Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Has anyone heard of Error Wizard


  • Please log in to reply
5 replies to this topic

#1 JohnDavidLynchJr

JohnDavidLynchJr

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 18 March 2013 - 02:55 PM

This is a fresh load of Win XP SP3 & Office 2003 with all MS Updates.

McAfee VirusScan Enterprise 8.8 patch 1.

I had to turn off prevent mass mailing worms in access protection.

I've scanned it with MalWareBytes 0 Found, Spybot Search & Destroy 0 Found,

 

I'm trying to send an e-mail from our software.

This is the error I get.

 

Attached File  Untitled.jpg   77.54KB   7 downloads

 

I called the software tech support,

They do not know where it came from.

 

This has worked in the past.

 

Thank You

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:37 PM

Posted 18 March 2013 - 03:50 PM

Looks like malware,I never heard of it.

 

I moved this to Am I Infected from XP.

 

 

Is it in Control Panel ADD /Remove?

 


MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.

 

 

 

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.


>>>>

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JohnDavidLynchJr

JohnDavidLynchJr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 18 March 2013 - 07:04 PM

It is not listed in Add and Remove Programs.

 

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by lcoolidge (administrator) on 18-03-2013 at 17:04:34
Running from "C:\Documents and Settings\lcoolidge\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15320 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration

 


Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : hss-104

        Primary Dns Suffix  . . . . . . . : Harris.local

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : Harris.local

                                            Harris

 

Ethernet adapter Local Area Connection:

 

        Connection-specific DNS Suffix  . : Harris

        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

        Physical Address. . . . . . . . . : 00-1E-C9-3D-E7-9B

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.16.104

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.16.200

        DHCP Server . . . . . . . . . . . : 192.168.16.200

        DNS Servers . . . . . . . . . . . : 192.168.16.2

                                            64.130.108.18

                                            64.130.108.19

        Primary WINS Server . . . . . . . : 192.168.16.2

        Lease Obtained. . . . . . . . . . : Monday, March 18, 2013 7:11:17 AM

        Lease Expires . . . . . . . . . . : Tuesday, March 19, 2013 7:11:17 AM

Server:  server.harris.local
Address:  192.168.16.2

DNS request timed out.
    timeout was 2 seconds.


Pinging google.com [173.194.46.6] with 32 bytes of data:

 

Reply from 173.194.46.6: bytes=32 time=46ms TTL=57

Reply from 173.194.46.6: bytes=32 time=88ms TTL=57

 

Ping statistics for 173.194.46.6:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 46ms, Maximum = 88ms, Average = 67ms

Server:  server.harris.local
Address:  192.168.16.2

DNS request timed out.
    timeout was 2 seconds.


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

 

Reply from 206.190.36.45: bytes=32 time=385ms TTL=52

Reply from 206.190.36.45: bytes=32 time=317ms TTL=52

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 317ms, Maximum = 385ms, Average = 351ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e c9 3d e7 9b ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   192.168.16.200  192.168.16.104   10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
     192.168.16.0    255.255.255.0   192.168.16.104  192.168.16.104   10
   192.168.16.104  255.255.255.255        127.0.0.1       127.0.0.1   10
   192.168.16.255  255.255.255.255   192.168.16.104  192.168.16.104   10
        224.0.0.0        240.0.0.0   192.168.16.104  192.168.16.104   10
  255.255.255.255  255.255.255.255   192.168.16.104  192.168.16.104   1
Default Gateway:    192.168.16.200
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/18/2013 00:43:54 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (03/18/2013 09:02:40 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (03/18/2013 06:45:29 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (03/17/2013 08:56:44 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (03/17/2013 08:07:08 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (03/17/2013 02:14:50 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (03/16/2013 00:59:50 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007003a).  The specified server cannot perform the requested operation.
  Enrollment will not be performed.

Error: (03/15/2013 09:24:09 AM) (Source: Microsoft Office 11) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (03/14/2013 01:24:13 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (03/14/2013 01:23:44 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.


System errors:
=============
Error: (03/18/2013 03:26:37 PM) (Source: Print) (User: NT AUTHORITY)
Description: Failed to delete PrintQueue CN=HSS-104-Microsoft XPS Document Writer (from ACCLLC-LT) at LDAP://server.Harris.local/CN=HSS-104,CN=Computers,DC=Harris,DC=local.  Error: 8007203a

Error: (03/18/2013 03:26:37 PM) (Source: Print) (User: NT AUTHORITY)
Description: PrintQueue could not be created or updated because we failed to bind to the Container: LDAP://server.Harris.local/CN=HSS-104,CN=Computers,DC=Harris,DC=local.  Error: 8007203a

Error: (03/18/2013 03:26:23 PM) (Source: TermServDevices) (User: )
Description: Driver HP Photosmart Prem C410 series fax required for printer HP Photosmart Prem C410 series fax is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/18/2013 03:26:23 PM) (Source: TermServDevices) (User: )
Description: Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/18/2013 03:26:23 PM) (Source: TermServDevices) (User: )
Description: Driver HP Photosmart Prem C410 series required for printer HP Photosmart Prem C410 series is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/18/2013 07:15:02 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain HARRIS due to the following:
%%1722.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (03/18/2013 06:45:36 AM) (Source: Print) (User: NT AUTHORITY)
Description: The PrintQueue Container could not be found because the DNS Domain name could not be retrieved.  Error: 6ba

Error: (03/18/2013 06:45:33 AM) (Source: TermServDevices) (User: )
Description: Driver HP Photosmart Prem C410 series fax required for printer HP Photosmart Prem C410 series fax is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/18/2013 06:45:32 AM) (Source: TermServDevices) (User: )
Description: Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/18/2013 06:45:32 AM) (Source: TermServDevices) (User: )
Description: Driver HP Photosmart Prem C410 series required for printer HP Photosmart Prem C410 series is unknown. Contact the administrator to install the driver before you log in again.


Microsoft Office Sessions:
=========================
Error: (03/18/2013 00:43:54 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The RPC server is unavailable.

Error: (03/18/2013 09:02:40 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The RPC server is unavailable.

Error: (03/18/2013 06:45:29 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The RPC server is unavailable.

Error: (03/17/2013 08:56:44 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The RPC server is unavailable.

Error: (03/17/2013 08:07:08 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The RPC server is unavailable.

Error: (03/17/2013 02:14:50 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: The RPC server is unavailable.

Error: (03/16/2013 00:59:50 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007003aThe specified server cannot perform the requested operation.

Error: (03/15/2013 09:24:09 AM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office Outlook

Error: (03/14/2013 01:24:13 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The RPC server is unavailable.

