Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC won't respond to ctl-alt-delete, email problems too


  • Please log in to reply
5 replies to this topic

#1 hdleng

hdleng

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 12 May 2013 - 02:01 AM

OS = Windows XP, SP3

 

Sometimes the PC will not respond to inputs when the screen saver is shown.  The arrow cursor moves, but the desktop will not come up.  Keyboard inputs don't work either.  In fact, ctl-alt-delete has no effect.  I must hold the power switch for 5 seconds to shut down.  Then I can power up again and get normal operation.

 

There's an occasional email problem too; I don't know whether it's connected to the above problem.  I use Microsoft Office Outlook.  Frequently Outlook times out when receiving mail.  Repeated attempts usually lead to success.  There have been occasions when Outlook will not send mail.  After checking settings, I found that the POP3 and/or the SMTP ports have been changed.  When I change them back to the provider's settings, email works again.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:30 AM

Posted 19 May 2013 - 02:50 PM

Hello hdleng, let's try to find something.

 

Reboot into Safe Mode with Networking
 How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode

 

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.

 

 

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hdleng

hdleng
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 21 May 2013 - 09:58 PM

21:30:52.0500 1480  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:30:52.0937 1480  ============================================================
21:30:52.0937 1480  Current date / time: 2013/05/20 21:30:52.0937
21:30:52.0937 1480  SystemInfo:
21:30:52.0937 1480  
21:30:52.0937 1480  OS Version: 5.1.2600 ServicePack: 3.0
21:30:52.0937 1480  Product type: Workstation
21:30:52.0937 1480  ComputerName: JIMXP
21:30:52.0937 1480  UserName: Jim
21:30:52.0937 1480  Windows directory: C:\WINDOWS
21:30:52.0937 1480  System windows directory: C:\WINDOWS
21:30:52.0937 1480  Processor architecture: Intel x86
21:30:52.0937 1480  Number of processors: 1
21:30:52.0937 1480  Page size: 0x1000
21:30:52.0937 1480  Boot type: Safe boot with network
21:30:52.0937 1480  ============================================================
21:30:56.0546 1480  Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1E49, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:30:56.0562 1480  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:30:56.0578 1480  ============================================================
21:30:56.0578 1480  \Device\Harddisk0\DR0:
21:30:56.0578 1480  MBR partitions:
21:30:56.0578 1480  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FCBB02
21:30:56.0578 1480  \Device\Harddisk1\DR1:
21:30:56.0578 1480  MBR partitions:
21:30:56.0578 1480  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
21:30:56.0578 1480  ============================================================
21:30:56.0609 1480  C: <-> \Device\Harddisk0\DR0\Partition1
21:30:56.0625 1480  D: <-> \Device\Harddisk1\DR1\Partition1
21:30:56.0671 1480  ============================================================
21:30:56.0671 1480  Initialize success
21:30:56.0671 1480  ============================================================
21:32:09.0140 1320  ============================================================
21:32:09.0140 1320  Scan started
21:32:09.0140 1320  Mode: Manual; TDLFS;
21:32:09.0140 1320  ============================================================
21:32:10.0500 1320  ================ Scan system memory ========================
21:32:10.0500 1320  System memory - ok
21:32:10.0515 1320  ================ Scan services =============================
21:32:10.0750 1320  [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883           C:\WINDOWS\system32\DRIVERS\61883.sys
21:32:10.0781 1320  61883 - ok
21:32:10.0812 1320  Abiosdsk - ok
21:32:10.0828 1320  abp480n5 - ok
21:32:11.0031 1320  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:32:11.0031 1320  ACDaemon - ok
21:32:11.0109 1320  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:32:11.0109 1320  ACPI - ok
21:32:11.0171 1320  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:32:11.0187 1320  ACPIEC - ok
21:32:11.0343 1320  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:32:11.0359 1320  AdobeFlashPlayerUpdateSvc - ok
21:32:11.0390 1320  adpu160m - ok
21:32:11.0453 1320  [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
21:32:11.0453 1320  aeaudio - ok
21:32:11.0500 1320  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:32:11.0546 1320  aec - ok
21:32:11.0625 1320  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:32:11.0625 1320  AFD - ok
21:32:11.0703 1320  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
21:32:11.0718 1320  agp440 - ok
21:32:11.0750 1320  Aha154x - ok
21:32:11.0781 1320  aic78u2 - ok
21:32:11.0812 1320  aic78xx - ok
21:32:11.0875 1320  [ 11F424D02AEA63A3A53445087072FDD0 ] aksfridge       C:\WINDOWS\system32\drivers\aksfridge.sys
21:32:11.0906 1320  aksfridge - ok
21:32:11.0968 1320  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:32:11.0968 1320  Alerter - ok
21:32:12.0031 1320  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
21:32:12.0062 1320  ALG - ok
21:32:12.0093 1320  AliIde - ok
21:32:12.0125 1320  amsint - ok
21:32:12.0265 1320  [ 43DC4FC662DF064535E30B17C8B5AB00 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
21:32:12.0343 1320  Apple Mobile Device - ok
21:32:12.0375 1320  AppMgmt - ok
21:32:12.0437 1320  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:32:12.0468 1320  Arp1394 - ok
21:32:12.0484 1320  asc - ok
21:32:12.0515 1320  asc3350p - ok
21:32:12.0546 1320  asc3550 - ok
21:32:12.0656 1320  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:32:12.0828 1320  aspnet_state - ok
21:32:12.0890 1320  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:32:12.0906 1320  AsyncMac - ok
