Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware & Java Exploit


  • This topic is locked This topic is locked
13 replies to this topic

#1 natemr

natemr

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 21 January 2013 - 12:31 PM

Security Team,

I've been attempting to no avail to remove some sort of trojan from this computer. It started a few days ago with a FBI/Moneypack/Ransomware virus that locked out all Users, in safe mode, safe with networking mode, etc.

I was able to get in with Safe Mode with Command Prompt. Then in there I opened a new task on task bar, ran CCleaner and Malwarebytes. This allowed me to have access in the other Normal/Safe Mode sartups.

Congruent with this, with knowledge of Java 7 exploits from my IT Department at work, I removed Java 7 with Revo Uninstaller. When I removed Java, Trend Micro picked off a trojan and I deleted it from quarantine.

I have been running TDSSKiller, aswMBR, ESET and Malwarebytes in rotation with the two User accounts (I don't remember my Administrator password to run from this account). At least one program from one of the scans and user profile will pick up something and I haven't been able to get a clean log.

I do appreciate any further assistance with this situation.

Thank you for all the you guys do.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:05 PM

Posted 21 January 2013 - 01:46 PM

Hello, trt folllowing this guide and see how it is. L@@K
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 22 January 2013 - 01:58 PM

Boopme,

Thank you for your response and link to the malware removal guide.

First I wanted to point out that the link to download Emisoft was taking hours to download. I tried to download to another computer to see if there was an issue with the infected computer being able to download it, but it was taking just as long. I Googled Emisoft and was able to download it directly from their site, and the address extension of that download was a little different than that of the guide. I figured that the guide's download link might have a traffic issue, and maybe adding additional download links in the guide would be helpful in case of there being too much traffic on one link.

Second, the scan was able to quarantine a few bugs. You didn't request the log from the scan, so please let me know if you need this.

Finally, I'm still concerned that there is a remote access control type trojan on the computer. The reason for my concern are loud clicks coming from the computer, like it sounds like my netword chips are turning on and off. Another symptom is a constant, almost synced ticking sound of my drive doing processes.

The main thing I see is that when I turn on the computer I can run CCleaner and it removes Temporary Intenet Files, and I didn't do anything much less even open up a browser.

Any additional help is greatly appreciated.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:05 PM

Posted 22 January 2013 - 02:12 PM

Thanks fo r the info I'll look at the links.

Please run RKil,,, Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.


MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Is ESET your AV or is it the online Scanner?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 22 January 2013 - 11:18 PM

I was using ESET Online Scanner. Trend Micro is my AV.

Here is the RKill Log:
Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/22/2013 10:07:02 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* winmgmt [Missing Service]

* SharedAccess [Missing ImagePath]

* wscsvc => "C:\WINDOWS\system32\wscsvc.dll" [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 13987 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 01/22/2013 10:07:47 PM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)

Here is the MiniToolBox Log:
MiniToolBox by Farbar Version:10-01-2013
Ran by Nathan (administrator) on 22-01-2013 at 22:09:27
Running from "C:\Documents and Settings\Nathan.KNRCOMP\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 13967 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================


WARNING: Could not obtain host information from machine: [KNRCOMP]. Some commands may not be available.
The specified service does not exist as an installed service.



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : KNRCOMP

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-21-70-D1-49-D9

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.78.72

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-23-4E-CD-BF-47

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.110

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Tuesday, January 22, 2013 10:01:24 PM

Lease Expires . . . . . . . . . . : Wednesday, January 23, 2013 10:01:24 PM

Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.46.9, 173.194.46.14, 173.194.46.0, 173.194.46.1
173.194.46.2, 173.194.46.3, 173.194.46.4, 173.194.46.5, 173.194.46.6
173.194.46.7, 173.194.46.8



Pinging google.com [173.194.46.14] with 32 bytes of data:



Reply from 173.194.46.14: bytes=32 time=32ms TTL=51

Reply from 173.194.46.14: bytes=32 time=33ms TTL=51



Ping statistics for 173.194.46.14:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 32ms, Maximum = 33ms, Average = 32ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=177ms TTL=45