Error: (03/14/2013 01:23:44 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The RPC server is unavailable.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
Broadcom Gigabit Integrated Controller (Version: 10.50.03)
Color LaserJet 1600
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dell System Detect (Version: 4.0.5.6)
eXtreme Fax Call Controller
Google Chrome (Version: 25.0.1364.172)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0)
HP Officejet Pro 8600 Help (Version: 140.0.2.2)
HP Update (Version: 5.003.000.004)
I.R.I.S. OCR (Version: 12.3.4.0)
Intel® Graphics Media Accelerator Driver
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
McAfee Agent (Version: 4.5.0.1810)
McAfee VirusScan Enterprise (Version: 8.8.01000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Premier (Version: 2.5.0.33)
SoundMAX (Version: 5.10.01.5491)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
UltraVNC 1.0.8.2 (Version: 1.0.8.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 3060.89 MB
Available physical RAM: 2488.33 MB
Total Pagefile: 6999.22 MB
Available Pagefile: 6457.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.55 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149 GB) (Free:134.76 GB) NTFS
4 Drive p: () (Network) (Total:600.61 GB) (Free:538.47 GB) NTFS
5 Drive s: () (Network) (Total:600.61 GB) (Free:538.47 GB) NTFS

========================= Users: ========================================

User accounts for \\HSS-104

accllc                   Administrator            ASPNET                  
Guest                    HelpAssistant            SUPPORT_388945a0        


**** End of log ****

 

 