21:32:12.0984 1320  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:32:12.0984 1320  atapi - ok
21:32:13.0015 1320  Atdisk - ok
21:32:13.0062 1320  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:32:13.0093 1320  Atmarpc - ok
21:32:13.0156 1320  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:32:13.0203 1320  AudioSrv - ok
21:32:13.0265 1320  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:32:13.0265 1320  audstub - ok
21:32:13.0328 1320  [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc             C:\WINDOWS\system32\DRIVERS\avc.sys
21:32:13.0328 1320  Avc - ok
21:32:13.0375 1320  [ 4D50B7A5AE8E67E68B7C9571769D5DDE ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:32:13.0390 1320  b57w2k - ok
21:32:13.0468 1320  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:32:13.0468 1320  Beep - ok
21:32:13.0859 1320  [ 89BF5550E4FC31E3FE728E68C558BF10 ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130515.001\BHDrvx86.sys
21:32:14.0109 1320  BHDrvx86 - ok
21:32:14.0203 1320  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:32:14.0343 1320  BITS - ok
21:32:14.0421 1320  [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:32:14.0468 1320  Bonjour Service - ok
21:32:14.0515 1320  [ 2DCC4DEC0B0ACA5316ABBC97EAE79D2D ] BPMNTDRV        C:\WINDOWS\system32\drivers\BPMNTDRV.SYS
21:32:14.0531 1320  BPMNTDRV - ok
21:32:14.0593 1320  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
21:32:14.0593 1320  Browser - ok
21:32:14.0828 1320  [ 77B738E1A972CAE3C21892FB724DB5AC ] Cadence License Manager C:\Cadence\LicenseManager\lmgrd.exe
21:32:14.0921 1320  Cadence License Manager - ok
21:32:15.0000 1320  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:32:15.0000 1320  cbidf2k - ok
21:32:15.0062 1320  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:32:15.0078 1320  CCDECODE - ok
21:32:15.0093 1320  cd20xrnt - ok
21:32:15.0156 1320  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:32:15.0156 1320  Cdaudio - ok
21:32:15.0234 1320  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:32:15.0234 1320  Cdfs - ok
21:32:15.0296 1320  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:32:15.0296 1320  Cdrom - ok
21:32:15.0328 1320  Changer - ok
21:32:15.0390 1320  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:32:15.0406 1320  CiSvc - ok
21:32:15.0468 1320  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:32:15.0484 1320  ClipSrv - ok
21:32:15.0562 1320  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:32:16.0125 1320  clr_optimization_v2.0.50727_32 - ok
21:32:16.0156 1320  CmdIde - ok
21:32:16.0187 1320  COMSysApp - ok
21:32:16.0234 1320  Cpqarray - ok
21:32:16.0328 1320  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:32:16.0328 1320  CryptSvc - ok
21:32:16.0359 1320  dac2w2k - ok
21:32:16.0390 1320  dac960nt - ok
21:32:16.0484 1320  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:32:16.0515 1320  DcomLaunch - ok
21:32:16.0593 1320  [ 1EC27A51A2F9DF052BC2B4C8376C8FEA ] DgiVecp         C:\WINDOWS\system32\Drivers\DgiVecp.sys
21:32:16.0640 1320  DgiVecp - ok
21:32:16.0718 1320  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:32:16.0718 1320  Dhcp - ok
21:32:16.0781 1320  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:32:16.0781 1320  Disk - ok
21:32:16.0812 1320  dmadmin - ok
21:32:16.0890 1320  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:32:16.0921 1320  dmboot - ok
21:32:16.0968 1320  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:32:16.0968 1320  dmio - ok
21:32:17.0015 1320  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:32:17.0015 1320  dmload - ok
21:32:17.0062 1320  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:32:17.0078 1320  dmserver - ok
21:32:17.0140 1320  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:32:17.0187 1320  DMusic - ok
21:32:17.0250 1320  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:32:17.0250 1320  Dnscache - ok
21:32:17.0312 1320  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:32:17.0328 1320  Dot3svc - ok
21:32:17.0359 1320  dpti2o - ok
21:32:17.0406 1320  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:32:17.0406 1320  drmkaud - ok
21:32:17.0468 1320  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:32:17.0468 1320  EapHost - ok
21:32:17.0578 1320  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:32:17.0625 1320  eeCtrl - ok
21:32:17.0734 1320  [ 44996A2ADDD2DB7454F2CA40B67D8941 ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:32:17.0765 1320  ElbyCDIO - ok
21:32:17.0828 1320  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:32:17.0859 1320  EraserUtilRebootDrv - ok
21:32:17.0937 1320  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:32:17.0937 1320  ERSvc - ok
21:32:18.0031 1320  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
21:32:18.0031 1320  Eventlog - ok
21:32:18.0109 1320  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
21:32:18.0125 1320  EventSystem - ok
21:32:18.0171 1320  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:32:18.0171 1320  Fastfat - ok
21:32:18.0250 1320  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:32:18.0250 1320  FastUserSwitchingCompatibility - ok
21:32:18.0296 1320  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
21:32:18.0296 1320  Fdc - ok
21:32:18.0328 1320  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:32:18.0328 1320  Fips - ok
21:32:18.0406 1320  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:32:18.0406 1320  Flpydisk - ok
21:32:18.0453 1320  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:32:18.0468 1320  FltMgr - ok
21:32:18.0562 1320  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:32:18.0640 1320  FontCache3.0.0.0 - ok
21:32:18.0687 1320  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:32:18.0687 1320  Fs_Rec - ok
21:32:18.0765 1320  [ 66DD1086EBFB64299BAB11D1CA87E3B5 ] FTD2XX          C:\WINDOWS\system32\Drivers\FTD2XX.sys