Reply from 98.139.183.24: bytes=32 time=96ms TTL=45



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 96ms, Maximum = 177ms, Average = 136ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 70 d1 49 d9 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x10004 ...00 23 4e cd bf 47 ...... Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.110 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.78.72 169.254.78.72 10
169.254.78.72 255.255.255.255 127.0.0.1 127.0.0.1 10
169.254.255.255 255.255.255.255 169.254.78.72 169.254.78.72 10
192.168.0.0 255.255.255.0 192.168.0.110 192.168.0.110 25
192.168.0.110 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.110 192.168.0.110 25
224.0.0.0 240.0.0.0 169.254.78.72 169.254.78.72 10
224.0.0.0 240.0.0.0 192.168.0.110 192.168.0.110 25
255.255.255.255 255.255.255.255 169.254.78.72 169.254.78.72 1
255.255.255.255 255.255.255.255 192.168.0.110 192.168.0.110 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 mswsock.dll [File not found] ()
Catalog9 07 mswsock.dll [File not found] ()
Catalog9 08 mswsock.dll [File not found] ()
Catalog9 09 mswsock.dll [File not found] ()
Catalog9 10 mswsock.dll [File not found] ()
Catalog9 11 mswsock.dll [File not found] ()
Catalog9 12 mswsock.dll [File not found] ()
Catalog9 13 mswsock.dll [File not found] ()
Catalog9 14 mswsock.dll [File not found] ()
Catalog9 15 mswsock.dll [File not found] ()
Catalog9 16 mswsock.dll [File not found] ()
Catalog9 17 mswsock.dll [File not found] ()
Catalog9 18 mswsock.dll [File not found] ()
Catalog9 19 mswsock.dll [File not found] ()
Catalog9 20 mswsock.dll [File not found] ()
Catalog9 21 mswsock.dll [File not found] ()
Catalog9 22 mswsock.dll [File not found] ()
Catalog9 23 mswsock.dll [File not found] ()
Catalog9 24 mswsock.dll [File not found] ()
Catalog9 25 mswsock.dll [File not found] ()
Catalog9 26 mswsock.dll [File not found] ()
Catalog9 27 mswsock.dll [File not found] ()
Catalog9 28 mswsock.dll [File not found] ()
Catalog9 29 mswsock.dll [File not found] ()
Catalog9 30 mswsock.dll [File not found] ()
Catalog9 31 mswsock.dll [File not found] ()
Catalog9 32 mswsock.dll [File not found] ()
Catalog9 33 mswsock.dll [File not found] ()
Catalog9 34 mswsock.dll [File not found] ()
Catalog9 35 mswsock.dll [File not found] ()
Catalog9 36 mswsock.dll [File not found] ()
Catalog9 37 mswsock.dll [File not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/16/2013 11:16:00 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2013 11:16:00 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2013 11:15:59 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2013 11:15:55 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2013 11:15:55 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2013 11:15:53 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2013 11:15:52 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2013 11:15:52 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2013 11:15:52 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2013 11:15:51 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (01/22/2013 06:01:19 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/21/2013 04:57:40 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/21/2013 04:40:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/21/2013 04:05:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/20/2013 06:46:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/20/2013 06:23:11 PM) (Source: DCOM) (User: KNRCOMP)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (01/20/2013 02:05:11 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/20/2013 02:03:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/19/2013 09:52:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/19/2013 09:50:33 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.8.1.0)
biolsp patch (Version: 01.00.02.0005)
Bonjour (Version: 3.0.0.10)
Broadcom ASF Management Applications (Version: 10.13.02)
Broadcom Management Programs (Version: 10.15.01)
CCleaner (Version: 3.26)
Cisco Connect (Version: 1.4.11299.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D330 MDC V.92 Modem (Version: 7.74.00)
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.0)
Dell Drivers MSI (Version: 01.00.00.0010)
Dell Embassy Trust Suite by Wave Systems (Version: 02.01.00.026)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: Version 7.1.101.6)
Digital Line Detect (Version: 1.21)
Document Manager Lite (Version: 06.06.00.066)
Epson Event Manager (Version: 2.00.00)
EPSON Print CD (Version: 1.50.000)
EPSON Printer Software
EPSON Scan
EPSON Stylus Photo RX580 Scanner Driver Update
EPSON Stylus Photo RX580 User's Guide
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3 (Version: 3.0b)
EpsonNet Print (Version: 2.4h)
ESC Home Page Plugin (Version: 03.01.00.018)
ESET Online Scanner v3
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (Version: 9.3.4053)
Gemalto (Version: 01.00.00.0010)
GemSafe Standard Edition 5.1 (Version: 5.10.000.007)
Google Talk Plugin (Version: 3.10.2.10212)
Google Update Helper (Version: 1.3.21.123)
InstallVC90Support (Version: 1.01.0000)
IntelliSonic Speech Enhancement (Version: 2.1.37)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 10.5.3.3)
LeapFrog Connect (Version: 4.2.9.15649)
LeapFrog Leapster Explorer Plugin (Version: 4.2.11.15696)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (NR2007) (Version: 9.3.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft WinUsb 1.0
Modem Diagnostic Tool (Version: 1.0.24.0)
Moto Contacts Tool (Version: 1.00.0007)
MotoHelper 2.0.53 Driver 5.2.0 (Version: 2.0.53)
MotoHelper MergeModules (Version: 1.2.0)
MOTOROLA MEDIA LINK (Version: 1.5.4090.2)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
NetWaiting (Version: 2.5.53)
NTRU TCG Software Stack (Version: 2.1.25)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PowerDVD (Version: 8.1)
Preboot Manager (Version: 2.0.1.2)
Private Information Manager (Version: 06.01.00.023)
Quicken 2012 (Version: 21.1.5.33)
QuickTime (Version: 7.71.80.42)
Revo Uninstaller 1.94 (Version: 1.94)
Rhapsody
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Samsung Kies (Version: 2.0.3.11082_152)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
Secunia PSI (2.0.0.2001)
Secure Update (Version: 05.04.00.010)
Security Wizards (Version: 01.04.00.014)
Shutterfly Express Uploader (Version: 1.1.0)
Shutterfly Express Uploader (Version: 1.1.0.0)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
SUPERAntiSpyware (Version: 5.1.1002)
Trend Micro Internet Security Pro (Version: 17.50)
Trusted Drive Manager (Version: 2.1.1.2)
tsp patch (Version: 01.00.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
upekmsi (Version: 02.00.03.0000)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0)
Wave Infrastructure Installer (Version: 05.00.01.0050)
Wave Support Software (Version: 05.07.00.026)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
WinPatrol (Version: 19.3.2010.5)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 2037.89 MB
Available physical RAM: 1521.05 MB
Total Pagefile: 3930.66 MB
Available Pagefile: 3600.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.89 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:111.7 GB) (Free:70.97 GB) NTFS

========================= Users: ========================================

User accounts for \\KNRCOMP

Administrator Guest HelpAssistant
Kate Nathan SUPPORT_388945a0


**** End of log ****

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:05 PM

Posted 22 January 2013 - 11:34 PM

Good, next 2 steps..

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.


Next:
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.



OK,a 3rd:)

Your How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.

Rerun Minitoolbox and only check....
•List content of Hosts

•List Winsock Entries
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 22 January 2013 - 11:50 PM

I am at a pause because when I ran the Fixit program a window popped up with no icon that says Just-In-Time Debugging. The question is if I want to debug using the selected debugger?

Is this normal?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:05 PM

Posted 23 January 2013 - 09:53 AM

Disable Just-In-Time Debugging

1. On the Tools menu, click Options.
2. In the Options dialog box, select the Debugging folder.
3. In the Debugging folder, select the Just-In-Time page.
4. In the Enable Just-In-Time debugging of these types of code box, select or clear the relevant program types: Managed, Native, or Script.
To disable Just-In-Time debugging, once it has been enabled, you must be running with Administrator privileges. Enabling Just-In-Time debugging sets a registry key, and Administrator privileges are required to change that key.
5. Click OK.
How to: Enable/Disable Just-In-Time Debugging
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 23 January 2013 - 09:52 PM

Thanks...that was just odd, but another weird thing is that when I went to my IE Options to turn off debugging there was a note that said that "Some settings are managed by your system administrator." My work computer has this, understandably, but this is my private computer. Is this something related to what Trend Micro has in settings?