17:08:25.0417 3788  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:08:25.0901 3788  ============================================================
17:08:25.0901 3788  Current date / time: 2013/03/18 17:08:25.0901
17:08:25.0901 3788  SystemInfo:
17:08:25.0901 3788 
17:08:25.0901 3788  OS Version: 5.1.2600 ServicePack: 3.0
17:08:25.0901 3788  Product type: Workstation
17:08:25.0901 3788  ComputerName: HSS-104
17:08:25.0901 3788  UserName: lcoolidge
17:08:25.0901 3788  Windows directory: C:\WINDOWS
17:08:25.0901 3788  System windows directory: C:\WINDOWS
17:08:25.0901 3788  Processor architecture: Intel x86
17:08:25.0901 3788  Number of processors: 2
17:08:25.0901 3788  Page size: 0x1000
17:08:25.0901 3788  Boot type: Normal boot
17:08:25.0901 3788  ============================================================
17:08:26.0183 3788  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:08:26.0198 3788  ============================================================
17:08:26.0198 3788  \Device\Harddisk0\DR0:
17:08:26.0198 3788  MBR partitions:
17:08:26.0198 3788  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
17:08:26.0198 3788  ============================================================
17:08:26.0230 3788  C: <-> \Device\Harddisk0\DR0\Partition1
17:08:26.0230 3788  ============================================================
17:08:26.0230 3788  Initialize success
17:08:26.0230 3788  ============================================================
17:09:21.0074 2196  ============================================================
17:09:21.0074 2196  Scan started
17:09:21.0074 2196  Mode: Manual; TDLFS;
17:09:21.0074 2196  ============================================================
17:09:21.0230 2196  ================ Scan system memory ========================
17:09:21.0230 2196  System memory - ok
17:09:21.0246 2196  ================ Scan services =============================
17:09:21.0340 2196  Abiosdsk - ok
17:09:21.0355 2196  abp480n5 - ok
17:09:21.0418 2196  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:09:21.0418 2196  ACPI - ok
17:09:21.0465 2196  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:09:21.0465 2196  ACPIEC - ok
17:09:21.0512 2196  [ 0F0A69496989912351284BB1BAA2CE57 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
17:09:21.0512 2196  ADIHdAudAddService - ok
17:09:21.0590 2196  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:09:21.0590 2196  AdobeFlashPlayerUpdateSvc - ok
17:09:21.0590 2196  adpu160m - ok
17:09:21.0621 2196  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:09:21.0621 2196  aec - ok
17:09:21.0652 2196  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:09:21.0652 2196  AFD - ok
17:09:21.0652 2196  Aha154x - ok
17:09:21.0668 2196  aic78u2 - ok
17:09:21.0668 2196  aic78xx - ok
17:09:21.0715 2196  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:09:21.0715 2196  Alerter - ok
17:09:21.0730 2196  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
17:09:21.0730 2196  ALG - ok
17:09:21.0746 2196  AliIde - ok
17:09:21.0746 2196  amsint - ok
17:09:21.0777 2196  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:09:21.0777 2196  AppMgmt - ok
17:09:21.0777 2196  asc - ok
17:09:21.0793 2196  asc3350p - ok
17:09:21.0793 2196  asc3550 - ok
17:09:21.0871 2196  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:09:21.0887 2196  aspnet_state - ok
17:09:21.0902 2196  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:09:21.0902 2196  AsyncMac - ok
17:09:21.0949 2196  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:09:21.0949 2196  atapi - ok
17:09:21.0949 2196  Atdisk - ok
17:09:21.0980 2196  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:09:21.0980 2196  Atmarpc - ok
17:09:22.0012 2196  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:09:22.0012 2196  AudioSrv - ok
17:09:22.0058 2196  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:09:22.0058 2196  audstub - ok
17:09:22.0090 2196  [ D0692F7B8217E3B82D2BFAC535816117 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:09:22.0090 2196  b57w2k - ok
17:09:22.0121 2196  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:09:22.0121 2196  Beep - ok
17:09:22.0183 2196  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
17:09:22.0183 2196  BITS - ok
17:09:22.0215 2196  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
17:09:22.0230 2196  Browser - ok
17:09:22.0230 2196  catchme - ok
17:09:22.0262 2196  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:09:22.0262 2196  cbidf2k - ok
17:09:22.0277 2196  cd20xrnt - ok
17:09:22.0293 2196  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:09:22.0293 2196  Cdaudio - ok
17:09:22.0308 2196  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:09:22.0308 2196  Cdfs - ok
17:09:22.0324 2196  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:09:22.0324 2196  Cdrom - ok
17:09:22.0324 2196  cerc6 - ok
17:09:22.0340 2196  Changer - ok
17:09:22.0355 2196  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:09:22.0355 2196  CiSvc - ok
17:09:22.0355 2196  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:09:22.0355 2196  ClipSrv - ok
17:09:22.0433 2196  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:09:22.0433 2196  clr_optimization_v2.0.50727_32 - ok
17:09:22.0480 2196  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:09:22.0527 2196  clr_optimization_v4.0.30319_32 - ok
17:09:22.0527 2196  CmdIde - ok
17:09:22.0543 2196  COMSysApp - ok
17:09:22.0558 2196  Cpqarray - ok
17:09:22.0590 2196  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:09:22.0590 2196  CryptSvc - ok
17:09:22.0590 2196  dac2w2k - ok
17:09:22.0605 2196  dac960nt - ok
17:09:22.0652 2196  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:09:22.0668 2196  DcomLaunch - ok
17:09:22.0668 2196  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:09:22.0683 2196  Dhcp - ok
17:09:22.0683 2196  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:09:22.0683 2196  Disk - ok
17:09:22.0683 2196  dmadmin - ok
17:09:22.0730 2196  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:09:22.0746 2196  dmboot - ok
17:09:22.0762 2196  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:09:22.0762 2196  dmio - ok
17:09:22.0793 2196  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:09:22.0793 2196  dmload - ok
17:09:22.0808 2196  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:09:22.0808 2196  dmserver - ok
17:09:22.0824 2196  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:09:22.0824 2196  DMusic - ok
17:09:22.0871 2196  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:09:22.0871 2196  Dnscache - ok
17:09:22.0887 2196  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:09:22.0902 2196  Dot3svc - ok
17:09:22.0902 2196  dpti2o - ok
17:09:22.0918 2196  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:09:22.0918 2196  drmkaud - ok
17:09:22.0933 2196  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:09:22.0933 2196  EapHost - ok
17:09:22.0933 2196  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:09:22.0933 2196  ERSvc - ok
17:09:22.0965 2196  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
17:09:22.0965 2196  Eventlog - ok
17:09:23.0012 2196  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
17:09:23.0012 2196  EventSystem - ok
17:09:23.0058 2196  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:09:23.0058 2196  Fastfat - ok
17:09:23.0074 2196  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:09:23.0074 2196  FastUserSwitchingCompatibility - ok
17:09:23.0090 2196  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
17:09:23.0090 2196  Fdc - ok
17:09:23.0105 2196  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:09:23.0105 2196  Fips - ok
17:09:23.0105 2196  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
17:09:23.0121 2196  Flpydisk - ok
17:09:23.0152 2196  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:09:23.0152 2196  FltMgr - ok
17:09:23.0199 2196  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:09:23.0199 2196  FontCache3.0.0.0 - ok
17:09:23.0215 2196  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:09:23.0215 2196  Fs_Rec - ok
17:09:23.0215 2196  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:09:23.0215 2196  Ftdisk - ok
17:09:23.0246 2196  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:09:23.0246 2196  Gpc - ok
17:09:23.0293 2196  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:09:23.0293 2196  gupdate - ok
17:09:23.0293 2196  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:09:23.0308 2196  gupdatem - ok
17:09:23.0324 2196  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:09:23.0324 2196  gusvc - ok
17:09:23.0371 2196  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:09:23.0371 2196  HDAudBus - ok
17:09:23.0418 2196  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:09:23.0418 2196  helpsvc - ok
17:09:23.0449 2196  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
17:09:23.0449 2196  HidServ - ok
17:09:23.0496 2196  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:09:23.0496 2196  hidusb - ok
17:09:23.0527 2196  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:09:23.0527 2196  hkmsvc - ok
17:09:23.0527 2196  hpn - ok
17:09:23.0574 2196  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:09:23.0574 2196  HTTP - ok
17:09:23.0621 2196  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:09:23.0621 2196  HTTPFilter - ok
17:09:23.0621 2196  i2omgmt - ok
17:09:23.0637 2196  i2omp - ok
17:09:23.0652 2196  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
17:09:23.0652 2196  i8042prt - ok
17:09:23.0824 2196  [ B2768350BB50469AEB1AFE694372B613 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:09:23.0902 2196  ialm - ok
17:09:23.0949 2196  [ 707C1692214B1C290271067197F075F6 ] iastor          C:\WINDOWS\system32\drivers\iastor.sys
17:09:23.0949 2196  iastor - ok
17:09:24.0012 2196  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:09:24.0027 2196  idsvc - ok
17:09:24.0058 2196  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:09:24.0058 2196  Imapi - ok