21:32:18.0765 1320  FTD2XX - ok
21:32:18.0828 1320  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:32:18.0828 1320  Ftdisk - ok
21:32:18.0890 1320  [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:32:18.0890 1320  GEARAspiWDM - ok
21:32:18.0968 1320  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:32:18.0968 1320  Gpc - ok
21:32:19.0140 1320  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1caf55adac16b72 C:\Program Files\Google\Update\GoogleUpdate.exe
21:32:19.0234 1320  gupdate1caf55adac16b72 - ok
21:32:19.0359 1320  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:32:19.0359 1320  gupdatem - ok
21:32:19.0453 1320  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:32:19.0515 1320  gusvc - ok
21:32:19.0609 1320  [ 995178A443B07FA9EEAEA041D7B4B5CA ] hardlock        C:\WINDOWS\system32\drivers\hardlock.sys
21:32:19.0640 1320  hardlock - ok
21:32:19.0671 1320  hasplms - ok
21:32:19.0750 1320  [ 5E01DBAEEE09122A758A1F818CF13E3A ] hcmon           C:\WINDOWS\system32\drivers\hcmon.sys
21:32:19.0765 1320  hcmon - ok
21:32:19.0875 1320  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:32:19.0875 1320  helpsvc - ok
21:32:19.0953 1320  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:32:19.0968 1320  HidServ - ok
21:32:20.0015 1320  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:32:20.0015 1320  hidusb - ok
21:32:20.0078 1320  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:32:20.0078 1320  hkmsvc - ok
21:32:20.0109 1320  hpn - ok
21:32:20.0187 1320  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:32:20.0218 1320  HPZid412 - ok
21:32:20.0328 1320  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:32:20.0328 1320  HPZipr12 - ok
21:32:20.0406 1320  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:32:20.0421 1320  HPZius12 - ok
21:32:20.0500 1320  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:32:20.0546 1320  HTTP - ok
21:32:20.0609 1320  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:32:20.0656 1320  HTTPFilter - ok
21:32:20.0687 1320  i2omgmt - ok
21:32:20.0703 1320  i2omp - ok
21:32:20.0765 1320  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:32:20.0781 1320  i8042prt - ok
21:32:20.0890 1320  [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:32:20.0984 1320  ialm - ok
21:32:21.0156 1320  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:32:21.0281 1320  IDriverT - ok
21:32:21.0421 1320  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:32:21.0500 1320  idsvc - ok
21:32:21.0671 1320  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130518.001\IDSxpx86.sys
21:32:21.0750 1320  IDSxpx86 - ok
21:32:21.0828 1320  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:32:21.0828 1320  Imapi - ok
21:32:21.0890 1320  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:32:21.0953 1320  ImapiService - ok
21:32:21.0984 1320  ini910u - ok
21:32:22.0078 1320  [ F08EBAF4493E99F4F095A4F7696287D4 ] inpout32        C:\WINDOWS\system32\Drivers\inpout32.sys
21:32:22.0093 1320  inpout32 - ok
21:32:22.0140 1320  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
21:32:22.0140 1320  IntelIde - ok
21:32:22.0203 1320  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:32:22.0203 1320  intelppm - ok
21:32:22.0250 1320  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
21:32:22.0265 1320  Ip6Fw - ok
21:32:22.0312 1320  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:32:22.0328 1320  IpFilterDriver - ok
21:32:22.0375 1320  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:32:22.0375 1320  IpInIp - ok
21:32:22.0437 1320  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:32:22.0437 1320  IpNat - ok
21:32:22.0453 1320  iPod Service - ok
21:32:22.0484 1320  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:32:22.0500 1320  IPSec - ok
21:32:22.0531 1320  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:32:22.0531 1320  IRENUM - ok
21:32:22.0593 1320  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:32:22.0625 1320  isapnp - ok
21:32:22.0671 1320  [ E1D0D1B28DB0FD4A020E2F5013624A82 ] ispDev          C:\WINDOWS\System32\drivers\isp.sys
21:32:22.0703 1320  ispDev - ok
21:32:22.0875 1320  [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:32:22.0906 1320  JavaQuickStarterService - ok
21:32:22.0984 1320  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:32:22.0984 1320  Kbdclass - ok
21:32:23.0015 1320  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:32:23.0015 1320  kmixer - ok
21:32:23.0093 1320  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:32:23.0140 1320  KSecDD - ok
21:32:23.0218 1320  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:32:23.0218 1320  lanmanserver - ok
21:32:23.0281 1320  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:32:23.0281 1320  lanmanworkstation - ok
21:32:23.0312 1320  lbrtfdc - ok
21:32:23.0406 1320  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:32:23.0406 1320  LmHosts - ok
21:32:23.0468 1320  [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
21:32:23.0484 1320  LVPr2Mon - ok
21:32:23.0578 1320  [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:32:23.0656 1320  LVPrcSrv - ok
21:32:23.0687 1320  mcdbus - ok
21:32:23.0718 1320  MCSTRM - ok
21:32:23.0843 1320  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:32:23.0921 1320  MDM - ok
21:32:24.0000 1320  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:32:24.0015 1320  Messenger - ok
21:32:24.0078 1320  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:32:24.0078 1320  mnmdd - ok
21:32:24.0156 1320  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:32:24.0156 1320  mnmsrvc - ok
21:32:24.0234 1320  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:32:24.0250 1320  Modem - ok
21:32:24.0312 1320  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:32:24.0312 1320  Mouclass - ok
21:32:24.0375 1320  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:32:24.0375 1320  mouhid - ok