Here are the logs:
22:39:24.0906 3200 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:39:25.0671 3200 ============================================================
22:39:25.0671 3200 Current date / time: 2013/01/22 22:39:25.0671
22:39:25.0671 3200 SystemInfo:
22:39:25.0671 3200
22:39:25.0671 3200 OS Version: 5.1.2600 ServicePack: 3.0
22:39:25.0671 3200 Product type: Workstation
22:39:25.0671 3200 ComputerName: KNRCOMP
22:39:25.0671 3200 UserName: Nathan
22:39:25.0671 3200 Windows directory: C:\WINDOWS
22:39:25.0671 3200 System windows directory: C:\WINDOWS
22:39:25.0671 3200 Processor architecture: Intel x86
22:39:25.0671 3200 Number of processors: 2
22:39:25.0671 3200 Page size: 0x1000
22:39:25.0671 3200 Boot type: Normal boot
22:39:25.0671 3200 ============================================================
22:39:27.0656 3200 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:39:27.0656 3200 ============================================================
22:39:27.0656 3200 \Device\Harddisk0\DR0:
22:39:27.0656 3200 MBR partitions:
22:39:27.0656 3200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F10C, BlocksNum 0xDF646B5
22:39:27.0656 3200 ============================================================
22:39:27.0703 3200 C: <-> \Device\Harddisk0\DR0\Partition1
22:39:27.0765 3200 ============================================================
22:39:27.0765 3200 Initialize success
22:39:27.0765 3200 ============================================================
22:39:47.0562 4004 ============================================================
22:39:47.0562 4004 Scan started
22:39:47.0562 4004 Mode: Manual; TDLFS;
22:39:47.0562 4004 ============================================================
22:39:48.0015 4004 ================ Scan system memory ========================
22:39:48.0015 4004 System memory - ok
22:39:48.0015 4004 ================ Scan services =============================
22:39:48.0156 4004 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:39:48.0265 4004 !SASCORE - ok
22:39:48.0390 4004 0105241276183246mcinstcleanup - ok
22:39:48.0531 4004 74370984 - ok
22:39:48.0703 4004 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Documents and Settings\Nathan.KNRCOMP\Desktop\EmsisoftEmergencyKit\Run\a2ddax86.sys
22:39:48.0734 4004 A2DDA - ok
22:39:48.0750 4004 Abiosdsk - ok
22:39:48.0781 4004 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:39:48.0843 4004 abp480n5 - ok
22:39:48.0906 4004 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:39:48.0906 4004 ACPI - ok
22:39:48.0937 4004 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:39:48.0937 4004 ACPIEC - ok
22:39:49.0015 4004 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:39:49.0031 4004 AdobeFlashPlayerUpdateSvc - ok
22:39:49.0031 4004 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:39:49.0093 4004 adpu160m - ok
22:39:49.0140 4004 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:39:49.0156 4004 aec - ok
22:39:49.0203 4004 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
22:39:49.0234 4004 Afc - ok
22:39:49.0296 4004 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:39:49.0296 4004 AFD - ok
22:39:49.0359 4004 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:39:49.0359 4004 agp440 - ok
22:39:49.0359 4004 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:39:49.0406 4004 agpCPQ - ok
22:39:49.0421 4004 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:39:49.0453 4004 Aha154x - ok
22:39:49.0468 4004 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:39:49.0515 4004 aic78u2 - ok
22:39:49.0531 4004 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:39:49.0546 4004 aic78xx - ok
22:39:49.0593 4004 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:39:49.0609 4004 Alerter - ok
22:39:49.0640 4004 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:39:49.0671 4004 ALG - ok
22:39:49.0671 4004 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
22:39:49.0687 4004 AliIde - ok
22:39:49.0687 4004 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:39:49.0703 4004 alim1541 - ok
22:39:49.0718 4004 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:39:49.0734 4004 amdagp - ok
22:39:49.0734 4004 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
22:39:49.0750 4004 amsint - ok
22:39:49.0765 4004 [ B8D65DA679A4A8D048783EDE2691B5D4 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:39:49.0796 4004 ApfiltrService - ok
22:39:49.0890 4004 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:39:49.0906 4004 Apple Mobile Device - ok
22:39:49.0968 4004 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:39:49.0968 4004 AppMgmt - ok
22:39:49.0984 4004 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:39:49.0984 4004 Arp1394 - ok
22:39:50.0046 4004 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
22:39:50.0062 4004 asc - ok
22:39:50.0062 4004 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:39:50.0109 4004 asc3350p - ok
22:39:50.0109 4004 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:39:50.0140 4004 asc3550 - ok
22:39:50.0187 4004 [ 7591238EBF7DD1FD13B353C382227DC3 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
22:39:50.0250 4004 ASFIPmon - ok
22:39:50.0375 4004 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:39:50.0390 4004 aspnet_state - ok
22:39:50.0421 4004 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:39:50.0421 4004 AsyncMac - ok
22:39:50.0468 4004 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:39:50.0468 4004 atapi - ok
22:39:50.0468 4004 Atdisk - ok
22:39:50.0484 4004 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:39:50.0515 4004 Atmarpc - ok
22:39:50.0562 4004 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:39:50.0593 4004 AudioSrv - ok
22:39:50.0640 4004 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:39:50.0640 4004 audstub - ok
22:39:50.0687 4004 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:39:50.0750 4004 b57w2k - ok
22:39:50.0765 4004 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
22:39:50.0796 4004 BASFND - ok
22:39:50.0875 4004 [ 54C533AE49CDF9C4630E80379A1090FE ] bcm C:\WINDOWS\system32\DRIVERS\drxvi314.sys
22:39:50.0937 4004 bcm - ok
22:39:51.0031 4004 [ 9208C78BD9283F79A30252AD954C77A2 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:39:51.0171 4004 BCM43XX - ok
22:39:51.0218 4004 [ 44A70E32615770A4EC60E0267C0C8408 ] bcmbusctr C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
22:39:51.0265 4004 bcmbusctr - ok
22:39:51.0312 4004 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:39:51.0312 4004 Beep - ok
22:39:51.0390 4004 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:39:51.0468 4004 BITS - ok
22:39:51.0546 4004 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:39:51.0625 4004 Bonjour Service - ok
22:39:51.0671 4004 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:39:51.0687 4004 Browser - ok
22:39:51.0687 4004 BTCFilterService - ok
22:39:51.0718 4004 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:39:51.0718 4004 cbidf - ok
22:39:51.0734 4004 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:39:51.0734 4004 cbidf2k - ok
22:39:51.0750 4004 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:39:51.0796 4004 CCDECODE - ok
22:39:51.0812 4004 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:39:51.0843 4004 cd20xrnt - ok
22:39:51.0875 4004 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:39:51.0875 4004 Cdaudio - ok