17:09:24.0090 2196  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:09:24.0090 2196  ImapiService - ok
17:09:24.0105 2196  ini910u - ok
17:09:24.0105 2196  IntelIde - ok
17:09:24.0152 2196  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:09:24.0152 2196  intelppm - ok
17:09:24.0168 2196  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:09:24.0168 2196  Ip6Fw - ok
17:09:24.0199 2196  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:09:24.0199 2196  IpFilterDriver - ok
17:09:24.0215 2196  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:09:24.0215 2196  IpInIp - ok
17:09:24.0230 2196  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:09:24.0230 2196  IpNat - ok
17:09:24.0277 2196  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:09:24.0277 2196  IPSec - ok
17:09:24.0308 2196  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:09:24.0308 2196  IRENUM - ok
17:09:24.0340 2196  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:09:24.0340 2196  isapnp - ok
17:09:24.0418 2196  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:09:24.0418 2196  JavaQuickStarterService - ok
17:09:24.0465 2196  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:09:24.0465 2196  Kbdclass - ok
17:09:24.0465 2196  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:09:24.0465 2196  kbdhid - ok
17:09:24.0480 2196  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:09:24.0480 2196  kmixer - ok
17:09:24.0527 2196  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:09:24.0527 2196  KSecDD - ok
17:09:24.0574 2196  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
17:09:24.0574 2196  LanmanServer - ok
17:09:24.0590 2196  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:09:24.0590 2196  lanmanworkstation - ok
17:09:24.0590 2196  lbrtfdc - ok
17:09:24.0605 2196  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:09:24.0605 2196  LmHosts - ok
17:09:24.0652 2196  [ 062D80F13D762F7BC2F38430D60F5048 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
17:09:24.0652 2196  McAfeeFramework - ok
17:09:24.0699 2196  [ 09442ECFCED9C83722509C3269CADECD ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:09:24.0699 2196  McShield - ok
17:09:24.0715 2196  [ 462EB5733C52471DB574727B5D1F77E4 ] McTaskManager   C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
17:09:24.0715 2196  McTaskManager - ok
17:09:24.0762 2196  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:09:24.0762 2196  MDM - ok
17:09:24.0793 2196  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:09:24.0793 2196  Messenger - ok
17:09:24.0824 2196  [ 80D337A6104F6F69C89F42602C50E5D8 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
17:09:24.0824 2196  mfeapfk - ok
17:09:24.0840 2196  [ 54EE8EEC41C2F9F03CAD1874B6AF54B0 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
17:09:24.0840 2196  mfeavfk - ok
17:09:24.0840 2196  mfeavfk01 - ok
17:09:24.0855 2196  [ 61B36C8A0992B813CB2445E29296C654 ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys
17:09:24.0855 2196  mfebopk - ok
17:09:24.0902 2196  [ DAFEFAA7C7402A2E335755B531E3F542 ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
17:09:24.0902 2196  mfehidk - ok
17:09:24.0949 2196  [ 75D2D96C8BC2045B471FC488BD207D35 ] mferkdet        C:\WINDOWS\system32\drivers\mferkdet.sys
17:09:24.0949 2196  mferkdet - ok
17:09:25.0012 2196  [ 98D63D6BD19484EDAC7788EB1BFF421C ] mfetdi2k        C:\WINDOWS\system32\drivers\mfetdi2k.sys
17:09:25.0012 2196  mfetdi2k - ok
17:09:25.0058 2196  [ 9CBE04C2A231DE7BC483F49E1414CFA6 ] mfevtp          C:\WINDOWS\system32\mfevtps.exe
17:09:25.0058 2196  mfevtp - ok
17:09:25.0090 2196  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:09:25.0090 2196  mnmdd - ok
17:09:25.0121 2196  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:09:25.0121 2196  mnmsrvc - ok
17:09:25.0137 2196  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:09:25.0137 2196  Modem - ok
17:09:25.0152 2196  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:09:25.0152 2196  Mouclass - ok
17:09:25.0168 2196  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:09:25.0168 2196  mouhid - ok
17:09:25.0199 2196  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:09:25.0199 2196  MountMgr - ok
17:09:25.0199 2196  mraid35x - ok
17:09:25.0199 2196  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:09:25.0215 2196  MRxDAV - ok
17:09:25.0246 2196  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:09:25.0246 2196  MRxSmb - ok
17:09:25.0277 2196  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:09:25.0277 2196  MSDTC - ok
17:09:25.0309 2196  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:09:25.0309 2196  Msfs - ok
17:09:25.0309 2196  MSIServer - ok
17:09:25.0340 2196  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:09:25.0340 2196  MSKSSRV - ok
17:09:25.0355 2196  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:09:25.0355 2196  MSPCLOCK - ok
17:09:25.0371 2196  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:09:25.0371 2196  MSPQM - ok
17:09:25.0402 2196  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:09:25.0402 2196  mssmbios - ok
17:09:25.0418 2196  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:09:25.0418 2196  Mup - ok
17:09:25.0449 2196  [ 1DDC53D670C6E853C4EE8558EFDE7B34 ] mv2             C:\WINDOWS\system32\DRIVERS\mv2.sys
17:09:25.0449 2196  mv2 - ok
17:09:25.0480 2196  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:09:25.0496 2196  napagent - ok
17:09:25.0496 2196  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:09:25.0496 2196  NDIS - ok
17:09:25.0512 2196  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:09:25.0512 2196  NdisTapi - ok
17:09:25.0527 2196  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:09:25.0527 2196  Ndisuio - ok
17:09:25.0543 2196  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:09:25.0543 2196  NdisWan - ok
17:09:25.0574 2196  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:09:25.0574 2196  NDProxy - ok
17:09:25.0590 2196  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:09:25.0590 2196  NetBIOS - ok
17:09:25.0621 2196  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:09:25.0621 2196  NetBT - ok
17:09:25.0637 2196  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:09:25.0652 2196  NetDDE - ok
17:09:25.0652 2196  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:09:25.0652 2196  NetDDEdsdm - ok
17:09:25.0684 2196  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:09:25.0684 2196  Netlogon - ok
17:09:25.0699 2196  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
17:09:25.0699 2196  Netman - ok
17:09:25.0730 2196  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:09:25.0746 2196  NetTcpPortSharing - ok
17:09:25.0762 2196  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:09:25.0777 2196  Nla - ok
17:09:25.0777 2196  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:09:25.0777 2196  Npfs - ok
17:09:25.0824 2196  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:09:25.0840 2196  Ntfs - ok
17:09:25.0840 2196  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:09:25.0840 2196  NtLmSsp - ok
17:09:25.0871 2196  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:09:25.0887 2196  NtmsSvc - ok
17:09:25.0902 2196  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:09:25.0902 2196  Null - ok
17:09:25.0949 2196  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:09:25.0949 2196  NwlnkFlt - ok
17:09:25.0949 2196  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:09:25.0965 2196  NwlnkFwd - ok
17:09:25.0996 2196  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:09:25.0996 2196  ose - ok
17:09:26.0027 2196  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
17:09:26.0027 2196  Parport - ok
17:09:26.0027 2196  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:09:26.0027 2196  PartMgr - ok
17:09:26.0059 2196  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:09:26.0059 2196  ParVdm - ok
17:09:26.0074 2196  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:09:26.0074 2196  PCI - ok
17:09:26.0090 2196  PCIDump - ok
17:09:26.0090 2196  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:09:26.0090 2196  PCIIde - ok
17:09:26.0105 2196  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:09:26.0105 2196  Pcmcia - ok
17:09:26.0121 2196  PDCOMP - ok
17:09:26.0121 2196  PDFRAME - ok
17:09:26.0137 2196  PDRELI - ok
17:09:26.0137 2196  PDRFRAME - ok
17:09:26.0137 2196  perc2 - ok
17:09:26.0152 2196  perc2hib - ok
17:09:26.0184 2196  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
17:09:26.0184 2196  PlugPlay - ok
17:09:26.0184 2196  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:09:26.0199 2196  PolicyAgent - ok
17:09:26.0199 2196  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:09:26.0199 2196  PptpMiniport - ok
17:09:26.0215 2196  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:09:26.0215 2196  ProtectedStorage - ok
17:09:26.0215 2196  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:09:26.0215 2196  PSched - ok
17:09:26.0309 2196  [ 5C708DF7BC8349EC19FE0AE9D01C90EA ] PSEXESVC        C:\WINDOWS\PSEXESVC.EXE
17:09:26.0324 2196  PSEXESVC - ok
17:09:26.0340 2196  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:09:26.0340 2196  Ptilink - ok
17:09:26.0355 2196  ql1080 - ok
17:09:26.0355 2196  Ql10wnt - ok
17:09:26.0355 2196  ql12160 - ok
17:09:26.0371 2196  ql1240 - ok
17:09:26.0371 2196  ql1280 - ok
17:09:26.0418 2196  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:09:26.0418 2196  RasAcd - ok
17:09:26.0434 2196  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:09:26.0434 2196  RasAuto - ok
17:09:26.0465 2196  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:09:26.0465 2196  Rasl2tp - ok
17:09:26.0480 2196  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:09:26.0480 2196  RasMan - ok
17:09:26.0496 2196  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:09:26.0496 2196  RasPppoe - ok
17:09:26.0496 2196  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:09:26.0496 2196  Raspti - ok