21:32:24.0437 1320  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:32:24.0484 1320  MountMgr - ok
21:32:24.0593 1320  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:32:24.0625 1320  MozillaMaintenance - ok
21:32:24.0656 1320  mraid35x - ok
21:32:24.0750 1320  [ 6075DE2AD531F6E30C9995DFDA22001F ] mrtRate         C:\WINDOWS\system32\drivers\mrtRate.sys
21:32:24.0781 1320  mrtRate - ok
21:32:24.0812 1320  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:32:24.0812 1320  MRxDAV - ok
21:32:24.0906 1320  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:32:24.0937 1320  MRxSmb - ok
21:32:25.0000 1320  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:32:25.0000 1320  MSDTC - ok
21:32:25.0078 1320  [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV            C:\WINDOWS\system32\DRIVERS\msdv.sys
21:32:25.0078 1320  MSDV - ok
21:32:25.0140 1320  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:32:25.0140 1320  Msfs - ok
21:32:25.0171 1320  MSIServer - ok
21:32:25.0265 1320  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:32:25.0265 1320  MSKSSRV - ok
21:32:25.0312 1320  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:32:25.0312 1320  MSPCLOCK - ok
21:32:25.0359 1320  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:32:25.0359 1320  MSPQM - ok
21:32:25.0406 1320  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:32:25.0406 1320  mssmbios - ok
21:32:25.0546 1320  MSSQL$SQLEXPRESS - ok
21:32:25.0640 1320  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:32:25.0687 1320  MSSQLServerADHelper - ok
21:32:25.0781 1320  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:32:25.0796 1320  MSTEE - ok
21:32:26.0046 1320  [ 73FA09B84B23A1897809A84F976D5D99 ] msvsmon80       D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
21:32:26.0109 1320  msvsmon80 - ok
21:32:26.0187 1320  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:32:26.0234 1320  Mup - ok
21:32:26.0375 1320  [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360            C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
21:32:26.0437 1320  N360 - ok
21:32:26.0500 1320  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:32:26.0515 1320  NABTSFEC - ok
21:32:26.0593 1320  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:32:26.0625 1320  napagent - ok
21:32:26.0796 1320  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130520.017\NAVENG.SYS
21:32:26.0890 1320  NAVENG - ok
21:32:27.0062 1320  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130520.017\NAVEX15.SYS
21:32:27.0156 1320  NAVEX15 - ok
21:32:27.0265 1320  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:32:27.0265 1320  NDIS - ok
21:32:27.0296 1320  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:32:27.0312 1320  NdisIP - ok
21:32:27.0390 1320  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:32:27.0390 1320  NdisTapi - ok
21:32:27.0453 1320  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:32:27.0453 1320  Ndisuio - ok
21:32:27.0515 1320  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:32:27.0515 1320  NdisWan - ok
21:32:27.0578 1320  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:32:27.0578 1320  NDProxy - ok
21:32:27.0640 1320  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:32:27.0640 1320  NetBIOS - ok
21:32:27.0718 1320  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:32:27.0718 1320  NetBT - ok
21:32:27.0796 1320  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:32:27.0812 1320  NetDDE - ok
21:32:27.0828 1320  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:32:27.0843 1320  NetDDEdsdm - ok
21:32:27.0906 1320  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:32:27.0906 1320  Netlogon - ok
21:32:27.0968 1320  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
21:32:27.0968 1320  Netman - ok
21:32:28.0031 1320  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:32:28.0031 1320  NetTcpPortSharing - ok
21:32:28.0093 1320  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:32:28.0140 1320  NIC1394 - ok
21:32:28.0187 1320  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:32:28.0187 1320  Nla - ok
21:32:28.0343 1320  [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
21:32:28.0406 1320  NMIndexingService - ok
21:32:28.0484 1320  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:32:28.0484 1320  Npfs - ok
21:32:28.0531 1320  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:32:28.0562 1320  Ntfs - ok
21:32:28.0625 1320  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
21:32:28.0625 1320  NtLmSsp - ok
21:32:28.0703 1320  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:32:28.0718 1320  NtmsSvc - ok
21:32:28.0781 1320  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
21:32:28.0781 1320  NuidFltr - ok
21:32:28.0843 1320  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:32:28.0843 1320  Null - ok
21:32:29.0250 1320  [ 9F4384AA43548DDD438F7B7825D11699 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:32:29.0578 1320  nv - ok
21:32:29.0640 1320  [ 0C41C4ACFE00D826DB479C40C1D9EDC8 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
21:32:29.0640 1320  NVSvc - ok
21:32:29.0703 1320  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:32:29.0718 1320  NwlnkFlt - ok
21:32:29.0750 1320  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:32:29.0750 1320  NwlnkFwd - ok
21:32:29.0843 1320  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:32:29.0843 1320  ohci1394 - ok
21:32:29.0921 1320  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:32:29.0953 1320  ose - ok
21:32:30.0046 1320  [ 240C0D4049A833B16B63B636ACF01672 ] PalmUSBD        C:\WINDOWS\system32\drivers\PalmUSBD.sys
21:32:30.0062 1320  PalmUSBD - ok
21:32:30.0125 1320  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
21:32:30.0171 1320  Parport - ok
21:32:30.0234 1320  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:32:30.0265 1320  PartMgr - ok