22:39:51.0890 4004 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:39:51.0890 4004 Cdfs - ok
22:39:51.0953 4004 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:39:51.0953 4004 Cdrom - ok
22:39:51.0953 4004 cerc6 - ok
22:39:51.0968 4004 Changer - ok
22:39:52.0015 4004 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:39:52.0046 4004 CiSvc - ok
22:39:52.0062 4004 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:39:52.0062 4004 ClipSrv - ok
22:39:52.0109 4004 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:52.0156 4004 clr_optimization_v2.0.50727_32 - ok
22:39:52.0187 4004 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:39:52.0187 4004 CmBatt - ok
22:39:52.0234 4004 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:39:52.0265 4004 CmdIde - ok
22:39:52.0296 4004 [ 33F77F7CB2C2EFE34B3BC9CC716F73F3 ] cm_ser C:\WINDOWS\system32\DRIVERS\cm_ser.sys
22:39:52.0343 4004 cm_ser - ok
22:39:52.0359 4004 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:39:52.0359 4004 Compbatt - ok
22:39:52.0375 4004 COMSysApp - ok
22:39:52.0421 4004 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:39:52.0468 4004 Cpqarray - ok
22:39:52.0500 4004 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:39:52.0515 4004 CryptSvc - ok
22:39:52.0546 4004 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:39:52.0656 4004 dac2w2k - ok
22:39:52.0671 4004 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:39:52.0703 4004 dac960nt - ok
22:39:52.0750 4004 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:39:52.0750 4004 DcomLaunch - ok
22:39:52.0828 4004 [ 34C36E06891245BA38D035CDCE8307E4 ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
22:39:52.0843 4004 DeviceMonitorService - ok
22:39:52.0843 4004 [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys
22:39:52.0859 4004 dgderdrv - ok
22:39:52.0890 4004 [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
22:39:52.0906 4004 dg_ssudbus - ok
22:39:52.0921 4004 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:39:52.0937 4004 Dhcp - ok
22:39:52.0968 4004 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:39:52.0968 4004 Disk - ok
22:39:53.0000 4004 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
22:39:53.0015 4004 DLABMFSM - ok
22:39:53.0046 4004 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
22:39:53.0062 4004 DLABOIOM - ok
22:39:53.0062 4004 DLACDBHM - ok
22:39:53.0078 4004 [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS
22:39:53.0078 4004 DLADResM - ok
22:39:53.0093 4004 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
22:39:53.0109 4004 DLAIFS_M - ok
22:39:53.0109 4004 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
22:39:53.0125 4004 DLAOPIOM - ok
22:39:53.0125 4004 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
22:39:53.0140 4004 DLAPoolM - ok
22:39:53.0156 4004 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
22:39:53.0171 4004 DLARTL_M - ok
22:39:53.0171 4004 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
22:39:53.0187 4004 DLAUDFAM - ok
22:39:53.0187 4004 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
22:39:53.0218 4004 DLAUDF_M - ok
22:39:53.0218 4004 dmadmin - ok
22:39:53.0265 4004 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:39:53.0265 4004 dmboot - ok
22:39:53.0296 4004 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:39:53.0296 4004 dmio - ok
22:39:53.0312 4004 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:39:53.0312 4004 dmload - ok
22:39:53.0328 4004 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:39:53.0359 4004 dmserver - ok
22:39:53.0390 4004 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:39:53.0390 4004 DMusic - ok
22:39:53.0421 4004 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:39:53.0453 4004 Dnscache - ok
22:39:53.0468 4004 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:39:53.0500 4004 Dot3svc - ok
22:39:53.0515 4004 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:39:53.0531 4004 dpti2o - ok
22:39:53.0531 4004 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:39:53.0546 4004 drmkaud - ok
22:39:53.0546 4004 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:39:53.0578 4004 DRVMCDB - ok
22:39:53.0609 4004 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:39:53.0625 4004 DRVNDDM - ok
22:39:53.0656 4004 [ 549734664886D91222969845E4311D1B ] DXEC01 C:\WINDOWS\system32\drivers\dxec01.sys
22:39:53.0687 4004 DXEC01 - ok
22:39:53.0687 4004 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:39:53.0718 4004 EapHost - ok
22:39:53.0796 4004 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
22:39:53.0875 4004 EpsonBidirectionalService - ok
22:39:53.0890 4004 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:39:53.0921 4004 ERSvc - ok
22:39:53.0953 4004 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:39:53.0968 4004 Eventlog - ok
22:39:54.0015 4004 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:39:54.0015 4004 EventSystem - ok
22:39:54.0062 4004 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:39:54.0062 4004 Fastfat - ok
22:39:54.0109 4004 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:39:54.0125 4004 FastUserSwitchingCompatibility - ok
22:39:54.0140 4004 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
22:39:54.0203 4004 Fax - ok
22:39:54.0218 4004 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:39:54.0234 4004 Fdc - ok
22:39:54.0281 4004 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:39:54.0281 4004 Fips - ok
22:39:54.0281 4004 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:39:54.0281 4004 Flpydisk - ok
22:39:54.0328 4004 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:39:54.0328 4004 FltMgr - ok
22:39:54.0468 4004 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:39:54.0500 4004 FontCache3.0.0.0 - ok
22:39:54.0562 4004 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
22:39:54.0625 4004 FsUsbExDisk - ok
22:39:54.0640 4004 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:39:54.0640 4004 Fs_Rec - ok
22:39:54.0656 4004 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:39:54.0656 4004 Ftdisk - ok
22:39:54.0703 4004 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:39:54.0718 4004 GEARAspiWDM - ok
22:39:54.0750 4004 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:39:54.0750 4004 Gpc - ok
22:39:54.0765 4004 [ 7031A936832967A93B0E5D5F1C76745A ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
22:39:54.0812 4004 guardian2 - ok
22:39:54.0906 4004 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:39:54.0906 4004 gupdate - ok
22:39:54.0921 4004 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:39:54.0921 4004 gupdatem - ok
22:39:55.0000 4004 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:39:55.0062 4004 HDAudBus - ok
22:39:55.0156 4004 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:39:55.0187 4004 helpsvc - ok
22:39:55.0218 4004 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:39:55.0250 4004 HidServ - ok
22:39:55.0250 4004 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:39:55.0265 4004 hidusb - ok
22:39:55.0281 4004 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:39:55.0328 4004 hkmsvc - ok
22:39:55.0359 4004 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
22:39:55.0421 4004 hpn - ok
22:39:55.0484 4004 [ 7290FB97535C317A237D4C73149C7E2C ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:39:55.0546 4004 HSFHWAZL - ok