17:09:26.0512 2196  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:09:26.0527 2196  Rdbss - ok
17:09:26.0527 2196  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:09:26.0527 2196  RDPCDD - ok
17:09:26.0559 2196  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:09:26.0559 2196  rdpdr - ok
17:09:26.0590 2196  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:09:26.0605 2196  RDPWD - ok
17:09:26.0621 2196  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:09:26.0621 2196  RDSessMgr - ok
17:09:26.0652 2196  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:09:26.0652 2196  redbook - ok
17:09:26.0668 2196  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:09:26.0684 2196  RemoteAccess - ok
17:09:26.0699 2196  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:09:26.0699 2196  RemoteRegistry - ok
17:09:26.0730 2196  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:09:26.0730 2196  RpcLocator - ok
17:09:26.0762 2196  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
17:09:26.0762 2196  RpcSs - ok
17:09:26.0793 2196  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:09:26.0793 2196  RSVP - ok
17:09:26.0824 2196  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:09:26.0824 2196  SamSs - ok
17:09:26.0855 2196  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:09:26.0855 2196  SCardSvr - ok
17:09:26.0887 2196  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:09:26.0887 2196  Schedule - ok
17:09:26.0934 2196  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:09:26.0934 2196  Secdrv - ok
17:09:26.0949 2196  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:09:26.0965 2196  seclogon - ok
17:09:27.0012 2196  [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService  C:\WINDOWS\system32\drivers\Senfilt.sys
17:09:27.0027 2196  SenFiltService - ok
17:09:27.0043 2196  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
17:09:27.0043 2196  SENS - ok
17:09:27.0059 2196  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
17:09:27.0059 2196  Serial - ok
17:09:27.0105 2196  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:09:27.0105 2196  Sfloppy - ok
17:09:27.0137 2196  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:09:27.0152 2196  SharedAccess - ok
17:09:27.0168 2196  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:09:27.0168 2196  ShellHWDetection - ok
17:09:27.0184 2196  Simbad - ok
17:09:27.0199 2196  Sparrow - ok
17:09:27.0215 2196  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:09:27.0215 2196  splitter - ok
17:09:27.0230 2196  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:09:27.0246 2196  Spooler - ok
17:09:27.0277 2196  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:09:27.0277 2196  sr - ok
17:09:27.0277 2196  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:09:27.0293 2196  srservice - ok
17:09:27.0324 2196  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:09:27.0340 2196  Srv - ok
17:09:27.0371 2196  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:09:27.0387 2196  SSDPSRV - ok
17:09:27.0418 2196  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:09:27.0434 2196  stisvc - ok
17:09:27.0449 2196  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:09:27.0449 2196  swenum - ok
17:09:27.0449 2196  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:09:27.0449 2196  swmidi - ok
17:09:27.0465 2196  SwPrv - ok
17:09:27.0465 2196  symc810 - ok
17:09:27.0465 2196  symc8xx - ok
17:09:27.0496 2196  sym_hi - ok
17:09:27.0496 2196  sym_u3 - ok
17:09:27.0512 2196  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:09:27.0512 2196  sysaudio - ok
17:09:27.0543 2196  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:09:27.0543 2196  SysmonLog - ok
17:09:27.0590 2196  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:09:27.0590 2196  TapiSrv - ok
17:09:27.0621 2196  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:09:27.0621 2196  Tcpip - ok
17:09:27.0668 2196  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:09:27.0668 2196  TDPIPE - ok
17:09:27.0668 2196  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:09:27.0668 2196  TDTCP - ok
17:09:27.0684 2196  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:09:27.0684 2196  TermDD - ok
17:09:27.0699 2196  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
17:09:27.0715 2196  TermService - ok
17:09:27.0730 2196  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:09:27.0730 2196  Themes - ok
17:09:27.0762 2196  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:09:27.0762 2196  TlntSvr - ok
17:09:27.0762 2196  TosIde - ok
17:09:27.0793 2196  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:09:27.0793 2196  TrkWks - ok
17:09:27.0824 2196  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:09:27.0840 2196  Udfs - ok
17:09:27.0840 2196  ultra - ok
17:09:27.0871 2196  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:09:27.0887 2196  Update - ok
17:09:27.0902 2196  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:09:27.0918 2196  upnphost - ok
17:09:27.0918 2196  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
17:09:27.0934 2196  UPS - ok
17:09:27.0965 2196  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:09:27.0965 2196  usbccgp - ok
17:09:27.0996 2196  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:09:27.0996 2196  usbehci - ok
17:09:28.0012 2196  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:09:28.0012 2196  usbhub - ok
17:09:28.0043 2196  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:09:28.0043 2196  usbprint - ok
17:09:28.0043 2196  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:09:28.0043 2196  usbscan - ok
17:09:28.0059 2196  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:09:28.0059 2196  USBSTOR - ok
17:09:28.0074 2196  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:09:28.0074 2196  usbuhci - ok
17:09:28.0137 2196  [ 50676F61C6A44A3B25FB29A18A7CBA95 ] uvnc_service    C:\Program Files\UltraVNC\WinVNC.exe
17:09:28.0152 2196  uvnc_service - ok
17:09:28.0184 2196  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:09:28.0184 2196  VgaSave - ok
17:09:28.0184 2196  ViaIde - ok
17:09:28.0230 2196  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:09:28.0230 2196  VolSnap - ok
17:09:28.0262 2196  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
17:09:28.0262 2196  VSS - ok
17:09:28.0309 2196  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
17:09:28.0309 2196  W32Time - ok
17:09:28.0324 2196  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:09:28.0324 2196  Wanarp - ok
17:09:28.0324 2196  WDICA - ok
17:09:28.0355 2196  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:09:28.0355 2196  wdmaud - ok
17:09:28.0371 2196  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:09:28.0371 2196  WebClient - ok
17:09:28.0465 2196  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:09:28.0465 2196  winmgmt - ok
17:09:28.0512 2196  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
17:09:28.0527 2196  WinRM - ok
17:09:28.0559 2196  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:09:28.0574 2196  WmdmPmSN - ok
17:09:28.0605 2196  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:09:28.0605 2196  Wmi - ok
17:09:28.0637 2196  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:09:28.0637 2196  WmiApSrv - ok
17:09:28.0715 2196  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
17:09:28.0730 2196  WMPNetworkSvc - ok
17:09:28.0777 2196  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:09:28.0793 2196  WPFFontCache_v0400 - ok
17:09:28.0824 2196  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:09:28.0824 2196  WS2IFSL - ok
17:09:28.0871 2196  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:09:28.0871 2196  wscsvc - ok
17:09:28.0902 2196  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:09:28.0902 2196  wuauserv - ok
17:09:28.0949 2196  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:09:28.0949 2196  WudfPf - ok
17:09:28.0965 2196  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:09:28.0965 2196  WudfRd - ok
17:09:28.0996 2196  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:09:28.0996 2196  WudfSvc - ok
17:09:29.0059 2196  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:09:29.0059 2196  WZCSVC - ok
17:09:29.0090 2196  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:09:29.0090 2196  xmlprov - ok
17:09:29.0090 2196  ================ Scan global ===============================
17:09:29.0121 2196  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:09:29.0168 2196  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:09:29.0168 2196  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:09:29.0184 2196  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:09:29.0184 2196  [Global] - ok
17:09:29.0184 2196  ================ Scan MBR ==================================
17:09:29.0215 2196  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:09:29.0434 2196  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:09:29.0434 2196  \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:09:29.0434 2196  ================ Scan VBR ==================================
17:09:29.0434 2196  [ 503C218A20D9523DDFB743FDCBDBE50F ] \Device\Harddisk0\DR0\Partition1
17:09:29.0434 2196  \Device\Harddisk0\DR0\Partition1 - ok
17:09:29.0434 2196  ============================================================
17:09:29.0434 2196  Scan finished
17:09:29.0434 2196  ============================================================
17:09:29.0449 0928  Detected object count: 1
17:09:29.0449 0928  Actual detected object count: 1
17:09:55.0621 0928  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:09:55.0621 0928  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
17:09:55.0621 0928  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
17:09:55.0621 0928  \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
17:09:55.0621 0928  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