21:32:30.0328 1320  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:32:30.0343 1320  ParVdm - ok
21:32:30.0421 1320  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:32:30.0453 1320  PCI - ok
21:32:30.0484 1320  PCIDump - ok
21:32:30.0546 1320  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\drivers\PCIIde.sys
21:32:30.0593 1320  PCIIde - ok
21:32:30.0656 1320  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:32:30.0656 1320  Pcmcia - ok
21:32:30.0687 1320  PDCOMP - ok
21:32:30.0718 1320  PDFRAME - ok
21:32:30.0750 1320  PDRELI - ok
21:32:30.0781 1320  PDRFRAME - ok
21:32:30.0796 1320  perc2 - ok
21:32:30.0843 1320  perc2hib - ok
21:32:31.0015 1320  [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI        C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
21:32:31.0125 1320  PID_PEPI - ok
21:32:31.0171 1320  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:32:31.0187 1320  PlugPlay - ok
21:32:31.0234 1320  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:32:31.0234 1320  PolicyAgent - ok
21:32:31.0296 1320  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:32:31.0312 1320  PptpMiniport - ok
21:32:31.0359 1320  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:32:31.0359 1320  ProtectedStorage - ok
21:32:31.0421 1320  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:32:31.0421 1320  PSched - ok
21:32:31.0500 1320  [ AACB8B91DF200CBD9864E26692A174D6 ] PSoCUSB         C:\WINDOWS\system32\drivers\cypress\ftk5\psocusb.sys
21:32:31.0531 1320  PSoCUSB - ok
21:32:31.0593 1320  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:32:31.0593 1320  Ptilink - ok
21:32:31.0671 1320  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:32:31.0671 1320  PxHelp20 - ok
21:32:31.0703 1320  ql1080 - ok
21:32:31.0718 1320  Ql10wnt - ok
21:32:31.0750 1320  ql12160 - ok
21:32:31.0781 1320  ql1240 - ok
21:32:31.0812 1320  ql1280 - ok
21:32:31.0859 1320  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:32:31.0859 1320  RasAcd - ok
21:32:31.0921 1320  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:32:31.0937 1320  RasAuto - ok
21:32:31.0984 1320  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:32:31.0984 1320  Rasl2tp - ok
21:32:32.0062 1320  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:32:32.0062 1320  RasMan - ok
21:32:32.0109 1320  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:32:32.0109 1320  RasPppoe - ok
21:32:32.0156 1320  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:32:32.0156 1320  Raspti - ok
21:32:32.0234 1320  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:32:32.0250 1320  Rdbss - ok
21:32:32.0296 1320  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:32:32.0296 1320  RDPCDD - ok
21:32:32.0390 1320  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:32:32.0421 1320  RDPWD - ok
21:32:32.0484 1320  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:32:32.0500 1320  RDSessMgr - ok
21:32:32.0562 1320  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:32:32.0578 1320  redbook - ok
21:32:32.0640 1320  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:32:32.0640 1320  RemoteAccess - ok
21:32:32.0796 1320  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
21:32:32.0890 1320  RichVideo - ok
21:32:32.0953 1320  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:32:32.0953 1320  RpcLocator - ok
21:32:33.0000 1320  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
21:32:33.0015 1320  RpcSs - ok
21:32:33.0078 1320  [ 0E11B35E972796042044BC27CE13B065 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:32:33.0109 1320  rspndr - ok
21:32:33.0156 1320  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:32:33.0203 1320  RSVP - ok
21:32:33.0250 1320  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:32:33.0265 1320  SamSs - ok
21:32:33.0328 1320  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:32:33.0328 1320  SCardSvr - ok
21:32:33.0390 1320  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:32:33.0390 1320  Schedule - ok
21:32:33.0468 1320  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:32:33.0484 1320  Secdrv - ok
21:32:33.0546 1320  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:32:33.0578 1320  seclogon - ok
21:32:33.0656 1320  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
21:32:33.0656 1320  SENS - ok
21:32:33.0734 1320  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
21:32:33.0734 1320  serenum - ok
21:32:33.0812 1320  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:32:33.0812 1320  Serial - ok
21:32:33.0921 1320  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:32:33.0921 1320  Sfloppy - ok
21:32:34.0015 1320  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:32:34.0046 1320  SharedAccess - ok
21:32:34.0078 1320  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:32:34.0093 1320  ShellHWDetection - ok
21:32:34.0125 1320  Simbad - ok
21:32:34.0218 1320  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:32:34.0265 1320  SkypeUpdate - ok
21:32:34.0312 1320  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:32:34.0328 1320  SLIP - ok
21:32:34.0453 1320  [ EB3ACCC928B9D97DA89E1D37928167E3 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
21:32:34.0531 1320  smwdm - ok
21:32:34.0562 1320  Sparrow - ok
21:32:34.0609 1320  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:32:34.0609 1320  splitter - ok
21:32:34.0671 1320  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:32:34.0718 1320  Spooler - ok
21:32:34.0828 1320  [ C4BB8A12843D9CBB65F5FF617F389BBD ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
21:32:34.0828 1320  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: C4BB8A12843D9CBB65F5FF617F389BBD
21:32:34.0843 1320  sptd ( LockedFile.Multi.Generic ) - warning
21:32:34.0843 1320  sptd - detected LockedFile.Multi.Generic (1)
21:32:34.0906 1320  [ 3612108D36EA74F6F9FC5005E88E353B ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:32:34.0953 1320  SQLBrowser - ok