22:39:55.0593 4004 [ F362C0B442337DA8AB0608DFAA4CA076 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:39:55.0765 4004 HSF_DPV - ok
22:39:55.0828 4004 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:39:55.0828 4004 HTTP - ok
22:39:55.0875 4004 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:39:55.0921 4004 HTTPFilter - ok
22:39:55.0937 4004 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
22:39:55.0953 4004 i2omgmt - ok
22:39:55.0953 4004 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:39:55.0968 4004 i2omp - ok
22:39:56.0015 4004 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:39:56.0015 4004 i8042prt - ok
22:39:56.0234 4004 [ 200CCA76CD0E0F7EEC78FA56C29B4D67 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:39:56.0750 4004 ialm - ok
22:39:56.0859 4004 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:39:56.0921 4004 idsvc - ok
22:39:56.0953 4004 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:39:56.0968 4004 Imapi - ok
22:39:57.0015 4004 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:39:57.0046 4004 ImapiService - ok
22:39:57.0125 4004 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:39:57.0140 4004 ini910u - ok
22:39:57.0171 4004 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:39:57.0171 4004 IntelIde - ok
22:39:57.0203 4004 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:39:57.0203 4004 intelppm - ok
22:39:57.0234 4004 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:39:57.0234 4004 Ip6Fw - ok
22:39:57.0250 4004 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:39:57.0250 4004 IpFilterDriver - ok
22:39:57.0250 4004 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:39:57.0250 4004 IpInIp - ok
22:39:57.0250 4004 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:39:57.0265 4004 IpNat - ok
22:39:57.0328 4004 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:39:57.0453 4004 iPod Service - ok
22:39:57.0468 4004 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:39:57.0468 4004 IPSec - ok
22:39:57.0484 4004 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:39:57.0484 4004 IRENUM - ok
22:39:57.0500 4004 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:39:57.0500 4004 isapnp - ok
22:39:57.0562 4004 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:39:57.0562 4004 Kbdclass - ok
22:39:57.0593 4004 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:39:57.0625 4004 kbdhid - ok
22:39:57.0656 4004 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:39:57.0656 4004 kmixer - ok
22:39:57.0687 4004 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:39:57.0687 4004 KSecDD - ok
22:39:57.0734 4004 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
22:39:57.0781 4004 LanmanServer - ok
22:39:57.0843 4004 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:39:57.0906 4004 lanmanworkstation - ok
22:39:57.0921 4004 Lbd - ok
22:39:57.0921 4004 lbrtfdc - ok
22:39:58.0296 4004 [ 32F1B95C60042F3D95FC8AB43559B3B1 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
22:39:58.0484 4004 LeapFrog Connect Device Service - ok
22:39:58.0562 4004 [ 5CFFDA921FE0C9E9EBDE3150D3C81594 ] Leapfrog-USBLAN C:\WINDOWS\system32\DRIVERS\btblan.sys
22:39:58.0578 4004 Leapfrog-USBLAN - ok
22:39:58.0609 4004 [ 34D6730E198A5B0FCE0790A6B4769EF2 ] libusb0 C:\WINDOWS\system32\DRIVERS\libusb0.sys
22:39:58.0625 4004 libusb0 - ok
22:39:58.0625 4004 ListOpenedFileDrv - ok
22:39:58.0656 4004 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:39:58.0671 4004 LmHosts - ok
22:39:58.0734 4004 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:39:58.0765 4004 MDM - ok
22:39:58.0781 4004 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:39:58.0796 4004 mdmxsdk - ok
22:39:58.0812 4004 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:39:58.0812 4004 Messenger - ok
22:39:58.0859 4004 [ 32BCD2AEC12CEE766B2488731A78127C ] MfeAVFK C:\WINDOWS\system32\drivers\MfeAVFK.sys
22:39:58.0875 4004 MfeAVFK - ok
22:39:58.0875 4004 [ 963ABF1A4D3A19206F7B059E5A1A190B ] MfeBOPK C:\WINDOWS\system32\drivers\MfeBOPK.sys
22:39:58.0890 4004 MfeBOPK - ok
22:39:58.0921 4004 [ 586A07B1FA933C340D990419D6894D7A ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
22:39:58.0937 4004 mfehidk - ok
22:39:58.0937 4004 [ 820D6AA3F7F0CFA8A1FA8F63D3F1DF04 ] MfeRKDK C:\WINDOWS\system32\drivers\MfeRKDK.sys
22:39:58.0968 4004 MfeRKDK - ok
22:39:58.0984 4004 [ 3812E49FA67A3F604895F0D0C2E1EF90 ] mfetdik C:\WINDOWS\system32\drivers\mfetdik.sys
22:39:59.0000 4004 mfetdik - ok
22:39:59.0046 4004 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:39:59.0046 4004 mnmdd - ok
22:39:59.0093 4004 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:39:59.0140 4004 mnmsrvc - ok
22:39:59.0171 4004 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:39:59.0171 4004 Modem - ok
22:39:59.0187 4004 motccgp - ok
22:39:59.0187 4004 motccgpfl - ok
22:39:59.0187 4004 motmodem - ok
22:39:59.0265 4004 [ 98A10AC4257A3BA48C9611338544EE49 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
22:39:59.0328 4004 MotoHelper - ok
22:39:59.0328 4004 MotoSwitchService - ok
22:39:59.0328 4004 Motousbnet - ok
22:39:59.0343 4004 motusbdevice - ok
22:39:59.0359 4004 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:39:59.0359 4004 Mouclass - ok
22:39:59.0406 4004 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:39:59.0406 4004 mouhid - ok
22:39:59.0453 4004 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:39:59.0468 4004 MountMgr - ok
22:39:59.0484 4004 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:39:59.0515 4004 mraid35x - ok
22:39:59.0531 4004 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:39:59.0531 4004 MRxDAV - ok
22:39:59.0578 4004 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:39:59.0593 4004 MRxSmb - ok
22:39:59.0640 4004 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:39:59.0640 4004 MSDTC - ok
22:39:59.0671 4004 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:39:59.0687 4004 Msfs - ok
22:39:59.0687 4004 MSIServer - ok
22:39:59.0703 4004 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:39:59.0703 4004 MSKSSRV - ok
22:39:59.0703 4004 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:39:59.0718 4004 MSPCLOCK - ok
22:39:59.0718 4004 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:39:59.0718 4004 MSPQM - ok
22:39:59.0750 4004 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:39:59.0750 4004 mssmbios - ok
22:39:59.0781 4004 MSSQL$NR2007 - ok
22:39:59.0843 4004 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
22:39:59.0890 4004 MSSQLServerADHelper - ok
22:39:59.0921 4004 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:39:59.0953 4004 MSTEE - ok
22:39:59.0968 4004 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:39:59.0968 4004 Mup - ok
22:39:59.0984 4004 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:40:00.0046 4004 NABTSFEC - ok
22:40:00.0078 4004 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:40:00.0140 4004 napagent - ok
22:40:00.0187 4004 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:40:00.0187 4004 NDIS - ok
22:40:00.0187 4004 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:40:00.0218 4004 NdisIP - ok
22:40:00.0265 4004 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:40:00.0281 4004 NdisTapi - ok
22:40:00.0296 4004 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:40:00.0296 4004 Ndisuio - ok