17:10:53.0482 2832  ============================================================
17:10:53.0482 2832  Scan started
17:10:53.0482 2832  Mode: Manual; TDLFS;
17:10:53.0482 2832  ============================================================
17:10:53.0575 2832  ================ Scan system memory ========================
17:10:53.0575 2832  System memory - ok
17:10:53.0575 2832  ================ Scan services =============================
17:10:53.0669 2832  Abiosdsk - ok
17:10:53.0685 2832  abp480n5 - ok
17:10:53.0732 2832  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:10:53.0732 2832  ACPI - ok
17:10:53.0763 2832  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:10:53.0763 2832  ACPIEC - ok
17:10:53.0794 2832  [ 0F0A69496989912351284BB1BAA2CE57 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
17:10:53.0794 2832  ADIHdAudAddService - ok
17:10:53.0872 2832  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:10:53.0872 2832  AdobeFlashPlayerUpdateSvc - ok
17:10:53.0888 2832  adpu160m - ok
17:10:53.0903 2832  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:10:53.0903 2832  aec - ok
17:10:53.0950 2832  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:10:53.0950 2832  AFD - ok
17:10:53.0966 2832  Aha154x - ok
17:10:53.0966 2832  aic78u2 - ok
17:10:53.0966 2832  aic78xx - ok
17:10:53.0997 2832  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:10:53.0997 2832  Alerter - ok
17:10:54.0044 2832  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
17:10:54.0044 2832  ALG - ok
17:10:54.0044 2832  AliIde - ok
17:10:54.0044 2832  amsint - ok
17:10:54.0075 2832  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:10:54.0075 2832  AppMgmt - ok
17:10:54.0075 2832  asc - ok
17:10:54.0091 2832  asc3350p - ok
17:10:54.0091 2832  asc3550 - ok
17:10:54.0169 2832  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:10:54.0169 2832  aspnet_state - ok
17:10:54.0185 2832  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:10:54.0185 2832  AsyncMac - ok
17:10:54.0232 2832  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:10:54.0232 2832  atapi - ok
17:10:54.0232 2832  Atdisk - ok
17:10:54.0263 2832  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:10:54.0263 2832  Atmarpc - ok
17:10:54.0294 2832  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:10:54.0294 2832  AudioSrv - ok
17:10:54.0325 2832  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:10:54.0325 2832  audstub - ok
17:10:54.0357 2832  [ D0692F7B8217E3B82D2BFAC535816117 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:10:54.0372 2832  b57w2k - ok
17:10:54.0403 2832  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:10:54.0403 2832  Beep - ok
17:10:54.0450 2832  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
17:10:54.0450 2832  BITS - ok
17:10:54.0497 2832  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
17:10:54.0497 2832  Browser - ok
17:10:54.0513 2832  catchme - ok
17:10:54.0560 2832  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:10:54.0560 2832  cbidf2k - ok
17:10:54.0560 2832  cd20xrnt - ok
17:10:54.0575 2832  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:10:54.0575 2832  Cdaudio - ok
17:10:54.0575 2832  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:10:54.0591 2832  Cdfs - ok
17:10:54.0591 2832  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:10:54.0591 2832  Cdrom - ok
17:10:54.0591 2832  cerc6 - ok
17:10:54.0622 2832  Changer - ok
17:10:54.0638 2832  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:10:54.0638 2832  CiSvc - ok
17:10:54.0653 2832  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:10:54.0653 2832  ClipSrv - ok
17:10:54.0732 2832  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:10:54.0732 2832  clr_optimization_v2.0.50727_32 - ok
17:10:54.0778 2832  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:10:54.0778 2832  clr_optimization_v4.0.30319_32 - ok
17:10:54.0778 2832  CmdIde - ok
17:10:54.0794 2832  COMSysApp - ok
17:10:54.0810 2832  Cpqarray - ok
17:10:54.0825 2832  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:10:54.0825 2832  CryptSvc - ok
17:10:54.0825 2832  dac2w2k - ok
17:10:54.0841 2832  dac960nt - ok
17:10:54.0888 2832  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:10:54.0888 2832  DcomLaunch - ok
17:10:54.0903 2832  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:10:54.0919 2832  Dhcp - ok
17:10:54.0935 2832  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:10:54.0935 2832  Disk - ok
17:10:54.0950 2832  dmadmin - ok
17:10:54.0982 2832  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:10:54.0982 2832  dmboot - ok
17:10:55.0013 2832  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:10:55.0013 2832  dmio - ok
17:10:55.0028 2832  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:10:55.0028 2832  dmload - ok
17:10:55.0060 2832  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:10:55.0060 2832  dmserver - ok
17:10:55.0075 2832  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:10:55.0075 2832  DMusic - ok
17:10:55.0107 2832  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:10:55.0107 2832  Dnscache - ok
17:10:55.0138 2832  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:10:55.0138 2832  Dot3svc - ok
17:10:55.0138 2832  dpti2o - ok
17:10:55.0153 2832  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:10:55.0153 2832  drmkaud - ok
17:10:55.0169 2832  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:10:55.0169 2832  EapHost - ok
17:10:55.0185 2832  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:10:55.0185 2832  ERSvc - ok
17:10:55.0216 2832  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
17:10:55.0216 2832  Eventlog - ok
17:10:55.0263 2832  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
17:10:55.0263 2832  EventSystem - ok
17:10:55.0278 2832  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:10:55.0278 2832  Fastfat - ok
17:10:55.0325 2832  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:10:55.0325 2832  FastUserSwitchingCompatibility - ok
17:10:55.0357 2832  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
17:10:55.0357 2832  Fdc - ok
17:10:55.0372 2832  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:10:55.0372 2832  Fips - ok
17:10:55.0388 2832  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
17:10:55.0388 2832  Flpydisk - ok
17:10:55.0435 2832  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:10:55.0435 2832  FltMgr - ok
17:10:55.0482 2832  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:10:55.0482 2832  FontCache3.0.0.0 - ok
17:10:55.0482 2832  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:10:55.0482 2832  Fs_Rec - ok
17:10:55.0497 2832  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:10:55.0497 2832  Ftdisk - ok
17:10:55.0513 2832  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:10:55.0513 2832  Gpc - ok
17:10:55.0575 2832  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:10:55.0575 2832  gupdate - ok
17:10:55.0575 2832  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:10:55.0575 2832  gupdatem - ok
17:10:55.0607 2832  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:10:55.0622 2832  gusvc - ok
17:10:55.0653 2832  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:10:55.0653 2832  HDAudBus - ok
17:10:55.0700 2832  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:10:55.0700 2832  helpsvc - ok
17:10:55.0732 2832  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
17:10:55.0747 2832  HidServ - ok
17:10:55.0778 2832  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:10:55.0778 2832  hidusb - ok
17:10:55.0810 2832  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:10:55.0810 2832  hkmsvc - ok
17:10:55.0810 2832  hpn - ok
17:10:55.0857 2832  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:10:55.0857 2832  HTTP - ok
17:10:55.0888 2832  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:10:55.0888 2832  HTTPFilter - ok
17:10:55.0903 2832  i2omgmt - ok
17:10:55.0903 2832  i2omp - ok
17:10:55.0935 2832  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
17:10:55.0935 2832  i8042prt - ok
17:10:56.0107 2832  [ B2768350BB50469AEB1AFE694372B613 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:10:56.0138 2832  ialm - ok
17:10:56.0200 2832  [ 707C1692214B1C290271067197F075F6 ] iastor          C:\WINDOWS\system32\drivers\iastor.sys
17:10:56.0200 2832  iastor - ok
17:10:56.0263 2832  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:10:56.0263 2832  idsvc - ok
17:10:56.0278 2832  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:10:56.0278 2832  Imapi - ok
17:10:56.0310 2832  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:10:56.0310 2832  ImapiService - ok
17:10:56.0325 2832  ini910u - ok
17:10:56.0325 2832  IntelIde - ok
17:10:56.0372 2832  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:10:56.0372 2832  intelppm - ok
17:10:56.0388 2832  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:10:56.0388 2832  Ip6Fw - ok
17:10:56.0419 2832  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:10:56.0419 2832  IpFilterDriver - ok
17:10:56.0419 2832  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:10:56.0419 2832  IpInIp - ok
17:10:56.0450 2832  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:10:56.0450 2832  IpNat - ok
17:10:56.0497 2832  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:10:56.0497 2832  IPSec - ok
17:10:56.0528 2832  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:10:56.0528 2832  IRENUM - ok
17:10:56.0560 2832  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:10:56.0560 2832  isapnp - ok
17:10:56.0638 2832  [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:10:56.0638 2832  JavaQuickStarterService - ok
17:10:56.0685 2832  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:10:56.0685 2832  Kbdclass - ok
17:10:56.0685 2832  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:10:56.0685 2832  kbdhid - ok
17:10:56.0700 2832  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:10:56.0700 2832  kmixer - ok