21:32:34.0984 1320  [ D37B8CE340B71D9E0AB2440ADDB2FDBF ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:32:35.0000 1320  SQLWriter - ok
21:32:35.0062 1320  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:32:35.0093 1320  sr - ok
21:32:35.0171 1320  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:32:35.0171 1320  srservice - ok
21:32:35.0328 1320  [ 83726CF02ECED69138948083E06B6EAC ] SRTSP           C:\WINDOWS\System32\Drivers\N360\0502020.003\SRTSP.SYS
21:32:35.0359 1320  SRTSP - ok
21:32:35.0437 1320  [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX          C:\WINDOWS\system32\drivers\N360\0502020.003\SRTSPX.SYS
21:32:35.0453 1320  SRTSPX - ok
21:32:35.0531 1320  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:32:35.0562 1320  Srv - ok
21:32:35.0625 1320  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:32:35.0625 1320  SSDPSRV - ok
21:32:35.0734 1320  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:32:35.0781 1320  stisvc - ok
21:32:35.0843 1320  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:32:35.0859 1320  streamip - ok
21:32:35.0921 1320  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:32:35.0921 1320  swenum - ok
21:32:35.0953 1320  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:32:35.0953 1320  swmidi - ok
21:32:35.0968 1320  SwPrv - ok
21:32:36.0015 1320  symc810 - ok
21:32:36.0031 1320  symc8xx - ok
21:32:36.0109 1320  [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS           C:\WINDOWS\system32\drivers\N360\0502020.003\SYMDS.SYS
21:32:36.0125 1320  SymDS - ok
21:32:36.0203 1320  [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA          C:\WINDOWS\system32\drivers\N360\0502020.003\SYMEFA.SYS
21:32:36.0250 1320  SymEFA - ok
21:32:36.0343 1320  [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:32:36.0359 1320  SymEvent - ok
21:32:36.0390 1320  [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON         C:\WINDOWS\system32\drivers\N360\0502020.003\Ironx86.SYS
21:32:36.0390 1320  SymIRON - ok
21:32:36.0500 1320  [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\0502020.003\SYMTDI.SYS
21:32:36.0500 1320  SYMTDI - ok
21:32:36.0531 1320  sym_hi - ok
21:32:36.0562 1320  sym_u3 - ok
21:32:36.0609 1320  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:32:36.0609 1320  sysaudio - ok
21:32:36.0671 1320  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:32:36.0687 1320  SysmonLog - ok
21:32:36.0765 1320  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:32:36.0781 1320  TapiSrv - ok
21:32:36.0875 1320  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:32:36.0890 1320  Tcpip - ok
21:32:36.0953 1320  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:32:36.0953 1320  TDPIPE - ok
21:32:37.0000 1320  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:32:37.0000 1320  TDTCP - ok
21:32:37.0046 1320  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:32:37.0046 1320  TermDD - ok
21:32:37.0140 1320  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
21:32:37.0156 1320  TermService - ok
21:32:37.0218 1320  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:32:37.0218 1320  Themes - ok
21:32:37.0265 1320  TosIde - ok
21:32:37.0343 1320  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:32:37.0390 1320  TrkWks - ok
21:32:37.0468 1320  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:32:37.0468 1320  Udfs - ok
21:32:37.0609 1320  [ 27FEDEAF9D646B9D001A5E27A18BD437 ] ufad-ws60       D:\Program Files\VMWare Player\vmware-ufad.exe
21:32:37.0609 1320  ufad-ws60 - ok
21:32:37.0625 1320  ultra - ok
21:32:37.0734 1320  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:32:37.0750 1320  Update - ok
21:32:37.0828 1320  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:32:37.0843 1320  upnphost - ok
21:32:37.0921 1320  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
21:32:37.0968 1320  UPS - ok
21:32:38.0031 1320  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
21:32:38.0046 1320  usbaudio - ok
21:32:38.0109 1320  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:32:38.0125 1320  usbccgp - ok
21:32:38.0187 1320  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:32:38.0187 1320  usbehci - ok
21:32:38.0265 1320  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:32:38.0265 1320  usbhub - ok
21:32:38.0328 1320  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:32:38.0328 1320  usbprint - ok
21:32:38.0390 1320  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:32:38.0390 1320  usbscan - ok
21:32:38.0484 1320  [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser          C:\WINDOWS\system32\DRIVERS\usbser.sys
21:32:38.0484 1320  usbser - ok
21:32:38.0546 1320  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:32:38.0578 1320  USBSTOR - ok
21:32:38.0609 1320  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:32:38.0625 1320  usbuhci - ok
21:32:38.0671 1320  [ B7F32B2807E475C9DC04E6847FD734A0 ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
21:32:38.0687 1320  VBoxNetAdp - ok
21:32:38.0734 1320  VBoxNetFlt - ok
21:32:38.0812 1320  [ 94D73B62E458FB56C9CE60AA96D914F9 ] VClone          C:\WINDOWS\system32\DRIVERS\VClone.sys
21:32:38.0812 1320  VClone - ok
21:32:38.0890 1320  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:32:38.0890 1320  VgaSave - ok
21:32:38.0921 1320  ViaIde - ok
21:32:38.0984 1320  [ B3A539960AE072692694AA035719EF85 ] VMAuthdService  D:\Program Files\VMWare Player\vmware-authd.exe
21:32:38.0984 1320  VMAuthdService - ok
21:32:39.0062 1320  [ AD6A72896778DFCE0A499FE97DCE93EF ] vmci            C:\WINDOWS\system32\Drivers\vmci.sys
21:32:39.0093 1320  vmci - ok
21:32:39.0171 1320  [ 43E2019A879D2E923A3B09A60B904C8D ] vmkbd           C:\WINDOWS\system32\drivers\VMkbd.sys
21:32:39.0171 1320  vmkbd - ok
21:32:39.0250 1320  [ E41704D8149992107B333CC7A52C07CC ] VMnetAdapter    C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