22:40:00.0328 4004 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:40:00.0343 4004 NdisWan - ok
22:40:00.0375 4004 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:40:00.0390 4004 NDProxy - ok
22:40:00.0406 4004 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:40:00.0406 4004 NetBIOS - ok
22:40:00.0453 4004 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:40:00.0453 4004 NetBT - ok
22:40:00.0484 4004 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:40:00.0578 4004 NetDDE - ok
22:40:00.0578 4004 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:40:00.0593 4004 NetDDEdsdm - ok
22:40:00.0625 4004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:40:00.0640 4004 Netlogon - ok
22:40:00.0656 4004 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:40:00.0671 4004 Netman - ok
22:40:00.0718 4004 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:40:00.0765 4004 NetTcpPortSharing - ok
22:40:00.0812 4004 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:40:00.0812 4004 NIC1394 - ok
22:40:00.0843 4004 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:40:00.0843 4004 Nla - ok
22:40:00.0859 4004 Nmea - ok
22:40:00.0859 4004 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:40:00.0875 4004 Npfs - ok
22:40:00.0937 4004 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:40:00.0937 4004 Ntfs - ok
22:40:00.0953 4004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:40:00.0953 4004 NtLmSsp - ok
22:40:01.0000 4004 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:40:01.0000 4004 NtmsSvc - ok
22:40:01.0046 4004 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:40:01.0062 4004 Null - ok
22:40:01.0125 4004 [ 93213C7EC08E01E37A935BF144E75DF6 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
22:40:01.0171 4004 NWADI - ok
22:40:01.0203 4004 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:40:01.0203 4004 NwlnkFlt - ok
22:40:01.0234 4004 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:40:01.0234 4004 NwlnkFwd - ok
22:40:01.0343 4004 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:40:01.0453 4004 odserv - ok
22:40:01.0453 4004 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:40:01.0500 4004 ohci1394 - ok
22:40:01.0546 4004 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:40:01.0562 4004 ose - ok
22:40:01.0609 4004 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
22:40:01.0609 4004 Parport - ok
22:40:01.0640 4004 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:40:01.0640 4004 PartMgr - ok
22:40:01.0640 4004 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:40:01.0640 4004 ParVdm - ok
22:40:01.0656 4004 [ 9EC004140E1B675ACDEB07F66EE797A4 ] PBADRV C:\WINDOWS\system32\DRIVERS\PBADRV.sys
22:40:01.0671 4004 PBADRV - ok
22:40:01.0671 4004 PCASp50 - ok
22:40:01.0687 4004 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:40:01.0687 4004 PCI - ok
22:40:01.0687 4004 PCIDump - ok
22:40:01.0703 4004 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:40:01.0718 4004 PCIIde - ok
22:40:01.0734 4004 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:40:01.0734 4004 Pcmcia - ok
22:40:01.0734 4004 PCTINDIS5 - ok
22:40:01.0734 4004 PDCOMP - ok
22:40:01.0734 4004 PDFRAME - ok
22:40:01.0750 4004 PDRELI - ok
22:40:01.0750 4004 PDRFRAME - ok
22:40:01.0796 4004 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
22:40:01.0828 4004 perc2 - ok
22:40:01.0828 4004 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:40:01.0843 4004 perc2hib - ok
22:40:01.0875 4004 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:40:01.0875 4004 PlugPlay - ok
22:40:01.0890 4004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:40:01.0890 4004 PolicyAgent - ok
22:40:01.0906 4004 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:40:01.0906 4004 PptpMiniport - ok
22:40:01.0906 4004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:40:01.0906 4004 ProtectedStorage - ok
22:40:01.0906 4004 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:40:01.0906 4004 PSched - ok
22:40:01.0937 4004 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
22:40:01.0953 4004 PSI - ok
22:40:01.0953 4004 PTDCBus - ok
22:40:01.0953 4004 PTDCMdm - ok
22:40:01.0968 4004 PTDCVsp - ok
22:40:01.0968 4004 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:40:01.0968 4004 Ptilink - ok
22:40:01.0984 4004 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:40:02.0000 4004 PxHelp20 - ok
22:40:02.0015 4004 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:40:02.0031 4004 ql1080 - ok
22:40:02.0046 4004 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:40:02.0078 4004 Ql10wnt - ok
22:40:02.0078 4004 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:40:02.0125 4004 ql12160 - ok
22:40:02.0125 4004 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:40:02.0156 4004 ql1240 - ok
22:40:02.0171 4004 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:40:02.0203 4004 ql1280 - ok
22:40:02.0250 4004 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:40:02.0250 4004 RasAcd - ok
22:40:02.0265 4004 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:40:02.0296 4004 RasAuto - ok
22:40:02.0312 4004 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:40:02.0312 4004 Rasl2tp - ok
22:40:02.0359 4004 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:40:02.0390 4004 RasMan - ok
22:40:02.0406 4004 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:40:02.0406 4004 RasPppoe - ok
22:40:02.0421 4004 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:40:02.0421 4004 Raspti - ok
22:40:02.0468 4004 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:40:02.0468 4004 Rdbss - ok
22:40:02.0484 4004 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:40:02.0484 4004 RDPCDD - ok
22:40:02.0484 4004 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:40:02.0500 4004 rdpdr - ok
22:40:02.0515 4004 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:40:02.0531 4004 RDPWD - ok
22:40:02.0562 4004 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:40:02.0609 4004 RDSessMgr - ok
22:40:02.0656 4004 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:40:02.0656 4004 redbook - ok
22:40:02.0687 4004 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:40:02.0703 4004 RemoteAccess - ok
22:40:02.0750 4004 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:40:02.0750 4004 RemoteRegistry - ok
22:40:02.0796 4004 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
22:40:02.0843 4004 RpcLocator - ok
22:40:02.0859 4004 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:40:02.0875 4004 RpcSs - ok
22:40:02.0906 4004 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:40:02.0937 4004 RSVP - ok
22:40:02.0984 4004 [ DA4980FAD2B7D86D6ED8E35E3874F65E ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
22:40:03.0140 4004 RT73 - ok
22:40:03.0171 4004 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:40:03.0171 4004 SamSs - ok
22:40:03.0218 4004 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:40:03.0234 4004 SASDIFSV - ok
22:40:03.0234 4004 SASENUM - ok
22:40:03.0250 4004 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:40:03.0281 4004 SASKUTIL - ok
22:40:03.0312 4004 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:40:03.0312 4004 SCardSvr - ok
22:40:03.0343 4004 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:40:03.0343 4004 Schedule - ok