17:10:56.0732 2832  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:10:56.0732 2832  KSecDD - ok
17:10:56.0763 2832  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
17:10:56.0763 2832  LanmanServer - ok
17:10:56.0778 2832  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:10:56.0778 2832  lanmanworkstation - ok
17:10:56.0778 2832  lbrtfdc - ok
17:10:56.0810 2832  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:10:56.0810 2832  LmHosts - ok
17:10:56.0857 2832  [ 062D80F13D762F7BC2F38430D60F5048 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
17:10:56.0857 2832  McAfeeFramework - ok
17:10:56.0888 2832  [ 09442ECFCED9C83722509C3269CADECD ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:10:56.0888 2832  McShield - ok
17:10:56.0903 2832  [ 462EB5733C52471DB574727B5D1F77E4 ] McTaskManager   C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
17:10:56.0919 2832  McTaskManager - ok
17:10:56.0966 2832  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:10:56.0966 2832  MDM - ok
17:10:56.0982 2832  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:10:56.0982 2832  Messenger - ok
17:10:57.0013 2832  [ 80D337A6104F6F69C89F42602C50E5D8 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
17:10:57.0013 2832  mfeapfk - ok
17:10:57.0028 2832  [ 54EE8EEC41C2F9F03CAD1874B6AF54B0 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
17:10:57.0028 2832  mfeavfk - ok
17:10:57.0044 2832  mfeavfk01 - ok
17:10:57.0044 2832  [ 61B36C8A0992B813CB2445E29296C654 ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys
17:10:57.0044 2832  mfebopk - ok
17:10:57.0091 2832  [ DAFEFAA7C7402A2E335755B531E3F542 ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
17:10:57.0107 2832  mfehidk - ok
17:10:57.0138 2832  [ 75D2D96C8BC2045B471FC488BD207D35 ] mferkdet        C:\WINDOWS\system32\drivers\mferkdet.sys
17:10:57.0138 2832  mferkdet - ok
17:10:57.0153 2832  [ 98D63D6BD19484EDAC7788EB1BFF421C ] mfetdi2k        C:\WINDOWS\system32\drivers\mfetdi2k.sys
17:10:57.0153 2832  mfetdi2k - ok
17:10:57.0169 2832  [ 9CBE04C2A231DE7BC483F49E1414CFA6 ] mfevtp          C:\WINDOWS\system32\mfevtps.exe
17:10:57.0169 2832  mfevtp - ok
17:10:57.0216 2832  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:10:57.0216 2832  mnmdd - ok
17:10:57.0232 2832  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:10:57.0232 2832  mnmsrvc - ok
17:10:57.0247 2832  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:10:57.0247 2832  Modem - ok
17:10:57.0263 2832  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:10:57.0263 2832  Mouclass - ok
17:10:57.0278 2832  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:10:57.0278 2832  mouhid - ok
17:10:57.0310 2832  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:10:57.0310 2832  MountMgr - ok
17:10:57.0310 2832  mraid35x - ok
17:10:57.0310 2832  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:10:57.0310 2832  MRxDAV - ok
17:10:57.0357 2832  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:10:57.0357 2832  MRxSmb - ok
17:10:57.0388 2832  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:10:57.0388 2832  MSDTC - ok
17:10:57.0403 2832  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:10:57.0403 2832  Msfs - ok
17:10:57.0419 2832  MSIServer - ok
17:10:57.0435 2832  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:10:57.0435 2832  MSKSSRV - ok
17:10:57.0450 2832  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:10:57.0450 2832  MSPCLOCK - ok
17:10:57.0466 2832  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:10:57.0466 2832  MSPQM - ok
17:10:57.0513 2832  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:10:57.0513 2832  mssmbios - ok
17:10:57.0513 2832  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:10:57.0513 2832  Mup - ok
17:10:57.0560 2832  [ 1DDC53D670C6E853C4EE8558EFDE7B34 ] mv2             C:\WINDOWS\system32\DRIVERS\mv2.sys
17:10:57.0560 2832  mv2 - ok
17:10:57.0591 2832  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:10:57.0591 2832  napagent - ok
17:10:57.0591 2832  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:10:57.0591 2832  NDIS - ok
17:10:57.0622 2832  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:10:57.0622 2832  NdisTapi - ok
17:10:57.0638 2832  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:10:57.0638 2832  Ndisuio - ok
17:10:57.0653 2832  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:10:57.0653 2832  NdisWan - ok
17:10:57.0669 2832  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:10:57.0669 2832  NDProxy - ok
17:10:57.0685 2832  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:10:57.0685 2832  NetBIOS - ok
17:10:57.0700 2832  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:10:57.0716 2832  NetBT - ok
17:10:57.0732 2832  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:10:57.0747 2832  NetDDE - ok
17:10:57.0747 2832  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:10:57.0747 2832  NetDDEdsdm - ok
17:10:57.0778 2832  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:10:57.0778 2832  Netlogon - ok
17:10:57.0794 2832  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
17:10:57.0794 2832  Netman - ok
17:10:57.0825 2832  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:10:57.0825 2832  NetTcpPortSharing - ok
17:10:57.0857 2832  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:10:57.0857 2832  Nla - ok
17:10:57.0857 2832  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:10:57.0857 2832  Npfs - ok
17:10:57.0888 2832  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:10:57.0888 2832  Ntfs - ok
17:10:57.0903 2832  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:10:57.0903 2832  NtLmSsp - ok
17:10:57.0966 2832  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:10:57.0966 2832  NtmsSvc - ok
17:10:57.0997 2832  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:10:57.0997 2832  Null - ok
17:10:58.0028 2832  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:10:58.0044 2832  NwlnkFlt - ok
17:10:58.0044 2832  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:10:58.0044 2832  NwlnkFwd - ok
17:10:58.0075 2832  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:10:58.0075 2832  ose - ok
17:10:58.0107 2832  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
17:10:58.0107 2832  Parport - ok
17:10:58.0107 2832  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:10:58.0107 2832  PartMgr - ok
17:10:58.0138 2832  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:10:58.0138 2832  ParVdm - ok
17:10:58.0153 2832  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:10:58.0169 2832  PCI - ok
17:10:58.0169 2832  PCIDump - ok
17:10:58.0169 2832  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:10:58.0169 2832  PCIIde - ok
17:10:58.0200 2832  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:10:58.0200 2832  Pcmcia - ok
17:10:58.0200 2832  PDCOMP - ok
17:10:58.0200 2832  PDFRAME - ok
17:10:58.0232 2832  PDRELI - ok
17:10:58.0232 2832  PDRFRAME - ok
17:10:58.0232 2832  perc2 - ok
17:10:58.0247 2832  perc2hib - ok
17:10:58.0278 2832  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
17:10:58.0294 2832  PlugPlay - ok
17:10:58.0294 2832  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:10:58.0294 2832  PolicyAgent - ok
17:10:58.0310 2832  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:10:58.0310 2832  PptpMiniport - ok
17:10:58.0310 2832  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:10:58.0310 2832  ProtectedStorage - ok
17:10:58.0325 2832  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:10:58.0325 2832  PSched - ok
17:10:58.0419 2832  [ 5C708DF7BC8349EC19FE0AE9D01C90EA ] PSEXESVC        C:\WINDOWS\PSEXESVC.EXE
17:10:58.0419 2832  PSEXESVC - ok
17:10:58.0435 2832  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:10:58.0435 2832  Ptilink - ok
17:10:58.0435 2832  ql1080 - ok
17:10:58.0450 2832  Ql10wnt - ok
17:10:58.0450 2832  ql12160 - ok
17:10:58.0466 2832  ql1240 - ok
17:10:58.0466 2832  ql1280 - ok
17:10:58.0513 2832  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:10:58.0513 2832  RasAcd - ok
17:10:58.0544 2832  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:10:58.0544 2832  RasAuto - ok
17:10:58.0560 2832  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:10:58.0560 2832  Rasl2tp - ok
17:10:58.0575 2832  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:10:58.0591 2832  RasMan - ok
17:10:58.0591 2832  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:10:58.0591 2832  RasPppoe - ok
17:10:58.0607 2832  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:10:58.0607 2832  Raspti - ok
17:10:58.0622 2832  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:10:58.0622 2832  Rdbss - ok
17:10:58.0622 2832  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:10:58.0622 2832  RDPCDD - ok
17:10:58.0653 2832  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:10:58.0653 2832  rdpdr - ok
17:10:58.0700 2832  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:10:58.0700 2832  RDPWD - ok
17:10:58.0732 2832  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:10:58.0732 2832  RDSessMgr - ok
17:10:58.0763 2832  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:10:58.0763 2832  redbook - ok
17:10:58.0778 2832  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:10:58.0778 2832  RemoteAccess - ok
17:10:58.0810 2832  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:10:58.0810 2832  RemoteRegistry - ok
17:10:58.0841 2832  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:10:58.0841 2832  RpcLocator - ok
17:10:58.0872 2832  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
17:10:58.0872 2832  RpcSs - ok
17:10:58.0903 2832  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:10:58.0903 2832  RSVP - ok
17:10:58.0935 2832  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:10:58.0935 2832  SamSs - ok
17:10:58.0966 2832  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:10:58.0966 2832  SCardSvr - ok
17:10:59.0013 2832  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:10:59.0013 2832  Schedule - ok