21:32:39.0250 1320  VMnetAdapter - ok
21:32:39.0312 1320  [ 1318FFD4F20283D7AC8C7497F56A83C7 ] VMnetBridge     C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
21:32:39.0312 1320  VMnetBridge - ok
21:32:39.0390 1320  [ 720FA7532B00C9E0C14641595C6DFC42 ] VMnetDHCP       C:\WINDOWS\system32\vmnetdhcp.exe
21:32:39.0468 1320  VMnetDHCP - ok
21:32:39.0515 1320  [ A34E24C04619A92A464116A2341A7627 ] VMnetuserif     C:\WINDOWS\system32\drivers\vmnetuserif.sys
21:32:39.0515 1320  VMnetuserif - ok
21:32:39.0562 1320  [ 7E8A035B0904EDDAC532D60DEC5BD2DF ] VMparport       C:\WINDOWS\system32\Drivers\VMparport.sys
21:32:39.0562 1320  VMparport - ok
21:32:39.0718 1320  [ EF0CA3DDD37160A8D260A47050F62252 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
21:32:39.0812 1320  VMUSBArbService - ok
21:32:39.0921 1320  [ 0B733AF39910137D38696749702DDE57 ] VMware NAT Service C:\WINDOWS\system32\vmnat.exe
21:32:39.0984 1320  VMware NAT Service - ok
21:32:40.0109 1320  [ 5E9DCE3B007CF3CA9E768EA885934C55 ] vmx86           C:\WINDOWS\system32\Drivers\vmx86.sys
21:32:40.0187 1320  vmx86 - ok
21:32:40.0265 1320  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:32:40.0312 1320  VolSnap - ok
21:32:40.0375 1320  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
21:32:40.0406 1320  VSS - ok
21:32:40.0484 1320  [ C40598B7708C6AF55A629A4D349E33BB ] vstor2-ws60     D:\Program Files\VMWare Player\vstor2-ws60.sys
21:32:40.0484 1320  vstor2-ws60 - ok
21:32:40.0546 1320  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
21:32:40.0546 1320  W32Time - ok
21:32:40.0640 1320  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:32:40.0640 1320  Wanarp - ok
21:32:40.0703 1320  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:32:40.0718 1320  WDC_SAM - ok
21:32:40.0781 1320  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:32:40.0828 1320  Wdf01000 - ok
21:32:40.0859 1320  WDICA - ok
21:32:40.0906 1320  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:32:40.0906 1320  wdmaud - ok
21:32:40.0953 1320  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:32:40.0968 1320  WebClient - ok
21:32:41.0093 1320  [ 0A597F84BC8AF4229B529F655BB2BA14 ] WinDriver6      C:\WINDOWS\system32\drivers\windrvr6.sys
21:32:41.0093 1320  WinDriver6 - ok
21:32:41.0218 1320  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:32:41.0234 1320  winmgmt - ok
21:32:41.0359 1320  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
21:32:41.0437 1320  WinRM - ok
21:32:41.0562 1320  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:32:41.0578 1320  WmdmPmSN - ok
21:32:41.0671 1320  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:32:41.0671 1320  WmiApSrv - ok
21:32:41.0781 1320  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
21:32:41.0843 1320  WMPNetworkSvc - ok
21:32:41.0890 1320  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:32:41.0890 1320  WpdUsb - ok
21:32:41.0953 1320  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:32:41.0953 1320  WS2IFSL - ok
21:32:42.0046 1320  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:32:42.0093 1320  wscsvc - ok
21:32:42.0156 1320  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:32:42.0187 1320  WSTCODEC - ok
21:32:42.0234 1320  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:32:42.0281 1320  wuauserv - ok
21:32:42.0375 1320  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:32:42.0375 1320  WudfPf - ok
21:32:42.0421 1320  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:32:42.0453 1320  WudfRd - ok
21:32:42.0546 1320  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:32:42.0578 1320  WudfSvc - ok
21:32:42.0687 1320  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:32:42.0718 1320  WZCSVC - ok
21:32:42.0796 1320  [ 6104F397127FEECCCE16BD16CD3843A6 ] XilinxPC4Driver C:\WINDOWS\System32\drivers\xpc4drvr.sys
21:32:42.0812 1320  XilinxPC4Driver - ok
21:32:42.0875 1320  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:32:42.0906 1320  xmlprov - ok
21:32:43.0062 1320  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:32:43.0140 1320  YahooAUService - ok
21:32:43.0234 1320  ================ Scan global ===============================
21:32:43.0312 1320  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:32:43.0375 1320  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:32:43.0484 1320  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:32:43.0546 1320  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:32:43.0546 1320  [Global] - ok
21:32:43.0562 1320  ================ Scan MBR ==================================
21:32:43.0593 1320  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:32:43.0796 1320  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:32:43.0796 1320  \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:32:43.0859 1320  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:32:44.0015 1320  \Device\Harddisk1\DR1 - ok
21:32:44.0015 1320  ================ Scan VBR ==================================
21:32:44.0062 1320  [ EC80DCDD965F736B584E65F1501F082F ] \Device\Harddisk0\DR0\Partition1
21:32:44.0062 1320  \Device\Harddisk0\DR0\Partition1 - ok
21:32:44.0078 1320  [ 6F49A7737F8D75DFDAE97D39B430D55D ] \Device\Harddisk1\DR1\Partition1
21:32:44.0093 1320  \Device\Harddisk1\DR1\Partition1 - ok
21:32:44.0093 1320  ============================================================
21:32:44.0093 1320  Scan finished
21:32:44.0093 1320  ============================================================
21:32:44.0140 1312  Detected object count: 2
21:32:44.0140 1312  Actual detected object count: 2
21:35:32.0062 1312  sptd ( LockedFile.Multi.Generic ) - skipped by user
21:35:32.0062 1312  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:35:32.0062 1312  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:35:32.0062 1312  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:35:50.0468 1260  Deinitialize success
 

