamics" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Multi-Band Dynamics" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Multi-Tap Delay" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Multi-Tap Delay" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Noise Gate" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Noise Gate" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Paragraphic EQ" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Paragraphic EQ" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Parametric EQ" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Parametric EQ" "Sony XFX 2 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Pitch Shift" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Pitch Shift" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Reverb" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Reverb" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Simple Delay" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Simple Delay" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Smooth/Enhance" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Smooth/Enhance" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Time Stretch" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Time Stretch" "Sony XFX 1 Plug-In Pack " "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Vibrato" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Vibrato" "Sony XFX 3 Plug-In Pack" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Wave Hammer" "Sony Wave Hammer" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfhammer.dll"
+ "Sony Wave Hammer" "Sony Wave Hammer" "Sony Pictures Digital Inc." "c:\program files\sony\shared plug-ins\audio\sfhammer.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "_ VSO Preview Filter" "Video preview filter" "VSO Software SARL" "c:\program files\vso\common\vsovprev.ax"
+ "AAudioRipper" "" "" "c:\program files\ableton\live 8.2.2\program\audioripper.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MainConcept MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\sony\shared plug-ins\file formats\mcmpeg\mcdsmpeg.ax"
+ "MainConcept MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files\sony\shared plug-ins\file formats\mcmpeg\mcesmpeg.ax"
+ "MainConcept MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files\sony\shared plug-ins\file formats\mcmpeg\mcspmpeg.ax"
+ "MainConcept MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\sony\shared plug-ins\file formats\mcmpeg\mcdsmpeg.ax"
+ "MMACE Deinterlace" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "PlayLaterVideoSource Filter" "DirectShow PLV Filter" "MediaMall Technologies, Inc." "c:\program files\common files\ffdshowex\plvfilter.dll"
+ "PlayLaterVideoSplitter Filter" "DirectShow PLV Filter" "MediaMall Technologies, Inc." "c:\program files\common files\ffdshowex\plvfilter.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
+ "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "SnacNp" "Symantec SNAC Network Provider" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\snacnp.dll"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 AM

Posted 26 January 2013 - 11:22 AM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

#7 cobbs

cobbs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 26 January 2013 - 05:49 PM

Farbar Service Scanner Version: 16-01-2013
Ran by Valued Customer (administrator) on 26-01-2013 at 17:47:33
Running from "E:\Bleeping Computer\New Folder1"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(10) Tcpip(3) WPS(11)
0x0A000000040000000100000002000000030000000B0000000A00000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 AM

Posted 26 January 2013 - 06:28 PM

Download

http://download.bleepingcomputer.com/win-services/xp/SharedAccess.reg
http://download.bleepingcomputer.com/win-services/xp/LEGACY_SHAREDACCESS.reg
http://download.bleepingcomputer.com/win-services/xp/wscsvc.reg
http://download.bleepingcomputer.com/win-services/xp/LEGACY_WSCSVC.reg
http://download.bleepingcomputer.com/win-services/xp/wuauserv.reg
http://download.bleepingcomputer.com/win-services/xp/LEGACY_WUAUSERV.reg

Launch them and click YES

Restart the PC and post the new FSS log

#9 cobbs

cobbs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 26 January 2013 - 09:08 PM

Farbar Service Scanner Version: 16-01-2013
Ran by Valued Customer (administrator) on 26-01-2013 at 20:02:40
Running from "E:\Bleeping Computer\New Folder1"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(10) Tcpip(3) WPS(11)
0x0A000000040000000100000002000000030000000B0000000A00000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 AM

Posted 26 January 2013 - 10:35 PM

Launch Autoruns and uncheck this entry

"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "YahooPartnerToolbar" "" "" "c:\documents and settings\valued customer\local settings\application data\yahoopartnertoolbar\nyojwqgn.dll"

Restart the PC and delete this file

c:\documents and settings\valued customer\local settings\application data\yahoopartnertoolbar\nyojwqgn.dll

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#11 cobbs

cobbs
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 31 January 2013 - 05:26 PM

Finally got a chance to do the last steps, but it seems to be running back to normal now. Thanks for the excellent service you provide!

Edited by cobbs, 31 January 2013 - 05:26 PM.


#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 AM

Posted 31 January 2013 - 09:10 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users