17:10:59.0028 2832  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:10:59.0028 2832  Secdrv - ok
17:10:59.0044 2832  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:10:59.0044 2832  seclogon - ok
17:10:59.0091 2832  [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService  C:\WINDOWS\system32\drivers\Senfilt.sys
17:10:59.0091 2832  SenFiltService - ok
17:10:59.0107 2832  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
17:10:59.0107 2832  SENS - ok
17:10:59.0122 2832  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
17:10:59.0122 2832  Serial - ok
17:10:59.0169 2832  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:10:59.0169 2832  Sfloppy - ok
17:10:59.0185 2832  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:10:59.0185 2832  SharedAccess - ok
17:10:59.0200 2832  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:10:59.0200 2832  ShellHWDetection - ok
17:10:59.0216 2832  Simbad - ok
17:10:59.0232 2832  Sparrow - ok
17:10:59.0247 2832  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:10:59.0247 2832  splitter - ok
17:10:59.0278 2832  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:10:59.0278 2832  Spooler - ok
17:10:59.0310 2832  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:10:59.0310 2832  sr - ok
17:10:59.0325 2832  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:10:59.0325 2832  srservice - ok
17:10:59.0372 2832  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:10:59.0372 2832  Srv - ok
17:10:59.0419 2832  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:10:59.0419 2832  SSDPSRV - ok
17:10:59.0466 2832  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:10:59.0466 2832  stisvc - ok
17:10:59.0482 2832  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:10:59.0482 2832  swenum - ok
17:10:59.0482 2832  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:10:59.0482 2832  swmidi - ok
17:10:59.0497 2832  SwPrv - ok
17:10:59.0497 2832  symc810 - ok
17:10:59.0497 2832  symc8xx - ok
17:10:59.0513 2832  sym_hi - ok
17:10:59.0528 2832  sym_u3 - ok
17:10:59.0528 2832  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:10:59.0544 2832  sysaudio - ok
17:10:59.0560 2832  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:10:59.0575 2832  SysmonLog - ok
17:10:59.0607 2832  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:10:59.0607 2832  TapiSrv - ok
17:10:59.0638 2832  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:10:59.0638 2832  Tcpip - ok
17:10:59.0669 2832  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:10:59.0669 2832  TDPIPE - ok
17:10:59.0685 2832  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:10:59.0685 2832  TDTCP - ok
17:10:59.0716 2832  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:10:59.0716 2832  TermDD - ok
17:10:59.0732 2832  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
17:10:59.0732 2832  TermService - ok
17:10:59.0747 2832  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:10:59.0747 2832  Themes - ok
17:10:59.0778 2832  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:10:59.0778 2832  TlntSvr - ok
17:10:59.0778 2832  TosIde - ok
17:10:59.0810 2832  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:10:59.0810 2832  TrkWks - ok
17:10:59.0841 2832  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:10:59.0841 2832  Udfs - ok
17:10:59.0841 2832  ultra - ok
17:10:59.0888 2832  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:10:59.0888 2832  Update - ok
17:10:59.0919 2832  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:10:59.0919 2832  upnphost - ok
17:10:59.0919 2832  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
17:10:59.0935 2832  UPS - ok
17:10:59.0966 2832  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:10:59.0966 2832  usbccgp - ok
17:11:00.0013 2832  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:11:00.0013 2832  usbehci - ok
17:11:00.0013 2832  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:11:00.0013 2832  usbhub - ok
17:11:00.0044 2832  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:11:00.0044 2832  usbprint - ok
17:11:00.0044 2832  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:11:00.0044 2832  usbscan - ok
17:11:00.0060 2832  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:11:00.0060 2832  USBSTOR - ok
17:11:00.0075 2832  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:11:00.0075 2832  usbuhci - ok
17:11:00.0138 2832  [ 50676F61C6A44A3B25FB29A18A7CBA95 ] uvnc_service    C:\Program Files\UltraVNC\WinVNC.exe
17:11:00.0153 2832  uvnc_service - ok
17:11:00.0185 2832  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:11:00.0185 2832  VgaSave - ok
17:11:00.0185 2832  ViaIde - ok
17:11:00.0232 2832  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:11:00.0232 2832  VolSnap - ok
17:11:00.0263 2832  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
17:11:00.0263 2832  VSS - ok
17:11:00.0310 2832  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
17:11:00.0310 2832  W32Time - ok
17:11:00.0325 2832  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:11:00.0325 2832  Wanarp - ok
17:11:00.0341 2832  WDICA - ok
17:11:00.0357 2832  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:11:00.0357 2832  wdmaud - ok
17:11:00.0372 2832  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:11:00.0372 2832  WebClient - ok
17:11:00.0466 2832  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:11:00.0466 2832  winmgmt - ok
17:11:00.0513 2832  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
17:11:00.0528 2832  WinRM - ok
17:11:00.0575 2832  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:11:00.0575 2832  WmdmPmSN - ok
17:11:00.0607 2832  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:11:00.0622 2832  Wmi - ok
17:11:00.0653 2832  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:11:00.0653 2832  WmiApSrv - ok
17:11:00.0732 2832  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
17:11:00.0732 2832  WMPNetworkSvc - ok
17:11:00.0794 2832  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:11:00.0794 2832  WPFFontCache_v0400 - ok
17:11:00.0825 2832  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:11:00.0825 2832  WS2IFSL - ok
17:11:00.0872 2832  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:11:00.0872 2832  wscsvc - ok
17:11:00.0903 2832  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:11:00.0903 2832  wuauserv - ok
17:11:00.0950 2832  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:11:00.0950 2832  WudfPf - ok
17:11:00.0966 2832  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:11:00.0966 2832  WudfRd - ok
17:11:00.0966 2832  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:11:00.0982 2832  WudfSvc - ok
17:11:01.0013 2832  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:11:01.0013 2832  WZCSVC - ok
17:11:01.0044 2832  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:11:01.0044 2832  xmlprov - ok
17:11:01.0044 2832  ================ Scan global ===============================
17:11:01.0075 2832  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:11:01.0122 2832  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:11:01.0138 2832  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:11:01.0138 2832  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:11:01.0153 2832  [Global] - ok
17:11:01.0153 2832  ================ Scan MBR ==================================
17:11:01.0169 2832  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:11:01.0388 2832  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:11:01.0388 2832  \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:11:01.0388 2832  ================ Scan VBR ==================================
17:11:01.0403 2832  [ 503C218A20D9523DDFB743FDCBDBE50F ] \Device\Harddisk0\DR0\Partition1
17:11:01.0403 2832  \Device\Harddisk0\DR0\Partition1 - ok
17:11:01.0403 2832  ============================================================
17:11:01.0403 2832  Scan finished
17:11:01.0403 2832  ============================================================
17:11:01.0419 3620  Detected object count: 1
17:11:01.0419 3620  Actual detected object count: 1
17:11:21.0419 3620  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:11:21.0419 3620  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
17:11:21.0419 3620  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
17:11:21.0451 3620  \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
17:11:21.0451 3620  \Device\Harddisk0\DR0\TDLFS - deleted
17:11:21.0451 3620  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
17:11:28.0544 3484  Deinitialize success

 

 

C:\TDSSKiller_Quarantine\18.03.2013_17.08.25\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.03.2013_17.08.25\tdlfs0001\tsk0003.dta a variant of Win32/Olmarik.ADZ trojan cleaned by deleting - quarantined

 

 

This has not fixed the problem.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:37 PM

Posted 18 March 2013 - 08:23 PM

That was a serious rootkit infection removed. do run the next 2 .

 

Also ... Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link

  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • [b]Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.


Edited by boopme, 18 March 2013 - 08:32 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 JohnDavidLynchJr

JohnDavidLynchJr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 19 March 2013 - 07:16 AM

I ran TFC, it found nothing.

The problem remains.

I looked at the root of C,

There is a file video0.dat.

I tried to delete it and access is denied.

I also noticed every time I reboot the date modified changes on this file.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:37 PM

Posted 19 March 2013 - 01:43 PM

Ok, Let;s play it safe and get a deeper look before we just remove it.

 

By the way I believe Video0 is part of  UltraVNC ..Remote help app.

 

 

 Please follow this Preparation Guide , do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users