# AdwCleaner v2.301 - Logfile created 05/20/2013 at 21:38:37
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jim - JIMXP
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Jim\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\z8teekqu.default\searchplugins\safesearch.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\TENCENT
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\z8teekqu.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Dee\Application Data\Mozilla\Firefox\Profiles\zu3he9l1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2814 octets] - [20/05/2013 21:38:37]

########## EOF - C:\AdwCleaner[S1].txt - [2874 octets] ##########

 

C:\Documents and Settings\Dee\Application Data\Mozilla\Firefox\Profiles\zu3he9l1.default\extensions\{a168b71c-087d-4e48-8632-3d8350c49b5c}\chrome.manifest    Win32/TrojanDownloader.Tracur.F trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Dee\Application Data\Mozilla\Firefox\Profiles\zu3he9l1.default\extensions\{a168b71c-087d-4e48-8632-3d8350c49b5c}\chrome\xulcache.jar    JS/Agent.NDJ trojan    deleted - quarantined
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\z8teekqu.default\extensions\{a168b71c-087d-4e48-8632-3d8350c49b5c}\chrome.manifest    Win32/TrojanDownloader.Tracur.F trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\z8teekqu.default\extensions\{a168b71c-087d-4e48-8632-3d8350c49b5c}\chrome\xulcache.jar    JS/Agent.NDJ trojan    deleted - quarantined
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aoaedidjcfofibiojakfhlajpekcfmjk\contentscript.js    Win32/TrojanDownloader.Tracur.F trojan    cleaned by deleting - quarantined

 

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:30 AM

Posted 22 May 2013 - 10:08 AM

Rerun TDSS and change the option on this

 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

To Cure or delete

 

How is it after that?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 hdleng

hdleng
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 22 May 2013 - 11:07 PM

Thank you for your help.  I followed your most recent instructions.  I will watch this for a couple of days and let you know whetherr I have any more problems.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:30 AM

Posted 23 May 2013 - 08:25 PM

You're welcome! If it's still all good then .... Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users