22:40:03.0359 4004 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:40:03.0390 4004 Secdrv - ok
22:40:03.0390 4004 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:40:03.0437 4004 seclogon - ok
22:40:03.0531 4004 [ 456B0B5844575714DB0370742CBB7A88 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
22:40:03.0828 4004 Secunia PSI Agent - ok
22:40:03.0906 4004 [ E5C9695967B022317BB1D96BC15CFDA0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
22:40:04.0093 4004 Secunia Update Agent - ok
22:40:04.0171 4004 [ 472946EDEBF85C1F0B44B6EBA01AC9B6 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
22:40:04.0234 4004 SecureStorageService - ok
22:40:04.0281 4004 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:40:04.0296 4004 SENS - ok
22:40:04.0312 4004 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:40:04.0312 4004 Serenum - ok
22:40:04.0359 4004 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:40:04.0359 4004 Serial - ok
22:40:04.0484 4004 [ 58C52CF9DD452817B9F4BA0781014836 ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
22:40:04.0515 4004 SfCtlCom - ok
22:40:04.0531 4004 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:40:04.0531 4004 Sfloppy - ok
22:40:04.0562 4004 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:40:04.0562 4004 ShellHWDetection - ok
22:40:04.0562 4004 Simbad - ok
22:40:04.0625 4004 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:40:04.0656 4004 sisagp - ok
22:40:04.0687 4004 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:40:04.0718 4004 SLIP - ok
22:40:04.0734 4004 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:40:04.0765 4004 SONYPVU1 - ok
22:40:04.0796 4004 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:40:04.0828 4004 Sparrow - ok
22:40:04.0859 4004 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:40:04.0875 4004 splitter - ok
22:40:04.0921 4004 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:40:04.0921 4004 Spooler - ok
22:40:04.0953 4004 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:40:05.0031 4004 SQLBrowser - ok
22:40:05.0062 4004 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:40:05.0109 4004 SQLWriter - ok
22:40:05.0156 4004 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:40:05.0156 4004 sr - ok
22:40:05.0171 4004 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:40:05.0187 4004 srservice - ok
22:40:05.0218 4004 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:40:05.0234 4004 Srv - ok
22:40:05.0265 4004 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:40:05.0281 4004 SSDPSRV - ok
22:40:05.0312 4004 [ 8F299012EF58246F1C98DE7B7E48DBF0 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
22:40:05.0375 4004 ssudmdm - ok
22:40:05.0390 4004 [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV C:\WINDOWS\system32\StacSV.exe
22:40:05.0546 4004 STacSV - ok
22:40:05.0671 4004 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
22:40:05.0750 4004 STHDA - ok
22:40:05.0812 4004 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:40:05.0812 4004 stisvc - ok
22:40:05.0843 4004 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:40:05.0890 4004 stllssvr - ok
22:40:05.0890 4004 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:40:05.0906 4004 streamip - ok
22:40:05.0921 4004 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:40:05.0921 4004 swenum - ok
22:40:05.0937 4004 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:40:05.0937 4004 swmidi - ok
22:40:05.0984 4004 [ 150AB4FA272130EC55B2A4FAEBDF47F9 ] swmsflt C:\WINDOWS\System32\drivers\swmsflt.sys
22:40:06.0000 4004 swmsflt - ok
22:40:06.0031 4004 [ AF88AE62B84D016EB5BDC12DDF1005A3 ] swmx00 C:\WINDOWS\system32\DRIVERS\swmx00.sys
22:40:06.0062 4004 swmx00 - ok
22:40:06.0078 4004 [ 24BCE62E4DA07C6488E3A7FF37A6B6AE ] SWNC5E00 C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
22:40:06.0125 4004 SWNC5E00 - ok
22:40:06.0125 4004 SwPrv - ok
22:40:06.0171 4004 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
22:40:06.0203 4004 symc810 - ok
22:40:06.0203 4004 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:40:06.0250 4004 symc8xx - ok
22:40:06.0250 4004 SymIM - ok
22:40:06.0250 4004 SymIMMP - ok
22:40:06.0265 4004 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:40:06.0296 4004 sym_hi - ok
22:40:06.0312 4004 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:40:06.0328 4004 sym_u3 - ok
22:40:06.0359 4004 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:40:06.0359 4004 sysaudio - ok
22:40:06.0375 4004 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:40:06.0406 4004 SysmonLog - ok
22:40:06.0421 4004 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:40:06.0421 4004 TapiSrv - ok
22:40:06.0468 4004 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:40:06.0468 4004 Tcpip - ok
22:40:06.0625 4004 [ 23B506262493F1A521683EE88C5FBF60 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
22:40:06.0718 4004 tcsd_win32.exe - ok
22:40:06.0796 4004 [ A27D803B21F24A5CFB775944EA4CB130 ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
22:40:06.0906 4004 TdmService - ok
22:40:06.0921 4004 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:40:06.0921 4004 TDPIPE - ok
22:40:06.0953 4004 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:40:06.0953 4004 TDTCP - ok
22:40:06.0984 4004 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:40:07.0000 4004 TermDD - ok
22:40:07.0046 4004 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:40:07.0062 4004 TermService - ok
22:40:07.0078 4004 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:40:07.0093 4004 Themes - ok
22:40:07.0125 4004 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:40:07.0187 4004 TlntSvr - ok
22:40:07.0250 4004 [ CA9E9C2C04A198ED345C1752222A5F3E ] tmactmon C:\WINDOWS\system32\drivers\tmactmon.sys
22:40:07.0296 4004 tmactmon - ok
22:40:07.0406 4004 [ B365E817E398FF2AC5706EAB232EF6C1 ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
22:40:07.0453 4004 TMBMServer - ok
22:40:07.0484 4004 [ FCFA40E475FF5549F5CD335F4046ABA4 ] tmcfw C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
22:40:07.0625 4004 tmcfw - ok
22:40:07.0656 4004 [ A3D20789B3FF0576A29462BEF25BCFCC ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
22:40:07.0703 4004 tmcomm - ok
22:40:07.0703 4004 [ 21F215E54770C4BF93EFAF63F58FE57E ] tmevtmgr C:\WINDOWS\system32\drivers\tmevtmgr.sys
22:40:07.0718 4004 tmevtmgr - ok
22:40:07.0750 4004 [ 255328CF08D602368B69FF1F55EBD93E ] TmPfw C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
22:40:07.0781 4004 TmPfw - ok
22:40:07.0812 4004 [ 379C4F99994A56B66E11D1E32BB22A1C ] tmpreflt C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
22:40:07.0828 4004 tmpreflt - ok
22:40:07.0859 4004 [ 0FEC6C50B2BE07C57651573CDD1C721F ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
22:40:07.0921 4004 TmProxy - ok
22:40:07.0921 4004 [ 44C262C1B2412DED35078B6166D2ACC2 ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
22:40:07.0937 4004 tmtdi - ok
22:40:07.0968 4004 [ 717E406972BBC07F8FB2A989416CAB73 ] tmxpflt C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
22:40:08.0015 4004 tmxpflt - ok
22:40:08.0046 4004 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
22:40:08.0046 4004 TosIde - ok
22:40:08.0093 4004 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:40:08.0109 4004 TrkWks - ok
22:40:08.0156 4004 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:40:08.0156 4004 Udfs - ok
22:40:08.0156 4004 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
22:40:08.0171 4004 ultra - ok
22:40:08.0265 4004 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:40:08.0265 4004 Update - ok
22:40:08.0296 4004 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:40:08.0296 4004 upnphost - ok
22:40:08.0312 4004 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:40:08.0343 4004 UPS - ok
22:40:08.0375 4004 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
22:40:08.0390 4004 USBAAPL - ok
22:40:08.0421 4004 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:40:08.0421 4004 usbccgp - ok
22:40:08.0468 4004 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:40:08.0484 4004 usbehci - ok
22:40:08.0484 4004 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:40:08.0484 4004 usbhub - ok
22:40:08.0500 4004 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:40:08.0515 4004 usbohci - ok
22:40:08.0531 4004 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:40:08.0546 4004 usbprint - ok
22:40:08.0562 4004 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:40:08.0578 4004 usbscan - ok
22:40:08.0625 4004 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:40:08.0625 4004 USBSTOR - ok
22:40:08.0656 4004 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:40:08.0656 4004 usbuhci - ok
22:40:08.0671 4004 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:40:08.0671 4004 VgaSave - ok
22:40:08.0703 4004 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:40:08.0718 4004 viaagp - ok
22:40:08.0734 4004 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
22:40:08.0750 4004 ViaIde - ok
22:40:08.0781 4004 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:40:08.0781 4004 VolSnap - ok
22:40:08.0875 4004 [ 642EB152CB980AD9181B2161066BE629 ] vsapint C:\WINDOWS\system32\DRIVERS\vsapint.sys
22:40:08.0921 4004 vsapint - ok
22:40:08.0953 4004 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:40:09.0015 4004 VSS - ok
22:40:09.0078 4004 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
22:40:09.0078 4004 w32time - ok
22:40:09.0093 4004 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:40:09.0093 4004 Wanarp - ok
22:40:09.0109 4004 Wave UCSPlus - ok
22:40:09.0171 4004 [ 796FDA916625BE7E5F6CFECE15A81C3A ] WaveEnrollmentService C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
22:40:09.0265 4004 WaveEnrollmentService - ok
22:40:09.0312 4004 [ DB626C46997C2430D4958DA5C7FFB969 ] WaveFDE C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
22:40:09.0328 4004 WaveFDE - ok
22:40:09.0359 4004 [ 51E756F2BFB5E3ADCB15F966AD293231 ] WavxDMgr C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
22:40:09.0390 4004 WavxDMgr - ok
22:40:09.0453 4004 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:40:09.0562 4004 Wdf01000 - ok
22:40:09.0562 4004 WDICA - ok
22:40:09.0609 4004 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:40:09.0609 4004 wdmaud - ok
22:40:09.0671 4004 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:40:09.0703 4004 WebClient - ok
22:40:09.0734 4004 [ 92CE6497076EAC3083185C44157B3A46 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:40:09.0859 4004 winachsf - ok
22:40:09.0921 4004 [ 097A8291DF541F9B9AF2C500797CDCAA ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
22:40:10.0015 4004 WinDriver6 - ok
22:40:10.0062 4004 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
22:40:10.0093 4004 WinUSB - ok
22:40:10.0109 4004 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:40:10.0125 4004 WmdmPmSN - ok
22:40:10.0171 4004 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:40:10.0171 4004 Wmi - ok
22:40:10.0234 4004 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:40:10.0250 4004 WmiAcpi - ok
22:40:10.0359 4004 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:40:10.0406 4004 WmiApSrv - ok
22:40:10.0531 4004 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:40:10.0718 4004 WMPNetworkSvc - ok
22:40:10.0750 4004 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:40:10.0796 4004 WpdUsb - ok
22:40:10.0843 4004 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:40:10.0890 4004 wscsvc - ok
22:40:10.0890 4004 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:40:10.0921 4004 WSTCODEC - ok
22:40:10.0984 4004 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:40:11.0000 4004 wuauserv - ok
22:40:11.0062 4004 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:40:11.0109 4004 WudfPf - ok
22:40:11.0125 4004 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:40:11.0171 4004 WudfRd - ok
22:40:11.0203 4004 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:40:11.0250 4004 WudfSvc - ok
22:40:11.0328 4004 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:40:11.0343 4004 WZCSVC - ok
22:40:11.0390 4004 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:40:11.0406 4004 xmlprov - ok
22:40:11.0453 4004 ================ Scan global ===============================
22:40:11.0500 4004 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:40:11.0562 4004 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:40:11.0593 4004 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:40:11.0625 4004 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:40:11.0640 4004 [Global] - ok
22:40:11.0640 4004 ================ Scan MBR ==================================
22:40:11.0656 4004 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:40:12.0062 4004 \Device\Harddisk0\DR0 - ok
22:40:12.0062 4004 ================ Scan VBR ==================================
22:40:12.0078 4004 [ FC4DE82817E8D219B1A528B4D6C30C22 ] \Device\Harddisk0\DR0\Partition1
22:40:12.0078 4004 \Device\Harddisk0\DR0\Partition1 - ok
22:40:12.0078 4004 ============================================================
22:40:12.0078 4004 Scan finished
22:40:12.0078 4004 ============================================================
22:40:12.0093 3264 Detected object count: 0
22:40:12.0093 3264 Actual detected object count: 0
22:40:19.0359 0664 Deinitialize success

MiniToolBox by Farbar Version:10-01-2013
Ran by Nathan (administrator) on 23-01-2013 at 20:18:52
Running from "C:\Documents and Settings\Nathan.KNRCOMP\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 13967 more lines starting with "127.0.0.1"

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

**** End of log ****

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:05 PM

Posted 24 January 2013 - 10:35 AM

Hello,it appears that fragments of the infection still exist. Rather than chip it out,Lets repost and get it all.. I think we should get a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 24 January 2013 - 02:35 PM

I assume that I am to go ahead and proceed to Step 6?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:05 PM

Posted 24 January 2013 - 02:41 PM

Yes please// 6,7,8

Edited by boopme, 24 January 2013 - 02:42 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 natemr

natemr
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 24 January 2013 - 08:23 PM

Thanks, boopme!

I've followed the guide and made the new post titled Java Exploit/Ransomware (wasn't sure what bug I'm dealing with here).

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:05 PM

Posted 24 January 2013 - 09:09 PM

Sorry,possible Rootkit.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users